CVE-2017-3169

CWE-476NULL Pointer Dereference12 documents9 sources
Severity
9.8CRITICAL
EPSS
34.5%
top 3.00%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Apache Software Foundation Apache Http ServerApache Http Server
Timeline
PublishedJun 20
Latest updateMay 13

Description

In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, mod_ssl may dereference a NULL pointer when third-party modules call ap_hook_process_connection() during an HTTP request to an HTTPS port.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages3 packages

NVDapache/http_server34 versions+33
CVEListV5apache_software_foundation/apache_http_server2.2.0 to 2.2.32, 2.4.0 to 2.4.25+1
Debianapache2< 2.4.25-4+3

🔴Vulnerability Details

4
GHSA
GHSA-p3gj-wq33-qg67: In Apache httpd 22022-05-13
OSV
apache2 vulnerabilities2017-06-26
OSV
CVE-2017-3169: In Apache httpd 22017-06-20
CVEList
CVE-2017-3169: In Apache httpd 22017-06-20

📋Vendor Advisories

5
Apple
CVE-2017-3169: macOS High Sierra 10.13.1, Security Update 2017-001 Sierra, and Security Update 2017-004 El Capitan2017-10-31
Ubuntu
Apache HTTP Server vulnerabilities2017-07-31
Ubuntu
Apache HTTP Server vulnerabilities2017-06-26
Red Hat
httpd: mod_ssl NULL pointer dereference2017-06-20
Debian
CVE-2017-3169: apache2 - In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, mod_ssl may derefer...2017

💬Community

2
Bugzilla
CVE-2017-3169 httpd: mod_ssl NULL pointer dereference2017-06-20
Bugzilla
CVE-2017-3167 CVE-2017-3169 CVE-2017-7659 CVE-2017-7668 CVE-2017-7679 httpd: various flaws [fedora-all]2017-06-20
CVE-2017-3169 (CRITICAL CVSS 9.8) | In Apache httpd 2.2.x before 2.2.33 | cvebase.io