Checkout
wrowe
committed
on 06 Jul 17
SECURITY: CVE-2017-9788: Uninitialized memory reflection in mod_auth_digest.

The value placeholder in [Proxy-]Authorization headers type 'D… Show more
SECURITY: CVE-2017-9788: Uninitialized memory reflection in mod_auth_digest.

The value placeholder in [Proxy-]Authorization headers type 'Digest' was not

initialized or reset before or between successive key=value assignments by

mod_auth_digest.  Providing an initial key with no '=' assignment could reflect

the stale value of uninitialized pool memory used by the prior request, leading

to leakage of potentially confidential information, and a segfault.

Submitted by: wrowe

Backports: r1800919

Reviewed by: wrowe, jim, jchampion

Show less