Signature Detail
This site is deprecated. Please CLICK HERE for latest updates
Short Name |
HTTP:APACHE:HTTPD-OPTION-METHOD |
|---|---|
Severity |
Minor |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
Apache Httpd Options Method Memory Leak |
Release Date |
2018/10/31 |
Update Number |
3114 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
HTTP: Apache Httpd Options Method Memory Leak
This signature detects attempts to exploit a known vulnerability against Apache Httpd. A successful attack can lead to arbitrary code execution.
Extended Description
Apache httpd allows remote attackers to read secret data from process memory if the Limit directive can be set in a user's .htaccess file, or if httpd.conf has certain misconfigurations, aka Optionsbleed. This affects the Apache HTTP Server through 2.2.34 and 2.4.x through 2.4.27. The attacker sends an unauthenticated OPTIONS HTTP request when attempting to read secret data. This is a use-after-free issue and thus secret data is not always sent, and the specific data depends on many factors including configuration. Exploitation with .htaccess can be blocked with a patch to the ap_limit_section function in server/core.c.
Affected Products
- Apache http_server 2.2.34
- Apache http_server 2.4.0
- Apache http_server 2.4.1
- Apache http_server 2.4.10
- Apache http_server 2.4.12
- Apache http_server 2.4.16
- Apache http_server 2.4.17
- Apache http_server 2.4.18
- Apache http_server 2.4.2
- Apache http_server 2.4.20
- Apache http_server 2.4.23
- Apache http_server 2.4.25
- Apache http_server 2.4.26
- Apache http_server 2.4.27
- Apache http_server 2.4.3
- Apache http_server 2.4.4
- Apache http_server 2.4.6
- Apache http_server 2.4.7
- Apache http_server 2.4.9
- Debian debian_linux 7.0
- Debian debian_linux 8.0
- Debian debian_linux 9.0
References
- BugTraq: 100872
- CVE: CVE-2017-9798