CVE-2017-12171

A regression was found in the Red Hat Enterprise Linux 6.9 version of httpd 2.2.15-60, causing comments in the "Allow" and "Deny" configuration lines to be parsed incorrectly. A web administrator could unintentionally allow any client to access a restricted HTTP resource.
References
Link Resource
http://www.securityfocus.com/bid/101516 Broken Link Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1039633 Third Party Advisory VDB Entry
https://access.redhat.com/errata/RHSA-2017:2972 Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12171 Issue Tracking Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:redhat:enterprise_linux:6.9:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:a:apache:http_server:2.2.15-60:*:*:*:*:*:*:*

History

No history.

Information

Published : 2018-07-26 17:29

Updated : 2024-02-28 16:48


NVD link : CVE-2017-12171

Mitre link : CVE-2017-12171

CVE.ORG link : CVE-2017-12171


JSON object : View

Products Affected

redhat

  • enterprise_linux_server
  • enterprise_linux
  • enterprise_linux_desktop
  • enterprise_linux_workstation

apache

  • http_server
CWE
CWE-284

Improper Access Control

CWE-20

Improper Input Validation