PT-2017-3746 · Apache+2 · Httpd+2

Kawahara Masashi

Publicado

2017-10-19

Atualizado

2023-02-12

CVE-2017-12171

CVSS v3.1

6.5

Média

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions: httpd version 2.2.15-60

Description: A regression was found in httpd, causing comments in the "Allow" and "Deny" configuration lines to be parsed incorrectly. This issue is related to the use of memory after it has been freed when processing comments in the Allow and Deny lines of the Limit directive in the .htaccess configuration file. Exploitation of this issue may allow a remote attacker to cause a crash of the httpd child process or gain access to restricted HTTP resources.

Recommendations: For httpd version 2.2.15-60, consider updating to a newer version that includes a fix for this issue, as the current version may allow unintended access to restricted HTTP resources due to incorrect parsing of comments in configuration lines.

Correção

Improper Access Control

Use After Free

RCE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-284CWE-416CWE-20

Identificadores relacionados

BDU:2019-00234

CESA-2017_2972

CVE-2017-12171

RHSA-2017:2972

RHSA-2017_2972

Produtos afetados

Centos

Red Hat

Httpd

PT-2017-3746 · Apache+2 · Httpd+2

CVE-2017-12171

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 10