CVE ID
CVE-2017-3167
DESCRIPTION
It was discovered that the use of httpd's ap_get_basic_auth_pw() API function outside of the authentication phase could lead to authentication bypass. A remote attacker could possibly use this flaw to bypass required authentication if the API was used incorrectly by one of the modules used by httpd.
Unitrends risk assessment: Medium, or None if current security update is applied
RESOLUTION
For CentOS6, Unitrends security update dated 11/06/2017 or later has httpd-2.2.15-60.el6.centos.6 and this issue was fixed in httpd-2.2.15-60.el6.centos.5 / httpd-2.2.15-60.el6_9.5
For CentOS5, the system should be migrated to CentOS6.