BSA-2017-377
21668
20 September 2018
25 August 2017
Closed
High
7.4
N/A
CVE-2017-9788
Summary
Security Advisory ID : BSA-2017-377
Component : Apache HTTPD
Revision : 3.0: Final
In Apache httpd before 2.2.34 and 2.4.x before 2.4.27, the value placeholder in Proxy-Authorization headers of type 'Digest' was not initialized or reset before or between successive key=value assignments by mod_auth_digest. Providing an initial key with no '=' assignment could reflect the stale value of uninitialized pool memory used by the prior request, leading to leakage of potentially confidential information, and a segfault in other cases resulting in denial of service.
Products Confirmed Not VulnerableNo Brocade Fibre Channel technology products from Broadcom are currently known to be affected by this vulnerability.
Revision History
Version | Change | Date |
---|---|---|
1.0 | Initial Publication | August 25, 2017 |
2.0 | Updated to address BNA & WC | October 27, 2017 |
3.0 | Updated to reflect Fibre Channel Only | September 20, 2018 |