CVE-2019-17567 - log back

CVE-2019-17567 edited at 09 Jun 2021 08:10:55
Description
- Apache HTTP Server versions 2.4.6 to 2.4.46 mod_proxy_wstunnel configured on an URL that is not necessarily upgraded by the origin server was tunneling the whole connection regardless, thus allowing for subsequent requests on the same connection to pass through with no HTTP validation, authentication or authorization possibly configured.
+ In Apache HTTP Server versions 2.4.6 to 2.4.46, mod_proxy_wstunnel configured on an URL that is not necessarily upgraded by the origin server was tunneling the whole connection regardless, thus allowing for subsequent requests on the same connection to pass through with no HTTP validation, authentication or authorization possibly configured.
CVE-2019-17567 edited at 09 Jun 2021 08:09:41
Severity
- Unknown
+ Medium
Remote
- Unknown
+ Remote
Type
- Unknown
+ Authentication bypass
Description
+ Apache HTTP Server versions 2.4.6 to 2.4.46 mod_proxy_wstunnel configured on an URL that is not necessarily upgraded by the origin server was tunneling the whole connection regardless, thus allowing for subsequent requests on the same connection to pass through with no HTTP validation, authentication or authorization possibly configured.
References
+ https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2019-17567
CVE-2019-17567 created at 09 Jun 2021 08:07:45
Severity
+ Unknown
Remote
+ Unknown
Type
+ Unknown
Description
References
Notes