CVE-2017-9789 : When under stress, closing many connections, the HTTP/2 handling code in Apache

When under stress, closing many connections, the HTTP/2 handling code in Apache httpd 2.4.26 would sometimes access memory after it has been freed, resulting in potentially erratic behaviour.

Published 2017-07-13 16:29:00

Updated 2021-06-06 11:15:21

Source Apache Software Foundation

View at NVD, CVE.org

Products affected by CVE-2017-9789

Apache » Http Server » Version: 2.4.26
cpe:2.3:a:apache:http_server:2.4.26:*:*:*:*:*:*:*
Matching versions

Threat overview for CVE-2017-9789

Top countries where our scanners detected CVE-2017-9789

Top open port discovered on systems with this issue 80

IPs affected by CVE-2017-9789 7,311

Threat actors abusing to this issue? Yes

Find out if you^* are affected by CVE-2017-9789!

^*Directly or indirectly through your vendors, service providers and 3rd parties. Powered by attack surface intelligence from SecurityScorecard.

Exploit prediction scoring system (EPSS) score for CVE-2017-9789

EPSS FAQ

18.61%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 95 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2017-9789

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
5.0	MEDIUM	AV:N/AC:L/Au:N/C:N/I:N/A:P	10.0	2.9	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: None Integrity Impact: None Availability Impact: Partial
7.5	HIGH	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H	3.9	3.6	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: None Integrity: None Availability: High

CWE ids for CVE-2017-9789

CWE-416 Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2017-9789

http://www.securityfocus.com/bid/99568

Apache HTTP Server CVE-2017-9789 Denial of Service Vulnerability
Third Party Advisory;VDB Entry
https://security.netapp.com/advisory/ntap-20170911-0002/

July 2017 Apache httpd Server Vulnerabilities in Multiple NetApp Products | NetApp Product Security

CVEs referencing this url
https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234@%3Ccvs.httpd.apache.org%3E

Pony Mail!

CVEs referencing this url
https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f@%3Ccvs.httpd.apache.org%3E

Pony Mail!

CVEs referencing this url
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03908en_us

HPESBUX03908 rev.1 - HP-UX Web Server Suite running Apache on HP-UX 11iv3, Multiple Remote Vulnerabilities.

CVEs referencing this url
https://httpd.apache.org/security/vulnerabilities_24.html

httpd 2.4 vulnerabilities - The Apache HTTP Server Project
Release Notes;Vendor Advisory

CVEs referencing this url
https://lists.apache.org/thread.html/rfcf929bd33a6833e3f0c35eebdad70d5060665f9c4e17ea467c66770@%3Ccvs.httpd.apache.org%3E

svn commit: r1888194 [11/13] - /httpd/site/trunk/content/security/json/ - Pony Mail

CVEs referencing this url
https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a@%3Ccvs.httpd.apache.org%3E

svn commit: r1073140 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html s

CVEs referencing this url
https://lists.apache.org/thread.html/r15f9aa4427581a1aecb4063f1b4b983511ae1c9935e2a0a6876dad3c@%3Ccvs.httpd.apache.org%3E

svn commit: r1073139 [11/13] - in /websites/staging/httpd/trunk/content: ./ security/json/ - Pony Mail

CVEs referencing this url
https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E

svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/ - Pony Mail

CVEs referencing this url
https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a@%3Ccvs.httpd.apache.org%3E

svn commit: r1075467 [2/2] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_2

CVEs referencing this url
https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9@%3Ccvs.httpd.apache.org%3E

svn commit: r1075360 [3/3] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_2

CVEs referencing this url
https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830@%3Ccvs.httpd.apache.org%3E

Pony Mail!

CVEs referencing this url
https://support.apple.com/HT208221

About the security content of macOS High Sierra 10.13.1, Security Update 2017-001 Sierra, and Security Update 2017-004 El Capitan - Apple Support

CVEs referencing this url
https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba@%3Ccvs.httpd.apache.org%3E

svn commit: r1048743 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_

CVEs referencing this url
https://lists.apache.org/thread.html/r6521a7f62276340eabdb3339b2aa9a38c5f59d978497a1f794af53be@%3Ccvs.httpd.apache.org%3E

Pony Mail!

CVEs referencing this url
https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E

Pony Mail!

CVEs referencing this url
https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e@%3Ccvs.httpd.apache.org%3E

svn commit: r1073146 [3/3] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities-httpd.xml security/vulnerabilities_22.html security/vulnerabilities_24.html

CVEs referencing this url
http://www.securitytracker.com/id/1038907

Apache mod_http2 Memory Access Error Lets Remote Users Deny Service - SecurityTracker
Third Party Advisory;VDB Entry
https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d@%3Ccvs.httpd.apache.org%3E

svn commit: r1075470 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_2

CVEs referencing this url
https://security.gentoo.org/glsa/201710-32

Apache: Multiple vulnerabilities (GLSA 201710-32) — Gentoo security

CVEs referencing this url
https://lists.apache.org/thread.html/9d0098775bd83cf7c33ac5a077ef412c14ce939198921e639c734e20@%3Cannounce.httpd.apache.org%3E

CVE-2017-9789: Apache httpd 2.4 Read after free in mod_http2 - Pony Mail
Mailing List;Vendor Advisory