Think you have a false positive on this rule?

Sid 1-43790

Message

SERVER-OTHER Apache modauthdigest out of bounds read attempt

Summary

In Apache httpd before 2.2.34 and 2.4.x before 2.4.27, the value placeholder in [Proxy-]Authorization headers of type 'Digest' was not initialized or reset before or between successive key=value assignments by modauthdigest. Providing an initial key with no '=' assignment could reflect the stale value of uninitialized pool memory used by the prior request, leading to leakage of potentially confidential information, and a segfault in other cases resulting in denial of service.

Impact

CVSS base score 9.1 CVSS impact score 5.2 CVSS exploitability score 3.9 confidentialityImpact HIGH integrityImpact NONE availabilityImpact NONE

CVE-2017-9788:

CVSS base score 9.1

CVSS impact score 5.2

CVSS exploitability score 3.9

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact HIGH

Detailed information

CVE-2017-9788: In Apache httpd before 2.2.34 and 2.4.x before 2.4.27, the value placeholder in [Proxy-]Authorization headers of type 'Digest' was not initialized or reset before or between successive key=value assignments by modauthdigest. Providing an initial key with no '=' assignment could reflect the stale value of uninitialized pool memory used by the prior request, leading to leakage of potentially confidential information, and a segfault in other cases resulting in denial of service.

Affected systems

  • apache http_server 2.2.32
  • apache http_server 2.4.1
  • apache http_server 2.4.2
  • apache http_server 2.4.3
  • apache http_server 2.4.4
  • apache http_server 2.4.6
  • apache http_server 2.4.7
  • apache http_server 2.4.9
  • apache http_server 2.4.10
  • apache http_server 2.4.12
  • apache http_server 2.4.16
  • apache http_server 2.4.17
  • apache http_server 2.4.18
  • apache http_server 2.4.20
  • apache http_server 2.4.23
  • apache http_server 2.4.25
  • apache http_server 2.4.26

Ease of attack

CVE-2017-9788:

Access Vector

Access Complexity

Authentication

False positives

None known

False negatives

None known

Corrective action

Upgrade to the latest non-affected version of the software.

Apply the appropriate vendor supplied patches.

Contributors

  • Talos research team.
  • This document was generated from data supplied by the national vulnerability database, a product of the national institute of standards and technology.
  • For more information see nvd.

Additional References

  • www.securityfocus.com/bid/99562/info