Apache – CVE-2017-9789

Description

Kayran has detected that the Version of Apache HTTP Server being used has a ‘Read after free in mod_http2’.

CVE-2017-9789 is categorized as a ‘Use After Free’ vulnerability (CWE-416).
A Use After Free occurs when we Reference memory after it has been freed. That can cause a program to crash, use unexpected values, or to execute codes.

If under stress, closing many connections, the HTTP/2 handling code in your Apache’s Version would sometimes access memory after it has been freed.
That may lead to unwanted results and and erratic behavior.

It could lead to a decrease in performance and interruptions in the availability of resources.

Recommendation

To fix CVE-2017-9789, upgrade the version of Apache HTTP Server being used to 2.4.27.

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9789

https://cwe.mitre.org/data/definitions/416.html

< Return to all Vulnerabilities

APT vs. ATP

In this article we will talk about APT vs. ATP. In other words, Advanced Persistent Threat and Advanced Threat Protection and the context between these

Read More »