First published: Tue Jun 20 2017(Updated: )
apache. Multiple issues were addressed by updating to version 2.4.27.
Credit: CVE-2016-0736 CVE-2016-2161 CVE-2016-5387 CVE-2016-8740 CVE-2016-8743 CVE-2017-3167 CVE-2017-3169 CVE-2017-7659 CVE-2017-7668 CVE-2017-7679 CVE-2017-9788 CVE-2017-9789 security@apache.org
Affected Software | Affected Version | How to fix |
---|---|---|
Apache HTTP server | =2.2.0 | |
Apache HTTP server | =2.2.2 | |
Apache HTTP server | =2.2.3 | |
Apache HTTP server | =2.2.11 | |
Apache HTTP server | =2.2.12 | |
Apache HTTP server | =2.2.13 | |
Apache HTTP server | =2.2.14 | |
Apache HTTP server | =2.2.15 | |
Apache HTTP server | =2.2.16 | |
Apache HTTP server | =2.2.17 | |
Apache HTTP server | =2.2.18 | |
Apache HTTP server | =2.2.19 | |
Apache HTTP server | =2.2.20 | |
Apache HTTP server | =2.2.21 | |
Apache HTTP server | =2.2.22 | |
Apache HTTP server | =2.2.23 | |
Apache HTTP server | =2.2.24 | |
Apache HTTP server | =2.2.25 | |
Apache HTTP server | =2.2.26 | |
Apache HTTP server | =2.2.27 | |
Apache HTTP server | =2.2.29 | |
Apache HTTP server | =2.2.30 | |
Apache HTTP server | =2.2.31 | |
Apache HTTP server | =2.2.32 | |
Apache HTTP server | =2.4.1 | |
Apache HTTP server | =2.4.2 | |
Apache HTTP server | =2.4.10 | |
Apache HTTP server | =2.4.12 | |
Apache HTTP server | =2.4.16 | |
Apache HTTP server | =2.4.17 | |
Apache HTTP server | =2.4.18 | |
Apache HTTP server | =2.4.20 | |
Apache HTTP server | =2.4.23 | |
Apache HTTP server | =2.4.25 | |
redhat/httpd | <2.2.34 | 2.2.34 |
redhat/httpd | <2.4.26 | 2.4.26 |
Apple macOS High Sierra | <10.13.1 | 10.13.1 |
Apple Sierra | ||
Apple El Capitan |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Found alongside the following vulnerabilities)
CVE-2017-3169 is a vulnerability in Apache httpd that allows a NULL pointer dereference.
The severity of CVE-2017-3169 is critical with a CVSS score of 9.8.
CVE-2017-3169 affects Apache httpd versions 2.2.x before 2.2.33 and 2.4.x before 2.4.26, allowing a NULL pointer dereference when certain modules are called.
To fix CVE-2017-3169, update your Apache httpd server to version 2.2.34 or 2.4.26, depending on the version you are running.
You can find more information about CVE-2017-3169 on the Apache httpd website and the official CVE entry.