CVE-2017-3169
httpd: mod_ssl NULL pointer dereference
Severity Score
9.8
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, mod_ssl may dereference a NULL pointer when third-party modules call ap_hook_process_connection() during an HTTP request to an HTTPS port.
En Apache httpd, en versiones 2.2.x anteriores a la 2.2.33 y versiones 2.4.x anteriores a la 2.4.26, mod_ssl podría desreferenciar un puntero NULL cuando los módulos de terceros llaman a ap_hook_process_connection() durante una petición HTTP a un puerto HTPS.
A NULL pointer dereference flaw was found in the httpd's mod_ssl module. A remote attacker could use this flaw to cause an httpd child process to crash if another module used by httpd called a certain API function during the processing of an HTTPS request.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2016-12-05 CVE Reserved
- 2017-06-20 CVE Published
- 2023-12-14 EPSS Updated
- 2024-08-05 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-476: NULL Pointer Dereference
CAPEC
References (44)
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
http://www.debian.org/security/2017/dsa-3896 | 2023-11-07 | |
https://access.redhat.com/errata/RHSA-2017:2478 | 2023-11-07 | |
https://access.redhat.com/errata/RHSA-2017:2479 | 2023-11-07 | |
https://access.redhat.com/errata/RHSA-2017:2483 | 2023-11-07 | |
https://access.redhat.com/errata/RHSA-2017:3193 | 2023-11-07 | |
https://access.redhat.com/errata/RHSA-2017:3194 | 2023-11-07 | |
https://access.redhat.com/errata/RHSA-2017:3195 | 2023-11-07 | |
https://access.redhat.com/errata/RHSA-2017:3475 | 2023-11-07 | |
https://access.redhat.com/errata/RHSA-2017:3476 | 2023-11-07 | |
https://access.redhat.com/errata/RHSA-2017:3477 | 2023-11-07 | |
https://security.gentoo.org/glsa/201710-32 | 2023-11-07 | |
https://access.redhat.com/security/cve/CVE-2017-3169 | 2017-12-15 | |
https://bugzilla.redhat.com/show_bug.cgi?id=1463197 | 2017-12-15 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Apache Search vendor "Apache" | Http Server Search vendor "Apache" for product "Http Server" | 2.2.0 Search vendor "Apache" for product "Http Server" and version "2.2.0" | - |
Affected
| ||||||
Apache Search vendor "Apache" | Http Server Search vendor "Apache" for product "Http Server" | 2.2.2 Search vendor "Apache" for product "Http Server" and version "2.2.2" | - |
Affected
| ||||||
Apache Search vendor "Apache" | Http Server Search vendor "Apache" for product "Http Server" | 2.2.3 Search vendor "Apache" for product "Http Server" and version "2.2.3" | - |
Affected
| ||||||
Apache Search vendor "Apache" | Http Server Search vendor "Apache" for product "Http Server" | 2.2.11 Search vendor "Apache" for product "Http Server" and version "2.2.11" | - |
Affected
| ||||||
Apache Search vendor "Apache" | Http Server Search vendor "Apache" for product "Http Server" | 2.2.12 Search vendor "Apache" for product "Http Server" and version "2.2.12" | - |
Affected
| ||||||
Apache Search vendor "Apache" | Http Server Search vendor "Apache" for product "Http Server" | 2.2.13 Search vendor "Apache" for product "Http Server" and version "2.2.13" | - |
Affected
| ||||||
Apache Search vendor "Apache" | Http Server Search vendor "Apache" for product "Http Server" | 2.2.14 Search vendor "Apache" for product "Http Server" and version "2.2.14" | - |
Affected
| ||||||
Apache Search vendor "Apache" | Http Server Search vendor "Apache" for product "Http Server" | 2.2.15 Search vendor "Apache" for product "Http Server" and version "2.2.15" | - |
Affected
| ||||||
Apache Search vendor "Apache" | Http Server Search vendor "Apache" for product "Http Server" | 2.2.16 Search vendor "Apache" for product "Http Server" and version "2.2.16" | - |
Affected
| ||||||
Apache Search vendor "Apache" | Http Server Search vendor "Apache" for product "Http Server" | 2.2.17 Search vendor "Apache" for product "Http Server" and version "2.2.17" | - |
Affected
| ||||||
Apache Search vendor "Apache" | Http Server Search vendor "Apache" for product "Http Server" | 2.2.18 Search vendor "Apache" for product "Http Server" and version "2.2.18" | - |
Affected
| ||||||
Apache Search vendor "Apache" | Http Server Search vendor "Apache" for product "Http Server" | 2.2.19 Search vendor "Apache" for product "Http Server" and version "2.2.19" | - |
