SB2019041120 - Red Hat Software Collections update for httpd24-httpd and httpd24-mod_auth_mellon
Published: April 11, 2019 Updated: April 24, 2025
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 2 vulnerabilities.
1) Privilege escalation (CVE-ID: CVE-2019-0211)
CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:A/U:Clear
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists within MPM implementation due to the application does not properly maintain each child's listener bucket number in the scoreboard that may lead to unprivileged code or scripts run by server (e.g. via mod_php) to modify the scoreboard and abuse the privileged main process.
A local user can execute arbitrary code on the system with privileges of the Apache HTTP Server code process.
2) Improper Authentication (CVE-ID: CVE-2019-3878)
CWE-ID: CWE-287 - Improper Authentication
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to bypass authentication process.
The vulnerability exists due to an error when processing certain headers. A remote attacker can add special HTTP headers that are normally used to start the special SAML ECP, bypass authentication process and gain unauthorized access to the application.
Successful exploitation of the vulnerability requires that Apache is configured as a reverse proxy and mod_auth_mellon is configured to only let through authenticated users.
Remediation
Install update from vendor's website.