CVE-2017-3169

Public on 2017-06-20

Modified on 2017-09-14

Description

A NULL pointer dereference flaw was found in the httpd's mod_ssl module. A remote attacker could use this flaw to cause an httpd child process to crash if another module used by httpd called a certain API function during the processing of an HTTPS request.

Severity

Medium

See what this means

CVSS v3 Base Score

3.7

See breakdown

Affected Packages

Platform	Package	Release Date	Advisory
Amazon Linux 1	httpd	2017-09-13 22:50	ALAS-2017-892
Amazon Linux 1	httpd24	2017-08-03 18:53	ALAS-2017-863

CVSS Scores

	Score Type	Score	Vector
Amazon Linux	CVSSv3	3.7	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
NVD	CVSSv2	7.5	AV:N/AC:L/Au:N/C:P/I:P/A:P
NVD	CVSSv3	9.8	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References

Red Hat: CVE-2017-3169 Mitre: CVE-2017-3169 FAQs regarding Amazon Linux ALAS/CVE Severity