CVE-2017-12171

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions: httpd version 2.2.15-60

Description: A regression was found in httpd, causing comments in the "Allow" and "Deny" configuration lines to be parsed incorrectly. This issue is related to the use of memory after it has been freed when processing comments in the Allow and Deny lines of the Limit directive in the .htaccess configuration file. Exploitation of this issue may allow a remote attacker to cause a crash of the httpd child process or gain access to restricted HTTP resources.

Recommendations: For httpd version 2.2.15-60, consider updating to a newer version that includes a fix for this issue, as the current version may allow unintended access to restricted HTTP resources due to incorrect parsing of comments in configuration lines.

Fix

Improper Access Control

Use After Free

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-284CWE-416CWE-20

Related Identifiers

BDU:2019-00234

CESA-2017_2972

CVE-2017-12171

RHSA-2017:2972

RHSA-2017_2972

Affected Products

Centos

Red Hat

Httpd

CVE-2017-12171

Weakness Enumeration

Related Identifiers

Affected Products

References · 10