Home CVE Database CVE-2017-9788

CVE-2017-9788

Description

In Apache httpd before 2.2.34 and 2.4.x before 2.4.27, the value placeholder in [Proxy-]Authorization headers of type \'Digest\' was not initialized or reset before or between successive key=value assignments by mod_auth_digest. Providing an initial key with no \'=\' assignment could reflect the stale value of uninitialized pool memory used by the prior request, leading to leakage of potentially confidential information, and a segfault in other cases resulting in denial of service.

Priority: Medium
CVSS v3: 9.1
Publish Date: Jul 13, 2017
Related ID: --
CVSS v2: Critical
Modified Date: Jul 21, 2017

Find out more about CVE-2017-9788 from the MITRE-CVE dictionary and NIST NVD


Products Affected

Login may be required to access defects or downloads.

Related Products

Product Name Status Defect Fixed Downloads
Linux 7 SCP Not Vulnerable -- -- --
Linux 7 CGP Not Vulnerable -- -- --

Comments

apache2

Live chat
Online