| Description: | Summary:
Apache HTTP Server allows remote attackers to read
secret data from process memory if the Limit directive can be set in a user's .htaccess
file, or if httpd.conf has certain misconfigurations, aka Optionsbleed.
Vulnerability Insight:
Optionsbleed is a use after free error in the Apache
HTTP Server that causes a corrupted Allow header to be constructed in response to HTTP
OPTIONS requests. This can leak pieces of arbitrary memory from the server process that
may contain secrets. The memory pieces change after multiple requests, so for a vulnerable
host an arbitrary number of memory chunks can be leaked.
The bug appears if a webmaster tries to use the 'Limit' directive with an invalid HTTP
method.
Example .htaccess:
Vulnerability Impact:
The successful exploitation allows the attacker to read
chunks of the host's memory.
Affected Software/OS:
Apache HTTP Server 2.2.x versions up to 2.2.34 and
2.4.x below 2.4.28.
Solution:
Update to Apache HTTP Server 2.4.28. For Apache HTTP
Server running version 2.2.34 apply the patch linked in the references.
As a workaround the usage of .htaccess should be disabled completely via the
'AllowOverride None' directive within the webservers configuration. Furthermore all
statements within the webserver configuration needs to be verified for
invalid HTTP methods.
CVSS Score:
5.0
CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:N/A:N
|
