Free and open-source vulnerability scanner
Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.
Install NowAvailable for macOS, Windows, and Linux
RedHat Update for httpd RHSA-2017:2972-01
Information
Severity
Severity
Family
Family
CVSSv2 Base
CVSSv2 Base
CVSSv2 Vector
CVSSv2 Vector
Solution Type
Solution Type
Created
Created
Modified
Modified
Summary
The remote host is missing an update for the 'httpd' package(s) announced via the referenced advisory.
Insight
Insight
The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix(es): * A use-after-free flaw was found in the way httpd handled invalid and previously unregistered HTTP methods specified in the Limit directive used in an .htaccess file. A remote attacker could possibly use this flaw to disclose portions of the server memory, or cause httpd child process to crash. (CVE-2017-9798) * A regression was found in the Red Hat Enterprise Linux 6.9 version of httpd, causing comments in the 'Allow' and 'Deny' configuration lines to be parsed incorrectly. A web administrator could unintentionally allow any client to access a restricted HTTP resource. (CVE-2017-12171) Red Hat would like to thank Hanno Bck for reporting CVE-2017-9798 and KAWAHARA Masashi for reporting CVE-2017-12171.
Affected Software
Affected Software
httpd on Red Hat Enterprise Linux Desktop (v. 6), Red Hat Enterprise Linux Server (v. 6), Red Hat Enterprise Linux Workstation (v. 6)
Detection Method
Detection Method
Checks if a vulnerable version is present on the target host.
Solution
Solution
Please Install the Updated Packages.