- Home
- CVEs with nessus.description==Security Fix(es) :
- It was discovered that the httpd's mod_auth_digest
module did not properly initialize memory before using
it when processing certain headers related to digest
authentication. A remote attacker could possibly use
this flaw to disclose potentially sensitive information
or cause httpd child process to crash by sending
specially crafted requests to a server. (CVE-2017-9788)
- It was discovered that the use of httpd's
ap_get_basic_auth_pw() API function outside of the
authentication phase could lead to authentication
bypass. A remote attacker could possibly use this flaw
to bypass required authentication if the API was used
incorrectly by one of the modules used by httpd.
(CVE-2017-3167)
- A NULL pointer dereference flaw was found in the httpd's
mod_ssl module. A remote attacker could use this flaw to
cause an httpd child process to crash if another module
used by httpd called a certain API function during the
processing of an HTTPS request. (CVE-2017-3169)
- A buffer over-read flaw was found in the httpd's
mod_mime module. A user permitted to modify httpd's MIME
configuration could use this flaw to cause httpd child
process to crash. (CVE-2017-7679)
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top