CVE-2017-3169 - In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, mod_ssl may dereference a NULL pointer

CVE-2017-3169

Summary

In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, mod_ssl may dereference a NULL pointer when third-party modules call ap_hook_process_connection() during an HTTP request to an HTTPS port.

References

Vulnerable Configurations

cpe:2.3:a:apache:http_server:2.2.2:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.2.2:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.2.3:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.2.3:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.2.17:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.2.17:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.2.18:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.2.18:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.2.26:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.2.26:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.2.27:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.2.27:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.4.10:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.4.10:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.4.12:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.4.12:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.2.11:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.2.11:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.2.12:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.2.12:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.2.19:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.2.19:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.2.20:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.2.20:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.2.23:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.2.23:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.4.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.4.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.4.20:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.4.20:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.2.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.2.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.2.31:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.2.31:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.2.13:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.2.13:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.2.16:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.2.16:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.2.21:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.2.21:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.4.23:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.4.23:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.2.14:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.2.14:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.2.24:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.2.24:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.2.25:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.2.25:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.2.30:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.2.30:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.2.22:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.2.22:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.4.25:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.4.25:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.4.18:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.4.18:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.2.32:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.2.32:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.2.29:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.2.29:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.4.2:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.4.2:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.2.15:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.2.15:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.4.17:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.4.17:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.4.16:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.4.16:*:*:*:*:*:*:*

CVSS

Base:	7.5 (as of 06-06-2021 - 11:15)
Impact:
Exploitability:

CWE

CWE-476

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:P/A:P

redhat via4

advisories

rhsa
id RHSA-2017:2478
rhsa
id RHSA-2017:2479
rhsa
id RHSA-2017:2483
rhsa
id RHSA-2017:3193
rhsa
id RHSA-2017:3194
rhsa
id RHSA-2017:3195
rhsa
id RHSA-2017:3475
rhsa
id RHSA-2017:3476
rhsa
id RHSA-2017:3477

