CVE-2017-9798

Public on 2017-09-18
Modified on 2017-09-18
Description
A use-after-free flaw was found in the way httpd handled invalid and previously unregistered HTTP methods specified in the Limit directive used in an .htaccess file. A remote attacker could possibly use this flaw to disclose portions of the server memory, or cause httpd child process to crash.
Severity
Medium
CVSS v3 Base Score
5.9
See breakdown

Affected Packages

Platform Package Release Date Advisory
Amazon Linux 1 httpd 2017-09-18 15:32 ALAS-2017-896
Amazon Linux 1 httpd24 2017-09-18 15:32 ALAS-2017-896

CVSS Scores

Score Type Score Vector
Amazon Linux CVSSv3 5.9 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
NVD CVSSv2 5.0 AV:N/AC:L/Au:N/C:P/I:N/A:N
NVD CVSSv3 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N