CVE-2017-9788

Current Description

In Apache httpd before 2.2.34 and 2.4.x before 2.4.27, the value placeholder in [Proxy-]Authorization headers of type 'Digest' was not initialized or reset before or between successive key=value assignments by mod_auth_digest. Providing an initial key with no '=' assignment could reflect the stale value of uninitialized pool memory used by the prior request, leading to leakage of potentially confidential information, and a segfault in other cases resulting in denial of service.

Basic Data

PublishedJuly 13, 2017
Last ModifiedAugust 15, 2019
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeCWE-20
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:L/Au:N/C:P/I:N/A:P
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityLOW
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactPARTIAL
CVSS 2 - Availability ImpactPARTIAL
CVSS 2 - Base Score6.4
SeverityMEDIUM
Exploitability Score10.0
Impact Score4.9
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

CVSS 3 - Version3.0
CVSS 3 - Vector StringCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
CVSS 3 - Attack VectorNETWORK
CVSS 3 - Attack ComplexityLOW
CVSS 3 - Privileges RequiredNONE
CVSS 3 - User InteractionNONE
CVSS 3 - ScopeUNCHANGED
CVSS 3 - Confidentiality ImpactHIGH
CVSS 3 - Integrity ImpactNONE
CVSS 3 - Availability ImpactHIGH
CVSS 3 - Base Score9.1
CVSS 3 - Base SeverityCRITICAL
Exploitability Score3.9
Base SeverityCRITICAL

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationApacheHttp Server********2.2.33
    2.3ApplicationApacheHttp Server********2.4.02.4.26
  • OR - Configuration 2
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3OSDebianDebian Linux8.0*******
    2.3OSDebianDebian Linux9.0*******
  • OR - Configuration 3
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3OSAppleMac Os X********10.13.1
  • OR - Configuration 4
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationNetappOncommand Unified Manager-****7-mode**
    2.3ApplicationNetappStorage Automation Store-*******
  • OR - Configuration 5
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3OSRedhatEnterprise Linux Desktop6.0*******
    2.3OSRedhatEnterprise Linux Desktop7.0*******
    2.3OSRedhatEnterprise Linux Server6.0*******
    2.3OSRedhatEnterprise Linux Server7.0*******
    2.3OSRedhatEnterprise Linux Server Aus7.2*******
    2.3OSRedhatEnterprise Linux Server Aus7.3*******
    2.3OSRedhatEnterprise Linux Server Aus7.4*******
    2.3OSRedhatEnterprise Linux Server Aus7.6*******
    2.3OSRedhatEnterprise Linux Server Eus6.7*******
    2.3OSRedhatEnterprise Linux Server Eus7.2*******
    2.3OSRedhatEnterprise Linux Server Eus7.3*******
    2.3OSRedhatEnterprise Linux Server Eus7.4*******
    2.3OSRedhatEnterprise Linux Server Eus7.5*******
    2.3OSRedhatEnterprise Linux Server Eus7.6*******
    2.3OSRedhatEnterprise Linux Server Tus7.2*******
    2.3OSRedhatEnterprise Linux Server Tus7.3*******
    2.3OSRedhatEnterprise Linux Server Tus7.4*******
    2.3OSRedhatEnterprise Linux Server Tus7.6*******
    2.3OSRedhatEnterprise Linux Workstation6.0*******
    2.3OSRedhatEnterprise Linux Workstation7.0*******
  • AND
    • OR - Configuration 6
      Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
      2.3ApplicationRedhatJboss Core Services1.0*******
      2.3ApplicationRedhatJboss Enterprise Application Platform6.0.0*******
      2.3ApplicationRedhatJboss Enterprise Application Platform6.4.0*******
      2.3ApplicationRedhatJboss Enterprise Web Server2.0.0*******
    • OR Running on/with:
      Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
      2.3OSRedhatEnterprise Linux6.0*******
      2.3OSRedhatEnterprise Linux7.0*******
  • OR - Configuration 7
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationOracleSecure Global Desktop5.3*******

Vulnerable Software List

VendorProductVersions
Apple Mac Os X *
Debian Debian Linux 8.0, 9.0
Apache Http Server *
Redhat Enterprise Linux Workstation 6.0, 7.0
Redhat Jboss Core Services 1.0
Redhat Jboss Enterprise Application Platform 6.0.0, 6.4.0
Redhat Enterprise Linux Desktop 6.0, 7.0
Redhat Enterprise Linux Server Aus 7.2, 7.3, 7.4, 7.6
Redhat Jboss Enterprise Web Server 2.0.0
Redhat Enterprise Linux Server Tus 7.2, 7.3, 7.4, 7.6
Redhat Enterprise Linux Server Eus 6.7, 7.2, 7.3, 7.4, 7.5, 7.6
Redhat Enterprise Linux Server 6.0, 7.0
Netapp Storage Automation Store -
Netapp Oncommand Unified Manager -
Oracle Secure Global Desktop 5.3

