Home

CVE-2017-3169

Description

In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, mod_ssl may dereference a NULL pointer when third-party modules call ap_hook_process_connection() during an HTTP request to an HTTPS port.

Risk Information

Base Score
9.8
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
32.547

Associated Vulnerability

VulnerabilityOS Platform
Update Apache to version 2.4.26Windows
Update Apache to version 2.2.32Windows
Multiple vulnerabilities are fixed in Apache 2.4.2Windows
Vulnerabilities CVE-2017-3167,CVE-2017-3169,CVE-2017-7679,CVE-2017-9788 are fixed in Apache 2.2.34Windows
Multiple Vulnerabilities are affected in IBM Tivoli Monitoring 6.2.3Windows
Multiple Vulnerabilities are affected in IBM Tivoli Monitoring 6.3.0Windows
Multiple vulnerabilities are fixed in macOS High Sierra 10.13.1Mac
Multiple vulnerabilities are fixed in Security Update 2017-001 macOS High Sierra v10.13.1Mac
Apache HTTP server (USN-3340-1) apache2-bin_2.4.18-2ubuntu4.2_i386.debLinux
Apache HTTP server (USN-3340-1) apache2-bin_2.4.18-2ubuntu4.2_amd64.debLinux
Apache HTTP server (USN-3340-1) apache2-bin_2.4.7-1ubuntu4.16_i386.debLinux
apache2 security update(DSA-3896-1) apache2_2.4.10-10+deb8u9_kfreebsd-i386.debLinux
apache2 security update(DSA-3896-1) apache2_2.4.10-10+deb8u9_kfreebsd-amd64.debLinux
(RHSA-2017:3194) Important: httpd security update httpd-2.4.6-45.el7_3.5.x86_64.rpmLinux
(RHSA-2017:3194) Important: httpd security update httpd-devel-2.4.6-45.el7_3.5.x86_64.rpmLinux
(RHSA-2017:3194) Important: httpd security update httpd-manual-2.4.6-45.el7_3.5.noarch.rpmLinux
(RHSA-2017:3194) Important: httpd security update httpd-tools-2.4.6-45.el7_3.5.x86_64.rpmLinux
(RHSA-2017:3194) Important: httpd security update mod_ldap-2.4.6-45.el7_3.5.x86_64.rpmLinux
(RHSA-2017:3194) Important: httpd security update mod_proxy_html-2.4.6-45.el7_3.5.x86_64.rpmLinux
(RHSA-2017:3194) Important: httpd security update mod_session-2.4.6-45.el7_3.5.x86_64.rpmLinux
(RHSA-2017:3194) Important: httpd security update mod_ssl-2.4.6-45.el7_3.5.x86_64.rpmLinux
(RHSA-2017:2478) httpd security update httpd-2.2.15-60.el6_9.5.i686.rpmLinux
(RHSA-2017:2478) httpd security update httpd-2.2.15-60.el6_9.5.x86_64.rpmLinux
(RHSA-2017:2478) httpd security update httpd-devel-2.2.15-60.el6_9.5.i686.rpmLinux
(RHSA-2017:2478) httpd security update httpd-devel-2.2.15-60.el6_9.5.x86_64.rpmLinux
(RHSA-2017:2478) httpd security update httpd-manual-2.2.15-60.el6_9.5.noarch.rpmLinux
(RHSA-2017:2478) httpd security update httpd-tools-2.2.15-60.el6_9.5.i686.rpmLinux
(RHSA-2017:2478) httpd security update httpd-tools-2.2.15-60.el6_9.5.x86_64.rpmLinux
(RHSA-2017:2478) httpd security update mod_ssl-2.2.15-60.el6_9.5.i686.rpmLinux
(RHSA-2017:2478) httpd security update mod_ssl-2.2.15-60.el6_9.5.x86_64.rpmLinux
Update Apache to version 2.4.26 (For Linux)Linux
Update Apache to version 2.2.32 (For Linux)Linux
NULL Pointer Dereference Vulnerability (CVE-2017-3169)NCM

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-601562macOS High Sierra 10.13.6 - Reboot Automatically
PATCH-601312Security Update 2017-001 macOS High Sierra v10.13.1

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234