CVE-2017-9788
Severity
9.1CRITICAL
EPSS
52.6%
top 2.06%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedJul 13
Latest updateMay 13
Description
In Apache httpd before 2.2.34 and 2.4.x before 2.4.27, the value placeholder in [Proxy-]Authorization headers of type 'Digest' was not initialized or reset before or between successive key=value assignments by mod_auth_digest. Providing an initial key with no '=' assignment could reflect the stale value of uninitialized pool memory used by the prior request, leading to leakage of potentially confidential information, and a segfault in other cases resulting in denial of service.
CVSS vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:HExploitability: 3.9 | Impact: 5.2
Affected Packages11 packages
Also affects: Debian Linux 8.0, 9.0, Enterprise Linux 7.2, 7.3, 7.4, 7.6, 6.7, 7.5