Проект Эдуарда Пройдакова
© Совет Виртуального компьютерного музея, 1997 — 2026. При использовании любых материалов сайта, включая графику и тексты, активная ссылка на www.computer-museum.ru обязательна.
: If a webmaster uses the Limit directive with an invalid or custom HTTP method in a .htaccess file, the server can leak small chunks of its process memory in the "Allow" header of its response.
CVE-2017-9798, discovered by Hanno Böck, was a use-after-free vulnerability in mod_http2 . When Apache 2.4.18 was compiled with HTTP/2 support (not default in 2.4.18, but common), an attacker could trigger a memory leak. The leak disclosed the contents of the server’s memory, potentially including htaccess directives, private keys, or session data.
Any worker process (even those running as a low-privileged user) can write to this shared memory segment.