A vulnerability found in Apache HTTP Server (httpd) can cause certain systems to leak potentially sensitive data in response to HTTP OPTIONS requests, a researcher warned.
The flaw was discovered by freelance journalist and security researcher Hanno Böck, who has dubbed it “Optionsbleed.” Despite having a fancy name that is similar to the critical vulnerability known as Heartbleed due to them both “bleeding” memory contents, Optionsbleed is not as severe or as widespread.
Böck was analyzing HTTP methods in an effort to determine if they have any vulnerabilities when he noticed that requests with the OPTIONS methodmwere returning what appeared to be corrupted data via the “Allow” header.
Leave a reply
