Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv2

CVE-2017-3169

Published: 20/06/2017 Updated: 07/11/2023
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 668
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Apache

Vulnerability Summary

In Apache httpd 2.2.x prior to 2.2.33 and 2.4.x prior to 2.4.26, mod_ssl may dereference a NULL pointer when third-party modules call ap_hook_process_connection() during an HTTP request to an HTTPS port.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

apache http server 2.2.23

apache http server 2.4.1

apache http server 2.4.20

apache http server 2.2.11

apache http server 2.2.0

apache http server 2.2.31

apache http server 2.2.13

apache http server 2.2.2

apache http server 2.4.12

apache http server 2.2.17

apache http server 2.2.16

apache http server 2.2.21

apache http server 2.4.23

apache http server 2.4.10

apache http server 2.2.14

apache http server 2.2.24

apache http server 2.2.25

apache http server 2.2.30

apache http server 2.2.22

apache http server 2.2.19

apache http server 2.2.27

apache http server 2.4.25

apache http server 2.4.18

apache http server 2.2.18

apache http server 2.2.12

apache http server 2.2.32

apache http server 2.2.29

apache http server 2.2.3

apache http server 2.4.2

apache http server 2.2.15

apache http server 2.2.20

apache http server 2.4.17

apache http server 2.4.16

apache http server 2.2.26

Vendor Advisories

Debian Security Advisories: DSA-3896-1 apache2 -- security update
Several vulnerabilities have been found in the Apache HTTPD server CVE-2017-3167 Emmanuel Dreyfus reported that the use of ap_get_basic_auth_pw() by third-party modules outside of the authentication phase may lead to authentication requirements being bypassed CVE-2017-3169 Vasileios Panopoulos of AdNovum Informatik AG discovered ...
Ubuntu Security Notice: apache2 vulnerabilities
Several security issues were fixed in Apache HTTP Server ...
Ubuntu Security Notice: apache2 vulnerabilities
Several security issues were fixed in Apache HTTP Server ...
Red Hat: Important: httpd security update
Synopsis Important: httpd security update Type/Severity Security Advisory: Important Topic An update for httpd is now available for Red Hat Enterprise Linux 72 Extended Update SupportRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring Sys ...
Red Hat: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.23 security update
Synopsis Important: Red Hat JBoss Core Services Apache HTTP Server 2423 security update Type/Severity Security Advisory: Important Topic An update is now available for JBoss Core Services on RHEL 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerabi ...
Red Hat: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.23 security update
Synopsis Important: Red Hat JBoss Core Services Apache HTTP Server 2423 security update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat JBoss Core ServicesRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerabili ...
Red Hat: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.23 security update
Synopsis Important: Red Hat JBoss Core Services Apache HTTP Server 2423 security update Type/Severity Security Advisory: Important Topic An update is now available for JBoss Core Services on RHEL 6Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerabi ...
Red Hat: Important: httpd security update
Synopsis Important: httpd security update Type/Severity Security Advisory: Important Topic An update for httpd is now available for Red Hat Enterprise Linux 73 Extended Update SupportRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring Sys ...
Red Hat: Important: httpd security update
Synopsis Important: httpd security update Type/Severity Security Advisory: Important Topic An update for httpd is now available for Red Hat Enterprise Linux 67 Extended Update SupportRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring Sys ...
Red Hat: CVE-2017-3169
A NULL pointer dereference flaw was found in the httpd's mod_ssl module A remote attacker could use this flaw to cause an httpd child process to crash if another module used by httpd called a certain API function during the processing of an HTTPS request ...
Amazon Linux AMI: ALAS-2017-863
ap_find_token() buffer overread:A buffer over-read flaw was found in the httpd's ap_find_token() function A remote attacker could use this flaw to cause httpd child process to crash via a specially crafted HTTP request (CVE-2017-7668 ) Apache HTTP Request Parsing Whitespace Defects:It was discovered that the HTTP parser in httpd incorrectly allow ...
Amazon Linux AMI: ALAS-2017-892
A NULL pointer dereference flaw was found in the httpd's mod_ssl module A remote attacker could use this flaw to cause an httpd child process to crash if another module used by httpd called a certain API function during the processing of an HTTPS request (CVE-2017-3169) It was discovered that the use of httpd's ap_get_basic_auth_pw() API function ...
Arch Linux Issues:
A NULL-pointer dereference leading to denial of service has been found in the mod_ssl component of Apache httpd < 2426 mod_ssl may dereference a NULL pointer when third-party modules call ap_hook_process_connection() during an HTTP request to an HTTPS port ...
Tenable Security Advisories: [R1] Tenable.sc 5.13.0 Fixes Multiple Third-Party Vulnerabilities
Tenablesc leverages third-party software to help provide underlying functionality Three separate third-party components (OpenSSL, Apache HTTP Server, SimpleSAMLphp) were found to contain vulnerabilities, and updated versions have been made available by the providers Out of caution and in line with good practice, Tenable opted to upgrade the bun ...

