Apache HTTP server - (bulletinjul2017)ID: oval:org.secpod.oval:def:2101150 | Date: (C)2019-11-25 (M)2022-09-07 |
Class: PATCH | Family: unix |
In Apache httpd before 2.2.34 and 2.4.x before 2.4.27, the value placeholder in [Proxy-]Authorization headers of type "Digest" was not initialized or reset before or between successive key=value assignments by mod_auth_digest. Providing an initial key with no "=" assignment could reflect the stale value of uninitialized pool memory used by the prior request, leading to leakage of potentially confidential information, and a segfault in other cases resulting in denial of service.
Product: |
web/server/apache-24 |
web/server/apache-24/module/apache-ssl |
web/server/apache-24/module/apache-ssl-fips-140 |
web/server/apache-24/module/apache-lua |
web/server/apache-24/module/apache-ldap |
web/server/apache-24/module/apache-dbd |