BSA-2017-377

Brocade Fabric OS

2 more products

21668

20 September 2018

25 August 2017

Closed

High

7.4

N/A

CVE-2017-9788

Summary

Security Advisory ID : BSA-2017-377

Component : Apache HTTPD

Revision : 3.0: Final

In Apache httpd before 2.2.34 and 2.4.x before 2.4.27, the value placeholder in Proxy-Authorization headers of type 'Digest' was not initialized or reset before or between successive key=value assignments by mod_auth_digest. Providing an initial key with no '=' assignment could reflect the stale value of uninitialized pool memory used by the prior request, leading to leakage of potentially confidential information, and a segfault in other cases resulting in denial of service.

Products Confirmed Not Vulnerable

No Brocade Fibre Channel technology products from Broadcom are currently known to be affected by this vulnerability.

Revision History

Version Change Date
1.0 Initial Publication August 25, 2017
2.0 Updated to address BNA & WC October 27, 2017
3.0 Updated to reflect Fibre Channel Only September 20, 2018