CVE-2017-3169
Published Jun 20, 2017
Last updated a year ago
Overview
- Description
- In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, mod_ssl may dereference a NULL pointer when third-party modules call ap_hook_process_connection() during an HTTP request to an HTTPS port.
- Source
- security@apache.org
- NVD status
- Modified
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 3.0
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
CVSS 2.0
- Type
- Primary
- Base score
- 7.5
- Impact score
- 6.4
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:P/I:P/A:P
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:http_server:2.2.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "67AD11FB-529C-404E-A13B-284F145322B8"
},
{
"criteria": "cpe:2.3:a:apache:http_server:2.2.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CCBBB7FE-35FC-4515-8393-5145339FCE4D"
},
{
"criteria": "cpe:2.3:a:apache:http_server:2.2.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F519633F-AB68-495A-B85E-FD41F9F752CA"
},
{
"criteria": "cpe:2.3:a:apache:http_server:2.2.11:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B1CF6394-95D9-42AF-A442-385EFF9CEFE1"
},
{
"criteria": "cpe:2.3:a:apache:http_server:2.2.12:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "02B629FB-88C8-4E85-A137-28770F1E524E"
},
{
"criteria": "cpe:2.3:a:apache:http_server:2.2.13:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "03550EF0-DF89-42FE-BF0E-994514EBD947"
},
{
"criteria": "cpe:2.3:a:apache:http_server:2.2.14:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4886CCAB-6D4E-45C7-B177-2E8DBEA15531"
},
{
"criteria": "cpe:2.3:a:apache:http_server:2.2.15:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C35631AC-7C35-4F6A-A95A-3B080E5210ED"
},
{
"criteria": "cpe:2.3:a:apache:http_server:2.2.16:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6CED2BA6-BE5E-4EF1-88EB-0DADD23D2EEF"
},
{
"criteria": "cpe:2.3:a:apache:http_server:2.2.17:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A71F4154-AD20-4EEA-9E2E-D3385C357DA5"
},
{
"criteria": "cpe:2.3:a:apache:http_server:2.2.18:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B0B8C9DB-401E-42B3-BAED-D09A96DE9A90"
},
{
"criteria": "cpe:2.3:a:apache:http_server:2.2.19:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "062C20A0-05A0-4164-8330-DF6ADFE607F4"
},
{
"criteria": "cpe:2.3:a:apache:http_server:2.2.20:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D345BA35-93BB-406F-B5DC-86E49FB29C22"
},
{
"criteria": "cpe:2.3:a:apache:http_server:2.2.21:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7ED4892F-C829-4BEA-AB82-6A78F6F2426D"
},
{
"criteria": "cpe:2.3:a:apache:http_server:2.2.22:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "00128AAD-E746-4DCD-8676-1381E5232220"
},
{
"criteria": "cpe:2.3:a:apache:http_server:2.2.23:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FE0D7ABB-DE11-40D6-8AAF-C626DD7E3914"
},
{
"criteria": "cpe:2.3:a:apache:http_server:2.2.24:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5252544F-7BDD-42EE-856E-B351B4B6D381"
},
{
"criteria": "cpe:2.3:a:apache:http_server:2.2.25:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "58375DE5-F7EC-400D-84A2-CD70B72C4F63"
},
{
"criteria": "cpe:2.3:a:apache:http_server:2.2.26:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "15233815-C037-41BB-A447-A078F83A93F6"
},
{
"criteria": "cpe:2.3:a:apache:http_server:2.2.27:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5444C583-CF83-4ECD-8DF8-66D8C1FCF096"
},
{
"criteria": "cpe:2.3:a:apache:http_server:2.2.29:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6C306D07-9DF3-4AD1-9984-ECA094D0F50E"
},
{
"criteria": "cpe:2.3:a:apache:http_server:2.2.30:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0358BB2D-7C7D-486D-8AA4-1E59AD0624CC"
},
{
"criteria": "cpe:2.3:a:apache:http_server:2.2.31:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "513A1C46-80FF-489C-AD31-F8F790C6D6C9"
},
{
"criteria": "cpe:2.3:a:apache:http_server:2.2.32:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "020254C9-BA4E-4705-A967-ABD498722C99"
},
{
"criteria": "cpe:2.3:a:apache:http_server:2.4.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6FCD3C8C-9BF8-4F30-981A-593EEAEB9EDD"
},
{
"criteria": "cpe:2.3:a:apache:http_server:2.4.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "046487A3-752B-4D0F-8984-96486B828EAB"
},
{
"criteria": "cpe:2.3:a:apache:http_server:2.4.10:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E3ECBCB1-0675-41F5-857B-438F36925F63"
},
{
"criteria": "cpe:2.3:a:apache:http_server:2.4.12:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CB6CBFBF-74F6-42AF-BC79-AA53EA75F00B"
},
{
"criteria": "cpe:2.3:a:apache:http_server:2.4.16:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8717A96B-9DB5-48D6-A2CF-A5E2B26AF3F3"
},
{
"criteria": "cpe:2.3:a:apache:http_server:2.4.17:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E1F45B27-504B-4202-87B8-BD3B094003F1"
},
{
"criteria": "cpe:2.3:a:apache:http_server:2.4.18:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F2FB2B98-DFD2-420A-8A7F-9B288651242F"
},
{
"criteria": "cpe:2.3:a:apache:http_server:2.4.20:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B803D25B-0A19-4569-BA05-09D58F33917C"
},
{
"criteria": "cpe:2.3:a:apache:http_server:2.4.23:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8510442C-212F-4013-85FA-E0AB59F6F2C6"
},
{
"criteria": "cpe:2.3:a:apache:http_server:2.4.25:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FB5673AB-53BB-40B2-83A7-8B82B2D0EBB8"
}
],
"operator": "OR"
}
]
}
]