References

NameSourceURLTags
DSA-3913http://www.debian.org/security/2017/dsa-3913DEBIANThird Party Advisory
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.htmlhttp://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.htmlCONFIRMPatch Third Party Advisory
99569http://www.securityfocus.com/bid/99569BIDThird Party Advisory VDB Entry
1038906http://www.securitytracker.com/id/1038906SECTRACKThird Party Advisory VDB Entry
RHSA-2017:2478https://access.redhat.com/errata/RHSA-2017:2478REDHATThird Party Advisory
RHSA-2017:2479https://access.redhat.com/errata/RHSA-2017:2479REDHATThird Party Advisory
RHSA-2017:2483https://access.redhat.com/errata/RHSA-2017:2483REDHATThird Party Advisory
RHSA-2017:2708https://access.redhat.com/errata/RHSA-2017:2708REDHATThird Party Advisory
RHSA-2017:2709https://access.redhat.com/errata/RHSA-2017:2709REDHATThird Party Advisory
RHSA-2017:2710https://access.redhat.com/errata/RHSA-2017:2710REDHATThird Party Advisory
RHSA-2017:3113https://access.redhat.com/errata/RHSA-2017:3113REDHATThird Party Advisory
RHSA-2017:3114https://access.redhat.com/errata/RHSA-2017:3114REDHATThird Party Advisory
RHSA-2017:3193https://access.redhat.com/errata/RHSA-2017:3193REDHATThird Party Advisory
RHSA-2017:3194https://access.redhat.com/errata/RHSA-2017:3194REDHATThird Party Advisory
RHSA-2017:3195https://access.redhat.com/errata/RHSA-2017:3195REDHATThird Party Advisory
RHSA-2017:3239https://access.redhat.com/errata/RHSA-2017:3239REDHATThird Party Advisory
RHSA-2017:3240https://access.redhat.com/errata/RHSA-2017:3240REDHATThird Party Advisory
https://httpd.apache.org/security/vulnerabilities_22.htmlhttps://httpd.apache.org/security/vulnerabilities_22.htmlCONFIRMVendor Advisory
https://httpd.apache.org/security/vulnerabilities_24.htmlhttps://httpd.apache.org/security/vulnerabilities_24.htmlCONFIRMVendor Advisory
[announce] 20170713 CVE-2017-9788: Uninitialized memory reflection in mod_auth_digesthttps://lists.apache.org/thread.html/0dd69204a6bd643cc4e9ccd008f07a9375525d977c6ebeb07a881afb@%3CannMLISTMailing List Mitigation Vendor Advisory
[httpd-cvs] 20190815 svn commit: r1048743 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.htmlhttps://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba@%3CcvsMLIST
[httpd-cvs] 20190815 svn commit: r1048742 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.htmlhttps://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830@%3CcvsMLIST
[httpd-cvs] 20190815 svn commit: r1048743 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.htmlhttps://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f@%3CcvsMLIST
[httpd-cvs] 20190815 svn commit: r1048742 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.htmlhttps://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53@%3CcvsMLIST
[httpd-cvs] 20200401 svn commit: r1058586 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.htmlhttps://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7@%3CcvMLIST
[httpd-cvs] 20200401 svn commit: r1058586 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.htmlhttps://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f@%3CcvMLIST
[httpd-cvs] 20200401 svn commit: r1058587 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.htmlhttps://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234@%3CcvMLIST
[httpd-cvs] 20200401 svn commit: r1058587 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.htmlhttps://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b@%3CcvMLIST
GLSA-201710-32https://security.gentoo.org/glsa/201710-32GENTOOThird Party Advisory
https://security.netapp.com/advisory/ntap-20170911-0002/https://security.netapp.com/advisory/ntap-20170911-0002/CONFIRMThird Party Advisory
https://support.apple.com/HT208221https://support.apple.com/HT208221CONFIRMThird Party Advisory
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03908en_ushttps://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03908en_usCONFIRMThird Party Advisory
https://www.tenable.com/security/tns-2019-09https://www.tenable.com/security/tns-2019-09CONFIRM