Описание
In Apache httpd before 2.2.34 and 2.4.x before 2.4.27, the value placeholder in [Proxy-]Authorization headers of type 'Digest' was not initialized or reset before or between successive key=value assignments by mod_auth_digest. Providing an initial key with no '=' assignment could reflect the stale value of uninitialized pool memory used by the prior request, leading to leakage of potentially confidential information, and a segfault in other cases resulting in denial of service.
It was discovered that the httpd's mod_auth_digest module did not properly initialize memory before using it when processing certain headers related to digest authentication. A remote attacker could possibly use this flaw to disclose potentially sensitive information or cause httpd child process to crash by sending specially crafted requests to a server.
Меры по смягчению последствий
If you do not use digest authentication, do not load the "auth_digest_module". For example, on RHEL 7, this can be done by commenting out or removing the "LoadModule auth_digest_module modules/mod_auth_digest.so" line within the /etc/httpd/conf.modules.d/00-base.conf configuration file and restarting the service. You can then use the "httpd -t -D DUMP_MODULES" command to verify that the module is no longer loaded.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | httpd | Will not fix | ||
| Red Hat JBoss Enterprise Application Platform 5 | httpd | Not affected | ||
| Red Hat JBoss Enterprise Web Server 3 | httpd | Fix deferred | ||
| JBoss Core Services on RHEL 6 | jbcs-httpd24-httpd | Fixed | RHSA-2017:2710 | 13.09.2017 |
| JBoss Core Services on RHEL 6 | jbcs-httpd24-openssl | Fixed | RHSA-2017:2710 | 13.09.2017 |
| JBoss Core Services on RHEL 7 | jbcs-httpd24-httpd | Fixed | RHSA-2017:2709 | 13.09.2017 |
| JBoss Core Services on RHEL 7 | jbcs-httpd24-openssl | Fixed | RHSA-2017:2709 | 13.09.2017 |
| Red Hat Enterprise Linux 6 | httpd | Fixed | RHSA-2017:2478 | 15.08.2017 |
| Red Hat Enterprise Linux 6.7 Extended Update Support | httpd | Fixed | RHSA-2017:3195 | 13.11.2017 |
| Red Hat Enterprise Linux 7 | httpd | Fixed | RHSA-2017:2479 | 15.08.2017 |
Показывать по
Дополнительная информация
Статус:
EPSS
4.8 Medium
CVSS3
Связанные уязвимости
In Apache httpd before 2.2.34 and 2.4.x before 2.4.27, the value placeholder in [Proxy-]Authorization headers of type 'Digest' was not initialized or reset before or between successive key=value assignments by mod_auth_digest. Providing an initial key with no '=' assignment could reflect the stale value of uninitialized pool memory used by the prior request, leading to leakage of potentially confidential information, and a segfault in other cases resulting in denial of service.
In Apache httpd before 2.2.34 and 2.4.x before 2.4.27, the value placeholder in [Proxy-]Authorization headers of type 'Digest' was not initialized or reset before or between successive key=value assignments by mod_auth_digest. Providing an initial key with no '=' assignment could reflect the stale value of uninitialized pool memory used by the prior request, leading to leakage of potentially confidential information, and a segfault in other cases resulting in denial of service.
In Apache httpd before 2.2.34 and 2.4.x before 2.4.27, the value place ...
EPSS
4.8 Medium
CVSS3