Lucene search
+L

75 matches found

Tenable Nessus
Tenable Nessus
added 2017/07/03 12:0 a.m.71 views

Debian DLA-1009-1 : apache2 security update

Several vulnerabilities have been found in the Apache HTTPD server. CVE-2017-3167 Emmanuel Dreyfus reported that the use of apgetbasicauthpw by third-party modules outside of the authentication phase may lead to authentication requirements being bypassed. CVE-2017-3169 Vasileios Panopoulos of...

9.8CVSS7.2AI score0.57472EPSS
Exploits4References6
Debian
Debian
added 2017/07/02 6:48 p.m.101 views

[SECURITY] [DLA 1009-1] apache2 security update

Package : apache2 Version : 2.2.22-13+deb7u9 CVE ID : CVE-2017-3167 CVE-2017-3169 CVE-2017-7668 CVE-2017-7679 Several vulnerabilities have been found in the Apache HTTPD server. CVE-2017-3167 Emmanuel Dreyfus reported that the use of apgetbasicauthpw by third-party modules outside of the...

9.8CVSS6.9AI score0.57472EPSS
Exploits4
Tenable Nessus
Tenable Nessus
added 2017/06/29 12:0 a.m.68 views

SUSE SLES12 Security Update : apache2 (SUSE-SU-2017:1714-1)

This update for apache2 provides the following fixes: Security issues fixed : - CVE-2017-3167: In Apache use of httpd apgetbasicauthpw outside of the authentication phase could lead to authentication requirements bypass bsc1045065 - CVE-2017-3169: In modssl may have a dereference NULL pointer iss...

9.8CVSS7.1AI score0.39341EPSS
Exploits3References12
OpenVAS
OpenVAS
added 2017/06/27 12:0 a.m.61 views

Ubuntu: Security Advisory (USN-3340-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS9.1AI score0.57472EPSS
Exploits4References2
Ubuntu
Ubuntu
added 2017/06/26 5:14 p.m.194 views

USN-3340-1: Apache HTTP Server vulnerabilities

Emmanuel Dreyfus discovered that third-party modules using the apgetbasicauthpw function outside of the authentication phase may lead to authentication requirements being bypassed. This update adds a new apgetbasicauthcomponents function for use by third-party modules. CVE-2017-3167 Vasileios...

9.8CVSS7.1AI score0.57472EPSS
Exploits4
Tenable Nessus
Tenable Nessus
added 2017/06/23 12:0 a.m.76 views

Debian DSA-3896-1 : apache2 - security update

Several vulnerabilities have been found in the Apache HTTPD server. - CVE-2017-3167 Emmanuel Dreyfus reported that the use of apgetbasicauthpw by third-party modules outside of the authentication phase may lead to authentication requirements being bypassed. - CVE-2017-3169 Vasileios Panopoulos of...

9.8CVSS7.1AI score0.57472EPSS
Exploits4References14
Debian
Debian
added 2017/06/22 7:41 p.m.61 views

[SECURITY] [DSA 3896-1] apache2 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3896-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso June 22, 2017 https://www.debian.org/security/faq -...

7.5CVSS1.3AI score0.57472EPSS
Exploits4
Debian
Debian
added 2017/06/22 7:41 p.m.109 views

[SECURITY] [DSA 3896-1] apache2 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3896-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso June 22, 2017 https://www.debian.org/security/faq -...

9.8CVSS9.8AI score0.57472EPSS
Exploits4
OpenVAS
OpenVAS
added 2017/06/22 12:0 a.m.50 views

Debian Security Advisory DSA 3896-1 (apache2 - security update)

Several vulnerabilities have been found in the Apache HTTPD server. CVE-2017-3167 Emmanuel Dreyfus reported that the use of apgetbasicauthpw by third-party modules outside of the authentication phase may lead to authentication requirements being bypassed. CVE-2017-3169 Vasileios Panopoulos of...

7.5CVSS0.3AI score0.57472EPSS
Exploits4References1
OpenVAS
OpenVAS
added 2017/06/21 12:0 a.m.54 views

Debian: Security Advisory (DSA-3896-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS9.1AI score0.57472EPSS
Exploits4References3
OpenVAS
OpenVAS
added 2017/06/21 12:0 a.m.211 views

Apache HTTP Server Multiple Vulnerabilities (Jun 2017) - Windows

Apache HTTP Server is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apache:httpserver";...

9.8CVSS9.1AI score0.39341EPSS
Exploits3References5
OSV
OSV
added 2017/06/20 1:29 a.m.34 views

CVE-2017-3167

In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, use of the apgetbasicauthpw by third-party modules outside of the authentication phase may lead to authentication requirements being bypassed...

9.8CVSS7AI score
Exploits0References39
CVE
CVE
added 2017/06/20 1:0 a.m.7633 views

CVE-2017-3167

CVE-2017-3167 affects Apache httpd 2.2.x prior to 2.2.33 and 2.4.x prior to 2.4.26. The issue is that third‑party modules using ap_get_basic_auth_pw() outside the authentication phase can bypass authentication requirements. Connected sources confirm the impact and upstream fixes: update to httpd ...

9.8CVSS9.6AI score0.20231EPSS
Exploits0References39Affected Software1
Tenable Nessus
Tenable Nessus
added 2017/06/20 12:0 a.m.65 views

FreeBSD : Apache httpd -- several vulnerabilities (0c2db2aa-5584-11e7-9a7d-b499baebfeaf)

The Apache httpd project reports : - apgetbasicauthpw Authentication Bypass CVE-2017-3167 : Use of the apgetbasicauthpw by third-party modules outside of the authentication phase may lead to authentication requirements being bypassed. - modssl NULL pointer Dereference CVE-2017-3169:modssl may...

9.8CVSS7.1AI score0.57472EPSS
Exploits4References8
UbuntuCve
UbuntuCve
added 2017/06/19 12:0 a.m.70 views

CVE-2017-3167

In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, use of the apgetbasicauthpw by third-party modules outside of the authentication phase may lead to authentication requirements being bypassed...

9.8CVSS7.1AI score0.20231EPSS
Exploits0References4
Rows per page
Query Builder