← volver
CVE-2017-3167

CVE-2017-3167

EPSS 20.2%CWE-287
In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, use of the ap_get_basic_auth_pw() by third-party modules outside of the authentication phase may lead to authentication requirements being bypassed.
Productos afectados
Apache Software Foundation · Apache HTTP Server

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://access.redhat.com/errata/RHSA-2017:2478https://access.redhat.com/errata/RHSA-2017:2479https://access.redhat.com/errata/RHSA-2017:2483https://access.redhat.com/errata/RHSA-2017:3193https://access.redhat.com/errata/RHSA-2017:3194https://access.redhat.com/errata/RHSA-2017:3195https://access.redhat.com/errata/RHSA-2017:3475https://access.redhat.com/errata/RHSA-2017:3476https://access.redhat.com/errata/RHSA-2017:3477http://seclists.org/fulldisclosure/2024/Sep/22https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/8409e41a8f7dd9ded37141c38df001be930115428c3d64f70bbdb8b4%40%3Cdev.httpd.apache.org%3E