rpms

httpd-0:2.2.15-60.el6_9.5
httpd-debuginfo-0:2.2.15-60.el6_9.5
httpd-devel-0:2.2.15-60.el6_9.5
httpd-manual-0:2.2.15-60.el6_9.5
httpd-tools-0:2.2.15-60.el6_9.5
mod_ssl-1:2.2.15-60.el6_9.5
httpd-0:2.4.6-67.el7_4.2
httpd-debuginfo-0:2.4.6-67.el7_4.2
httpd-devel-0:2.4.6-67.el7_4.2
httpd-manual-0:2.4.6-67.el7_4.2
httpd-tools-0:2.4.6-67.el7_4.2
mod_ldap-0:2.4.6-67.el7_4.2
mod_proxy_html-1:2.4.6-67.el7_4.2
mod_session-0:2.4.6-67.el7_4.2
mod_ssl-1:2.4.6-67.el7_4.2
httpd24-httpd-0:2.4.25-9.el6.1
httpd24-httpd-0:2.4.25-9.el7.1
httpd24-httpd-debuginfo-0:2.4.25-9.el6.1
httpd24-httpd-debuginfo-0:2.4.25-9.el7.1
httpd24-httpd-devel-0:2.4.25-9.el6.1
httpd24-httpd-devel-0:2.4.25-9.el7.1
httpd24-httpd-manual-0:2.4.25-9.el6.1
httpd24-httpd-manual-0:2.4.25-9.el7.1
httpd24-httpd-tools-0:2.4.25-9.el6.1
httpd24-httpd-tools-0:2.4.25-9.el7.1
httpd24-mod_ldap-0:2.4.25-9.el6.1
httpd24-mod_ldap-0:2.4.25-9.el7.1
httpd24-mod_proxy_html-1:2.4.25-9.el6.1
httpd24-mod_proxy_html-1:2.4.25-9.el7.1
httpd24-mod_session-0:2.4.25-9.el6.1
httpd24-mod_session-0:2.4.25-9.el7.1
httpd24-mod_ssl-1:2.4.25-9.el6.1
httpd24-mod_ssl-1:2.4.25-9.el7.1
httpd-0:2.4.6-40.el7_2.6
httpd-debuginfo-0:2.4.6-40.el7_2.6
httpd-devel-0:2.4.6-40.el7_2.6
httpd-manual-0:2.4.6-40.el7_2.6
httpd-tools-0:2.4.6-40.el7_2.6
mod_ldap-0:2.4.6-40.el7_2.6
mod_proxy_html-1:2.4.6-40.el7_2.6
mod_session-0:2.4.6-40.el7_2.6
mod_ssl-1:2.4.6-40.el7_2.6
httpd-0:2.4.6-45.el7_3.5
httpd-debuginfo-0:2.4.6-45.el7_3.5
httpd-devel-0:2.4.6-45.el7_3.5
httpd-manual-0:2.4.6-45.el7_3.5
httpd-tools-0:2.4.6-45.el7_3.5
mod_ldap-0:2.4.6-45.el7_3.5
mod_proxy_html-1:2.4.6-45.el7_3.5
mod_session-0:2.4.6-45.el7_3.5
mod_ssl-1:2.4.6-45.el7_3.5
httpd-0:2.2.15-47.el6_7.5
httpd-debuginfo-0:2.2.15-47.el6_7.5
httpd-devel-0:2.2.15-47.el6_7.5
httpd-manual-0:2.2.15-47.el6_7.5
httpd-tools-0:2.2.15-47.el6_7.5
mod_ssl-1:2.2.15-47.el6_7.5
jbcs-httpd24-httpd-0:2.4.23-125.jbcs.el7
jbcs-httpd24-httpd-debuginfo-0:2.4.23-125.jbcs.el7
jbcs-httpd24-httpd-devel-0:2.4.23-125.jbcs.el7
jbcs-httpd24-httpd-libs-0:2.4.23-125.jbcs.el7
jbcs-httpd24-httpd-manual-0:2.4.23-125.jbcs.el7
jbcs-httpd24-httpd-selinux-0:2.4.23-125.jbcs.el7
jbcs-httpd24-httpd-tools-0:2.4.23-125.jbcs.el7
jbcs-httpd24-mod_bmx-0:0.9.6-15.GA.jbcs.el7
jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-15.GA.jbcs.el7
jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_1.jbcs.el7
jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_1.jbcs.el7
jbcs-httpd24-mod_ldap-0:2.4.23-125.jbcs.el7
jbcs-httpd24-mod_proxy_html-1:2.4.23-125.jbcs.el7
jbcs-httpd24-mod_session-0:2.4.23-125.jbcs.el7
jbcs-httpd24-mod_ssl-1:2.4.23-125.jbcs.el7
jbcs-httpd24-httpd-0:2.4.23-125.jbcs.el6
jbcs-httpd24-httpd-debuginfo-0:2.4.23-125.jbcs.el6
jbcs-httpd24-httpd-devel-0:2.4.23-125.jbcs.el6
jbcs-httpd24-httpd-libs-0:2.4.23-125.jbcs.el6
jbcs-httpd24-httpd-manual-0:2.4.23-125.jbcs.el6
jbcs-httpd24-httpd-selinux-0:2.4.23-125.jbcs.el6
jbcs-httpd24-httpd-tools-0:2.4.23-125.jbcs.el6
jbcs-httpd24-mod_bmx-0:0.9.6-15.GA.jbcs.el6
jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-15.GA.jbcs.el6
jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_1.jbcs.el6
jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_1.jbcs.el6
jbcs-httpd24-mod_ldap-0:2.4.23-125.jbcs.el6
jbcs-httpd24-mod_proxy_html-1:2.4.23-125.jbcs.el6
jbcs-httpd24-mod_session-0:2.4.23-125.jbcs.el6
jbcs-httpd24-mod_ssl-1:2.4.23-125.jbcs.el6

refmap via4

bid	99134
confirm	http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html https://security.netapp.com/advisory/ntap-20180601-0002/ https://support.apple.com/HT208221 https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03908en_us https://www.nomachine.com/SU08O00185 https://www.tenable.com/security/tns-2019-09
debian	DSA-3896
gentoo	GLSA-201710-32
misc	https://github.com/gottburgm/Exploits/tree/master/CVE-2017-3169
mlist	[dev] 20170619 CVE-2017-3169: mod_ssl null pointer dereference [httpd-cvs] 20190815 svn commit: r1048742 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html [httpd-cvs] 20190815 svn commit: r1048742 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html [httpd-cvs] 20190815 svn commit: r1048743 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html [httpd-cvs] 20190815 svn commit: r1048743 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html [httpd-cvs] 20200401 svn commit: r1058586 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html [httpd-cvs] 20200401 svn commit: r1058586 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html [httpd-cvs] 20200401 svn commit: r1058587 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html [httpd-cvs] 20200401 svn commit: r1058587 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
sectrack	1038711

Last major update

06-06-2021 - 11:15

Published

20-06-2017 - 01:29

Last modified

06-06-2021 - 11:15