PT-2017-19188 · Apache+2 · Apache Httpd+3

Publicado

2017-07-11

Atualizado

2021-06-06

CVE-2017-9789

CVSS v3.1

7.5

Alta

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Apache httpd version 2.4.26

Description The HTTP/2 handling code in Apache httpd sometimes accesses memory after it has been freed when under stress and closing many connections, resulting in potentially erratic behaviour.

Recommendations For Apache httpd version 2.4.26, consider updating to a newer version to mitigate the risk of erratic behaviour due to memory access issues. As a temporary workaround, consider restricting the number of concurrent connections to minimize the risk of exploitation.

Correção

Use After Free

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-416

Identificadores relacionados

ALT-PU-2017-1930

CVE-2017-9789

MGASA-2017-0298

SUSE-SU-2018:0261-1

Produtos afetados

Alt Linux

Apache Http Server

Apache Httpd

Suse

PT-2017-19188 · Apache+2 · Apache Httpd+3

CVE-2017-9789

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 47