| { |
| "data_type": "CVE", |
| "data_format": "MITRE", |
| "data_version": "4.0", |
| "generator": { |
| "engine": "xmltojsonmjc 1.0" |
| }, |
| "references": {}, |
| "timeline": [ |
| { |
| "time": "2017-02-06", |
| "lang": "eng", |
| "value": "reported" |
| }, |
| { |
| "time": "2017-06-19", |
| "lang": "eng", |
| "value": "public" |
| }, |
| { |
| "time": "2017-06-19", |
| "lang": "eng", |
| "value": "2.4.26 released" |
| }, |
| { |
| "time": "2017-07-11", |
| "lang": "eng", |
| "value": "2.2.34 released" |
| } |
| ], |
| "CNA_private": { |
| "owner": "httpd" |
| }, |
| "CVE_data_meta": { |
| "ASSIGNER": "security@apache.org", |
| "AKA": "", |
| "STATE": "PUBLIC", |
| "DATE_PUBLIC": "2017-06-19", |
| "ID": "CVE-2017-3167", |
| "TITLE": "ap_get_basic_auth_pw() Authentication Bypass" |
| }, |
| "source": { |
| "defect": [], |
| "advisory": "", |
| "discovery": "UNKNOWN" |
| }, |
| "problemtype": { |
| "problemtype_data": [ |
| { |
| "description": [ |
| { |
| "lang": "eng", |
| "value": "ap_get_basic_auth_pw() Authentication Bypass" |
| } |
| ] |
| } |
| ] |
| }, |
| "credit": [ |
| { |
| "lang": "eng", |
| "value": "We would like to thank Emmanuel Dreyfus for reporting this issue." |
| } |
| ], |
| "description": { |
| "description_data": [ |
| { |
| "lang": "eng", |
| "value": "Use of the ap_get_basic_auth_pw() by third-party modules outside of the authentication phase may lead to authentication requirements being bypassed. Third-party module writers SHOULD use ap_get_basic_auth_components(), available in 2.2.34 and 2.4.26, instead of ap_get_basic_auth_pw(). Modules which call the legacy ap_get_basic_auth_pw() during the authentication phase MUST either immediately authenticate the user after the call, or else stop the request immediately with an error response, to avoid incorrectly authenticating the current request." |
| } |
| ] |
| }, |
| "impact": [ |
| { |
| "other": "important" |
| } |
| ], |
| "affects": { |
| "vendor": { |
| "vendor_data": [ |
| { |
| "vendor_name": "Apache Software Foundation", |
| "product": { |
| "product_data": [ |
| { |
| "product_name": "Apache HTTP Server", |
| "version": { |
| "version_data": [ |
| { |
| "version_name": "2.4", |
| "version_affected": "=", |
| "version_value": "2.4.25" |
| }, |
| { |
| "version_name": "2.4", |
| "version_affected": "=", |
| "version_value": "2.4.23" |
| }, |
| { |
| "version_name": "2.4", |
| "version_affected": "=", |
| "version_value": "2.4.20" |
| }, |
| { |
| "version_name": "2.4", |
| "version_affected": "=", |
| "version_value": "2.4.18" |
| }, |
| { |
| "version_name": "2.4", |
| "version_affected": "=", |
| "version_value": "2.4.17" |
| }, |
| { |
| "version_name": "2.4", |
| "version_affected": "=", |
| "version_value": "2.4.16" |
| }, |
| { |
| "version_name": "2.4", |
| "version_affected": "=", |
| "version_value": "2.4.12" |
| }, |
| { |
| "version_name": "2.4", |
| "version_affected": "=", |
| "version_value": "2.4.10" |
| }, |
| { |
| "version_name": "2.4", |
| "version_affected": "=", |
| "version_value": "2.4.9" |
| }, |
| { |
| "version_name": "2.4", |
| "version_affected": "=", |
| "version_value": "2.4.7" |
| }, |
| { |
| "version_name": "2.4", |
| "version_affected": "=", |
| "version_value": "2.4.6" |
| }, |
| { |
| "version_name": "2.4", |
