vulnerability
Oracle Linux: CVE-2017-3167: ELSA-2017-2479: httpd security update (IMPORTANT) (Multiple Advisories)
Severity | CVSS | Published | Added | Modified |
---|---|---|---|---|
7 | (AV:N/AC:H/Au:N/C:C/I:C/A:N) | Jun 20, 2017 | Aug 16, 2017 | Jan 16, 2025 |
Severity
7
CVSS
(AV:N/AC:H/Au:N/C:C/I:C/A:N)
Published
Jun 20, 2017
Added
Aug 16, 2017
Modified
Jan 16, 2025
Description
In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, use of the ap_get_basic_auth_pw() by third-party modules outside of the authentication phase may lead to authentication requirements being bypassed.
It was discovered that the use of httpd's ap_get_basic_auth_pw() API function outside of the authentication phase could lead to authentication bypass. A remote attacker could possibly use this flaw to bypass required authentication if the API was used incorrectly by one of the modules used by httpd.
It was discovered that the use of httpd's ap_get_basic_auth_pw() API function outside of the authentication phase could lead to authentication bypass. A remote attacker could possibly use this flaw to bypass required authentication if the API was used incorrectly by one of the modules used by httpd.
Solution(s)
oracle-linux-upgrade-httpdoracle-linux-upgrade-httpd-develoracle-linux-upgrade-httpd-manualoracle-linux-upgrade-httpd-toolsoracle-linux-upgrade-mod-ldaporacle-linux-upgrade-mod-proxy-htmloracle-linux-upgrade-mod-sessionoracle-linux-upgrade-mod-ssl

NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.