• Home
  • Archive
  • Tools
  • Contact Us

The Customize Windows

Technology Journal

  • Cloud Computing
  • Computer
  • Digital Photography
  • Windows 7
  • Archive
  • Cloud Computing
  • Virtualization
  • Computer and Internet
  • Digital Photography
  • Android
  • Sysadmin
  • Electronics
  • Big Data
  • Virtualization
  • Downloads
  • Web Development
  • Apple
  • Android
Advertisement
You are here: Home » Optionsbleed (CVE-2017-9798) : Apache Web Server Memory Leak Bug

By Abhishek Ghosh September 24, 2017 5:59 pm Updated on September 24, 2017

Optionsbleed (CVE-2017-9798) : Apache Web Server Memory Leak Bug

Advertisement

Possibly most of the users are already aware, yet we may have our readers who are yet not aware of Optionsbleed. Optionsbleed (CVE-2017-9798) is a minor bug of Apache Web Server which may reveal password like data. Users are advised to update to patch. The bug was identified by a freelance journalist H. Böck in 2014 but has only received importance these days and in a dedicated update it has been patched in most repositories. The vulnerability, can be triggered by sending an “OPTIONS” request to the target server, usually used by users to determine which HTTP requests are supported by the server. Under certain conditions, however, the web server may attach the memory data to the response. It should be pointed out that Optionsbleed is no way closest to major matter like Heartbleed, under certain circumstances the Optionsbleed vulnerability can lead to leak of random information (including password). Optionsbleed does not represent a serious threat as only 466 sites in the Top 1 Million Alexa seem to be vulnerable.

However, it is still a pretty bad bug, especially for shared hosting environments as they allow each of the “guests” to capture (or at least they can try to do) the information of other users.

Optionsbleed (CVE-2017-9798) - Apache Web Server Memory Leak Bug

 

Optionsbleed (CVE-2017-9798) : Details & Patch

 

Affected Versions are Apache Web Server 2.2.34 and prior, Apache Web Server 2.4.x through 2.4.27. These conditions relate to the usage of the “Limit” option in .htaccess file, the bug appears if a webmaster tries to use the “Limit” directive with an invalid HTTP method :

Advertisement

---

Vim
1
2
3
<Limit I-Do-Not-Know>
Deny me, you, whatever
</Limit>

Obviously the case will be very less prevalent. Most importantly for virtual servers and dedicated servers, Apache official website does not recommend using .htaccess file over the main settings file for better performance.

This bug can be triggered on an Apache Web Server hosting multiple websites on the same web server, and the Limit setting of the webserver’s .htaccess file contains the same HTTP method as any of the individual web site’s .htaccess file being hosted by that server or on any Apache Web Server, regardless of the number of hosted websites, if a non-existent or invalid method is included in the Limit setting of the .htaccess file. Here are some official sources and the patch :

Vim
1
2
3
4
5
6
7
8
https://nakedsecurity.sophos.com/2017/09/19/apache-optionsbleed-vulnerability-what-you-need-to-know/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9798
https://www.safecomputing.umich.edu/security-alerts/patch-apache-web-servers-optionsbleed-vulnerability
https://blog.fuzzing-project.org/60-Optionsbleed-HTTP-OPTIONS-method-can-leak-Apaches-server-memory.html
https://www.cisecurity.org/optionsbleed-vulnerability-for-apache-web-servers/
https://support.plesk.com/hc/en-us/articles/115002176913-CVE-2017-9798-Optionsbleed-Apache-memory-leak
https://github.com/hannob/optionsbleed
https://blog.fuzzing-project.org/uploads/apache-2.2-optionsbleed-backport.patch

Tagged With CVE-2017-9798 , how to check apache memory leak vulnerability , Installing CVE-2017-9798-patch-2 4 patch windows , is microsoft affected by CVE-2017-9798

This Article Has Been Shared 420 Times!