Affected
| ||||||
Apache Search vendor "Apache" | Http Server Search vendor "Apache" for product "Http Server" | 2.2.20 Search vendor "Apache" for product "Http Server" and version "2.2.20" | - |
Affected
| ||||||
Apache Search vendor "Apache" | Http Server Search vendor "Apache" for product "Http Server" | 2.2.21 Search vendor "Apache" for product "Http Server" and version "2.2.21" | - |
Affected
| ||||||
Apache Search vendor "Apache" | Http Server Search vendor "Apache" for product "Http Server" | 2.2.22 Search vendor "Apache" for product "Http Server" and version "2.2.22" | - |
Affected
| ||||||
Apache Search vendor "Apache" | Http Server Search vendor "Apache" for product "Http Server" | 2.2.23 Search vendor "Apache" for product "Http Server" and version "2.2.23" | - |
Affected
| ||||||
Apache Search vendor "Apache" | Http Server Search vendor "Apache" for product "Http Server" | 2.2.24 Search vendor "Apache" for product "Http Server" and version "2.2.24" | - |
Affected
| ||||||
Apache Search vendor "Apache" | Http Server Search vendor "Apache" for product "Http Server" | 2.2.25 Search vendor "Apache" for product "Http Server" and version "2.2.25" | - |
Affected
| ||||||
Apache Search vendor "Apache" | Http Server Search vendor "Apache" for product "Http Server" | 2.2.26 Search vendor "Apache" for product "Http Server" and version "2.2.26" | - |
Affected
| ||||||
Apache Search vendor "Apache" | Http Server Search vendor "Apache" for product "Http Server" | 2.2.27 Search vendor "Apache" for product "Http Server" and version "2.2.27" | - |
Affected
| ||||||
Apache Search vendor "Apache" | Http Server Search vendor "Apache" for product "Http Server" | 2.2.29 Search vendor "Apache" for product "Http Server" and version "2.2.29" | - |
Affected
| ||||||
Apache Search vendor "Apache" | Http Server Search vendor "Apache" for product "Http Server" | 2.2.30 Search vendor "Apache" for product "Http Server" and version "2.2.30" | - |
Affected
| ||||||
Apache Search vendor "Apache" | Http Server Search vendor "Apache" for product "Http Server" | 2.2.31 Search vendor "Apache" for product "Http Server" and version "2.2.31" | - |
Affected
| ||||||
Apache Search vendor "Apache" | Http Server Search vendor "Apache" for product "Http Server" | 2.2.32 Search vendor "Apache" for product "Http Server" and version "2.2.32" | - |
Affected
| ||||||
Apache Search vendor "Apache" | Http Server Search vendor "Apache" for product "Http Server" | 2.4.1 Search vendor "Apache" for product "Http Server" and version "2.4.1" | - |
Affected
| ||||||
Apache Search vendor "Apache" | Http Server Search vendor "Apache" for product "Http Server" | 2.4.2 Search vendor "Apache" for product "Http Server" and version "2.4.2" | - |
Affected
| ||||||
Apache Search vendor "Apache" | Http Server Search vendor "Apache" for product "Http Server" | 2.4.10 Search vendor "Apache" for product "Http Server" and version "2.4.10" | - |
Affected
| ||||||
Apache Search vendor "Apache" | Http Server Search vendor "Apache" for product "Http Server" | 2.4.12 Search vendor "Apache" for product "Http Server" and version "2.4.12" | - |
Affected
| ||||||
Apache Search vendor "Apache" | Http Server Search vendor "Apache" for product "Http Server" | 2.4.16 Search vendor "Apache" for product "Http Server" and version "2.4.16" | - |
Affected
| ||||||
Apache Search vendor "Apache" | Http Server Search vendor "Apache" for product "Http Server" | 2.4.17 Search vendor "Apache" for product "Http Server" and version "2.4.17" | - |
Affected
| ||||||
Apache Search vendor "Apache" | Http Server Search vendor "Apache" for product "Http Server" | 2.4.18 Search vendor "Apache" for product "Http Server" and version "2.4.18" | - |
Affected
| ||||||
Apache Search vendor "Apache" | Http Server Search vendor "Apache" for product "Http Server" | 2.4.20 Search vendor "Apache" for product "Http Server" and version "2.4.20" | - |
Affected
| ||||||
Apache Search vendor "Apache" | Http Server Search vendor "Apache" for product "Http Server" | 2.4.23 Search vendor "Apache" for product "Http Server" and version "2.4.23" | - |
Affected
| ||||||
Apache Search vendor "Apache" | Http Server Search vendor "Apache" for product "Http Server" | 2.4.25 Search vendor "Apache" for product "Http Server" and version "2.4.25" | - |
Affected
|