Debian Security Advisory DSA 3896-1 (apache2 - security update)

Several vulnerabilities have been found in the Apache HTTPD server. CVE-2017-3167 Emmanuel Dreyfus reported that the use of apgetbasicauthpw by third-party modules outside of the authentication phase may lead to authentication requirements being bypassed. CVE-2017-3169 Vasileios Panopoulos of...