Description

A regression was found in the Red Hat Enterprise Linux 6.9 version of httpd 2.2.15-60, causing comments in the "Allow" and "Deny" configuration lines to be parsed incorrectly. A web administrator could unintentionally allow any client to access a restricted HTTP resource.

Remediation

References

CVE-2017-12171

Related Vulnerabilities

WordPress Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') Vulnerability (CVE-2016-10033)

XWiki Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2022-36095)

WordPress Plugin CiviCRM Security Bypass (5.35.1)

CubeCart Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2023-42428)

WordPress Plugin Zingiri Web Shop Cross-Site Scripting (2.4.2)

Severity

Medium

Classification

CVE-2017-12171 CWE-20 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities