SimplerCloud Pte Ltd

×
×

News: Security Advisory: Optionsbleed Vulnerability Affecting Apache HTTPD

Published: 21/09/2017 Back

This advisory is provided as a courtesy.

We would like to bring to your attention on a vulnerability called "Optionsbleed", which affects all Apache (HTTPD) server running on most Linux systems, and some on Windows as well.

Impact

The vulnerability allows a remote user to obtain potentially sensitive information by sending a specially crafted HTTP OPTIONS request to trigger a use-after-free memory error.

Affected Systems

All unpatched Apache running on both Linux and Windows systems are affected.

How to Fix the Problem

Apache mostly runs on Linux systems. If you are running Apache on your Linux system, you may fix the problem by isntalling the latest patches for Apache provided by the distributions.

- On Ubuntu/Debian system:

apt-get update
apt-get upgrade

- On CentOS system:

yum update

Restart the servelet once all the updates have been installed.

Apache is not installed on Windows system by default, but if you are running Apache on your Windows system, you are advised to get the latest patches for your Apache and update your system.

More information

https://blog.fuzzing-project.org/60-Optionsbleed-HTTP-OPTIONS-method-can-leak-Apaches-server-memory.html
https://access.redhat.com/security/cve/CVE-2017-9798
https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-9798.html
http://www.securitytracker.com/id/1039387

Request Assistance

If you are running Apache on your system, we can perform the patch installation for you at a one-time discounted fee of $10. Please submit your order at Order -> Additional Services -> Vulnerability Fix - LINUX & WINDOWS: Linux Kernel "Use-After-Free", OpenSSL, GNU C Library, Poodle SSLV3, Stack Clash, Optionsbleed Vulnerability - $10.

Or please first open a support ticket and give us the hostname, IP address and OS template. You can find this information on your servelet's control panel.

For example:

Hostname: yourservelethostname
IP Address: 103.25.202.81
OS Template: CentOS 7.2

Thank you.