CVE - CVE-2017-3167

CVE-ID
CVE-2017-3167	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, use of the ap_get_basic_auth_pw() by third-party modules outside of the authentication phase may lead to authentication requirements being bypassed.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MLIST:[dev] 20170619 CVE-2017-3167: ap_get_basic_auth_pw authentication bypass URL:https://lists.apache.org/thread.html/8409e41a8f7dd9ded37141c38df001be930115428c3d64f70bbdb8b4@%3Cdev.httpd.apache.org%3E CONFIRM:https://www.nomachine.com/SU08O00185 CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html CONFIRM:https://support.apple.com/HT208221 CONFIRM:https://security.netapp.com/advisory/ntap-20180601-0002/ DEBIAN:DSA-3896 URL:http://www.debian.org/security/2017/dsa-3896 GENTOO:GLSA-201710-32 URL:https://security.gentoo.org/glsa/201710-32 REDHAT:RHSA-2017:3193 URL:https://access.redhat.com/errata/RHSA-2017:3193 REDHAT:RHSA-2017:3194 URL:https://access.redhat.com/errata/RHSA-2017:3194 REDHAT:RHSA-2017:3195 URL:https://access.redhat.com/errata/RHSA-2017:3195 REDHAT:RHSA-2017:3475 URL:https://access.redhat.com/errata/RHSA-2017:3475 REDHAT:RHSA-2017:3476 URL:https://access.redhat.com/errata/RHSA-2017:3476 REDHAT:RHSA-2017:3477 URL:https://access.redhat.com/errata/RHSA-2017:3477 REDHAT:RHSA-2017:2478 URL:https://access.redhat.com/errata/RHSA-2017:2478 REDHAT:RHSA-2017:2479 URL:https://access.redhat.com/errata/RHSA-2017:2479 REDHAT:RHSA-2017:2483 URL:https://access.redhat.com/errata/RHSA-2017:2483 BID:99135 URL:http://www.securityfocus.com/bid/99135 SECTRACK:1038711 URL:http://www.securitytracker.com/id/1038711
Assigning CNA
Apache Software Foundation
Date Entry Created
20161205	Disclaimer: The entry creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20161205)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an entry on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: cve@mitre.org