English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 146377 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.704422
Category:Debian Local Security Checks
Title:Debian: Security Advisory (DSA-4422-1)
Summary:The remote host is missing an update for the Debian 'apache2' package(s) announced via the DSA-4422-1 advisory.
Description:Summary:
The remote host is missing an update for the Debian 'apache2' package(s) announced via the DSA-4422-1 advisory.

Vulnerability Insight:
Several vulnerabilities have been found in the Apache HTTP server.

CVE-2018-17189

Gal Goldshtein of F5 Networks discovered a denial of service vulnerability in mod_http2. By sending malformed requests, the http/2 stream for that request unnecessarily occupied a server thread cleaning up incoming data, resulting in denial of service.

CVE-2018-17199

Diego Angulo from ImExHS discovered that mod_session_cookie does not respect expiry time.

CVE-2019-0196

Craig Young discovered that the http/2 request handling in mod_http2 could be made to access freed memory in string comparison when determining the method of a request and thus process the request incorrectly.

CVE-2019-0211

Charles Fol discovered a privilege escalation from the less-privileged child process to the parent process running as root.

CVE-2019-0217

A race condition in mod_auth_digest when running in a threaded server could allow a user with valid credentials to authenticate using another username, bypassing configured access control restrictions. The issue was discovered by Simon Kappel.

CVE-2019-0220

Bernhard Lorenz of Alpha Strike Labs GmbH reported that URL normalizations were inconsistently handled. When the path component of a request URL contains multiple consecutive slashes ('/'), directives such as LocationMatch and RewriteRule must account for duplicates in regular expressions while other aspects of the servers processing will implicitly collapse them.

For the stable distribution (stretch), these problems have been fixed in version 2.4.25-3+deb9u7.

This update also contains bug fixes that were scheduled for inclusion in the next stable point release. This includes a fix for a regression caused by a security fix in version 2.4.25-3+deb9u6.

We recommend that you upgrade your apache2 packages.

For the detailed security status of apache2 please refer to its security tracker page at: [link moved to references]

Affected Software/OS:
'apache2' package(s) on Debian 9.

Solution:
Please install the updated package(s).