Github Repositories

https://github.com/AwMowl/offensive

final project offensive report

offensive final project offensive report Red Team: Summary of Operations Table of Contents Exposed Services Critical Vulnerabilities Exploitation Exposed Services TODO: Fill out the information below Nmap scan results for each machine reveal the below services and OS details: $ nmap nmap -sC -sV --reason -p 22,80,139,445 1921681110

https://github.com/gyoisamurai/GyoiThon

GyoiThon is a growing penetration test tool using Machine Learning.

GyoiThon: Next generation penetration test tool Japanese page is here Presentation January 25th,2018:JANOG41 March 23th,2018:Black Hat ASIA 2018 Arsenal August 12th,2018:DEFCON26 DemoLabs October 24th,2018:OWS in CSS2018 November 3rd,2018:AV TOKYO 2018 HIVE December 22-23th,2018:SECCON YOROZU 2018 March 28th,2019:Black Hat ASIA 2019 Arsenal Documents Installation Usage T

https://github.com/sanand34/Gyoithon-Updated-Ubuntu

With added support for OWASP broken websites testing, Also reports are generated.

GyoiThon: Next generation penetration test tool Check reports on click here Overview GyoiThon is Intelligence Gathering tool for Web Server GyoiThon execute remote access to target Web server and identifies product operated on the server such as CMS, Web server software, Framework, Programming Language etc, And, it can execute exploit modules to identified products using Meta

References

CWE-476http://www.securityfocus.com/bid/99134http://www.securitytracker.com/id/1038711https://www.nomachine.com/SU08O00185http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.htmlhttps://security.gentoo.org/glsa/201710-32http://www.debian.org/security/2017/dsa-3896https://support.apple.com/HT208221https://access.redhat.com/errata/RHSA-2017:3195https://access.redhat.com/errata/RHSA-2017:3194https://www.tenable.com/security/tns-2019-09https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03908en_ushttps://security.netapp.com/advisory/ntap-20180601-0002/https://github.com/gottburgm/Exploits/tree/master/CVE-2017-3169https://access.redhat.com/errata/RHSA-2017:2478https://access.redhat.com/errata/RHSA-2017:2479https://access.redhat.com/errata/RHSA-2017:2483https://access.redhat.com/errata/RHSA-2017:3475https://access.redhat.com/errata/RHSA-2017:3476https://access.redhat.com/errata/RHSA-2017:3477https://access.redhat.com/errata/RHSA-2017:3193https://lists.apache.org/thread.html/84bf7fcc5cad35d355f11839cbdd13cbc5ffc1d34675090bff0f96ae%40%3Cdev.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/r04e89e873d54116a0635ef2f7061c15acc5ed27ef7500997beb65d6f%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/rfcf929bd33a6833e3f0c35eebdad70d5060665f9c4e17ea467c66770%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/r6521a7f62276340eabdb3339b2aa9a38c5f59d978497a1f794af53be%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3Ehttps://nvd.nist.govhttps://www.debian.org/security/./dsa-3896https://usn.ubuntu.com/3340-1/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4040privilege escalationCVE-2024-4112CVE-2024-32872man-in-the-middleCVE-2024-32788bypassCVE-2024-3400CVE-2024-28976
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook