CVE-2019-0220
Description
A vulnerability was found in Apache HTTP Server 2.4.0 to 2.4.38. When the path component of a request URL contains multiple consecutive slashes (/), directives such as LocationMatch and RewriteRule must account for duplicates in regular expressions while other aspects of the servers processing will implicitly collapse them.
Risk Information
Base Score
5.3
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
EPSS Score
Exploitation Probability
20.573
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Update Apache httpd to version 2.4.39 | Windows |
| Vulnerabilities CVE-2019-0217,CVE-2019-0220 are fixed in Apache 2.4.39 | Windows |
| Multiple vulnerabilities are affected in Oracle HTTP Server 12.2.1.3.0 | Windows |
| Multiple Vulnerabilities are affected in IBM Tivoli Monitoring 6.3.0 | Windows |
| (RHSA-2019:3436) httpd:2.4 security and bug fix update httpd-2.4.37-16.module+el8.1.0+4134+e6bad0ed.x86_64.rpm | Linux |
| (RHSA-2019:3436) httpd:2.4 security and bug fix update httpd-debugsource-2.4.37-16.module+el8.1.0+4134+e6bad0ed.x86_64.rpm | Linux |
| (RHSA-2019:3436) httpd:2.4 security and bug fix update httpd-devel-2.4.37-16.module+el8.1.0+4134+e6bad0ed.x86_64.rpm | Linux |
| (RHSA-2019:3436) httpd:2.4 security and bug fix update httpd-filesystem-2.4.37-16.module+el8.1.0+4134+e6bad0ed.noarch.rpm | Linux |
| (RHSA-2019:3436) httpd:2.4 security and bug fix update httpd-manual-2.4.37-16.module+el8.1.0+4134+e6bad0ed.noarch.rpm | Linux |
| (RHSA-2019:3436) httpd:2.4 security and bug fix update httpd-tools-2.4.37-16.module+el8.1.0+4134+e6bad0ed.x86_64.rpm | Linux |
| (RHSA-2019:3436) httpd:2.4 security and bug fix update mod_http2-1.11.3-3.module+el8.1.0+4134+e6bad0ed.x86_64.rpm | Linux |
| (RHSA-2019:3436) httpd:2.4 security and bug fix update mod_http2-debugsource-1.11.3-3.module+el8.1.0+4134+e6bad0ed.x86_64.rpm | Linux |
| (RHSA-2019:3436) httpd:2.4 security and bug fix update mod_ldap-2.4.37-16.module+el8.1.0+4134+e6bad0ed.x86_64.rpm | Linux |
| (RHSA-2019:3436) httpd:2.4 security and bug fix update mod_md-2.4.37-16.module+el8.1.0+4134+e6bad0ed.x86_64.rpm | Linux |
| (RHSA-2019:3436) httpd:2.4 security and bug fix update mod_proxy_html-2.4.37-16.module+el8.1.0+4134+e6bad0ed.x86_64.rpm | Linux |
| (RHSA-2019:3436) httpd:2.4 security and bug fix update mod_session-2.4.37-16.module+el8.1.0+4134+e6bad0ed.x86_64.rpm | Linux |
| (RHSA-2019:3436) httpd:2.4 security and bug fix update mod_ssl-2.4.37-16.module+el8.1.0+4134+e6bad0ed.x86_64.rpm | Linux |
| Update Apache httpd to version 2.4.39 (For Linux) | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234