* A use-after-free flaw was found in the way httpd handled invalid and
previously unregistered HTTP methods specified in the Limit directive used
in an .htaccess file. A remote attacker could possibly use this flaw to
disclose portions of the server memory, or cause httpd child process to
crash. (CVE-2017-9798)
* A regression was found in the Scientific Linux 6.9 version of httpd,
causing comments in the "Allow" and "Deny" configuration lines to be
parsed incorrectly. A web administrator could unintentionally allow any
client to access a restricted HTTP resource. (CVE-2017-12171)
--