Home

CVE-2017-3167

Description

In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, use of the ap_get_basic_auth_pw() by third-party modules outside of the authentication phase may lead to authentication requirements being bypassed.

Risk Information

Base Score
9.8
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
10.349

Associated Vulnerability

VulnerabilityOS Platform
Update Apache to version 2.4.26Windows
Update Apache to version 2.2.32Windows
Multiple vulnerabilities are fixed in Apache 2.4.2Windows
Vulnerabilities CVE-2017-3167,CVE-2017-3169,CVE-2017-7679,CVE-2017-9788 are fixed in Apache 2.2.34Windows
Multiple vulnerabilities are fixed in IBM WebSphere 8.0.0.14Windows
Multiple vulnerabilities are fixed in IBM WebSphere 7.0.0.45Windows
Vulnerabilities CVE-2017-3167,CVE-2017-7679,CVE-2017-7668 are fixed in IBM WebSphere 9.0.0.5Windows
Multiple vulnerabilities are fixed in IBM WebSphere 8.5.5.12Windows
Multiple Vulnerabilities are affected in IBM Tivoli Monitoring 6.2.3Windows
Multiple Vulnerabilities are affected in IBM Tivoli Monitoring 6.3.0Windows
Multiple vulnerabilities are fixed in macOS High Sierra 10.13.1Mac
Multiple vulnerabilities are fixed in Security Update 2017-001 macOS High Sierra v10.13.1Mac
Apache2 2.4.18-2ubuntu4.1 for Ubuntu 16.10 (x64) apache2_2.4.18-2ubuntu4.2_amd64.debLinux
Apache2 2.4.18-2ubuntu4.1 for Ubuntu 16.10 apache2_2.4.18-2ubuntu4.2_i386.debLinux
Apache HTTP server (USN-3340-1) apache2-bin_2.4.18-2ubuntu4.2_i386.debLinux
Apache HTTP server (USN-3340-1) apache2-bin_2.4.18-2ubuntu4.2_amd64.debLinux
Apache HTTP server (USN-3340-1) apache2-bin_2.4.7-1ubuntu4.16_i386.debLinux
apache2 security update(DSA-3896-1) apache2_2.4.10-10+deb8u9_kfreebsd-i386.debLinux
apache2 security update(DSA-3896-1) apache2_2.4.10-10+deb8u9_kfreebsd-amd64.debLinux
(RHSA-2017:3194) Important: httpd security update httpd-2.4.6-45.el7_3.5.x86_64.rpmLinux
(RHSA-2017:3194) Important: httpd security update httpd-devel-2.4.6-45.el7_3.5.x86_64.rpmLinux
(RHSA-2017:3194) Important: httpd security update httpd-manual-2.4.6-45.el7_3.5.noarch.rpmLinux
(RHSA-2017:3194) Important: httpd security update httpd-tools-2.4.6-45.el7_3.5.x86_64.rpmLinux
(RHSA-2017:3194) Important: httpd security update mod_ldap-2.4.6-45.el7_3.5.x86_64.rpmLinux
(RHSA-2017:3194) Important: httpd security update mod_proxy_html-2.4.6-45.el7_3.5.x86_64.rpmLinux
(RHSA-2017:3194) Important: httpd security update mod_session-2.4.6-45.el7_3.5.x86_64.rpmLinux
(RHSA-2017:3194) Important: httpd security update mod_ssl-2.4.6-45.el7_3.5.x86_64.rpmLinux
(RHSA-2017:2478) httpd security update httpd-2.2.15-60.el6_9.5.i686.rpmLinux
(RHSA-2017:2478) httpd security update httpd-2.2.15-60.el6_9.5.x86_64.rpmLinux
(RHSA-2017:2478) httpd security update httpd-devel-2.2.15-60.el6_9.5.i686.rpmLinux
(RHSA-2017:2478) httpd security update httpd-devel-2.2.15-60.el6_9.5.x86_64.rpmLinux
(RHSA-2017:2478) httpd security update httpd-manual-2.2.15-60.el6_9.5.noarch.rpmLinux
(RHSA-2017:2478) httpd security update httpd-tools-2.2.15-60.el6_9.5.i686.rpmLinux
(RHSA-2017:2478) httpd security update httpd-tools-2.2.15-60.el6_9.5.x86_64.rpmLinux
(RHSA-2017:2478) httpd security update mod_ssl-2.2.15-60.el6_9.5.i686.rpmLinux
(RHSA-2017:2478) httpd security update mod_ssl-2.2.15-60.el6_9.5.x86_64.rpmLinux
Update Apache to version 2.4.26 (For Linux)Linux
Update Apache to version 2.2.32 (For Linux)Linux
Improper Authentication Vulnerability (CVE-2017-3167)NCM

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-601562macOS High Sierra 10.13.6 - Reboot Automatically
PATCH-601312Security Update 2017-001 macOS High Sierra v10.13.1

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234