• Home
  • Archive
  • Tools
  • Contact Us

The Customize Windows

Technology Journal

  • Cloud Computing
  • Computer
  • Digital Photography
  • Windows 7
  • Archive
  • Cloud Computing
  • Virtualization
  • Computer and Internet
  • Digital Photography
  • Android
  • Sysadmin
  • Electronics
  • Big Data
  • Virtualization
  • Downloads
  • Web Development
  • Apple
  • Android
Advertisement
You are here: Home » Optionsbleed (CVE-2017-9798) : Apache Web Server Memory Leak Bug

By Abhishek Ghosh September 24, 2017 5:59 pm Updated on September 24, 2017

Optionsbleed (CVE-2017-9798) : Apache Web Server Memory Leak Bug

Advertisement

Possibly most of the users are already aware, yet we may have our readers who are yet not aware of Optionsbleed. Optionsbleed (CVE-2017-9798) is a minor bug of Apache Web Server which may reveal password like data. Users are advised to update to patch. The bug was identified by a freelance journalist H. Böck in 2014 but has only received importance these days and in a dedicated update it has been patched in most repositories. The vulnerability, can be triggered by sending an “OPTIONS” request to the target server, usually used by users to determine which HTTP requests are supported by the server. Under certain conditions, however, the web server may attach the memory data to the response. It should be pointed out that Optionsbleed is no way closest to major matter like Heartbleed, under certain circumstances the Optionsbleed vulnerability can lead to leak of random information (including password). Optionsbleed does not represent a serious threat as only 466 sites in the Top 1 Million Alexa seem to be vulnerable.

However, it is still a pretty bad bug, especially for shared hosting environments as they allow each of the “guests” to capture (or at least they can try to do) the information of other users.

Optionsbleed (CVE-2017-9798) - Apache Web Server Memory Leak Bug

 

Optionsbleed (CVE-2017-9798) : Details & Patch

 

Affected Versions are Apache Web Server 2.2.34 and prior, Apache Web Server 2.4.x through 2.4.27. These conditions relate to the usage of the “Limit” option in .htaccess file, the bug appears if a webmaster tries to use the “Limit” directive with an invalid HTTP method :

Advertisement

---

Vim
1
2
3
<Limit I-Do-Not-Know>
Deny me, you, whatever
</Limit>

Obviously the case will be very less prevalent. Most importantly for virtual servers and dedicated servers, Apache official website does not recommend using .htaccess file over the main settings file for better performance.

This bug can be triggered on an Apache Web Server hosting multiple websites on the same web server, and the Limit setting of the webserver’s .htaccess file contains the same HTTP method as any of the individual web site’s .htaccess file being hosted by that server or on any Apache Web Server, regardless of the number of hosted websites, if a non-existent or invalid method is included in the Limit setting of the .htaccess file. Here are some official sources and the patch :

Vim
1
2
3
4
5
6
7
8
https://nakedsecurity.sophos.com/2017/09/19/apache-optionsbleed-vulnerability-what-you-need-to-know/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9798
https://www.safecomputing.umich.edu/security-alerts/patch-apache-web-servers-optionsbleed-vulnerability
https://blog.fuzzing-project.org/60-Optionsbleed-HTTP-OPTIONS-method-can-leak-Apaches-server-memory.html
https://www.cisecurity.org/optionsbleed-vulnerability-for-apache-web-servers/
https://support.plesk.com/hc/en-us/articles/115002176913-CVE-2017-9798-Optionsbleed-Apache-memory-leak
https://github.com/hannob/optionsbleed
https://blog.fuzzing-project.org/uploads/apache-2.2-optionsbleed-backport.patch

Tagged With CVE-2017-9798 , how to check apache memory leak vulnerability , Installing CVE-2017-9798-patch-2 4 patch windows , is microsoft affected by CVE-2017-9798

This Article Has Been Shared 387 Times!

