← voltar
CVE-2017-3167

CVE-2017-3167

EPSS 20.2%CWE-287
Vexday Risk Score
8Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS EPSS 20.2%KEV nãoPoC Nuclei Metasploit Patch referenciado
Ciclo de vida
20 jun 2017Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, use of the ap_get_basic_auth_pw() by third-party modules outside of the authentication phase may lead to authentication requirements being bypassed.
Produtos afetados
Apache Software Foundation · Apache HTTP Server

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://access.redhat.com/errata/RHSA-2017:2478https://access.redhat.com/errata/RHSA-2017:2479https://access.redhat.com/errata/RHSA-2017:2483https://access.redhat.com/errata/RHSA-2017:3193https://access.redhat.com/errata/RHSA-2017:3194https://access.redhat.com/errata/RHSA-2017:3195https://access.redhat.com/errata/RHSA-2017:3475https://access.redhat.com/errata/RHSA-2017:3476https://access.redhat.com/errata/RHSA-2017:3477http://seclists.org/fulldisclosure/2024/Sep/22https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/8409e41a8f7dd9ded37141c38df001be930115428c3d64f70bbdb8b4%40%3Cdev.httpd.apache.org%3E