CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-1000118
https://notcve.org/view.php?id=CVE-2017-1000118
Akka HTTP versions <= 10.0.5 Illegal Media Range in Accept Header Causes StackOverflowError Leading to Denial of Service Akka HTTP en su versión 10.0.5 y anteriores tiene una vulnerabilidad en Illegal Media Range en Accept Header que causa un error de desbordamiento de pila que desemboca en una denegación de servicio (DoS). • https://doc.akka.io/docs/akka-http/10.0.6/security/2017-05-03-illegal-media-range-in-accept-header-causes-stackoverflowerror.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 97%CPEs: 22EXPL: 6CVE-2017-9798 – Apache < 2.2.34 / < 2.4.27 - OPTIONS Memory Leak
https://notcve.org/view.php?id=CVE-2017-9798
Apache httpd allows remote attackers to read secret data from process memory if the Limit directive can be set in a user's .htaccess file, or if httpd.conf has certain misconfigurations, aka Optionsbleed. This affects the Apache HTTP Server through 2.2.34 and 2.4.x through 2.4.27. The attacker sends an unauthenticated OPTIONS HTTP request when attempting to read secret data. This is a use-after-free issue and thus secret data is not always sent, and the specific data depends on many factors including configuration. Exploitation with .htaccess can be blocked with a patch to the ap_limit_section function in server/core.c. • https://www.exploit-db.com/exploits/42745 https://github.com/nitrado/CVE-2017-9798 https://github.com/l0n3rs/CVE-2017-9798 http://openwall.com/lists/oss-security/2017/09/18/2 http://www.debian.org/security/2017/dsa-3980 http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html http://www.oracle.com/technetwork/securi • CWE-416: Use After Free •
CVSS: 9.1EPSS: 46%CPEs: 34EXPL: 0CVE-2017-9788 – httpd: Uninitialized memory reflection in mod_auth_digest
https://notcve.org/view.php?id=CVE-2017-9788
In Apache httpd before 2.2.34 and 2.4.x before 2.4.27, the value placeholder in [Proxy-]Authorization headers of type 'Digest' was not initialized or reset before or between successive key=value assignments by mod_auth_digest. Providing an initial key with no '=' assignment could reflect the stale value of uninitialized pool memory used by the prior request, leading to leakage of potentially confidential information, and a segfault in other cases resulting in denial of service. En Apache httpd, en versiones anteriores a la 2.2.34 y en versiones 2.4.x anteriores a la 2.4.27, el valor placeholder en cabeceras [Proxy-]Authorization del tipo 'Digest' no se inicializó o reinició antes de o entre las asignaciones sucesivas key=value por mod_auth_digest. Proporcionar una clave inicial sin asignación "=" podría reflejar el valor obsoleto de la memoria agrupada no inicializada utilizada por la petición anterior. Esto podría dar lugar al filtrado de información potencialmente confidencial y, en otros casos, a un fallo de segmentación que daría como resultado una denegación de servicio (DoS) It was discovered that the httpd's mod_auth_digest module did not properly initialize memory before using it when processing certain headers related to digest authentication. • http://www.debian.org/security/2017/dsa-3913 http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html http://www.securityfocus.com/bid/99569 http://www.securitytracker.com/id/1038906 https://access.redhat.com/errata/RHSA-2017:2478 https://access.redhat.com/errata/RHSA-2017:2479 https://access.redhat.com/errata/RHSA-2017:2483 https://access.redhat.com/errata/RHSA-2017:2708 https://access.redhat.com/errata/RHSA-2017:2709 https://access.redhat.com/errata/RHS • CWE-20: Improper Input Validation CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-456: Missing Initialization of a Variable •
CVSS: 7.5EPSS: 27%CPEs: 39EXPL: 0CVE-2017-7668 – httpd: ap_find_token() buffer overread
https://notcve.org/view.php?id=CVE-2017-7668
The HTTP strict parsing changes added in Apache httpd 2.2.32 and 2.4.24 introduced a bug in token list parsing, which allows ap_find_token() to search past the end of its input string. By maliciously crafting a sequence of request headers, an attacker may be able to cause a segmentation fault, or to force ap_find_token() to return an incorrect value. Los cambios en el análisis sintáctico estricto de HTTP añadidos en las versiones 2.2.32 y 2.4.24 de Apache httpd introdujeron un error en el análisis de listas de tokens. Esto permite que ap_find_token() busque más allá del final de la cadena de entrada. Un atacante puede conseguir causar un fallo de segmentación o forzar a que ap_find_token() devuelva un valor incorrecto mediante la manipulación de una secuencia de cabeceras de peticiones con fines maliciosos. • http://www.debian.org/security/2017/dsa-3896 http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html http://www.securityfocus.com/bid/99137 http://www.securitytracker.com/id/1038711 https://access.redhat.com/errata/RHSA-2017:2479 https://access.redhat.com/errata/RHSA-2017:2483 https://access.redhat.com/errata/RHSA-2017:3193 https://access.redhat.com/errata/RHSA-2017:3194 https://lists.apache.org/thread.html/55a068b6a5eec0b3198ae7d96a7cb412352d0ffa7716612c5af3745b%40%3Cdev.httpd. • CWE-122: Heap-based Buffer Overflow CWE-125: Out-of-bounds Read CWE-126: Buffer Over-read •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2017-7679 – httpd: mod_mime buffer overread
https://notcve.org/view.php?id=CVE-2017-7679
In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, mod_mime can read one byte past the end of a buffer when sending a malicious Content-Type response header. En Apache httpd, en versiones 2.2.x anteriores a la 2.2.33 y versiones 2.4.x anteriores a la 2.4.26, mod_mime puede leer un byte más allá del final de un búfer cuando está enviando una cabecera de respuesta del tipo Content maliciosa. A buffer over-read flaw was found in the httpd's mod_mime module. A user permitted to modify httpd's MIME configuration could use this flaw to cause httpd child process to crash. • http://www.debian.org/security/2017/dsa-3896 http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html http://www.securityfocus.com/bid/99170 http://www.securitytracker.com/id/1038711 https://access.redhat.com/errata/RHSA-2017:2478 https://access.redhat.com/errata/RHSA-2017:2479 https://access.redhat.com/errata/RHSA-2017:2483 https://access.redhat.com/errata/RHSA-2017:3193 https://access.redhat.com/errata/RHSA-2017:3194 https://access.redhat.com/errata/RHS • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read CWE-126: Buffer Over-read •