CVEID: CVE-2017-9798**
DESCRIPTION:** Apache HTTP Server could allow a remote attacker to obtain sensitive information, caused by a flaw in the HTTP OPTIONS method, aka Optionsbleed. By sending an OPTIONS HTTP request, a remote attacker could exploit this vulnerability to obtain sensitive information.
CVSS Base Score: 7.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/132159 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)

Affected Products and Versions

IBM Smart Cloud Entry 2.4, 3.1, and 3.2

Remediation/Fixes

Product

For all IBM Smart Cloud Entry releases, refer to information about the replacement program as per withdrawal announcement ENUS914-189. For information about the latest release of IBM Cloud Manager for Openstack, please see** **http://www-01.ibm.com/support/docview.wss?uid=isg400003605

Workarounds and Mitigations

None

checkpoint_advisories 2

openvas 25

f5 1

nessus 51

redhat 13

hackerone 1

ibm 19

prion 1

ubuntu 2

osv 4

httpd 2

altlinux 3

veracode 1

centos 2

packetstorm 1

metasploit 1

fedora 3

ubuntucve 1

mageia 2

archlinux 1

alpinelinux 1

amazon 1

debian 3

exploitpack 1

nvd 1

debiancve 1

cvelist 1

exploitdb 1

cve 1

freebsd 1

oraclelinux 2

slackware 1

redhatcve 1

zdt 1

seebug 1

attackerkb 1

photon 1

trendmicroblog 1

avleonov 1

gentoo 1

suse 1

symantec 1

kitploit 1

apple 2

oracle 6

checkpoint_advisories

Apache HTTP Optionsbleed Memory Leak (CVE-2017-9798)

2017-09-18 00:00:00

Apache HTTP OptionsBleed Memory Leak Scanner (CVE-2017-9798)

2017-10-15 00:00:00

openvas

Fedora Update for httpd FEDORA-2017-a52f252521

2017-09-28 00:00:00

Apache HTTP Server OPTIONS Memory Leak Vulnerability (Optionsbleed) - Version Check

2017-10-11 00:00:00

Slackware: Security Advisory (SSA:2017-261-01)

2022-04-21 00:00:00

K70084351 : Apache HTTPD vulnerability CVE-2017-9798

2017-09-19 00:00:00

nessus

Ubuntu 14.04 LTS / 16.04 LTS : Apache HTTP Server vulnerability (USN-3425-1)

2017-09-20 00:00:00

RHEL 6 / 7 : httpd24 (RHSA-2017:3018)

2024-04-27 00:00:00

Apache 2.4.x < 2.4.28 HTTP Vulnerability (OptionsBleed)

2017-10-13 00:00:00

redhat

(RHSA-2017:3018) Moderate: httpd24 security, bug fix, and enhancement update

2017-10-24 08:16:35

(RHSA-2017:2882) Moderate: httpd security update

2017-10-11 15:17:48

(RHSA-2017:2972) Moderate: httpd security update

2017-10-19 14:54:11

hackerone

Internet Bug Bounty: Optionsbleed / CVE-2017-9798

2017-09-19 18:04:00

ibm

Security Bulletin: A vulnerability in httpd affects PowerKVM

2018-06-18 01:38:34

Security Bulletin: Vulnerability CVE-2017-9798 in the IBM i HTTP Server affects IBM i.

2019-12-18 14:26:38

Security Bulletin: IBM Security Access Manager Appliance is affected by a HTTPD vulnerability (CVE-2017-9798)

2018-06-16 22:05:42

prion

Design/Logic Flaw

2017-09-18 15:29:00

ubuntu

Apache HTTP Server vulnerability

2017-09-19 00:00:00

Apache HTTP Server vulnerability

2017-10-24 00:00:00

osv

CVE-2017-9798

2017-09-18 15:29:00

apache2 - security update

2017-09-21 00:00:00

apache2 - security update

2017-09-20 00:00:00

httpd

Apache Httpd < 2.4.28 : Use-after-free when using <Limit > with an unrecognized method in .htaccess ("OptionsBleed")

2017-07-12 00:00:00

Apache Httpd < 2.2.35-never : Use-after-free when using <Limit > with an unrecognized method in .htaccess ("OptionsBleed")

