Optionsbleed is a use after free error in Apache HTTP that causes a corrupted Allow header to be constructed in response to HTTP OPTIONS requests. This can leak pieces of arbitrary memory from the server process that may contain secrets. The memory pieces change after multiple requests, so for a vulnerable host an arbitrary number of memory chunks can be leaked.
The bug appears if a webmaster tries to use the "Limit" directive with an invalid HTTP method.
There won't be an apache release, unfortunately the apache team was unable to come up with a coordinated disclosure / release date.
I cannot reproduce it with apache 2.2, but this bug tends to be not reliably reproducible, so this is no assurance that there is no bug.
please test and mark stable:
stable for sparc (thanks to Rolf Eike Beer)
Stable on alpha.
@maintainers, please clean the vulnerable versions.
GLSA Vote: Yes.
This issue was resolved and addressed in
GLSA 201710-32 at https://security.gentoo.org/glsa/201710-32
by GLSA coordinator Aaron Bauman (b-man).
re-opened for cleanup.
The bug has been referenced in the following commit(s):
Author: Thomas Deutschmann <email@example.com>
AuthorDate: 2017-10-29 23:14:37 +0000
Commit: Thomas Deutschmann <firstname.lastname@example.org>
CommitDate: 2017-10-29 23:16:15 +0000
www-servers/apache: Security cleanup
Package-Manager: Portage-2.3.13, Repoman-2.3.4
www-servers/apache/apache-2.4.27.ebuild | 238 --------------------------------
1 file changed, 238 deletions(-)}
Repository is clean, all done.