#VU8907 Improper access control in Red Hat Enterprise Linux for x86_64 - CVE-2017-12171
Published: October 20, 2017
Vulnerability identifier: #VU8907
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2017-12171
CWE-ID: CWE-284
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
Red Hat Enterprise Linux for x86_64
Red Hat Enterprise Linux for x86_64
Software vendor:
Red Hat Inc.
Red Hat Inc.
Description
The vulnerability allows a remote attacker to bypass security restrictions on the target system.
The weakness exists in Apache HTTPD on Red Hat Enterprise Linux due to improper parsing of comments in the "Allow" and "Deny" configuration lines. A remote attacker can bypass security restrictions and access an ostensibly restricted HTTP resource.
The weakness exists in Apache HTTPD on Red Hat Enterprise Linux due to improper parsing of comments in the "Allow" and "Deny" configuration lines. A remote attacker can bypass security restrictions and access an ostensibly restricted HTTP resource.
Remediation
Install update from vendor's website.