CVE-2017-12171

Low

Low Medium High Critical

CVSS Score

Published: Jul 26, 2018

Last Modified: Nov 21, 2024

Vulnerability Description

A regression was found in the Red Hat Enterprise Linux 6.9 version of httpd 2.2.15-60, causing comments in the "Allow" and "Deny" configuration lines to be parsed incorrectly. A web administrator could unintentionally allow any client to access a restricted HTTP resource.

Known Affected Software

5 configuration(s) from 2 vendor(s)

http_server

Version:

2.2.15-60

CPE:

cpe:2.3:a:apache:http_server:2.2.15-60:*:*:*:*:*:*:*

enterprise_linux

Version:

6.9

CPE:

cpe:2.3:o:redhat:enterprise_linux:6.9:*:*:*:*:*:*:*

enterprise_linux_server

Version:

6.0

CPE:

cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:x86:*

enterprise_linux_desktop

Version:

6.0

CPE:

cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:x64:*

enterprise_linux_workstation

Version:

6.0

CPE:

cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:x86:*

This vulnerability affects 5 software configuration(s). Ensure you patch all affected systems.

References & Resources

Severity Details

out of 10.0

Low

Weakness Type (CWE)

CWE-284

Improper Access Control

Description: The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
Typical Severity: Medium
Abstraction Level: Pillar