cve/2017/CVE-2017-9788.md

### [CVE-2017-9788](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9788)
![](https://img.shields.io/static/v1?label=Product&message=Apache%20HTTP%20Server&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=Uninitialized%20memory%20reflection%20in%20mod_auth_digest&color=brighgreen)

### Description

In Apache httpd before 2.2.34 and 2.4.x before 2.4.27, the value placeholder in [Proxy-]Authorization headers of type 'Digest' was not initialized or reset before or between successive key=value assignments by mod_auth_digest. Providing an initial key with no '=' assignment could reflect the stale value of uninitialized pool memory used by the prior request, leading to leakage of potentially confidential information, and a segfault in other cases resulting in denial of service.

### POC

#### Reference
- http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html

#### Github
- https://github.com/8ctorres/SIND-Practicas
- https://github.com/ARPSyndicate/cvemon
- https://github.com/CAF-Extended/external_honggfuzz
- https://github.com/COVAIL/MITRE_NIST
- https://github.com/Corvus-AOSP/android_external_honggfuzz
- https://github.com/DButter/whitehat_public
- https://github.com/Davizao/exe-extra
- https://github.com/DennissimOS/platform_external_honggfuzz
- https://github.com/Dokukin1/Metasploitable
- https://github.com/ForkLineageOS/external_honggfuzz
- https://github.com/HavocR/external_honggfuzz
- https://github.com/Iknowmyname/Nmap-Scans-M2
- https://github.com/NikulinMS/13-01-hw
- https://github.com/Ozone-OS/external_honggfuzz
- https://github.com/PawanKumarPandit/Shodan-nrich
- https://github.com/ProtonAOSP-platina/android_external_honggfuzz
- https://github.com/ProtonAOSP/android_external_honggfuzz
- https://github.com/RoseSecurity-Research/Red-Teaming-TTPs
- https://github.com/RoseSecurity/Red-Teaming-TTPs
- https://github.com/StatiXOS/android_external_honggfuzz
- https://github.com/TheXPerienceProject/android_external_honggfuzz
- https://github.com/TinkerBoard-Android/external-honggfuzz
- https://github.com/TinkerBoard-Android/rockchip-android-external-honggfuzz
- https://github.com/TinkerBoard2-Android/external-honggfuzz
- https://github.com/TinkerEdgeR-Android/external_honggfuzz
- https://github.com/Tomoms/android_external_honggfuzz
- https://github.com/Wave-Project/external_honggfuzz
- https://github.com/Xorlent/Red-Teaming-TTPs
- https://github.com/Zhivarev/13-01-hw
- https://github.com/aosp-caf-upstream/platform_external_honggfuzz
- https://github.com/aosp10-public/external_honggfuzz
- https://github.com/bananadroid/android_external_honggfuzz
- https://github.com/bioly230/THM_Skynet
- https://github.com/crdroid-r/external_honggfuzz
- https://github.com/crdroidandroid/android_external_honggfuzz
- https://github.com/ep-infosec/50_google_honggfuzz
- https://github.com/firatesatoglu/shodanSearch
- https://github.com/google/honggfuzz
- https://github.com/imbaya2466/honggfuzz_READ
- https://github.com/jingpad-bsp/android_external_honggfuzz
- https://github.com/kasem545/vulnsearch
- https://github.com/keloud/TEC-MBSD2017
- https://github.com/khadas/android_external_honggfuzz
- https://github.com/lllnx/lllnx
- https://github.com/r3p3r/nixawk-honggfuzz
- https://github.com/random-aosp-stuff/android_external_honggfuzz
- https://github.com/retr0-13/nrich
- https://github.com/smabramov/Vulnerabilities-and-attacks-on-information-systems
- https://github.com/vshaliii/Basic-Pentesting-2-Vulnhub-Walkthrough
- https://github.com/vshaliii/DC-1-Vulnhub-Walkthrough
- https://github.com/vshaliii/DC-2-Vulnhub-Walkthrough
- https://github.com/vshaliii/DC-3-Vulnhub-Walkthrough
- https://github.com/yaap/external_honggfuzz
- https://github.com/zzzWTF/db-13-01