CVE-2017-3169 httpd: mod_ssl NULL pointer dereference

CVE ID

CVE-2017-3169

DESCRIPTION

A NULL pointer dereference flaw was found in the httpd's mod_ssl module. A remote attacker could use this flaw to cause an httpd child process to crash if another module used by httpd called a certain API function during the processing of an HTTPS request.

Unitrends risk assessment:  Medium, or None if current security update is applied

RESOLUTION

For CentOS6, Unitrends security update dated 11/06/2017 or later has httpd-2.2.15-60.el6.centos.6 and this issue was fixed in httpd-2.2.15-60.el6.centos.5 / httpd-2.2.15-60.el6_9.5
For CentOS5, the system should be migrated to CentOS6.
 

LINK TO ADVISORIES

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Contact us