First published: Wed Oct 11 2017(Updated: )
The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.<br>Security Fix(es):<br><li> A use-after-free flaw was found in the way httpd handled invalid and previously unregistered HTTP methods specified in the Limit directive used in an .htaccess file. A remote attacker could possibly use this flaw to disclose portions of the server memory, or cause httpd child process to crash. (CVE-2017-9798)</li> Red Hat would like to thank Hanno Böck for reporting this issue.
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/httpd | <2.4.6-67.el7_4.5 | 2.4.6-67.el7_4.5 |
redhat/httpd | <2.4.6-67.el7_4.5 | 2.4.6-67.el7_4.5 |
redhat/httpd-debuginfo | <2.4.6-67.el7_4.5 | 2.4.6-67.el7_4.5 |
redhat/httpd-devel | <2.4.6-67.el7_4.5 | 2.4.6-67.el7_4.5 |
redhat/httpd-manual | <2.4.6-67.el7_4.5 | 2.4.6-67.el7_4.5 |
redhat/httpd-tools | <2.4.6-67.el7_4.5 | 2.4.6-67.el7_4.5 |
redhat/httpd-debuginfo | <2.4.6-67.el7_4.5 | 2.4.6-67.el7_4.5 |
redhat/httpd-devel | <2.4.6-67.el7_4.5 | 2.4.6-67.el7_4.5 |
redhat/httpd-tools | <2.4.6-67.el7_4.5 | 2.4.6-67.el7_4.5 |
redhat/httpd | <2.4.6-67.el7_4.5 | 2.4.6-67.el7_4.5 |
redhat/httpd-debuginfo | <2.4.6-67.el7_4.5 | 2.4.6-67.el7_4.5 |
redhat/httpd-devel | <2.4.6-67.el7_4.5 | 2.4.6-67.el7_4.5 |
redhat/httpd-tools | <2.4.6-67.el7_4.5 | 2.4.6-67.el7_4.5 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.