Apache HTTP Server 内存破坏漏洞(CVE-2017-9788)

Apache HTTP Server 内存破坏漏洞(CVE-2017-9788)


发布日期:2017-06-23
更新日期:2017-07-17

受影响系统:

Apache Group HTTP Server 2.2.9
Apache Group HTTP Server 2.2.8
Apache Group HTTP Server 2.2.6
Apache Group HTTP Server 2.2.5
Apache Group HTTP Server 2.2.4
Apache Group HTTP Server 2.2.32
Apache Group HTTP Server 2.2.31
Apache Group HTTP Server 2.2.3
Apache Group HTTP Server 2.2.29
Apache Group HTTP Server 2.2.27
Apache Group HTTP Server 2.2.26
Apache Group HTTP Server 2.2.25
Apache Group HTTP Server 2.2.24
Apache Group HTTP Server 2.2.23
Apache Group HTTP Server 2.2.22
Apache Group HTTP Server 2.2.21
Apache Group HTTP Server 2.2.20
Apache Group HTTP Server 2.2.2
Apache Group HTTP Server 2.2.19
Apache Group HTTP Server 2.2.18
Apache Group HTTP Server 2.2.17
Apache Group HTTP Server 2.2.16
Apache Group HTTP Server 2.2.15
Apache Group HTTP Server 2.2.14
Apache Group HTTP Server 2.2.13
Apache Group HTTP Server 2.2.12
Apache Group HTTP Server 2.2.11
Apache Group HTTP Server 2.2.10
Apache Group HTTP Server 2.2.0

描述:


BUGTRAQ  ID: 99569
CVE(CAN) ID: CVE-2017-9788

Apache HTTP Server是Apache软件基金会的一个开放源代码的网页服务器。

Apache httpd 某些版本,在mod_auth_digest连续分配key=value之前或之间,类型'Digest'的Proxy-]Authorization标头值占位符未被初始化或重置。若给初始健未分配'=',则可能反映出之前请求使用的未初始化内存池旧值,导致机密信息泄露,以及拒绝服务等。

<*来源:Robert Swiecki ([email protected]
  *>

建议:


厂商补丁:

Apache Group
------------
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:

https://httpd.apache.org/security/vulnerabilities_22.html
https://httpd.apache.org/security/vulnerabilities_24.html
https://lists.apache.org/thread.html/0dd69204a6bd643cc4e9ccd008f07a9375525d977c6ebeb07a881afb@%3Cannounce.httpd.apache.org%3E

更多Apache相关教程见以下内容

相关推荐