Main Vulnerability Database Exploits ID:2288 - Exploit for NULL pointer dereference in Apache HTTP Server - CVE-2017-3169

ID:2288 - Exploit for NULL pointer dereference in Apache HTTP Server - CVE-2017-3169

Published: April 7, 2020

Vulnerability identifier: #VU7116

Vulnerability risk: Medium

CVE-ID: CVE-2017-3169

CWE-ID: CWE-592

Exploitation vector: Remote access

Vulnerable software:
Apache HTTP Server

Link to public exploit:

https://github.com/gottburgm/Exploits

Vulnerability description

The vulnerability allows a remote attacker to perform denial of service attack.

The vulnerability exists due to a NULL pointer dereference error within mod_ssl module, when third-party modules call ap_hook_process_connection() function during an HTTP request to an HTTPS port. A remote attacker can send a specially crafted HTTP request and crash the affected web server.

Remediation

Update Apache HTTP server to version 2.2.34 or 2.4.26.

ID:2288 - Exploit for NULL pointer dereference in Apache HTTP Server - CVE-2017-3169

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human