NuytsTech Security

CVE-2017-3167

by ·

In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, use of the ap_get_basic_auth_pw() by third-party modules outside of the authentication phase may lead to authentication requirements being bypassed.

Date published : 2017-06-19

http://www.securityfocus.com/bid/99135

http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html

Tags: