{"id":"CVE-2017-3169","details":"In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, mod_ssl may dereference a NULL pointer when third-party modules call ap_hook_process_connection() during an HTTP request to an HTTPS port.","modified":"2026-05-18T11:10:08.822418Z","published":"2017-06-20T01:29:00.360Z","related":["SUSE-SU-2017:1714-1","SUSE-SU-2017:2449-1","SUSE-SU-2017:2756-1","SUSE-SU-2017:2907-1"],"references":[{"type":"WEB","url":"https://github.com/gottburgm/Exploits/tree/master/CVE-2017-3169"},{"type":"WEB","url":"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/84bf7fcc5cad35d355f11839cbdd13cbc5ffc1d34675090bff0f96ae%40%3Cdev.httpd.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/r04e89e873d54116a0635ef2f7061c15acc5ed27ef7500997beb65d6f%40%3Ccvs.httpd.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3Ccvs.httpd.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/r6521a7f62276340eabdb3339b2aa9a38c5f59d978497a1f794af53be%40%3Ccvs.httpd.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3Ccvs.httpd.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9%40%3Ccvs.httpd.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/rfcf929bd33a6833e3f0c35eebdad70d5060665f9c4e17ea467c66770%40%3Ccvs.httpd.apache.org%3E"},{"type":"WEB","url":"https://support.apple.com/HT208221"},{"type":"WEB","url":"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03908en_us"},{"type":"WEB","url":"https://www.tenable.com/security/tns-2019-09"},{"type":"ADVISORY","url":"http://www.debian.org/security/2017/dsa-3896"},{"type":"ADVISORY","url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"},{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/99134"},{"type":"ADVISORY","url":"http://www.securitytracker.com/id/1038711"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2017:2478"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2017:2479"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2017:2483"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2017:3193"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2017:3194"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2017:3195"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2017:3475"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2017:3476"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2017:3477"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/201710-32"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20180601-0002/"},{"type":"ADVISORY","url":"https://www.nomachine.com/SU08O00185"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/apache/httpd","events":[{"introduced":"0"},{"last_affected":"cd3e5a83cd5765d12b3237631c829eaff80f8425"},{"last_affected":"1c7da70e72d96fa72244bd032d89769c1399b5f7"},{"last_affected":"43559342e30402bbca6ca84ab88a533f118bf444"},{"last_affected":"34ea1cee78449ff1081267cd2348a01099b04ac9"},{"last_affected":"810842a1dc70b67ac82fd53e09250b8bb7dbe27d"},{"last_affected":"777e5a254758046a13ebeaf09fa4af6467bf8910"},{"last_affected":"926546a5bb798796aec1135994c6c242529e1d94"},{"last_affected":"cad4926fd376fd483859ab4b1871b3e9473cae01"},{"last_affected":"f54aa3b08da564fb8e1664f770ce2c083b8a0c69"},{"last_affected":"87777f4289970214d3fcf2885dbf01188371b738"},{"last_affected":"ea2107f62fec7368c0d07294626d92921cffa794"},{"last_affected":"f6204293872d3345bea724149b9d9cc3878e61be"},{"last_affected":"79399902e001e6edac9a0314f2e2e6dc580640a0"},{"last_affected":"3614ebd12db5e555ac7f2975afa530116d204335"},{"last_affected":"a5fd1e3e9921e87e9c5526198e8bdc8db6b75061"},{"last_affected":"647bc6a13a11ae7772391170fd176ad8b8846b87"},{"last_affected":"803b3cbae02b4f7562bbcdf5f9d7fd82f4cf48cf"},{"last_affected":"886787685c97f9c392adca5ac29d3e8bd3aef7c5"},{"last_affected":"82b0da5c50d9e1c226b1eaa2e7780921be1386b3"},{"last_affected":"7b5870f6ce45d2a1baef173e8a634e6044434943"},{"last_affected":"cef6805cb18886c5454a38f3501c5e3c990c0b3d"},{"last_affected":"c684028456799362df0aa6adac45f3d0d5