• Home
  • Archive
  • Tools
  • Contact Us
  • Forum

The Customize Windows

Technology Journal

  • Cloud Computing
  • Computer
  • Digital Photography
  • Windows 7
  • Archive
  • Cloud Computing
  • Virtualization
  • Computer and Internet
  • Digital Photography
  • Android
  • Sysadmin
  • Electronics
  • Big Data
  • Virtualization
  • Downloads
  • Web Development
  • Apple
  • Android
Advertisement
The Customize Windows > Computer and Internet > Optionsbleed (CVE-2017-9798) : Apache Web Server Memory Leak Bug

By Abhishek Ghosh September 24, 2017 5:59 pm Updated on September 24, 2017

Optionsbleed (CVE-2017-9798) : Apache Web Server Memory Leak Bug

Advertisement

Possibly most of the users are already aware, yet we may have our readers who are yet not aware of Optionsbleed. Optionsbleed (CVE-2017-9798) is a minor bug of Apache Web Server which may reveal password like data. Users are advised to update to patch. The bug was identified by a freelance journalist H. Böck in 2014 but has only received importance these days and in a dedicated update it has been patched in most repositories. The vulnerability, can be triggered by sending an “OPTIONS” request to the target server, usually used by users to determine which HTTP requests are supported by the server. Under certain conditions, however, the web server may attach the memory data to the response. It should be pointed out that Optionsbleed is no way closest to major matter like Heartbleed, under certain circumstances the Optionsbleed vulnerability can lead to leak of random information (including password). Optionsbleed does not represent a serious threat as only 466 sites in the Top 1 Million Alexa seem to be vulnerable.

However, it is still a pretty bad bug, especially for shared hosting environments as they allow each of the “guests” to capture (or at least they can try to do) the information of other users.

Optionsbleed (CVE-2017-9798) - Apache Web Server Memory Leak Bug
Advertisement

---

 

Optionsbleed (CVE-2017-9798) : Details & Patch

 

Affected Versions are Apache Web Server 2.2.34 and prior, Apache Web Server 2.4.x through 2.4.27. These conditions relate to the usage of the “Limit” option in .htaccess file, the bug appears if a webmaster tries to use the “Limit” directive with an invalid HTTP method :

Vim
1
2
3
<Limit I-Do-Not-Know>
Deny me, you, whatever
</Limit>

Obviously the case will be very less prevalent. Most importantly for virtual servers and dedicated servers, Apache official website does not recommend using .htaccess file over the main settings file for better performance.

This bug can be triggered on an Apache Web Server hosting multiple websites on the same web server, and the Limit setting of the webserver’s .htaccess file contains the same HTTP method as any of the individual web site’s .htaccess file being hosted by that server or on any Apache Web Server, regardless of the number of hosted websites, if a non-existent or invalid method is included in the Limit setting of the .htaccess file. Here are some official sources and the patch :

Vim
1
2
3
4
5
6
7
8
https://nakedsecurity.sophos.com/2017/09/19/apache-optionsbleed-vulnerability-what-you-need-to-know/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9798
https://www.safecomputing.umich.edu/security-alerts/patch-apache-web-servers-optionsbleed-vulnerability
https://blog.fuzzing-project.org/60-Optionsbleed-HTTP-OPTIONS-method-can-leak-Apaches-server-memory.html
https://www.cisecurity.org/optionsbleed-vulnerability-for-apache-web-servers/
https://support.plesk.com/hc/en-us/articles/115002176913-CVE-2017-9798-Optionsbleed-Apache-memory-leak
https://github.com/hannob/optionsbleed
https://blog.fuzzing-project.org/uploads/apache-2.2-optionsbleed-backport.patch

Tagged With CVE-2017-9798 , how to check apache memory leak vulnerability , Installing CVE-2017-9798-patch-2 4 patch windows

This Article Has Been Shared 533 Times!

Facebook Twitter Google+ Pinterest

About Abhishek Ghosh

Abhishek Ghosh is a Businessman, Orthopaedic Surgeon, Author and Blogger. You can keep touch with him on Google Plus - Abhishek Ghosh1 and on Twitter - @AbhishekCTRL.

