|Category:||Red Hat Local Security Checks|
|Title:||RedHat Update for httpd RHSA-2017:2972-01|
|Summary:||Check the version of httpd|
Check the version of httpd
The httpd packages provide the Apache HTTP
Server, a powerful, efficient, and extensible web server.
* A use-after-free flaw was found in the way httpd handled invalid and
previously unregistered HTTP methods specified in the Limit directive used
in an .htaccess file. A remote attacker could possibly use this flaw to
disclose portions of the server memory, or cause httpd child process to
* A regression was found in the Red Hat Enterprise Linux 6.9 version of
httpd, causing comments in the 'Allow' and 'Deny' configuration lines to be
parsed incorrectly. A web administrator could unintentionally allow any
client to access a restricted HTTP resource. (CVE-2017-12171)
Red Hat would like to thank Hanno Bck for reporting CVE-2017-9798 and
KAWAHARA Masashi for reporting CVE-2017-12171.
Red Hat Enterprise Linux Desktop (v. 6),
Red Hat Enterprise Linux Server (v. 6),
Red Hat Enterprise Linux Workstation (v. 6)
Please Install the Updated Packages.
Common Vulnerability Exposure (CVE) ID: CVE-2017-9798|
Debian Security Information: DSA-3980 (Google Search)
BugTraq ID: 100872
|Copyright||Copyright (C) 2017 Greenbone Networks GmbH|
|This is only one of 58768 vulnerability tests in our test suite. Find out more about running a complete security audit.|
To run a free test of this vulnerability against your system, register below.