Description

A regression was found in the Red Hat Enterprise Linux 6.9 version of httpd 2.2.15-60, causing comments in the "Allow" and "Deny" configuration lines to be parsed incorrectly. A web administrator could unintentionally allow any client to access a restricted HTTP resource.

Remediation

References

CVE-2017-12171

Related Vulnerabilities

MediaWiki Incorrect Permission Assignment for Critical Resource Vulnerability (CVE-2021-30156)

WordPress Plugin Search Logger-Know What Your Visitors Search SQL Injection (0.9)

Zope Web Application Server Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2023-41050)

Apache HTTP Server Use of Uninitialized Resource Vulnerability (CVE-2020-1934)

Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2011-4285)

Severity

Medium

Classification

CVE-2017-12171 CWE-20 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities