Apache – CVE-2019-0217

Description

Kayran has detected that the Version of Apache HTTP Server being used is vulnerable to the ‘mod_auth_digest access control bypass’ vulnerability.

CVE-2019-0217 is categorized as a ‘Concurrent Execution using Shared Resource with Improper Synchronization (aka “Race Condition”)’ vulnerability (CWE-362).
These vulnerabilities occur when the code requires that certain state should not be modified between two operations, but a timing window exists in which the state can be modified by an unauthorized actor or a process.

The Version of Apache HTTP Server being used has a Race Condition in ‘mod_auth_digest’ when running in a threaded server.
That could allow users with valid credentials to authenticate using different usernames.
Bypassing the configured access control restrictions is possible.

It could lead to information being disclosed, assisting attackers in performing attacks against your assets.
There’s a chance that this vulnerability will allow attackers to modify system files and information.
Also, it may lead to a decrease in performance and interruptions in the availability of resources.

Recommendation

To fix CVE-2019-0217, upgrade the version of Apache HTTP Server being used to 2.4.39.

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0217

https://cwe.mitre.org/data/definitions/362.html

< Return to all Vulnerabilities

Exposing the GIT

Let’s start with defining the meaning of GIT. GIT – is an open-source system which we use as a tool to store data and information

Read More »

Active Directory Hacking

What does Active Directory mean? The Active Directory infrastructure is a critical infrastructure in most organizations, and it forms the backbone of the organization’s computing

Read More »

Blue Team

We’ve talked about The Red Team before, but what about The Blue Team? How is this group different from the red one? Why would we

Read More »

What is Kayran

Kayran scanner is helping all businesses, both SMBs and enterprises, to test their online assets and products for over 30,000+ vulnerabilities.Kayran’s mission is to make

Read More »