PT-2019-3930 · Apache+5 · Apache Http Server+5

Publicado

2019-04-01

Atualizado

2021-06-06

CVE-2019-0217

CVSS v3.1

7.5

Alta

Vetor

AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Apache HTTP Server versions 2.4.38 and prior

Description A race condition in the mod auth digest component of the Apache HTTP Server could allow a user with valid credentials to authenticate using another username, bypassing configured access control restrictions. This issue is caused by synchronization errors when using a shared resource. The exploitation of this issue may allow a remote attacker to authenticate using a different username.

Recommendations For Apache HTTP Server versions 2.4.38 and prior, consider disabling the mod auth digest module until a patch is available to prevent potential exploitation. Restrict access to sensitive areas of the server to minimize the risk of unauthorized access.

Correção

Race Condition

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-362

Identificadores relacionados

ALT-PU-2019-1580

BDU:2019-04408

CESA-2019_2343

CESA-2019_3436

CVE-2019-0217

DLA-1748-1

DSA-4422-1

OPENSUSE-SU-2019:1209-1

OPENSUSE-SU-2019_1190-1

OPENSUSE-SU-2019_1209-1

OPENSUSE-SU-2019_1258-1

RHSA-2019:2343

RHSA-2019:3436

RHSA-2019:3932

RHSA-2019:3933

RHSA-2019:4126

RHSA-2019_2343

RHSA-2019_3436

SUSE-SU-2019:0873-1

SUSE-SU-2019:0878-1

SUSE-SU-2019:0888-1

SUSE-SU-2019:0888-2

SUSE-SU-2019:0889-1

USN-3937-1

USN-3937-2

Produtos afetados

Alt Linux

Apache Http Server

Centos

Red Hat

Suse

Ubuntu

PT-2019-3930 · Apache+5 · Apache Http Server+5

CVE-2019-0217

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 99