English | Deutsch | Español | Português
 UserID:
 Passwd:
new user
 About:   Dedicated  | Advanced  | Standard  | Recurring  | No Risk  | Desktop  | Basic  | Single  | Security Seal  | FAQ
  Price/Feature Summary  | Order  | New Vulnerabilities  | Confidentiality  | Vulnerability Search
 Vulnerability   
Search   
    Search 114770 CVE descriptions
and 58768 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.882791
Category:CentOS Local Security Checks
Title:CentOS Update for httpd CESA-2017:2972 centos6
Summary:Check the version of httpd
Description:Summary:
Check the version of httpd

Vulnerability Insight:
The httpd packages provide the Apache HTTP
Server, a powerful, efficient, and extensible web server.

Security Fix(es):

* A use-after-free flaw was found in the way httpd handled invalid and
previously unregistered HTTP methods specified in the Limit directive used
in an .htaccess file. A remote attacker could possibly use this flaw to
disclose portions of the server memory, or cause httpd child process to
crash. (CVE-2017-9798)

* A regression was found in the Red Hat Enterprise Linux 6.9 version of
httpd, causing comments in the 'Allow' and 'Deny' configuration lines to be
parsed incorrectly. A web administrator could unintentionally allow any
client to access a restricted HTTP resource. (CVE-2017-12171)

Red Hat would like to thank Hanno Bock for reporting CVE-2017-9798 and
KAWAHARA Masashi for reporting CVE-2017-12171.


Affected Software/OS:
httpd on CentOS 6

Solution:
Please Install the Updated Packages.

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2017-9798
https://www.exploit-db.com/exploits/42745/
http://openwall.com/lists/oss-security/2017/09/18/2
https://blog.fuzzing-project.org/60-Optionsbleed-HTTP-OPTIONS-method-can-leak-Apaches-server-memory.html
https://blog.fuzzing-project.org/uploads/apache-2.2-optionsbleed-backport.patch
https://github.com/apache/httpd/commit/29afdd2550b3d30a8defece2b95ae81edcf66ac9
https://github.com/hannob/optionsbleed
https://security-tracker.debian.org/tracker/CVE-2017-9798
https://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/server/core.c?r1=1805223&r2=1807754&pathrev=1807754&view=patch
Debian Security Information: DSA-3980 (Google Search)
http://www.debian.org/security/2017/dsa-3980
https://security.gentoo.org/glsa/201710-32
BugTraq ID: 100872
http://www.securityfocus.com/bid/100872
http://www.securitytracker.com/id/1039387
CopyrightCopyright (C) 2017 Greenbone Networks GmbH

This is only one of 58768 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

New User Registration
Email:
UserID:
Passwd:
Please email me your monthly newsletters, informing the latest services, improvements & surveys.
Please email me a vulnerability test announcement whenever a new test is added.
   Privacy
Registered User Login
 
UserID:   
Passwd:  

 Forgot userid or passwd?
Email/Userid:




Home | About Us | Contact Us | Partner Programs | Developer APIs | Privacy | Mailing Lists | Abuse
Security Audits | Managed DNS | Network Monitoring | Site Analyzer | Internet Research Reports
Web Probe | Whois

© 1998-2017 E-Soft Inc. All rights reserved.