|Category:||CentOS Local Security Checks|
|Title:||CentOS Update for httpd CESA-2017:2972 centos6|
|Summary:||Check the version of httpd|
Check the version of httpd
The httpd packages provide the Apache HTTP
Server, a powerful, efficient, and extensible web server.
* A use-after-free flaw was found in the way httpd handled invalid and
previously unregistered HTTP methods specified in the Limit directive used
in an .htaccess file. A remote attacker could possibly use this flaw to
disclose portions of the server memory, or cause httpd child process to
* A regression was found in the Red Hat Enterprise Linux 6.9 version of
httpd, causing comments in the 'Allow' and 'Deny' configuration lines to be
parsed incorrectly. A web administrator could unintentionally allow any
client to access a restricted HTTP resource. (CVE-2017-12171)
Red Hat would like to thank Hanno Bock for reporting CVE-2017-9798 and
KAWAHARA Masashi for reporting CVE-2017-12171.
httpd on CentOS 6
Please Install the Updated Packages.
Common Vulnerability Exposure (CVE) ID: CVE-2017-9798|
Debian Security Information: DSA-3980 (Google Search)
BugTraq ID: 100872
|Copyright||Copyright (C) 2017 Greenbone Networks GmbH|
|This is only one of 58768 vulnerability tests in our test suite. Find out more about running a complete security audit.|
To run a free test of this vulnerability against your system, register below.