VDB
RHSA-2017%3A2708
RHSA-2017%3A2708
PUBLISHED
CVSS 3.700000047683716 LOW
It was discovered that in httpd 2.4, the internal API function ap_some_auth_required() could incorrectly indicate that a request was authenticated even when no authentication was used. An httpd module using this API function could consequently allow access that should have been denied.
Risk Scores
CVSS 3.0
3.700000047683716
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Red Hat | Text-Only JBCS |
Timeline
- Sep 13, 2017 CVE Published
- Apr 11, 2025 PoC Published
- Apr 30, 2026 Distribution Patch
- Apr 30, 2026 Distribution Patch
- Apr 30, 2026 Distribution Patch
- Apr 30, 2026 Security Advisory
- Apr 30, 2026 Security Advisory
- Apr 30, 2026 Security Advisory
- Apr 30, 2026 Security Advisory
- Apr 30, 2026 Security Advisory
- May 14, 2026 CVE Updated
References
- https://access.redhat.com/errata/RHSA-2017:2708 advisory
- https://access.redhat.com/security/updates/classification/#important advisory
- https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=core.service.apachehttp&downloadType=securityPatches&version=2.4.23 advisory
- https://access.redhat.com/documentation/en/red-hat-jboss-core-services/ advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=1243888 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=1369383 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=1470748 issue
- https://issues.redhat.com/browse/JBCS-329 advisory
- https://security.access.redhat.com/data/csaf/v2/advisories/2017/rhsa-2017_2708.json advisory
- https://access.redhat.com/security/cve/CVE-2015-3185 advisory
- https://www.cve.org/CVERecord?id=CVE-2015-3185 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2015-3185 advisory
- http://httpd.apache.org/security/vulnerabilities_24.html#2.4.16 advisory
- https://access.redhat.com/security/cve/CVE-2016-2183 advisory
- https://www.cve.org/CVERecord?id=CVE-2016-2183 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2016-2183 advisory
- https://access.redhat.com/articles/2548661 advisory
- https://access.redhat.com/errata/RHSA-2016:1940 advisory
- https://sweet32.info/ advisory
- https://access.redhat.com/security/cve/CVE-2017-9788 advisory
…and 4 more