漏洞信息(CVE-2017-9798)

一、漏洞 CVE-2017-9798 基础信息

漏洞标题

N/A

来源：AIGC 神龙大模型

漏洞描述信息

Apache httpd 允许远程攻击者从进程内存读取秘密数据，如果 Limit 指令可以在用户.htaccess 文件中设置，或者如果 httpd.conf 有某些错误配置，即 Optionsbleed。这将影响到从 2.2.34 到 2.4.27 版本的 Apache HTTP 服务器。攻击者试图读取秘密数据时会发送一个未验证的 OPTIONS HTTP 请求。这是一个使用后释放的问题，因此秘密数据不一定发送，具体数据取决于许多因素，包括配置。可以通过修改 server/core.c 中的 ap_limit_section 函数来阻止.htaccess 的利用。

来源：AIGC 神龙大模型

CVSS信息

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

来源：AIGC 神龙大模型

漏洞类别

N/A

来源：AIGC 神龙大模型

漏洞标题

N/A

来源：美国国家漏洞数据库 NVD

漏洞描述信息

Apache httpd allows remote attackers to read secret data from process memory if the Limit directive can be set in a user's .htaccess file, or if httpd.conf has certain misconfigurations, aka Optionsbleed. This affects the Apache HTTP Server through 2.2.34 and 2.4.x through 2.4.27. The attacker sends an unauthenticated OPTIONS HTTP request when attempting to read secret data. This is a use-after-free issue and thus secret data is not always sent, and the specific data depends on many factors including configuration. Exploitation with .htaccess can be blocked with a patch to the ap_limit_section function in server/core.c.

来源：美国国家漏洞数据库 NVD

CVSS信息

N/A

来源：美国国家漏洞数据库 NVD

漏洞类别

N/A

来源：美国国家漏洞数据库 NVD

漏洞标题

Apache HTTP Server 资源管理错误漏洞

来源：中国国家信息安全漏洞库 CNNVD

漏洞描述信息

Apache HTTP Server是美国阿帕奇（Apache）软件基金会的一款开源网页服务器。该服务器具有快速、可靠且可通过简单的API进行扩充的特点。 Apache HTTP Server 2.2.34及之前的版本和2.4.x版本至2.4.27版本中存在双重释放漏洞。攻击者可通过发送未经身份验证的OPTIONS HTTP请求利用该漏洞读取进程内存中的数据。

来源：中国国家信息安全漏洞库 CNNVD

CVSS信息

N/A

来源：中国国家信息安全漏洞库 CNNVD

漏洞类别

资源管理错误

来源：中国国家信息安全漏洞库 CNNVD

二、漏洞 CVE-2017-9798 的公开POC

#	POC 描述	源链接	神龙链接
1	Checks a shared hosting environment for CVE-2017-9798	https://github.com/nitrado/CVE-2017-9798	POC详情
2	CVE-2017-9798	https://github.com/pabloec20/optionsbleed	POC详情
3	None	https://github.com/l0n3rs/CVE-2017-9798	POC详情
4	OptionsBleed (CVE-2017-9798) PoC / Scanner	https://github.com/brokensound77/OptionsBleed-POC-Scanner	POC详情

三、漏洞 CVE-2017-9798 的情报信息

https://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/server/core.c?r1=1805223&r2=1807754&pathrev=1807754&view=patch x_refsource_MISC
https://security.netapp.com/advisory/ntap-20180601-0003/ x_refsource_CONFIRM
http://openwall.com/lists/oss-security/2017/09/18/2 x_refsource_MISC
https://security-tracker.debian.org/tracker/CVE-2017-9798 x_refsource_MISC
http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html x_refsource_CONFIRM
https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2017-9798 x_refsource_CONFIRM
http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html x_refsource_CONFIRM
https://blog.fuzzing-project.org/60-Optionsbleed-HTTP-OPTIONS-method-can-leak-Apaches-server-memory.html x_refsource_MISC
https://github.com/hannob/optionsbleed x_refsource_MISC
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html x_refsource_MISC
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03909en_us x_refsource_CONFIRM
https://support.apple.com/HT208331 x_refsource_CONFIRM
http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html x_refsource_CONFIRM
https://blog.fuzzing-project.org/uploads/apache-2.2-optionsbleed-backport.patch x_refsource_MISC
https://www.tenable.com/security/tns-2019-09 x_refsource_CONFIRM
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html x_refsource_CONFIRM
https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html x_refsource_CONFIRM
https://github.com/apache/httpd/commit/4cc27823899e070268b906ca677ee838d07cf67a x_refsource_MISC
https://www.exploit-db.com/exploits/42745/ exploit x_refsource_EXPLOIT-DB
http://www.securityfocus.com/bid/100872 vdb-entry x_refsource_BID
http://www.securityfocus.com/bid/105598 vdb-entry x_refsource_BID
http://www.securitytracker.com/id/1039387 vdb-entry x_refsource_SECTRACK
http://www.debian.org/security/2017/dsa-3980 vendor-advisory x_refsource_DEBIAN
https://access.redhat.com/errata/RHSA-2017:3193 vendor-advisory x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2017:3113 vendor-advisory x_refsource_REDHAT
https://security.gentoo.org/glsa/201710-32 vendor-advisory x_refsource_GENTOO
https://access.redhat.com/errata/RHSA-2017:3194 vendor-advisory x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2017:3114 vendor-advisory x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2017:3476 vendor-advisory x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2017:3239 vendor-advisory x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2017:3018 vendor-advisory x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2017:3195 vendor-advisory x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2017:3240 vendor-advisory x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2017:3475 vendor-advisory x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2017:3477 vendor-advisory x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2017:2882 vendor-advisory x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2017:2972 vendor-advisory x_refsource_REDHAT
https://lists.apache.org/thread.html/rfcf929bd33a6833e3f0c35eebdad70d5060665f9c4e17ea467c66770%40%3Ccvs.httpd.apache.org%3E mailing-list x_refsource_MLIST
https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E mailing-list x_refsource_MLIST
https://lists.apache.org/thread.html/r15f9aa4427581a1aecb4063f1b4b983511ae1c9935e2a0a6876dad3c%40%3Ccvs.httpd.apache.org%3E mailing-list x_refsource_MLIST
https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E mailing-list x_refsource_MLIST
https://lists.apache.org/thread.html/r6521a7f62276340eabdb3339b2aa9a38c5f59d978497a1f794af53be%40%3Ccvs.httpd.apache.org%3E mailing-list x_refsource_MLIST
https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E mailing-list x_refsource_MLIST
https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E mailing-list x_refsource_MLIST
https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E mailing-list x_refsource_MLIST
https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E mailing-list x_refsource_MLIST
https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E mailing-list x_refsource_MLIST
https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E mailing-list x_refsource_MLIST
https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E mailing-list x_refsource_MLIST
https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E mailing-list x_refsource_MLIST
https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E mailing-list x_refsource_MLIST
https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E mailing-list x_refsource_MLIST
https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E mailing-list x_refsource_MLIST
https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E mailing-list x_refsource_MLIST
https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E mailing-list x_refsource_MLIST
https://nvd.nist.gov/vuln/detail/CVE-2017-9798

一、 漏洞 CVE-2017-9798 基础信息

漏洞标题

漏洞描述信息

CVSS信息

漏洞类别

漏洞标题

漏洞描述信息

CVSS信息

漏洞类别

漏洞标题

漏洞描述信息

CVSS信息

漏洞类别

二、漏洞 CVE-2017-9798 的公开POC

三、漏洞 CVE-2017-9798 的情报信息

一、漏洞 CVE-2017-9798 基础信息