Facebook Twitter Pinterest
Abhishek Ghosh

About Abhishek Ghosh

Abhishek Ghosh is a Businessman, Surgeon, Author and Blogger. You can keep touch with him on Twitter - @AbhishekCTRL.

Here’s what we’ve got for you which might like :

Articles Related to Optionsbleed (CVE-2017-9798) : Apache Web Server Memory Leak Bug

  • How To Perform Security Audits On Ubuntu 16.04 (With Lynis)

    Here Is How To Perform Security Audits On Ubuntu 16.04 With Lynis And Other Tools Which Are Appropriate On Cloud Server’s Shared Environment.

  • List of Free Project Hosting and Code Hosting For The Developers

    List of Free Project Hosting and Code Hosting is mainly intended for the Developers of Free Software and Open Source Projects. This is handy tool plus guide.

  • Damn Small Linux Plus XAMPP to Create WordPress Virtual Appliance

    Damn Small Linux Plus XAMPP to Create WordPress Virtual Appliance has advantages with a footprint of less than 100MB in size, you can upgrade to Debian later.

  • Installing Guacamole Browser VNC on Rackspace Cloud Server

    Installing Guacamole Browser VNC on Rackspace Cloud Server is actually not very difficult. You can install easily to enable a VNC Server as remote desktop.

  • Nano Text Editor Tips & Tricks

    Here Are Some Tips & Tricks for (Mac) OS X and GNU/Linux Nano Text Editor Including Shortcuts, Line Numbers, Going to Line Number etc. Basic Things.

Additionally, performing a search on this website can help you. Also, we have YouTube Videos.

Take The Conversation Further ...

We'd love to know your thoughts on this article.
Meet the Author over on Twitter to join the conversation right now!

If you want to Advertise on our Article or want a Sponsored Article, you are invited to Contact us.

Contact Us

Subscribe To Our Free Newsletter

Get new posts by email:

Please Confirm the Subscription When Approval Email Will Arrive in Your Email Inbox as Second Step.

Search this website…

 

Popular Articles

Our Homepage is best place to find popular articles!

Here Are Some Good to Read Articles :

  • Cloud Computing Service Models
  • What is Cloud Computing?
  • Cloud Computing and Social Networks in Mobile Space
  • ARM Processor Architecture
  • What Camera Mode to Choose
  • Indispensable MySQL queries for custom fields in WordPress
  • Windows 7 Speech Recognition Scripting Related Tutorials

Social Networks

  • Pinterest (22.1K Followers)
  • Twitter (5.8k Followers)
  • Facebook (5.7k Followers)
  • LinkedIn (3.7k Followers)
  • YouTube (1.3k Followers)
  • GitHub (Repository)
  • GitHub (Gists)
Looking to publish sponsored article on our website?

Contact us

Recent Posts

  • FaaS Versus PaaS Deployment: What You Should Know May 18, 2022
  • What Is A Digital Media Consultancy? May 17, 2022
  • How Artificial Intelligence (AI) Is Changing The Way We Play Bingo May 16, 2022
  • Why You Need A Big Data Consultant May 15, 2022
  • The Connection Between AI And Online Slots May 13, 2022

About This Article

Cite this article as: Abhishek Ghosh, "Optionsbleed (CVE-2017-9798) : Apache Web Server Memory Leak Bug," in The Customize Windows, September 24, 2017, May 20, 2022, https://thecustomizewindows.com/2017/09/optionsbleed-cve-2017-9798-apache-web-server-memory-leak-bug/.

Source:The Customize Windows, JiMA.in

This website uses cookies. If you do not want to allow us to use cookies and/or non-personalized Ads, kindly clear browser cookies after closing this webpage.

Read Privacy Policy.

PC users can consult Corrine Chorney for Security.

Want to know more about us? Read Notability and Mentions & Our Setup.

Copyright © 2022 - The Customize Windows | dESIGNed by The Customize Windows

Copyright  · Privacy Policy  · Advertising Policy  · Terms of Service  · Refund Policy