CVE-2017-3167: ap_get_basic_auth_pw authentication bypass
Severity: Important
Vendor: The Apache Software Foundation
Versions Affected:
httpd 2.2.0 to 2.2.32
httpd 2.4.0 to 2.4.25
Description:
Use of the ap_get_basic_auth_pw() by third-party modules outside of the
authentication phase may
CVE-2017-3169: mod_ssl null pointer dereference
Severity: Important
Vendor: The Apache Software Foundation
Versions Affected:
httpd 2.2.0 to 2.2.32
httpd 2.4.0 to 2.4.25
Description:
mod_ssl may dereference a NULL pointer when third-party modules call
ap_hook_process_connection() during an