Apache – CVE-2019-0217

Description

Kayran has detected that the Version of Apache HTTP Server being used is vulnerable to the ‘mod_auth_digest access control bypass’ vulnerability.

CVE-2019-0217 is categorized as a ‘Concurrent Execution using Shared Resource with Improper Synchronization (aka “Race Condition”)’ vulnerability (CWE-362).
These vulnerabilities occur when the code requires that certain state should not be modified between two operations, but a timing window exists in which the state can be modified by an unauthorized actor or a process.

The Version of Apache HTTP Server being used has a Race Condition in ‘mod_auth_digest’ when running in a threaded server.
That could allow users with valid credentials to authenticate using different usernames.
Bypassing the configured access control restrictions is possible.

It could lead to information being disclosed, assisting attackers in performing attacks against your assets.
There’s a chance that this vulnerability will allow attackers to modify system files and information.
Also, it may lead to a decrease in performance and interruptions in the availability of resources.

Recommendation

To fix CVE-2019-0217, upgrade the version of Apache HTTP Server being used to 2.4.39.

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0217

https://cwe.mitre.org/data/definitions/362.html

< Return to all Vulnerabilities

Browser Exploitation

We know that it’s possible to exploit weaknesses (or vulnerabilities) that exist in anything, from a certain code to the entire application, let’s talk about

Read More »

Bug Bounties

As pirates, we all love plundering, we all love raiding, but mostly, we all love bounties, especially Bug Bounties. Let’s talk about it. Bug Bounties

Read More »

The Cloud

I’m pretty sure there isn’t a single adult in the world who hasn’t at least heard of The Cloud. Explaining “The Cloud” in 2022 may

Read More »