PT-2017-19188 · Apache+2 · Apache Httpd+3

Published

2017-07-11

Updated

2021-06-06

CVE-2017-9789

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Apache httpd version 2.4.26

Description The HTTP/2 handling code in Apache httpd sometimes accesses memory after it has been freed when under stress and closing many connections, resulting in potentially erratic behaviour.

Recommendations For Apache httpd version 2.4.26, consider updating to a newer version to mitigate the risk of erratic behaviour due to memory access issues. As a temporary workaround, consider restricting the number of concurrent connections to minimize the risk of exploitation.

Fix

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

ALT-PU-2017-1930

CVE-2017-9789

MGASA-2017-0298

SUSE-SU-2018:0261-1

Affected Products

Alt Linux

Apache Http Server

Apache Httpd

Suse

PT-2017-19188 · Apache+2 · Apache Httpd+3

CVE-2017-9789

Weakness Enumeration

Related Identifiers

Affected Products

References · 47