| "version_affected": "=", |
| "version_value": "2.4.4" |
| }, |
| { |
| "version_name": "2.4", |
| "version_affected": "=", |
| "version_value": "2.4.3" |
| }, |
| { |
| "version_name": "2.4", |
| "version_affected": "=", |
| "version_value": "2.4.2" |
| }, |
| { |
| "version_name": "2.4", |
| "version_affected": "=", |
| "version_value": "2.4.1" |
| }, |
| { |
| "version_name": "2.2", |
| "version_affected": "=", |
| "version_value": "2.2.32" |
| }, |
| { |
| "version_name": "2.2", |
| "version_affected": "=", |
| "version_value": "2.2.31" |
| }, |
| { |
| "version_name": "2.2", |
| "version_affected": "=", |
| "version_value": "2.2.29" |
| }, |
| { |
| "version_name": "2.2", |
| "version_affected": "=", |
| "version_value": "2.2.27" |
| }, |
| { |
| "version_name": "2.2", |
| "version_affected": "=", |
| "version_value": "2.2.26" |
| }, |
| { |
| "version_name": "2.2", |
| "version_affected": "=", |
| "version_value": "2.2.25" |
| }, |
| { |
| "version_name": "2.2", |
| "version_affected": "=", |
| "version_value": "2.2.24" |
| }, |
| { |
| "version_name": "2.2", |
| "version_affected": "=", |
| "version_value": "2.2.23" |
| }, |
| { |
| "version_name": "2.2", |
| "version_affected": "=", |
| "version_value": "2.2.22" |
| }, |
| { |
| "version_name": "2.2", |
| "version_affected": "=", |
| "version_value": "2.2.21" |
| }, |
| { |
| "version_name": "2.2", |
| "version_affected": "=", |
| "version_value": "2.2.20" |
| }, |
| { |
| "version_name": "2.2", |
| "version_affected": "=", |
| "version_value": "2.2.19" |
| }, |
| { |
| "version_name": "2.2", |
| "version_affected": "=", |
| "version_value": "2.2.18" |
| }, |
| { |
| "version_name": "2.2", |
| "version_affected": "=", |
| "version_value": "2.2.17" |
| }, |
| { |
| "version_name": "2.2", |
| "version_affected": "=", |
| "version_value": "2.2.16" |
| }, |
| { |
| "version_name": "2.2", |
| "version_affected": "=", |
| "version_value": "2.2.15" |
| }, |
| { |
| "version_name": "2.2", |
| "version_affected": "=", |
| "version_value": "2.2.14" |
| }, |
| { |
| "version_name": "2.2", |
| "version_affected": "=", |
| "version_value": "2.2.13" |
| }, |
| { |
| "version_name": "2.2", |
| "version_affected": "=", |
| "version_value": "2.2.12" |
| }, |
| { |
| "version_name": "2.2", |
| "version_affected": "=", |
| "version_value": "2.2.11" |
| }, |
| { |
| "version_name": "2.2", |
| "version_affected": "=", |
| "version_value": "2.2.10" |
| }, |
| { |
| "version_name": "2.2", |
| "version_affected": "=", |
| "version_value": "2.2.9" |
| }, |
| { |
| "version_name": "2.2", |
| "version_affected": "=", |
| "version_value": "2.2.8" |
| }, |
| { |
| "version_name": "2.2", |
| "version_affected": "=", |
| "version_value": "2.2.6" |
| }, |
| { |
| "version_name": "2.2", |
| "version_affected": "=", |
| "version_value": "2.2.5" |
| }, |
| { |
| "version_name": "2.2", |
| "version_affected": "=", |
| "version_value": "2.2.4" |
| }, |
| { |
| "version_name": "2.2", |
| "version_affected": "=", |
| "version_value": "2.2.3" |
| }, |
| { |
| "version_name": "2.2", |
| "version_affected": "=", |
| "version_value": "2.2.2" |
| }, |
| { |
| "version_name": "2.2", |
| "version_affected": "=", |
| "version_value": "2.2.0" |
| } |
| ] |
| } |
| } |
| ] |
| } |
| } |
| ] |
| } |
| } |
| } |