ID CVE-2019-0220
Summary A vulnerability was found in Apache HTTP Server 2.4.0 to 2.4.38. When the path component of a request URL contains multiple consecutive slashes ('/'), directives such as LocationMatch and RewriteRule must account for duplicates in regular expressions while other aspects of the servers processing will implicitly collapse them.
References
Vulnerable Configurations
  • Apache Software Foundation Apache HTTP Server 2.4.0
    cpe:2.3:a:apache:http_server:2.4.0
  • Apache Software Foundation Apache HTTP Server 2.4.1
    cpe:2.3:a:apache:http_server:2.4.1
  • Apache Software Foundation Apache HTTP Server 2.4.2
    cpe:2.3:a:apache:http_server:2.4.2
  • Apache Software Foundation Apache HTTP Server 2.4.3
    cpe:2.3:a:apache:http_server:2.4.3
  • Apache Software Foundation Apache HTTP Server 2.4.4
    cpe:2.3:a:apache:http_server:2.4.4
  • Apache Software Foundation Apache HTTP Server 2.4.6
    cpe:2.3:a:apache:http_server:2.4.6
  • Apache Software Foundation Apache HTTP Server 2.4.7
    cpe:2.3:a:apache:http_server:2.4.7
  • Apache Software Foundation Apache HTTP Server 2.4.8
    cpe:2.3:a:apache:http_server:2.4.8
  • Apache Software Foundation Apache HTTP Server 2.4.9
    cpe:2.3:a:apache:http_server:2.4.9
  • Apache Software Foundation Apache HTTP Server 2.4.10
    cpe:2.3:a:apache:http_server:2.4.10
  • Apache Software Foundation Apache HTTP Server 2.4.12
    cpe:2.3:a:apache:http_server:2.4.12
  • Apache Software Foundation Apache HTTP Server 2.4.14
    cpe:2.3:a:apache:http_server:2.4.14
  • Apache Software Foundation Apache HTTP Server 2.4.16
    cpe:2.3:a:apache:http_server:2.4.16
  • Apache Software Foundation Apache HTTP Server 2.4.17
    cpe:2.3:a:apache:http_server:2.4.17
  • Apache Software Foundation Apache HTTP Server 2.4.18
    cpe:2.3:a:apache:http_server:2.4.18
  • Apache Software Foundation HTTP Server 2.4.19
    cpe:2.3:a:apache:http_server:2.4.19
  • Apache Software Foundation HTTP Server 2.4.20
    cpe:2.3:a:apache:http_server:2.4.20
  • Apache Software Foundation Apache HTTP Server 2.4.21
    cpe:2.3:a:apache:http_server:2.4.21
  • Apache Software Foundation Apache HTTP Server 2.4.22
    cpe:2.3:a:apache:http_server:2.4.22
  • Apache Software Foundation HTTP Server 2.4.23
    cpe:2.3:a:apache:http_server:2.4.23
  • Apache Software Foundation HTTP Server 2.4.24
    cpe:2.3:a:apache:http_server:2.4.24
  • Apache Software Foundation Apache HTTP Server 2.4.25
    cpe:2.3:a:apache:http_server:2.4.25
  • Apache Software Foundation Apache HTTP Server 2.4.26
    cpe:2.3:a:apache:http_server:2.4.26
  • Apache Software Foundation Apache HTTP Server 2.4.27
    cpe:2.3:a:apache:http_server:2.4.27
  • Apache Software Foundation Apache HTTP Server 2.4.28
    cpe:2.3:a:apache:http_server:2.4.28
  • Apache Software Foundation Apache HTTP Server 2.4.29
    cpe:2.3:a:apache:http_server:2.4.29
  • Apache Software Foundation HTTP Server 2.4.30
    cpe:2.3:a:apache:http_server:2.4.30
  • Apache Software Foundation Apache HTTP Server 2.4.32
    cpe:2.3:a:apache:http_server:2.4.32
  • Apache Software Foundation Apache HTTP Server 2.4.33
    cpe:2.3:a:apache:http_server:2.4.33
  • Apache Software Foundation HTTP Server 2.4.34
    cpe:2.3:a:apache:http_server:2.4.34
  • Apache Software Foundation HTTP Server 2.4.35
    cpe:2.3:a:apache:http_server:2.4.35
  • Apache Software Foundation HTTP Server 2.4.36
    cpe:2.3:a:apache:http_server:2.4.36
  • Apache Software Foundation HTTP Server 2.4.37
    cpe:2.3:a:apache:http_server:2.4.37
  • Apache Software Foundation HTTP Server 2.4.38
    cpe:2.3:a:apache:http_server:2.4.38
  • openSUSE Leap 15.0
    cpe:2.3:o:opensuse:leap:15.0
  • openSUSE Leap 42.3
    cpe:2.3:o:opensuse:leap:42.3
  • Debian Linux 8.0 (Jessie)
    cpe:2.3:o:debian:debian_linux:8.0
  • Debian Linux 9.0
    cpe:2.3:o:debian:debian_linux:9.0
  • Fedora 28
    cpe:2.3:o:fedoraproject:fedora:28
  • Fedora 29
    cpe:2.3:o:fedoraproject:fedora:29
  • Fedora 30
    cpe:2.3:o:fedoraproject:fedora:30
  • Canonical Ubuntu Linux 14.04 LTS (Long-Term Support)
    cpe:2.3:o:canonical:ubuntu_linux:14.04:-:-:-:lts
  • Canonical Ubuntu Linux 16.04 LTS (Long-Term Support)
    cpe:2.3:o:canonical:ubuntu_linux:16.04:-:-:-:lts
  • Canonical Ubuntu Linux 18.04 LTS Edition
    cpe:2.3:o:canonical:ubuntu_linux:18.04:-:-:-:lts
  • Canonical Ubuntu Linux 18.10
    cpe:2.3:o:canonical:ubuntu_linux:18.10
CVSS
Base: 5.0
Impact:
Exploitability:
CWE CWE-399
CAPEC
Last major update 11-06-2019 - 17:29
Published 11-06-2019 - 17:29
Last modified 12-06-2019 - 10:45
Back to Top