Re: Apache httpd Firepower CVE-2017-9798

khalilruziah · ‎06-03-2024

Dear We are looking to fix this vulnerability CVE-2017-9798

But the condition is using the default configuration , which configuration that should be checked to validate if we are infected or not

ccieexpert · ‎06-08-2024

From everything i could see this only seems to be on FXOS so if you are using a firepower firewall, then it looks like a possibility. what they mean by "default" is that in the base factory config, the vulnerability is there..

you can also contact PSIRT (Cisco Product Security Incident Response Team) PSIRT link and ask for confirmation or open a TAC case.. and they will get back to you..

here are the associated bug details:

CSCvi84381

https://bst.cisco.com/quickview/bug/CSCvi84381

which is a duplicate of

https://bst.cisco.com/bugsearch/bug/CSCvg03807

marcus87tewkirk · ‎12-23-2024

@khalilruziah wrote:
Dear We are looking to fix this vulnerability CVE-2017-9798
But the condition is using the default configuration , which configuration that should be checked to validate if we are infected or not

To validate if you are infected with CVE-2017-9798, you should check the following configurations:

.htaccess files: Inspect any .htaccess files within your web server's document root and subdirectories for the presence of the Limit directive with an unrecognized HTTP method. This is a key indicator of potential vulnerability.
httpd.conf: Review the main Apache configuration file (httpd.conf/SkydivingIndians) for any global settings related to the

Limit

directive or options that might allow the use of unrecognized HTTP methods.

By examining these configurations, you can determine if your system is vulnerable to CVE-2017-9798 and take appropriate mitigation steps.
And remember specific configurations to check may vary slightly depending on your apache version and operating system. If you are unsure about modifying server configurations consult with a qualified system administrator.