You are here

Home › Apache HTTP Server Vulnerabilities Related to Version 2.4.27

Apache HTTP Server Vulnerabilities Related to Version 2.4.27

Submitted on 13. July 2017 - 16:37 by rischi.
Last update on 17. July 2017 - 16:50.
IDs: 
CVE-2017-9789, CVE-2017-9788
Keywords: 
httpd, apache, mod_http2, mod_auth_digest
Description: 

The Apache HTTP Server version 2.4.27 fixes two vulnerabilities [1].

Airlock WAF is not affected.

Details

CVE-2017-9788: Uninitialized memory reflection in mod_auth_digest. mod_auth_digest is not used by Airlock WAF.

CVE-2017-9789: Read after free in mod_http2.c. Airlock WAF uses a modified version of mod_http2 which is not affected.

Resolution: 

No action is required.

Component: 
Airlock
Airlock Vulnerability Status: 
Does not affect Airlock
Back-end Vulnerability Status: 
No action required
Reference: 
[1] Apache httpd 2.4 vulnerabilities
© Ergon Informatik AG