Improper access control in Red Hat Enterprise Linux for x86_64 - CVE-2017-12171
Published: October 20, 2017
Vulnerability identifier: #VU8907
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2017-12171
CWE-ID: CWE-284
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Red Hat Inc.
Affected software:
Red Hat Enterprise Linux for x86_64
Red Hat Enterprise Linux for x86_64
Detailed vulnerability description
The vulnerability allows a remote attacker to bypass security restrictions on the target system.
The weakness exists in Apache HTTPD on Red Hat Enterprise Linux due to improper parsing of comments in the "Allow" and "Deny" configuration lines. A remote attacker can bypass security restrictions and access an ostensibly restricted HTTP resource.
The weakness exists in Apache HTTPD on Red Hat Enterprise Linux due to improper parsing of comments in the "Allow" and "Deny" configuration lines. A remote attacker can bypass security restrictions and access an ostensibly restricted HTTP resource.
How to mitigate CVE-2017-12171
Install update from vendor's website.