CVE-2017-3169

Опубликовано: 20 июн. 2017

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Средний

Описание

In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, mod_ssl may dereference a NULL pointer when third-party modules call ap_hook_process_connection() during an HTTP request to an HTTPS port.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:apache:http_server:2.2.0:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.2.2:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.2.3:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.2.11:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.2.12:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.2.13:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.2.14:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.2.15:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.2.16:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.2.17:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.2.18:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.2.19:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.2.20:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.2.21:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.2.22:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.2.23:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.2.24:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.2.25:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.2.26:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.2.27:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.2.29:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.2.30:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.2.31:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.2.32:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.4.1:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.4.2:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.4.10:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.4.12:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.4.16:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.4.17:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.4.18:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.4.20:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.4.23:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.4.25:*:*:*:*:*:*:*

EPSS

Процентиль: 97%

0.3838

Средний

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-476

Связанные уязвимости

CVE-2017-3169

CVSS3: 9.8

ubuntu

больше 8 лет назад

In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, mod_ssl may dereference a NULL pointer when third-party modules call ap_hook_process_connection() during an HTTP request to an HTTPS port.

CVE-2017-3169

CVSS3: 3.7

redhat

больше 8 лет назад

In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, mod_ssl may dereference a NULL pointer when third-party modules call ap_hook_process_connection() during an HTTP request to an HTTPS port.

CVE-2017-3169

CVSS3: 9.8

debian

больше 8 лет назад

In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, mod_ssl m ...

GHSA-p3gj-wq33-qg67

CVSS3: 9.8

github

больше 3 лет назад

In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, mod_ssl may dereference a NULL pointer when third-party modules call ap_hook_process_connection() during an HTTP request to an HTTPS port.

BDU:2017-02152

CVSS3: 9.8

fstec

почти 9 лет назад

Уязвимость модуля mod_ssl веб-сервера Apache HTTP Server, позволяющая нарушителю получить доступ к локальным файлам

EPSS

Процентиль: 97%

0.3838

Средний

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-476