This advisory is provided as a courtesy.
We would like to bring to your attention on a vulnerability called "Optionsbleed", which affects all Apache (HTTPD) server running on most Linux systems, and some on Windows as well.
The vulnerability allows a remote user to obtain potentially sensitive information by sending a specially crafted HTTP OPTIONS request to trigger a use-after-free memory error.
All unpatched Apache running on both Linux and Windows systems are affected.
How to Fix the Problem
Apache mostly runs on Linux systems. If you are running Apache on your Linux system, you may fix the problem by isntalling the latest patches for Apache provided by the distributions.
- On Ubuntu/Debian system:
- On CentOS system:
Restart the servelet once all the updates have been installed.
Apache is not installed on Windows system by default, but if you are running Apache on your Windows system, you are advised to get the latest patches for your Apache and update your system.
If you are running Apache on your system, we can perform the patch installation for you at a one-time discounted fee of $10. Please submit your order at Order -> Additional Services -> Vulnerability Fix - LINUX & WINDOWS: Linux Kernel "Use-After-Free", OpenSSL, GNU C Library, Poodle SSLV3, Stack Clash, Optionsbleed Vulnerability - $10.
Or please first open a support ticket and give us the hostname, IP address and OS template. You can find this information on your servelet's control panel.
IP Address: 126.96.36.199
OS Template: CentOS 7.2