Back to search
CVE-2019-0217
Published: Apr 8, 2019
Modified: Aug 4, 2024
PUBLISHED
Description
In Apache HTTP Server 2.4 release 2.4.38 and prior, a race condition in mod_auth_digest when running in a threaded server could allow a user with valid credentials to authenticate using another username, bypassing configured access control restrictions.
| Vendor | Product | Versions |
|---|---|---|
Apache | Apache HTTP Server | affected 2.4.0 to 2.4.38 |
References
[httpd-dev] 20190402 re: svn commit: r33393 - /release/httpd/CHANGES_2.4
mailing-list
x_refsource_MLIST
[oss-security] 20190401 CVE-2019-0217: mod_auth_digest access control bypass
mailing-list
x_refsource_MLIST
107668
vdb-entry
x_refsource_BID
20190403 [SECURITY] [DSA 4422-1] apache2 security update
mailing-list
x_refsource_BUGTRAQ
[debian-lts-announce] 20190403 [SECURITY] [DLA 1748-1] apache2 security update
mailing-list
x_refsource_MLIST
USN-3937-1
vendor-advisory
x_refsource_UBUNTU
DSA-4422
vendor-advisory
x_refsource_DEBIAN
FEDORA-2019-119b14075a
vendor-advisory
x_refsource_FEDORA
https://httpd.apache.org/security/vulnerabilities_24.html
x_refsource_MISC
EDORA-2019-cf7695b470
vendor-advisory
x_refsource_FEDORA
https://bugzilla.redhat.com/show_bug.cgi?id=1695020
x_refsource_MISC
USN-3937-2
vendor-advisory
x_refsource_UBUNTU
openSUSE-SU-2019:1190
vendor-advisory
x_refsource_SUSE
openSUSE-SU-2019:1209
vendor-advisory
x_refsource_SUSE
https://security.netapp.com/advisory/ntap-20190423-0001/
x_refsource_CONFIRM
openSUSE-SU-2019:1258
vendor-advisory
x_refsource_SUSE
FEDORA-2019-a4ed7400f4
vendor-advisory
x_refsource_FEDORA
RHSA-2019:2343
vendor-advisory
x_refsource_REDHAT
RHSA-2019:3436
vendor-advisory
x_refsource_REDHAT
RHSA-2019:3933
vendor-advisory
x_refsource_REDHAT
RHSA-2019:3935
vendor-advisory
x_refsource_REDHAT
RHSA-2019:3932
vendor-advisory
x_refsource_REDHAT
RHSA-2019:4126
vendor-advisory
x_refsource_REDHAT
https://www.oracle.com/security-alerts/cpuapr2020.html
x_refsource_MISC
[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/
mailing-list
x_refsource_MLIST
[httpd-cvs] 20210330 svn commit: r1073143 [3/3] - in /websites/staging/httpd/trunk/content: ./ security/
mailing-list
x_refsource_MLIST
[httpd-cvs] 20210330 svn commit: r1073139 [12/13] - in /websites/staging/httpd/trunk/content: ./ security/json/
mailing-list
x_refsource_MLIST
[httpd-cvs] 20210330 svn commit: r1888194 [12/13] - /httpd/site/trunk/content/security/json/
mailing-list
x_refsource_MLIST
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now