Apache.Optionsbleed.Scanner
Description
This indicates detection of an attempt scan to exploit an Information Disclosure vulnerability in Apache HTTP Server.
The vulnerability is due to a misconfiguration error in target system's .htaccess file when target system handling HTTP requests. A remote attacker can exploit this to gain access to secret data from process memory.
Signature for this vulnerability is a rate based signature and will trigger at a rate of 10 request per 50 second.
Affected Products
Apache HTTP Server 2.2.34 and prior
Apache HTTP Server 2.4.27 and prior
Debian Linux 7.0 to 9.0
Impact
Information Disclosure: Remote attackers can gain sensitive information from vulnerable systems.
Recommended Actions
Upgrade to the latest version available from the website.
https://svn.apache.org/viewvc?view=revision&revision=1807754
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |