Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2017-9798

CWE-416Use After Free23 documents15 sources
Severity
7.5HIGH
EPSS
93.8%
top 0.13%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
3
Apache Http ServerApache Software Foundation Apache Http ServerDebian Debian Linux
Timeline
PublishedSep 18
Latest updateMay 13

Description

Apache httpd allows remote attackers to read secret data from process memory if the Limit directive can be set in a user's .htaccess file, or if httpd.conf has certain misconfigurations, aka Optionsbleed. This affects the Apache HTTP Server through 2.2.34 and 2.4.x through 2.4.27. The attacker sends an unauthenticated OPTIONS HTTP request when attempting to read secret data. This is a use-after-free issue and thus secret data is not always sent, and the specific data depends on many factors incl

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

NVDapache/http_server2.2.34+18
CVEListV5apache_software_foundation/apache_http_serverApache HTTP Server through 2.2.34 and 2.4.x through 2.4.27
Debianapache2< 2.4.27-6+3

Also affects: Debian Linux 7.0, 8.0, 9.0

Patches

Patch: www.oracle.comPatch: www.oracle.comPatch: www.oracle.com

🔴Vulnerability Details

4
GHSA
GHSA-jxf6-fx3m-8x2r: Apache httpd allows remote attackers to read secret data from process memory if the Limit directive can be set in a user's2022-05-13
OSV
CVE-2017-9798: Apache httpd allows remote attackers to read secret data from process memory if the Limit directive can be set in a user's2017-09-18
CVEList
CVE-2017-9798: Apache httpd allows remote attackers to read secret data from process memory if the Limit directive can be set in a user's2017-09-18
VulnCheck
Apache HTTP Server Use After Free2017

💥Exploits & PoCs

1
Exploit-DB
Apache < 2.2.34 / < 2.4.27 - OPTIONS Memory Leak2017-09-18

🔍Detection Rules

1
Suricata
ET WEB_SERVER OptionsBleed (CVE-2017-9798)2017-09-19

📋Vendor Advisories

6
Apple
CVE-2017-9798: macOS High Sierra 10.13.2, Security Update 2017-002 Sierra, and Security Update 2017-005 El Capitan2017-12-06
Ubuntu
Apache HTTP Server vulnerability2017-10-24
Ubuntu
Apache HTTP Server vulnerability2017-09-19
Red Hat
httpd: Use-after-free by limiting unregistered HTTP method (Optionsbleed)2017-09-18
Debian
CVE-2017-9798: apache2 - Apache httpd allows remote attackers to read secret data from process memory if ...2017

🕵️Threat Intelligence

7
Trendmicro
OptionsBleed – The Apache HTTP Server Now Bleeds2017-09-22
Trendmicro
OptionsBleed – The Apache HTTP Server Now Bleeds2017-09-22
Trendmicro
OptionsBleed – The Apache HTTP Server Now Bleeds2017-09-22
Trendmicro
OptionsBleed – The Apache HTTP Server Now Bleeds2017-09-22
Trendmicro
OptionsBleed – The Apache HTTP Server Now Bleeds2017-09-22

💬Community

3
HackerOne
Optionsbleed / CVE-2017-97982018-05-03
Bugzilla
CVE-2017-9798 httpd: Use-after-free by limiting unregistered HTTP method (Optionsbleed) [fedora-all]2017-09-18
Bugzilla
CVE-2017-9798 httpd: Use-after-free by limiting unregistered HTTP method (Optionsbleed)2017-09-11
CVE-2017-9798 (HIGH CVSS 7.5) | Apache httpd allows remote attacker | cvebase.io