Apache – CVE-2019-0220

Description

Kayran has detected that the Version of Apache HTTP Server being used has a ‘URL normalization inconsistincy’ vulnerability.
CVE-2019-0220 is categorized as a ‘Use of Incorrectly-Resolved Name or Reference’ vulnerability (CWE-706).

These Vulnerabilities occur when the software is using a name or reference to access a resource. But in fact, the name/reference resolves to a resource located outside of the intended control sphere.

The attacker could abuse this by crafting a URL request that its ‘path’ component contains multiple consecutive slashes ‘ / ‘.
In this case, directives such as ‘LocationMatch’ and ‘RewriteRule’ must account for duplicates in regular expressions while other aspects of the servers processing will implicitly collapse them.

It could lead to information being disclosed, assisting attackers in performing attacks against your assets.

Recommendation

To fix CVE-2019-0220, upgrade the version of Apache HTTP Server being used to 2.4.39.

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-0220

https://cwe.mitre.org/data/definitions/706.html

< Return to all Vulnerabilities

Bug Bounties

As pirates, we all love plundering, we all love raiding, but mostly, we all love bounties, especially Bug Bounties. Let’s talk about it. Bug Bounties

Read More »

APT vs. ATP

In this article we will talk about APT vs. ATP. In other words, Advanced Persistent Threat and Advanced Threat Protection and the context between these

Read More »

Using VPN

What is a VPN? Why should someone be using VPN? Which Problems does is solve? and what is the advantages and disadvantages of it? Let’s

Read More »