Vulnerability CVE-2019-0220


Published: 2019-06-11

Description:
A vulnerability was found in Apache HTTP Server 2.4.0 to 2.4.38. When the path component of a request URL contains multiple consecutive slashes ('/'), directives such as LocationMatch and RewriteRule must account for duplicates in regular expressions while other aspects of the servers processing will implicitly collapse them.

Type:

CWE-399

(Resource Management Errors)

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:N/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
5/10
2.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
None
None
Affected software
Opensuse -> LEAP 
Fedoraproject -> Fedora 
Debian -> Debian linux 
Canonical -> Ubuntu linux 
Apache -> Http server 

 References:
http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00051.html
http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00061.html
http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00084.html
http://www.openwall.com/lists/oss-security/2019/04/02/6
http://www.securityfocus.com/bid/107670
https://httpd.apache.org/security/vulnerabilities_24.html
https://lists.debian.org/debian-lts-announce/2019/04/msg00008.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ALIR5S3O7NRHEGFMIDMUSYQIZOE4TJJN/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EZRMTEIGZKYFNGIDOTXN3GNEJTLVCYU7/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WETXNQWNQLWHV6XNW6YTO5UGDTIWAQGT/
https://seclists.org/bugtraq/2019/Apr/5
https://security.netapp.com/advisory/ntap-20190625-0007/
https://support.f5.com/csp/article/K44591505
https://usn.ubuntu.com/3937-1/
https://www.debian.org/security/2019/dsa-4422

Copyright 2020, cxsecurity.com

 

Back to Top