CVE-2017-3167

CVE-2017-3167

Vendor Apache Software Foundation
Product Apache HTTP Server
Weakness CWE-287 · Improper authentication
Published June 20, 2017
Last update November 4, 2025

CVSS base score

What the vulnerability does

01Description

In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, use of the ap_get_basic_auth_pw() by third-party modules outside of the authentication phase may lead to authentication requirements being bypassed.

Key dates

02Disclosure timeline

June 20, 2017 CVE published
November 4, 2025 Record updated