VDB

RHSA-2017%3A2708

RHSA-2017%3A2708 PUBLISHED CVSS 3.700000047683716 LOW

It was discovered that in httpd 2.4, the internal API function ap_some_auth_required() could incorrectly indicate that a request was authenticated even when no authentication was used. An httpd module using this API function could consequently allow access that should have been denied.

Risk Scores

CVSS 3.0
3.700000047683716
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

Affected Products

VendorProductVersions
Red HatText-Only JBCS

Timeline

  • Sep 13, 2017 CVE Published
  • Apr 11, 2025 PoC Published
  • Apr 30, 2026 Distribution Patch
  • Apr 30, 2026 Distribution Patch
  • Apr 30, 2026 Distribution Patch
  • Apr 30, 2026 Security Advisory
  • Apr 30, 2026 Security Advisory
  • Apr 30, 2026 Security Advisory
  • Apr 30, 2026 Security Advisory
  • Apr 30, 2026 Security Advisory
  • May 14, 2026 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›