Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Apache (CVE-2017-9798)

Discussion in 'Security' started by ciao70, Sep 19, 2017.

  1. ciao70

    ciao70 Member

    Joined:
    Nov 3, 2006
    Messages:
    18
    Likes Received:
    0
    Trophy Points:
    151
    Hi all,

    Apache CVE-2017-9798

    Apache httpd allows remote attackers to read secret data from process memory if the Limit directive can be set in a user's .htaccess file, or if httpd.conf has certain misconfigurations, aka Optionsbleed. This affects the Apache HTTP Server through 2.2.34 and 2.4.x through 2.4.27. The attacker sends an unauthenticated OPTIONS HTTP request when attempting to read secret data. This is a use-after-free issue and thus secret data is not always sent, and the specific data depends on many factors including configuration. Exploitation with .htaccess can be blocked with a patch to the ap_limit_section function in server/core.c.

    NVD - CVE-2017-9798
     
    #1 ciao70, Sep 19, 2017
    Last edited by a moderator: Sep 19, 2017
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    38,658
    Likes Received:
    1,427
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
Loading...

Share This Page