CVSS Score:
7.2

CVSS Vector:
AV:L/AC:L/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2018-17189
BugTraq ID: 106685
http://www.securityfocus.com/bid/106685
Bugtraq: 20190403 [SECURITY] [DSA 4422-1] apache2 security update (Google Search)
https://seclists.org/bugtraq/2019/Apr/5
Debian Security Information: DSA-4422 (Google Search)
https://www.debian.org/security/2019/dsa-4422
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U7N3DUEBFVGQWQEME5HTPTTKDHGHBAC6/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IY7SJQOO3PYFVINZW6H5EK4EZ3HSGZNM/
https://security.gentoo.org/glsa/201903-21
https://www.oracle.com/security-alerts/cpujan2020.html
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r15f9aa4427581a1aecb4063f1b4b983511ae1c9935e2a0a6876dad3c@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/re473305a65b4db888e3556e4dae10c2a04ee89dcff2e26ecdbd860a9@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d@%3Ccvs.httpd.apache.org%3E
RedHat Security Advisories: RHSA-2019:3932
https://access.redhat.com/errata/RHSA-2019:3932
RedHat Security Advisories: RHSA-2019:3933
https://access.redhat.com/errata/RHSA-2019:3933
RedHat Security Advisories: RHSA-2019:3935
https://access.redhat.com/errata/RHSA-2019:3935
RedHat Security Advisories: RHSA-2019:4126
https://access.redhat.com/errata/RHSA-2019:4126
https://usn.ubuntu.com/3937-1/
Common Vulnerability Exposure (CVE) ID: CVE-2018-17199
BugTraq ID: 106742
http://www.securityfocus.com/bid/106742
https://lists.debian.org/debian-lts-announce/2019/01/msg00024.html
https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d@%3Ccvs.httpd.apache.org%3E
Common Vulnerability Exposure (CVE) ID: CVE-2019-0196
BugTraq ID: 107669
http://www.securityfocus.com/bid/107669
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YTJPHI3E3OKW7OT7COQXVG7DE7IDQ2OT/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XWRYD6JMEJ6O3JKJZFNOYXMJJU5JMEJK/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WETXNQWNQLWHV6XNW6YTO5UGDTIWAQGT/
http://www.apache.org/dist/httpd/CHANGES_2.4.39
https://www.oracle.com/security-alerts/cpuapr2020.html
https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
https://lists.apache.org/thread.html/97a1c58e138ed58a364513b58d807a802e72bf6079ff81a10948ef7c@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/fd110f4ace2d8364c7d9190e1993cde92f79e4eb85576ed9285686ac@%3Ccvs.httpd.apache.org%3E
http://www.openwall.com/lists/oss-security/2019/04/02/1
SuSE Security Announcement: openSUSE-SU-2019:1190 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00051.html
SuSE Security Announcement: openSUSE-SU-2019:1209 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00061.html
SuSE Security Announcement: openSUSE-SU-2019:1258 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00084.html
Common Vulnerability Exposure (CVE) ID: CVE-2019-0211
BugTraq ID: 107666
http://www.securityfocus.com/bid/107666
Bugtraq: 20190407 [slackware-security] httpd (SSA:2019-096-01) (Google Search)
https://seclists.org/bugtraq/2019/Apr/16
https://www.exploit-db.com/exploits/46676/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EZRMTEIGZKYFNGIDOTXN3GNEJTLVCYU7/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ALIR5S3O7NRHEGFMIDMUSYQIZOE4TJJN/
https://security.gentoo.org/glsa/201904-20
http://packetstormsecurity.com/files/152386/Apache-2.4.38-Root-Privilege-Escalation.html
http://packetstormsecurity.com/files/152415/Slackware-Security-Advisory-httpd-Updates.html
http://packetstormsecurity.com/files/152441/CARPE-DIEM-Apache-2.4.x-Local-Privilege-Escalation.html
https://httpd.apache.org/security/vulnerabilities_24.html
https://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c@%3Cannounce.apache.org%3E
https://lists.apache.org/thread.html/890507b85c30adf133216b299cc35cd8cd0346a885acfc671c04694e@%3Cdev.community.apache.org%3E
https://lists.apache.org/thread.html/de881a130bc9cb2f3a9ff220784520556884fb8ea80e69400a45509e@%3Cdev.community.apache.org%3E
https://lists.apache.org/thread.html/b2bdb308dc015e771ba79c0586b2de6fb50caa98b109833f5d4daf28@%3Cdev.community.apache.org%3E
https://lists.apache.org/thread.html/b1613d44ec364c87bb7ee8c5939949f9b061c05c06e0e90098ebf7aa@%3Cusers.httpd.apache.org%3E
http://www.openwall.com/lists/oss-security/2019/04/02/3
http://www.openwall.com/lists/oss-security/2019/07/26/7
RedHat Security Advisories: RHBA-2019:0959
https://access.redhat.com/errata/RHBA-2019:0959
RedHat Security Advisories: RHSA-2019:0746
https://access.redhat.com/errata/RHSA-2019:0746
RedHat Security Advisories: RHSA-2019:0980
https://access.redhat.com/errata/RHSA-2019:0980
RedHat Security Advisories: RHSA-2019:1296
https://access.redhat.com/errata/RHSA-2019:1296
RedHat Security Advisories: RHSA-2019:1297
https://access.redhat.com/errata/RHSA-2019:1297
RedHat Security Advisories: RHSA-2019:1543
https://access.redhat.com/errata/RHSA-2019:1543
Common Vulnerability Exposure (CVE) ID: CVE-2019-0217
BugTraq ID: 107668
http://www.securityfocus.com/bid/107668
https://bugzilla.redhat.com/show_bug.cgi?id=1695020
https://lists.debian.org/debian-lts-announce/2019/04/msg00008.html
https://lists.apache.org/thread.html/e0b8f6e858b1c8ec2ce8e291a2c543d438915037c7af661ab6d33808@%3Cdev.httpd.apache.org%3E
http://www.openwall.com/lists/oss-security/2019/04/02/5
RedHat Security Advisories: RHSA-2019:2343
https://access.redhat.com/errata/RHSA-2019:2343
RedHat Security Advisories: RHSA-2019:3436
https://access.redhat.com/errata/RHSA-2019:3436
https://usn.ubuntu.com/3937-2/
Common Vulnerability Exposure (CVE) ID: CVE-2019-0220
BugTraq ID: 107670
http://www.securityfocus.com/bid/107670
https://security.netapp.com/advisory/ntap-20190625-0007/
https://support.f5.com/csp/article/K44591505
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03950en_us
https://www.oracle.com/security-alerts/cpujul2020.html
https://www.oracle.com/security-alerts/cpujul2022.html
https://lists.apache.org/thread.html/r31f46d1f16ffcafa68058596b21f6eaf6d352290e522690a1cdccdd7@%3Cbugs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9@%3Ccvs.httpd.apache.org%3E
http://www.openwall.com/lists/oss-security/2019/04/02/6
RedHat Security Advisories: RHSA-2020:0250
https://access.redhat.com/errata/RHSA-2020:0250
RedHat Security Advisories: RHSA-2020:0251
https://access.redhat.com/errata/RHSA-2020:0251
CopyrightCopyright (C) 2019 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.