Описание
In Apache httpd before 2.2.34 and 2.4.x before 2.4.27, the value placeholder in [Proxy-]Authorization headers of type 'Digest' was not initialized or reset before or between successive key=value assignments by mod_auth_digest. Providing an initial key with no '=' assignment could reflect the stale value of uninitialized pool memory used by the prior request, leading to leakage of potentially confidential information, and a segfault in other cases resulting in denial of service.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | released | 2.4.27-2ubuntu2 |
| esm-infra-legacy/trusty | released | 2.4.7-1ubuntu4.17 |
| esm-infra/xenial | released | 2.4.18-2ubuntu3.4 |
| precise/esm | not-affected | 2.2.22-1ubuntu1.13 |
| trusty | released | 2.4.7-1ubuntu4.17 |
| trusty/esm | released | 2.4.7-1ubuntu4.17 |
| upstream | released | 2.4.27 |
| vivid/ubuntu-core | DNE | |
| xenial | released | 2.4.18-2ubuntu3.4 |
| yakkety | ignored | end of life |
Показывать по
Ссылки на источники
EPSS
6.4 Medium
CVSS2
9.1 Critical
CVSS3
Связанные уязвимости
In Apache httpd before 2.2.34 and 2.4.x before 2.4.27, the value placeholder in [Proxy-]Authorization headers of type 'Digest' was not initialized or reset before or between successive key=value assignments by mod_auth_digest. Providing an initial key with no '=' assignment could reflect the stale value of uninitialized pool memory used by the prior request, leading to leakage of potentially confidential information, and a segfault in other cases resulting in denial of service.
In Apache httpd before 2.2.34 and 2.4.x before 2.4.27, the value placeholder in [Proxy-]Authorization headers of type 'Digest' was not initialized or reset before or between successive key=value assignments by mod_auth_digest. Providing an initial key with no '=' assignment could reflect the stale value of uninitialized pool memory used by the prior request, leading to leakage of potentially confidential information, and a segfault in other cases resulting in denial of service.
In Apache httpd before 2.2.34 and 2.4.x before 2.4.27, the value place ...
EPSS
6.4 Medium
CVSS2
9.1 Critical
CVSS3