Wikis - Page

(OO) Support Tip: Is OO Vulnerable to CVE-2017-3167?

0 Likes

In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, use of the ap_get_basic_auth_pw() by third-party modules outside of the authentication phase may lead to authentication requirements being bypassed. A remote attacker could possibly use this flaw to bypass required authentication if the API was used incorrectly by one of the modules used by httpd.

OO does not use Apache httpd Webserver. It uses Apache Tomcat Webserver instead. OO is not vulnerable to this CVE.

Labels:

Support Tips/Knowledge Docs
Comment List
Related
Recommended