[Forgot Password]
Login  Register Subscribe

24003

 
 

131425

 
 

103942

 
 

909

 
 

84057

 
 

133

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML view JSON

CVE-2017-3167Date: (C)2017-06-21   (M)2018-03-28


In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, use of the ap_get_basic_auth_pw() by third-party modules outside of the authentication phase may lead to authentication requirements being bypassed.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V3 Severity:CVSS V2 Severity:
CVSS Score : 9.8CVSS Score : 7.5
Exploit Score: 3.9Exploit Score: 10.0
Impact Score: 5.9Impact Score: 6.4
 
CVSS V3 Metrics:CVSS V2 Metrics:
Attack Vector: NETWORKAccess Vector: NETWORK
Attack Complexity: LOWAccess Complexity: LOW
Privileges Required: NONEAuthentication: NONE
User Interaction: NONEConfidentiality: PARTIAL
Scope: UNCHANGEDIntegrity: PARTIAL
Confidentiality: HIGHAvailability: PARTIAL
Integrity: HIGH 
Availability: HIGH 
  
Reference:
SECTRACK-1038711
BID-99135
DSA-3896
GLSA-201710-32
RHSA-2017:2478
RHSA-2017:2479
RHSA-2017:2483
RHSA-2017:3193
RHSA-2017:3194
RHSA-2017:3195
RHSA-2017:3475
RHSA-2017:3476
RHSA-2017:3477
https://lists.apache.org/thread.html/8409e41a8f7dd9ded37141c38df001be930115428c3d64f70bbdb8b4@%3Cdev.httpd.apache.org%3E
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
https://support.apple.com/HT208221
https://www.nomachine.com/SU08O00185

CPE    27
cpe:/a:apache:http_server:2.2.11
cpe:/a:apache:http_server:2.2.12
cpe:/a:apache:http_server:2.2.15
cpe:/a:apache:http_server:2.2.13
...
CWE    1
CWE-287
OVAL    17
oval:org.secpod.oval:def:42621
oval:org.secpod.oval:def:41596
oval:org.secpod.oval:def:42622
oval:org.secpod.oval:def:703676
...

© 2013 SecPod Technologies