Apache – CVE-2019-0217

Description

Kayran has detected that the Version of Apache HTTP Server being used is vulnerable to the ‘mod_auth_digest access control bypass’ vulnerability.

CVE-2019-0217 is categorized as a ‘Concurrent Execution using Shared Resource with Improper Synchronization (aka “Race Condition”)’ vulnerability (CWE-362).
These vulnerabilities occur when the code requires that certain state should not be modified between two operations, but a timing window exists in which the state can be modified by an unauthorized actor or a process.

The Version of Apache HTTP Server being used has a Race Condition in ‘mod_auth_digest’ when running in a threaded server.
That could allow users with valid credentials to authenticate using different usernames.
Bypassing the configured access control restrictions is possible.

It could lead to information being disclosed, assisting attackers in performing attacks against your assets.
There’s a chance that this vulnerability will allow attackers to modify system files and information.
Also, it may lead to a decrease in performance and interruptions in the availability of resources.

Recommendation

To fix CVE-2019-0217, upgrade the version of Apache HTTP Server being used to 2.4.39.

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0217

https://cwe.mitre.org/data/definitions/362.html

< Return to all Vulnerabilities

Crossing Scripts – XSS

Injections. SQL Injections. Cross-site Scripting (hence the amazing title “Crossing Scripts – XSS”). There all sorts of Injection-Based attacks, if you want to read about

Read More »

APT vs. ATP

In this article we will talk about APT vs. ATP. In other words, Advanced Persistent Threat and Advanced Threat Protection and the context between these

Read More »