Here’s what we’ve got for you which might like :

Articles Related to Optionsbleed (CVE-2017-9798) : Apache Web Server Memory Leak Bug

  • How To Perform Security Audits On Ubuntu 16.04 (With Lynis)

    Here Is How To Perform Security Audits On Ubuntu 16.04 With Lynis And Other Tools Which Are Appropriate On Cloud Server’s Shared Environment.

  • List of Free Project Hosting and Code Hosting For The Developers

    List of Free Project Hosting and Code Hosting is mainly intended for the Developers of Free Software and Open Source Projects. This is handy tool plus guide.

  • Damn Small Linux Plus XAMPP to Create WordPress Virtual Appliance

    Damn Small Linux Plus XAMPP to Create WordPress Virtual Appliance has advantages with a footprint of less than 100MB in size, you can upgrade to Debian later.

  • Installing Guacamole Browser VNC on Rackspace Cloud Server

    Installing Guacamole Browser VNC on Rackspace Cloud Server is actually not very difficult. You can install easily to enable a VNC Server as remote desktop.

  • Nano Text Editor Tips & Tricks

    Here Are Some Tips & Tricks for (Mac) OS X and GNU/Linux Nano Text Editor Including Shortcuts, Line Numbers, Going to Line Number etc. Basic Things.

Additionally, performing a search on this website can help you. Also, we have YouTube Videos.

Take The Conversation Further ...

We'd love to know your thoughts on this article.
Meet the Author over on Google+ or Twitter to join the conversation right now!

If you want to Advertise on our Article or want Business Partnership, you are invited to Contact us.

Contact Us

Subscribe To Our Free Newsletter

You can subscribe to our Free Once a Day, Regular Newsletter by clicking the subscribe button below.

Click To Subscribe Please Confirm the Subscription When Approval Email Will Arrive in Your Email Inbox as Second Step.

Search this website…

 

Popular Articles

Our Homepage is best place to find popular articles!

Here Are Some Good to Read Articles :

  • Cloud Computing Service Models
  • What is Cloud Computing?
  • Cloud Computing and Social Networks in Mobile Space
  • ARM Processor Architecture
  • What Camera Mode to Choose
  • Indispensable MySQL queries for custom fields in WordPress
  • Windows 7 Speech Recognition Scripting Related Tutorials

Social Networks

  • Google+ (13.7k Followers)
  • Pinterest (11.4K Followers)
  • Twitter (4.7k Followers)
  • Facebook (4.9k Followers)
  • LinkedIn (3.2k Followers)
  • YouTube (1.5k Followers)
  • GitHub (Repository)
  • GitHub (Gists)
Looking to publish sponsored article on our website?

Contact us

Recent Posts

  • WROOM ESP32 Example Codes For IBM Watson IoT Platform February 22, 2019
  • Getting Started With IBM Cloud IoT (Watson IoT Platform) February 22, 2019
  • ESP WROOM 32 : How To Setup ESP32 NodeMCU With Arduino IDE February 21, 2019
  • Arduino, NodeMCU ECG : AD8232 Single Lead ECG Module February 21, 2019
  • WiFi With Arduino For IoT : ESP8266, ESP32, NodeMCU, Adafruit Feather February 20, 2019

About This Article

Title: Optionsbleed (CVE-2017-9798) : Apache Web Server Memory Leak Bug
2017-09-24

Author: Abhishek Ghosh
Subjects: Computer and Internet

Is Part Of:


TheCustomizeWindows,

Sunday, September 24th, 2017,
Vol.1(01),
p.1–51593 [IoT Ready Journal]


Source:The Customize Windows
ISSN: 0019-5847 ;
E-ISSN: 0019-5847 ;
Publisher:
jima.in

Cite this article as: Abhishek Ghosh, "Optionsbleed (CVE-2017-9798) : Apache Web Server Memory Leak Bug," in The Customize Windows, September 24, 2017, February 23, 2019, https://thecustomizewindows.com/2017/09/optionsbleed-cve-2017-9798-apache-web-server-memory-leak-bug/.

This website uses cookies. If you do not want to allow us to use cookies and/or non-personalized Ads, kindly clear browser cookies after closing this webpage.

Read Cookie Policy.


PC users can consult Corrine Chorney for Security.

Want to know more about us? Read Notability and Mentions & Our Setup.

web analysis

Copyright © 2019 - The Customize Windows | dESIGNed by The Customize Windows

Copyright  · Privacy Policy  · Advertising Policy  · Terms of Service  · Refund Policy