VDB

GCVE-VVD-MAGEIA-2017-298

GCVE-VVD-MAGEIA-2017-298
Advisory Published
Vulnetix · Advisory published August 24, 2017
In Apache httpd before 2.4.27, the value placeholder in [Proxy-]Authorization headers of type 'Digest' was not initialized or reset before or between successive key=value assignments by mod_auth_digest. Providing an initial key with no '=' assignment could reflect the stale value of uninitialized pool memory used by the prior request, leading to leakage of potentially confidential information, and a segfault in other cases resulting in denial of service (CVE-2017-9788). When under stress, closing many connections, the HTTP/2 handling code in Apache httpd 2.4.26 would sometimes access memory after it has been freed, resulting in potentially erratic behavior (CVE-2017-9789).
Download JSON Open in Console

Affected Products

VendorProductVersionsPlatforms
Mageiaapache0 (affected), 2.4.27-1.mga6 (unaffected)

Aliases

CVE-2017-9789

Transitive aliases

GHSA-p7q7-pxmj-xgvjEUVD-2017-18717

References

Updated apache packages fix security vulnerabilities
advisory
Updated apache packages fix security vulnerabilities
issue
Updated apache packages fix security vulnerabilities
issue
Updated apache packages fix security vulnerabilities
issue

Browse GCVE Records

100 records in the GCVE database · Updated April 16, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

Open in Console Download JSON
$ Console Community · 100/wk Open console ›