2017-07-12 00:00:00

altlinux

Security fix for the ALT Linux 8 package apache2 version 1:2.4.28-alt1

2017-10-10 00:00:00

Security fix for the ALT Linux 10 package apache2 version 1:2.4.28-alt1

2017-10-10 00:00:00

Security fix for the ALT Linux 9 package apache2 version 1:2.4.28-alt1

2017-10-10 00:00:00

veracode

Use After Free

2019-01-15 09:20:26

centos

httpd, mod_ldap, mod_proxy_html, mod_session, mod_ssl security update

2017-10-11 20:46:20

httpd, mod_ssl security update

2017-10-20 21:13:38

packetstorm

Apache Optionsbleed Scanner

2024-09-01 00:00:00

metasploit

Apache Optionsbleed Scanner

2017-09-27 02:09:07

fedora

[SECURITY] Fedora 26 Update: httpd-2.4.27-3.fc26

2017-09-22 18:54:37

[SECURITY] Fedora 27 Update: httpd-2.4.27-8.fc27

2017-09-30 07:40:09

[SECURITY] Fedora 26 Update: httpd-2.4.33-4.fc26

2018-05-12 18:27:28

ubuntucve

CVE-2017-9798

2017-09-18 00:00:00

mageia

Updated apache packages fix security vulnerability

2018-01-01 13:38:51

Updated apache packages fix security vulnerability

2018-01-01 13:38:51

archlinux

[ASA-201709-15] apache: information disclosure

2017-09-18 00:00:00

alpinelinux

CVE-2017-9798

2017-09-18 15:29:00

amazon

Important: httpd24, httpd

2017-09-18 15:32:00

debian

[SECURITY] [DSA 3980-1] apache2 security update

2017-09-20 09:20:19

[SECURITY] [DSA 3980-1] apache2 security update

2017-09-20 09:20:19

[SECURITY] [DLA 1102-1] apache2 security update

2017-09-21 20:42:18

exploitpack

Apache 2.2.34 2.4.27 - OPTIONS Memory Leak

2017-09-18 00:00:00

nvd

CVE-2017-9798

2017-09-18 15:29:00

debiancve

CVE-2017-9798

2017-09-18 15:29:00

cvelist

CVE-2017-9798

2017-09-18 15:00:00

exploitdb

Apache < 2.2.34 / < 2.4.27 - OPTIONS Memory Leak

2017-09-18 00:00:00

cve

CVE-2017-9798

2017-09-18 15:29:00

freebsd

Apache -- HTTP OPTIONS method can leak server memory

2017-09-18 00:00:00

oraclelinux

httpd security update

2017-10-11 00:00:00

httpd security update

2017-10-19 00:00:00

slackware

[slackware-security] httpd

2017-09-18 19:20:15

redhatcve

CVE-2017-9798

2019-10-09 11:45:40

zdt

Apache - HTTP OPTIONS Memory Leak Exploit

2017-09-18 00:00:00

seebug

HTTP OPTIONS method can leak Apache's server memory(CVE-2017-9798) (Optionsbleed)

2017-09-19 00:00:00

attackerkb

CVE-2017-9798

2017-09-18 00:00:00

photon

Important Photon OS Security Update - PHSA-2017-0077

2017-10-11 00:00:00

trendmicroblog

TippingPoint Threat Intelligence and Zero-Day Coverage – Week of September 18, 2017

2017-09-22 14:10:02

avleonov

Vulnerability Databases: Classification and Registry

2018-06-05 15:57:41

gentoo

Apache: Multiple vulnerabilities

2017-10-29 00:00:00

suse

Security update for virtualbox (important)

2018-04-24 03:20:04

symantec

Apache HTTP Server Vulnerabilities Jul 2017 - Sep 2018

2018-11-07 08:01:01

kitploit

Jok3R - Network And Web Pentest Framework

2019-01-23 12:25:00

apple

About the security content of macOS High Sierra 10.13.2, Security Update 2017-002 Sierra, and Security Update 2017-005 El Capitan

2017-12-06 00:00:00

About the security content of macOS High Sierra 10.13.2, Security Update 2017-002 Sierra, and Security Update 2017-005 El Capitan - Apple Support

2020-07-27 08:21:38

oracle

Oracle Critical Patch Update - April 2018

2018-04-17 00:00:00

Oracle Critical Patch Update Advisory - January 2019

2019-01-15 00:00:00

Oracle Critical Patch Update - January 2018

2018-01-16 00:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

EPSS

0.974

Percentile

99.9%

JSON

Related for 91C10A77460E47F53661352C6380E6E959F0A94B552C3AE3314BBEC480C0AD09