PT-2019-3930 · Apache+5 · Apache Http Server+5

Published

2019-04-01

Updated

2021-06-06

CVE-2019-0217

CVSS v3.1

7.5

High

Vector

AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Apache HTTP Server versions 2.4.38 and prior

Description A race condition in the mod auth digest component of the Apache HTTP Server could allow a user with valid credentials to authenticate using another username, bypassing configured access control restrictions. This issue is caused by synchronization errors when using a shared resource. The exploitation of this issue may allow a remote attacker to authenticate using a different username.

Recommendations For Apache HTTP Server versions 2.4.38 and prior, consider disabling the mod auth digest module until a patch is available to prevent potential exploitation. Restrict access to sensitive areas of the server to minimize the risk of unauthorized access.

Fix

Race Condition

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-362

Related Identifiers

ALT-PU-2019-1580

BDU:2019-04408

CESA-2019_2343

CESA-2019_3436

CVE-2019-0217

DLA-1748-1

DSA-4422-1

OPENSUSE-SU-2019:1209-1

OPENSUSE-SU-2019_1190-1

OPENSUSE-SU-2019_1209-1

OPENSUSE-SU-2019_1258-1

RHSA-2019:2343

RHSA-2019:3436

RHSA-2019:3932

RHSA-2019:3933

RHSA-2019:4126

RHSA-2019_2343

RHSA-2019_3436

SUSE-SU-2019:0873-1

SUSE-SU-2019:0878-1

SUSE-SU-2019:0888-1

SUSE-SU-2019:0888-2

SUSE-SU-2019:0889-1

USN-3937-1

USN-3937-2

Affected Products

Alt Linux

Apache Http Server

Centos

Red Hat

Suse

Ubuntu

PT-2019-3930 · Apache+5 · Apache Http Server+5

CVE-2019-0217

Weakness Enumeration

Related Identifiers

Affected Products

References · 99