You are here

Apache HTTP Server Vulnerabilities Related to Version 2.4.27

IDs: 
CVE-2017-9789, CVE-2017-9788
Keywords: 
httpd, apache, mod_http2, mod_auth_digest
Description: 

The Apache HTTP Server version 2.4.27 fixes two vulnerabilities [1].

Airlock WAF is not affected.

Details

CVE-2017-9788: Uninitialized memory reflection in mod_auth_digest. mod_auth_digest is not used by Airlock WAF.

CVE-2017-9789: Read after free in mod_http2.c. Airlock WAF uses a modified version of mod_http2 which is not affected.

Resolution: 

No action is required.

Component: 
Airlock
Airlock Vulnerability Status: 
Does not affect Airlock
Back-end Vulnerability Status: 
No action required