apache http-server CVE-2017-9788 vulnerability in Apache and Other Products
Published on July 13, 2017

product logo product logo product logo product logo product logo product logo
In Apache httpd before 2.2.34 and 2.4.x before 2.4.27, the value placeholder in [Proxy-]Authorization headers of type 'Digest' was not initialized or reset before or between successive key=value assignments by mod_auth_digest. Providing an initial key with no '=' assignment could reflect the stale value of uninitialized pool memory used by the prior request, leading to leakage of potentially confidential information, and a segfault in other cases resulting in denial of service.

Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory NVD


Products Associated with CVE-2017-9788

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2017-9788 are published in these products:

Apache HTTP Server
 
NetApp Oncommand Unified Manager
 
NetApp Storage Automation Store
 
Oracle Secure Global Desktop
 
Apple macOS
 
Debian Linux
 
Red Hat Enterprise Linux Desktop
 
Red Hat Enterprise Linux Server
 
Red Hat Enterprise Linux Server Aus
 
Red Hat Enterprise Linux Server Eus
 
Red Hat Enterprise Linux Server Tus
 
Red Hat Enterprise Linux Workstation
 

Affected Versions

Apache Software Foundation Apache HTTP Server:

Exploit Probability

EPSS
52.64%
Percentile
97.93%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.