e4e3be"},{"last_affected":"79f35160c372de1e867542e1705962fb0880a647"},{"last_affected":"9b121e157581e2e40983cdf89727e8f424544f99"},{"last_affected":"60fa04727910859b5512f7bbb36c53c4652cff2c"},{"last_affected":"67578c0315accbca1bba22d695c59d51197c99cc"},{"last_affected":"015ab81d44c1f6def12fdbb7dc8d8241bf8e3ef5"},{"last_affected":"1287b680fbde78d9289029b6a6b63a3f9e58d704"},{"last_affected":"2d1deb10cfafe25ade7f30307e13b6d0c21a5473"},{"last_affected":"47a9d8e8abf5697b4580c3ee2ade302b5c058fa6"},{"last_affected":"b7ef32c4957883ab17105fa82e6331bf48bed78a"},{"last_affected":"6e65a7f3dadcade4274ae53f734d4c35188e3786"},{"last_affected":"ef07cb031c6f8f7ac483c26fc858aad68c365fd9"},{"last_affected":"954dfbe8a95dac3b93e12761f65754104f1696ea"}],"database_specific":{"extracted_events":[{"introduced":"0"},{"last_affected":"2.2.0"},{"last_affected":"2.2.2"},{"last_affected":"2.2.3"},{"last_affected":"2.2.11"},{"last_affected":"2.2.12"},{"last_affected":"2.2.13"},{"last_affected":"2.2.14"},{"last_affected":"2.2.15"},{"last_affected":"2.2.16"},{"last_affected":"2.2.17"},{"last_affected":"2.2.18"},{"last_affected":"2.2.19"},{"last_affected":"2.2.20"},{"last_affected":"2.2.21"},{"last_affected":"2.2.22"},{"last_affected":"2.2.23"},{"last_affected":"2.2.24"},{"last_affected":"2.2.25"},{"last_affected":"2.2.26"},{"last_affected":"2.2.27"},{"last_affected":"2.2.29"},{"last_affected":"2.2.30"},{"last_affected":"2.2.31"},{"last_affected":"2.2.32"},{"last_affected":"2.4.1"},{"last_affected":"2.4.2"},{"last_affected":"2.4.10"},{"last_affected":"2.4.12"},{"last_affected":"2.4.16"},{"last_affected":"2.4.17"},{"last_affected":"2.4.18"},{"last_affected":"2.4.20"},{"last_affected":"2.4.23"},{"last_affected":"2.4.25"}],"cpe":["cpe:2.3:a:apache:http_server:2.2.0:*:*:*:*:*:*:*","cpe:2.3:a:apache:http_server:2.2.2:*:*:*:*:*:*:*","cpe:2.3:a:apache:http_server:2.2.3:*:*:*:*:*:*:*","cpe:2.3:a:apache:http_server:2.2.11:*:*:*:*:*:*:*","cpe:2.3:a:apache:http_server:2.2.12:*:*:*:*:*:*:*","cpe:2.3:a:apache:http_server:2.2.13:*:*:*:*:*:*:*","cpe:2.3:a:apache:http_server:2.2.14:*:*:*:*:*:*:*","cpe:2.3:a:apache:http_server:2.2.15:*:*:*:*:*:*:*","cpe:2.3:a:apache:http_server:2.2.16:*:*:*:*:*:*:*","cpe:2.3:a:apache:http_server:2.2.17:*:*:*:*:*:*:*","cpe:2.3:a:apache:http_server:2.2.18:*:*:*:*:*:*:*","cpe:2.3:a:apache:http_server:2.2.19:*:*:*:*:*:*:*","cpe:2.3:a:apache:http_server:2.2.20:*:*:*:*:*:*:*","cpe:2.3:a:apache:http_server:2.2.21:*:*:*:*:*:*:*","cpe:2.3:a:apache:http_server:2.2.22:*:*:*:*:*:*:*","cpe:2.3:a:apache:http_server:2.2.23:*:*:*:*:*:*:*","cpe:2.3:a:apache:http_server:2.2.24:*:*:*:*:*:*:*","cpe:2.3:a:apache:http_server:2.2.25:*:*:*:*:*:*:*","cpe:2.3:a:apache:http_server:2.2.26:*:*:*:*:*:*:*","cpe:2.3:a:apache:http_server:2.2.27:*:*:*:*:*:*:*","cpe:2.3:a:apache:http_server:2.2.29:*:*:*:*:*:*:*","cpe:2.3:a:apache:http_server:2.2.30:*:*:*:*:*:*:*","cpe:2.3:a:apache:http_server:2.2.31:*:*:*:*:*:*:*","cpe:2.3:a:apache:http_server:2.2.32:*:*:*:*:*:*:*","cpe:2.3:a:apache:http_server:2.4.1:*:*:*:*:*:*:*","cpe:2.3:a:apache:http_server:2.4.2:*:*:*:*:*:*:*","cpe:2.3:a:apache:http_server:2.4.10:*:*:*:*:*:*:*","cpe:2.3:a:apache:http_server:2.4.12:*:*:*:*:*:*:*","cpe:2.3:a:apache:http_server:2.4.16:*:*:*:*:*:*:*","cpe:2.3:a:apache:http_server:2.4.17:*:*:*:*:*:*:*","cpe:2.3:a:apache:http_server:2.4.18:*:*:*:*:*:*:*","cpe:2.3:a:apache:http_server:2.4.20:*:*:*:*:*:*:*","cpe:2.3:a:apache:http_server:2.4.23:*:*:*:*:*:*:*","cpe:2.3:a:apache:http_server:2.4.25:*:*:*:*:*:*:*"],"source":"CPE_FIELD"}}],"versions":["2.2.32","2.2.25","2.4.25","2.4.23","2.4.20","2.4.18","2.4.17","2.2.31","2.2.30","2.4.16","2.4.12","2.2.29","2.4.10","2.2.27","2.2.26","2.2.24","2.2.23","2.4.2","2.4.1","2.2.22","2.2.21","2.2.20","2.2.19","2.2.18","2.2.17","2.2.16","2.2.15","2.2.14","2.2.13","2.2.12","2.2.11","2.2.3","2.2.2","2.2.0","2.1.10"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-3169.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}