Lucene search
Veracode Vulnerability DatabaseVERACODE:12687HistoryJan 15, 2019 - 9:20 a.m.
Authorization Bypass
2019-01-1509:20:24
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
13
0.002 Low
EPSS
Percentile
55.6%
httpd is vulnerable to authorization bypass attacks. The vulnerability exists as a regression was found in the Red Hat Enterprise Linux 6.9 version of httpd 2.2.15-60, causing comments in the “Allow” and “Deny” configuration lines to be parsed incorrectly. A web administrator could unintentionally allow any client to access a restricted HTTP resource.
References
www.securityfocus.com/bid/101516
www.securitytracker.com/id/1039633
access.redhat.com/errata/RHSA-2017:2972
access.redhat.com/security/cve/CVE-2017-12171
access.redhat.com/security/updates/classification/#moderate
bugzilla.redhat.com/show_bug.cgi?id=1493056
bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12171
Related
ubuntucve
ubuntucve
CVE-2017-12171
2018-07-26 00:00:00
nessus
nessus
NewStart CGSL MAIN 4.05 : httpd Vulnerability (NS-SA-2019-0156)
2019-08-12 00:00:00
Amazon Linux AMI : httpd (ALAS-2017-921)
2017-11-06 00:00:00
cvelist
cvelist
CVE-2017-12171
2018-07-26 17:00:00
f5
f5
K68804133 : Apache vulnerability CVE-2017-12171
2017-11-20 00:00:00
prion
prion
Design/Logic Flaw
2018-07-26 17:29:00
debiancve
debiancve
CVE-2017-12171
2018-07-26 17:29:00
nvd
nvd
CVE-2017-12171
2018-07-26 17:29:00
amazon
amazon
Medium: httpd
2017-11-02 20:21:00
cve
cve
CVE-2017-12171
2018-07-26 17:29:00
redhatcve
redhatcve
CVE-2017-12171
2017-10-19 10:49:36
openvas
openvas
RedHat Update for httpd RHSA-2017:2972-01
2017-10-20 00:00:00
CentOS Update for httpd CESA-2017:2972 centos6
2017-10-21 00:00:00
centos
centos
httpd, mod_ssl security update
2017-10-20 21:13:38
redhat
redhat
(RHSA-2017:2972) Moderate: httpd security update
2017-10-19 14:54:11
oraclelinux
oraclelinux
httpd security update
2017-10-19 00:00:00
ibm
ibm
symantec
symantec
Apache HTTP Server Vulnerabilities Jul 2017 - Sep 2018
2018-11-07 08:01:01