CVE-2017-3169

In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, mod_ssl may dereference a NULL pointer when third-party modules call ap_hook_process_connection() during an HTTP request to an HTTPS port.

Published: Jun 20, 2017
Updated: Apr 13, 2023
CVE: CVE-2017-3169
Severity: Critical
Exploit:

CVSS v3:

Severity: Critical
Score: 9.8
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

Severity: High
Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

CWEs:

CWE-476

Affected Software
References

Software	From	Fixed in
apache / http_server	2.2.23	2.2.23.x
apache / http_server	2.4.1	2.4.1.x
apache / http_server	2.4.20	2.4.20.x
apache / http_server	2.2.11	2.2.11.x
apache / http_server	2.2.0	2.2.0.x
apache / http_server	2.2.31	2.2.31.x
apache / http_server	2.2.13	2.2.13.x
apache / http_server	2.2.2	2.2.2.x
apache / http_server	2.4.12	2.4.12.x
apache / http_server	2.2.17	2.2.17.x
apache / http_server	2.2.16	2.2.16.x
apache / http_server	2.2.21	2.2.21.x
apache / http_server	2.4.23	2.4.23.x
apache / http_server	2.4.10	2.4.10.x
apache / http_server	2.2.14	2.2.14.x
apache / http_server	2.2.24	2.2.24.x
apache / http_server	2.2.25	2.2.25.x
apache / http_server	2.2.30	2.2.30.x
apache / http_server	2.2.22	2.2.22.x
apache / http_server	2.2.19	2.2.19.x
apache / http_server	2.2.27	2.2.27.x
apache / http_server	2.4.25	2.4.25.x
apache / http_server	2.4.18	2.4.18.x
apache / http_server	2.2.18	2.2.18.x
apache / http_server	2.2.12	2.2.12.x
apache / http_server	2.2.32	2.2.32.x
apache / http_server	2.2.29	2.2.29.x
apache / http_server	2.2.3	2.2.3.x
apache / http_server	2.4.2	2.4.2.x
apache / http_server	2.2.15	2.2.15.x
apache / http_server	2.2.20	2.2.20.x
apache / http_server	2.4.17	2.4.17.x
apache / http_server	2.4.16	2.4.16.x
apache / http_server	2.2.26	2.2.26.x

Vulnerability Database

CVE-2017-3169

Deep Security Visibility Without the Complexity