Main Vulnerability Database SB2019040246

SB2019040246 - Input validation error in apache2 (Alpine package)

Published: April 2, 2019

Security Bulletin ID SB2019040246

CSH Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 vulnerability.

1) Input validation error (CVE-ID: CVE-2019-0220)

CWE-ID: CWE-20 - Improper input validation

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a remote attacker to bypass certain security restrictions.

The vulnerability exists due to the web server does not merge consecutive slashes in URLs, that can lead to incorrect processing of requests when accessing CGI programs. Such web server behavior may lead to security restrictions bypass.

Remediation

Install update from vendor's website.

References

https://git.alpinelinux.org/aports/commit/?id=0342bb148db2b28dcced8a4c5b8e2840f3af9a44
https://git.alpinelinux.org/aports/commit/?id=9d23763439dabef4a81c7cc9c061b69048df9708
https://git.alpinelinux.org/aports/commit/?id=bbf41c02f848c8e5967bd857c6988274dc55f068
https://git.alpinelinux.org/aports/commit/?id=ef86fbabe1c2c14cf06d8c26c6141b650e92049d