AVG-946

Package apache
Status Fixed
Severity Critical
Type multiple issues
Affected 2.4.38-1
Fixed 2.4.39-1
Current 2.4.39-1 [extra]
Ticket None
Created Tue Apr 2 08:51:08 2019
Issue Severity Remote Type Description
CVE-2019-0220 Low Yes Access restriction bypass
A security issue has been found in Apache HTTPd 2.4.x before 2.4.39. When the path component of a request URL contains multiple consecutive slashes ('/'),...
CVE-2019-0217 High Yes Access restriction bypass
In Apache HTTP Server 2.4 release 2.4.38 and prior, a race condition in mod_auth_digest when running in a threaded server could allow a user with valid...
CVE-2019-0215 High Yes Access restriction bypass
In Apache HTTP Server 2.4 releases 2.4.37 and 2.4.38, a bug in mod_ssl when using per-location client certificate verification with TLSv1.3 allowed a client...
CVE-2019-0211 Critical Yes Privilege escalation
In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker or prefork, code executing in less-privileged child processes or threads...
CVE-2019-0197 Medium Yes Denial of service
An issue has been found in Apache HTTPd >= 2.4.34 and <= 2.4.38. When HTTP/2 was enabled for a http: host or H2Upgrade was enabled for h2 on a https: host,...
CVE-2019-0196 Medium Yes Denial of service
A use-after-free issue has been found in the http/2 request handling code of Apache HTTPd <= 2.4.18 and <= 2.4.38. Using crafted network input, the http/2...
Date Advisory Package Description
05 Apr 2019 ASA-201904-3 apache multiple issues
References
https://httpd.apache.org/security/vulnerabilities_24.html