Sid 1-44434

Message

SERVER-APACHE Apache HTTP Server possible OPTIONS method memory leak attempt

Summary

This event is generated when a HTTP OPTIONS method is attempted.

Impact

Attempted User Privilege Gain

CVE-2017-9798:

CVSS base score 7.5

CVSS impact score 3.6

CVSS exploitability score 3.9

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Detailed information

CVE-2017-9798: Apache httpd allows remote attackers to read secret data from process memory if the Limit directive can be set in a user's .htaccess file, or if httpd.conf has certain misconfigurations, aka Optionsbleed. This affects the Apache HTTP Server through 2.2.34 and 2.4.x through 2.4.27. The attacker sends an unauthenticated OPTIONS HTTP request when attempting to read secret data. This is a use-after-free issue and thus secret data is not always sent, and the specific data depends on many factors including configuration. Exploitation with .htaccess can be blocked with a patch to the aplimitsection function in server/core.c.

Affected systems

• apache http_server 2.2.34
• apache http_server 2.4.0
• apache http_server 2.4.1
• apache http_server 2.4.2
• apache http_server 2.4.3
• apache http_server 2.4.4
• apache http_server 2.4.6
• apache http_server 2.4.7
• apache http_server 2.4.9
• apache http_server 2.4.10
• apache http_server 2.4.12
• apache http_server 2.4.16
• apache http_server 2.4.17
• apache http_server 2.4.18
• apache http_server 2.4.20
• apache http_server 2.4.23
• apache http_server 2.4.25
• apache http_server 2.4.26
• apache http_server 2.4.27
• debian debian_linux 7.0
• debian debian_linux 8.0
• debian debian_linux 9.0

Ease of attack

CVE-2017-9798:

Access Vector

Access Complexity

Authentication

False positives

None Known

False negatives

None Known

Corrective action

Contributors

• Cisco's Talos Intelligence Group

Additional References

• blog.fuzzing-project.org/60-Optionsbleed-HTTP-OPTIONS-method-can-leak-Apaches-server-memory.html