CVE-2017-9798

HIGH EXPLOITED RANSOMWARE

Apache httpd <2.4.28 - Use After Free

Title source: llm

Description

Apache httpd allows remote attackers to read secret data from process memory if the Limit directive can be set in a user's .htaccess file, or if httpd.conf has certain misconfigurations, aka Optionsbleed. This affects the Apache HTTP Server through 2.2.34 and 2.4.x through 2.4.27. The attacker sends an unauthenticated OPTIONS HTTP request when attempting to read secret data. This is a use-after-free issue and thus secret data is not always sent, and the specific data depends on many factors including configuration. Exploitation with .htaccess can be blocked with a patch to the ap_limit_section function in server/core.c.

Exploits (8)

nomisec SCANNER 18 stars

by brokensound77 · infoleak

https://github.com/brokensound77/OptionsBleed-POC-Scanner

View Code ZIP pw:eip

nomisec SCANNER 3 stars

by nitrado · local

https://github.com/nitrado/CVE-2017-9798

View Code ZIP pw:eip

nomisec SCANNER 2 stars

by pabloec20 · poc

https://github.com/pabloec20/optionsbleed

View Code ZIP pw:eip

github WORKING POC 1 stars

by vaishakhcv · perlpoc

https://github.com/vaishakhcv/CVE-exploits/tree/master/CVE-2017-9798

View Code ZIP pw:eip

github WORKING POC

by winterwolf32 · perlpoc

https://github.com/winterwolf32/CVE_Exploits-/tree/master/CVE-2017-9798

View Code ZIP pw:eip

nomisec SCANNER

by l0n3rs · local

https://github.com/l0n3rs/CVE-2017-9798

View Code ZIP pw:eip

metasploit SCANNER

by Hanno Böck, h00die · rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/http/apache_optionsbleed.rb

View Code ZIP pw:eip

exploitdb SCANNER

by Hanno Bock · pythonwebappslinux

https://www.exploit-db.com/exploits/42745

View Code ZIP pw:eip

References (56)

[Mailing List, VDB Entry] http://openwall.com/lists/oss-security/2017/09/18/2

[Third Party Advisory] http://www.debian.org/security/2017/dsa-3980

[Patch, Third Party Advisory] http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html

[Patch, Third Party Advisory] http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html

[Patch, Third Party Advisory] http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html

[Patch, Third Party Advisory] http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/100872

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/105598

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id/1039387

[Third Party Advisory] https://access.redhat.com/errata/RHSA-2017:2882

[Third Party Advisory] https://access.redhat.com/errata/RHSA-2017:2972

[Third Party Advisory] https://access.redhat.com/errata/RHSA-2017:3018

[Third Party Advisory] https://access.redhat.com/errata/RHSA-2017:3113

[Third Party Advisory] https://access.redhat.com/errata/RHSA-2017:3114

[Third Party Advisory] https://access.redhat.com/errata/RHSA-2017:3193

[Third Party Advisory] https://access.redhat.com/errata/RHSA-2017:3194

[Third Party Advisory] https://access.redhat.com/errata/RHSA-2017:3195

[Third Party Advisory] https://access.redhat.com/errata/RHSA-2017:3239

[Third Party Advisory] https://access.redhat.com/errata/RHSA-2017:3240

[Third Party Advisory] https://access.redhat.com/errata/RHSA-2017:3475

... and 36 more

Scores

CVSS v3 7.5

EPSS 0.9384

EPSS Percentile 99.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitation Intel

VulnCheck KEV 2022-02-22

Ransomware Use Confirmed

Classification

CWE

CWE-416

Status draft

Affected Products (22)

apache/http_server < 2.2.34

apache/http_server

apache/http_server

apache/http_server

apache/http_server

apache/http_server

apache/http_server

apache/http_server

apache/http_server

apache/http_server

apache/http_server

apache/http_server

apache/http_server

apache/http_server

apache/http_server

... and 7 more

Timeline

Published Sep 18, 2017

Tracked Since Feb 18, 2026