Search for vulnerabilities
Vulnerability details: VCID-6ak5-ayqx-z3g2
Vulnerability ID VCID-6ak5-ayqx-z3g2
Aliases CVE-2017-9788
Summary The value placeholder in [Proxy-]Authorization headers of type 'Digest' was not initialized or reset before or between successive key=value assignments. by mod_auth_digest. Providing an initial key with no '=' assignment could reflect the stale value of uninitialized pool memory used by the prior request, leading to leakage of potentially confidential information, and a segfault.
Status Published
Exploitability 0.5
Weighted Severity 9.0
Risk 4.5
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-456 Missing Initialization of a Variable
System Score Found at
cvssv3 4.8 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9788.json
epss 0.23364 https://api.first.org/data/v1/epss?cve=CVE-2017-9788
epss 0.23364 https://api.first.org/data/v1/epss?cve=CVE-2017-9788
epss 0.23364 https://api.first.org/data/v1/epss?cve=CVE-2017-9788
epss 0.51082 https://api.first.org/data/v1/epss?cve=CVE-2017-9788
epss 0.51082 https://api.first.org/data/v1/epss?cve=CVE-2017-9788
epss 0.51082 https://api.first.org/data/v1/epss?cve=CVE-2017-9788
epss 0.51082 https://api.first.org/data/v1/epss?cve=CVE-2017-9788
epss 0.51662 https://api.first.org/data/v1/epss?cve=CVE-2017-9788
epss 0.55918 https://api.first.org/data/v1/epss?cve=CVE-2017-9788
epss 0.55918 https://api.first.org/data/v1/epss?cve=CVE-2017-9788
epss 0.55918 https://api.first.org/data/v1/epss?cve=CVE-2017-9788
epss 0.55918 https://api.first.org/data/v1/epss?cve=CVE-2017-9788
epss 0.55918 https://api.first.org/data/v1/epss?cve=CVE-2017-9788
cvssv2 4 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3 4.8 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
apache_httpd important https://httpd.apache.org/security/json/CVE-2017-9788.json
archlinux Critical https://security.archlinux.org/AVG-350
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9788.json
https://api.first.org/data/v1/epss?cve=CVE-2017-9788
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9788
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
1470748 https://bugzilla.redhat.com/show_bug.cgi?id=1470748
868467 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=868467
ASA-201707-15 https://security.archlinux.org/ASA-201707-15
AVG-350 https://security.archlinux.org/AVG-350
CVE-2017-9788 https://httpd.apache.org/security/json/CVE-2017-9788.json
RHSA-2017:2478 https://access.redhat.com/errata/RHSA-2017:2478
RHSA-2017:2479 https://access.redhat.com/errata/RHSA-2017:2479
RHSA-2017:2483 https://access.redhat.com/errata/RHSA-2017:2483
RHSA-2017:2708 https://access.redhat.com/errata/RHSA-2017:2708
RHSA-2017:2709 https://access.redhat.com/errata/RHSA-2017:2709
RHSA-2017:2710 https://access.redhat.com/errata/RHSA-2017:2710
RHSA-2017:3193 https://access.redhat.com/errata/RHSA-2017:3193
RHSA-2017:3194 https://access.redhat.com/errata/RHSA-2017:3194
RHSA-2017:3195 https://access.redhat.com/errata/RHSA-2017:3195
RHSA-2017:3239 https://access.redhat.com/errata/RHSA-2017:3239
RHSA-2017:3240 https://access.redhat.com/errata/RHSA-2017:3240
USN-3370-1 https://usn.ubuntu.com/3370-1/
USN-3370-2 https://usn.ubuntu.com/3370-2/
No exploits are available.
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9788.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: AV:N/AC:H/Au:N/C:P/I:N/A:P Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.95767
EPSS Score 0.23364
Published At Aug. 1, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2025-07-31T08:29:03.794625+00:00 Apache HTTPD Importer Import https://httpd.apache.org/security/json/CVE-2017-9788.json 37.0.0