SB2019040201 - Multiple vulnerabilities in Apache HTTP Server 

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2019040201

SB2019040201 - Multiple vulnerabilities in Apache HTTP Server

Published: April 2, 2019

Security Bulletin ID SB2019040201
Severity
Medium
Patch available
YES
Number of vulnerabilities 6
Exploitation vector Remote access
Highest impact Denial of service

Breakdown by Severity

Medium 50% Low 50%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 6 secuirty vulnerabilities.


1) Resource management error (CVE-ID: CVE-2019-0197)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to an error within the mod_http2 module when processing update requests from http/1.1 to http/2, if this was not the first request on a connection. A remote attacker can send specially crafted requests to the affected server and perform denial of service attack.

Successful exploitation of the vulnerability requires that HTTP/2 protocol is enabled for a "http:" host or H2Upgrade is enabled for h2 on a "https:" host.


2) Use-after-free (CVE-ID: CVE-2019-0196)

The vulnerability allows a remote attacker to perform denial of service attack.

The vulnerability exists due to a use-after-free error within the mod_http2 module when processing HTTP/2 requests. A remote attacker can make the application to access freed memory during string comparison when determining the method of a request and process the request incorrectly.

Successful exploitation of the vulnerability may allow an attacker to gain access to sensitive information or perform a denial of service attack.


3) Privilege escalation (CVE-ID: CVE-2019-0211)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists within MPM implementation due to the application does not properly maintain each child's listener bucket number in the scoreboard that may lead to unprivileged code or scripts run by server (e.g. via mod_php) to modify the scoreboard and abuse the privileged main process.

A local user can execute arbitrary code on the system with privileges of the Apache HTTP Server code process.


4) Race condition (CVE-ID: CVE-2019-0217)

The vulnerability allows a remote authenticated user to impersonate other users.

The vulnerability exists due to a race condition within the mod_auth_digests module. A remote authenticated attacker can send a series of requests and impersonate other users under a threaded MPM.

5) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2019-0215)

The vulnerability allows a remote attacker to escalate privileges on the system.

The vulnerability exists within the mod_ssl module when processing access controls for per-location/per-dir client certificate verification in TLSv1.3. A remote authenticated attacker can gain access to restricted directories on the server.


6) Input validation error (CVE-ID: CVE-2019-0220)

The vulnerability allows a remote attacker to bypass certain security restrictions.

The vulnerability exists due to the web server does not merge consecutive slashes in URLs, that can lead to incorrect processing of requests when accessing CGI programs. Such web server behavior may lead to security restrictions bypass.


Remediation

Install update from vendor's website.

References