On September 18, 2017, the high-risk vulnerability CVE-2017-9798 was detected in Apache. The vulnerability was detected in Apache HTTP 2.2.34 and 2.4.27, and triggered by the ap_limit_section function in the “Limit” instruction. The memory information leaks when the website administrator attempts to use invalid HTTP methods to send HTTP requests in the “Limit” instruction.
See the following for more information about the vulnerability.
“Optionsbleed” - Apache HTTP OPTIONS memory leakage vulnerability
In Apache HTTP 2.2.34 and 2.4.27, a vulnerability is detected in the ap_limit_section function in the “Limit” instruction. This results in memory data leakage when an invalid HTTP method is requested.
Condition and method of exploitation
Apache httpd <= 2.2.34/2.4.27
Check whether any affected version of Apache is used.
How to fix or mitigate
Linux vendors have released the latest version. We recommend that you upgrade to the latest version.