Apache HTTP Server 2.4.26 Released
June 19, 2017
The Apache Software Foundation and the Apache HTTP Server Project
are pleased to announce the release of version 2.4.26 of the Apache
HTTP Server ("Apache"). This version of Apache is our latest GA
release of the
CVE-2017-3167: ap_get_basic_auth_pw authentication bypass
Severity: Important
Vendor: The Apache Software Foundation
Versions Affected:
httpd 2.2.0 to 2.2.32
httpd 2.4.0 to 2.4.25
Description:
Use of the ap_get_basic_auth_pw() by third-party modules outside of the
authentication phase may
CVE-2017-3169: mod_ssl null pointer dereference
Severity: Important
Vendor: The Apache Software Foundation
Versions Affected:
httpd 2.2.0 to 2.2.32
httpd 2.4.0 to 2.4.25
Description:
mod_ssl may dereference a NULL pointer when third-party modules call
ap_hook_process_connection() during an
