Log Message: |
SECURITY: CVE-2017-9788: Uninitialized memory reflection in mod_auth_digest.
The value placeholder in [Proxy-]Authorization headers type 'Digest' was not
initialized or reset before or between successive key=value assignments by
mod_auth_digest. Providing an initial key with no '=' assignment could reflect
the stale value of uninitialized pool memory used by the prior request, leading
to leakage of potentially confidential information, and a segfault.
Submitted by: wrowe
Backports: r1800919
Reviewed by: wrowe, jim, jchampion
|