CVE-2017-3167

Summary

In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, use of the ap_get_basic_auth_pw() by third-party modules outside of the authentication phase may lead to authentication requirements being bypassed.

Affected Software

VendorProductVersion RangeStatus
Apache Software FoundationApache HTTP Server2.2.0 to 2.2.32affected
Apache Software FoundationApache HTTP Server2.4.0 to 2.4.25affected

Weaknesses

  • CWE-287: Authentication Bypass (CWE-287)

ADP Enrichment

CVE Program Container

Additional References

References