Facebook Twitter Pinterest

Abhishek Ghosh

About Abhishek Ghosh

Abhishek Ghosh is a Businessman, Surgeon, Author and Blogger. You can keep touch with him on Twitter - @AbhishekCTRL.

Here’s what we’ve got for you which might like :

Articles Related to Optionsbleed (CVE-2017-9798) : Apache Web Server Memory Leak Bug

  • How To Perform Security Audits On Ubuntu 16.04 (With Lynis)

    Here Is How To Perform Security Audits On Ubuntu 16.04 With Lynis And Other Tools Which Are Appropriate On Cloud Server’s Shared Environment.

  • List of Free Project Hosting and Code Hosting For The Developers

    List of Free Project Hosting and Code Hosting is mainly intended for the Developers of Free Software and Open Source Projects. This is handy tool plus guide.

  • Damn Small Linux Plus XAMPP to Create WordPress Virtual Appliance

    Damn Small Linux Plus XAMPP to Create WordPress Virtual Appliance has advantages with a footprint of less than 100MB in size, you can upgrade to Debian later.

  • Installing Guacamole Browser VNC on Rackspace Cloud Server

    Installing Guacamole Browser VNC on Rackspace Cloud Server is actually not very difficult. You can install easily to enable a VNC Server as remote desktop.

  • Nano Text Editor Tips & Tricks

    Here Are Some Tips & Tricks for (Mac) OS X and GNU/Linux Nano Text Editor Including Shortcuts, Line Numbers, Going to Line Number etc. Basic Things.

Additionally, performing a search on this website can help you. Also, we have YouTube Videos.

Take The Conversation Further ...

We'd love to know your thoughts on this article.
Meet the Author over on Twitter to join the conversation right now!

If you want to Advertise on our Article or want a Sponsored Article, you are invited to Contact us.

Contact Us

Subscribe To Our Free Newsletter

Get new posts by email:

Please Confirm the Subscription When Approval Email Will Arrive in Your Email Inbox as Second Step.

Search this website…

 

Popular Articles

Our Homepage is best place to find popular articles!

Here Are Some Good to Read Articles :

  • Cloud Computing Service Models
  • What is Cloud Computing?
  • Cloud Computing and Social Networks in Mobile Space
  • ARM Processor Architecture
  • What Camera Mode to Choose
  • Indispensable MySQL queries for custom fields in WordPress
  • Windows 7 Speech Recognition Scripting Related Tutorials

Social Networks

  • Pinterest (24.3K Followers)
  • Twitter (5.8k Followers)
  • Facebook (5.7k Followers)
  • LinkedIn (3.7k Followers)
  • YouTube (1.3k Followers)
  • GitHub (Repository)
  • GitHub (Gists)
Looking to publish sponsored article on our website?

Contact us

Recent Posts

  • Cyberpunk Aesthetics: What’s in it Special January 27, 2023
  • How to Do Electrical Layout Plan for Adding Smart Switches January 26, 2023
  • What is a Data Mesh? January 25, 2023
  • What is Vehicular Ad-Hoc Network? January 24, 2023
  • Difference Between Panel Light, COB Light, Track Light January 21, 2023

About This Article

Cite this article as: Abhishek Ghosh, "Optionsbleed (CVE-2017-9798) : Apache Web Server Memory Leak Bug," in The Customize Windows, September 24, 2017, January 29, 2023, https://thecustomizewindows.com/2017/09/optionsbleed-cve-2017-9798-apache-web-server-memory-leak-bug/.

Source:The Customize Windows, JiMA.in

PC users can consult Corrine Chorney for Security.

Want to know more about us? Read Notability and Mentions & Our Setup.

Copyright © 2023 - The Customize Windows | dESIGNed by The Customize Windows

Copyright  · Privacy Policy  · Advertising Policy  · Terms of Service  · Refund Policy

We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept”, you consent to the use of ALL the cookies.
Do not sell my personal information.
Cookie SettingsAccept
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checkbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT