Vulnerability Details CVE-2017-12171
A regression was found in the Red Hat Enterprise Linux 6.9 version of httpd 2.2.15-60, causing comments in the "Allow" and "Deny" configuration lines to be parsed incorrectly. A web administrator could unintentionally allow any client to access a restricted HTTP resource.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.016
EPSS Ranking 80.9%
CVSS Severity
CVSS v3 Score 6.5
CVSS v2 Score 6.4
References
- http://www.securityfocus.com/bid/101516
- http://www.securitytracker.com/id/1039633
- https://access.redhat.com/errata/RHSA-2017:2972
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12171
- http://www.securityfocus.com/bid/101516
- http://www.securitytracker.com/id/1039633
- https://access.redhat.com/errata/RHSA-2017:2972
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12171
Products affected by CVE-2017-12171
-
cpe:2.3:a:apache:http_server:2.2.15-60
-
cpe:2.3:o:redhat:enterprise_linux:6.9
-
cpe:2.3:o:redhat:enterprise_linux_desktop:6.0
-
cpe:2.3:o:redhat:enterprise_linux_server:6.0
-
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0