Main Vulnerability Database SB2017080112

SB2017080112 - Ubuntu update for Apache HTTP Server

Published: August 1, 2017 Updated: August 4, 2017

Security Bulletin ID SB2017080112

Severity

Medium

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Information disclosure

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Information disclosure (CVE-ID: CVE-2017-9788)

The vulnerability allows a remote unauthenticated attacker to obtain potentially sensitive information on the targeted system.

The weakness exists due to improper initialization of the value placeholder in [Proxy-]Authorization headers of type 'Digest' before or between successive key=value assignments by mod_auth_digest. A remote attacker can provide an initial key with no '=' assignment to cause the stale value of uninitialized pool memory used by the prior request to leak.

Successful exploitation of the vulnerability results in information disclosure.

Remediation

Install update from vendor's website.

References

http://www.ubuntu.com/usn/usn-3370-2/