CVE-2017-3169

Опубликовано: 20 июн. 2017

Источник: redhat

CVSS3: 3.7

EPSS Средний

Описание

In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, mod_ssl may dereference a NULL pointer when third-party modules call ap_hook_process_connection() during an HTTP request to an HTTPS port.

A NULL pointer dereference flaw was found in the httpd's mod_ssl module. A remote attacker could use this flaw to cause an httpd child process to crash if another module used by httpd called a certain API function during the processing of an HTTPS request.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Enterprise Linux 5	httpd	Will not fix
Red Hat JBoss Enterprise Application Platform 5	jbossas	Not affected
Red Hat JBoss Enterprise Application Platform 6	jbossas	Will not fix
Red Hat JBoss Enterprise Web Server 1	httpd	Will not fix
Red Hat JBoss Enterprise Web Server 2	httpd	Will not fix
Red Hat JBoss Enterprise Web Server 3	httpd	Fix deferred
JBoss Core Services on RHEL 6	jbcs-httpd24-httpd	Fixed	RHSA-2017:3477	15.12.2017
JBoss Core Services on RHEL 6	jbcs-httpd24-mod_bmx	Fixed	RHSA-2017:3477	15.12.2017
JBoss Core Services on RHEL 6	jbcs-httpd24-mod_cluster-native	Fixed	RHSA-2017:3477	15.12.2017
JBoss Core Services on RHEL 7	jbcs-httpd24-httpd	Fixed	RHSA-2017:3476	15.12.2017

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-476

https://bugzilla.redhat.com/show_bug.cgi?id=1463197httpd: mod_ssl NULL pointer dereference

EPSS

Процентиль: 97%

0.3838

Средний

3.7 Low

CVSS3

Связанные уязвимости

CVE-2017-3169

CVSS3: 9.8

ubuntu

больше 8 лет назад

In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, mod_ssl may dereference a NULL pointer when third-party modules call ap_hook_process_connection() during an HTTP request to an HTTPS port.

CVE-2017-3169

CVSS3: 9.8

nvd

больше 8 лет назад

In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, mod_ssl may dereference a NULL pointer when third-party modules call ap_hook_process_connection() during an HTTP request to an HTTPS port.

CVE-2017-3169

CVSS3: 9.8

debian

больше 8 лет назад

In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, mod_ssl m ...

GHSA-p3gj-wq33-qg67

CVSS3: 9.8

github

больше 3 лет назад

In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, mod_ssl may dereference a NULL pointer when third-party modules call ap_hook_process_connection() during an HTTP request to an HTTPS port.

BDU:2017-02152

CVSS3: 9.8

fstec

почти 9 лет назад

Уязвимость модуля mod_ssl веб-сервера Apache HTTP Server, позволяющая нарушителю получить доступ к локальным файлам

EPSS

Процентиль: 97%

0.3838

Средний

3.7 Low

CVSS3