Apache HTTP Server 内存破坏漏洞(CVE-2017-9788)
Apache HTTP Server 内存破坏漏洞(CVE-2017-9788)
发布日期:2017-06-23
更新日期:2017-07-17
受影响系统:
Apache Group HTTP Server 2.2.8
Apache Group HTTP Server 2.2.6
Apache Group HTTP Server 2.2.5
Apache Group HTTP Server 2.2.4
Apache Group HTTP Server 2.2.32
Apache Group HTTP Server 2.2.31
Apache Group HTTP Server 2.2.3
Apache Group HTTP Server 2.2.29
Apache Group HTTP Server 2.2.27
Apache Group HTTP Server 2.2.26
Apache Group HTTP Server 2.2.25
Apache Group HTTP Server 2.2.24
Apache Group HTTP Server 2.2.23
Apache Group HTTP Server 2.2.22
Apache Group HTTP Server 2.2.21
Apache Group HTTP Server 2.2.20
Apache Group HTTP Server 2.2.2
Apache Group HTTP Server 2.2.19
Apache Group HTTP Server 2.2.18
Apache Group HTTP Server 2.2.17
Apache Group HTTP Server 2.2.16
Apache Group HTTP Server 2.2.15
Apache Group HTTP Server 2.2.14
Apache Group HTTP Server 2.2.13
Apache Group HTTP Server 2.2.12
Apache Group HTTP Server 2.2.11
Apache Group HTTP Server 2.2.10
Apache Group HTTP Server 2.2.0
描述:
BUGTRAQ ID: 99569
CVE(CAN) ID: CVE-2017-9788
Apache HTTP Server是Apache软件基金会的一个开放源代码的网页服务器。
Apache httpd 某些版本,在mod_auth_digest连续分配key=value之前或之间,类型'Digest'的Proxy-]Authorization标头值占位符未被初始化或重置。若给初始健未分配'=',则可能反映出之前请求使用的未初始化内存池旧值,导致机密信息泄露,以及拒绝服务等。
<*来源:Robert Swiecki ([email protected])
*>
建议:
厂商补丁:
Apache Group
------------
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
https://httpd.apache.org/security/vulnerabilities_22.html
https://httpd.apache.org/security/vulnerabilities_24.html
https://lists.apache.org/thread.html/0dd69204a6bd643cc4e9ccd008f07a9375525d977c6ebeb07a881afb@%3Cannounce.httpd.apache.org%3E
更多Apache相关教程见以下内容:
相关推荐
loveyy 2020-07-05
itmale 2020-06-21
Kafka 2020-09-18
Wepe0 2020-10-30
杜倩 2020-10-29
windle 2020-10-29
minerd 2020-10-28
mengzuchao 2020-10-22
Junzizhiai 2020-10-10
bxqybxqy 2020-09-30
风之沙城 2020-09-24
kingszelda 2020-09-22
大唐帝国前营 2020-08-18
yixu0 2020-08-17
TangCuYu 2020-08-15
xiaoboliu00 2020-08-15
songshijiazuaa 2020-08-15
xclxcl 2020-08-03
zmzmmf 2020-08-03