CVE-2019-0217

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2019-0217
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-0217.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2019-0217
Downstream
Related
Published
2019-04-08T21:29:00.843Z
Modified
2026-05-18T05:50:31.988383547Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

In Apache HTTP Server 2.4 release 2.4.38 and prior, a race condition in modauthdigest when running in a threaded server could allow a user with valid credentials to authenticate using another username, bypassing configured access control restrictions.

Database specific 
{
    "unresolved_ranges": [
        {
            "cpes": [
                "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*",
                "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
                "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
                "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
                "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*"
            ],
            "source": "CPE_FIELD",
            "vendor_product": "canonical:ubuntu_linux",
            "extracted_events": [
                {
                    "last_affected": "12.04"
                },
                {
                    "last_affected": "14.04"
                },
                {
                    "last_affected": "16.04"
                },
                {
                    "last_affected": "18.04"
                },
                {
                    "last_affected": "18.10"
                }
            ]
        },
        {
            "extracted_events": [
                {
                    "last_affected": "8.0"
                },
                {
                    "last_affected": "9.0"
                }
            ],
            "source": "CPE_FIELD",
            "vendor_product": "debian:debian_linux",
            "cpes": [
                "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*"
            ]
        },
        {
            "extracted_events": [
                {
                    "last_affected": "28"
                },
                {
                    "last_affected": "29"
                },
                {
                    "last_affected": "30"
                }
            ],
            "source": "CPE_FIELD",
            "vendor_product": "fedoraproject:fedora",
            "cpes": [
                "cpe:2.3:o:fedoraproject:fedora:28:*:*:*:*:*:*:*",
                "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*",
                "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*"
            ]
        },
        {
            "extracted_events": [
                {
                    "last_affected": "15.0"
                },
                {
                    "last_affected": "42.3"
                }
            ],
            "source": "CPE_FIELD",
            "vendor_product": "opensuse:leap",
            "cpes": [
                "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*"
            ]
        },
        {
            "extracted_events": [
                {
                    "last_affected": "12.3.3"
                },
                {
                    "last_affected": "12.4.0"
                }
            ],
            "source": "CPE_FIELD",
            "vendor_product": "oracle:enterprise_manager_ops_center",
            "cpes": [
                "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0:*:*:*:*:*:*:*"
            ]
        },
        {
            "extracted_events": [
                {
                    "last_affected": "12.2.1.3.0"
                }
            ],
            "source": "CPE_FIELD",
            "vendor_product": "oracle:http_server",
            "cpes": [
                "cpe:2.3:a:oracle:http_server:12.2.1.3.0:*:*:*:*:*:*:*"
            ]
        },
        {
            "cpes": [
                "cpe:2.3:a:oracle:retail_xstore_point_of_service:7.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:oracle:retail_xstore_point_of_service:7.1:*:*:*:*:*:*:*"
            ],
            "source": "CPE_FIELD",
            "vendor_product": "oracle:retail_xstore_point_of_service",
            "extracted_events": [
                {
                    "last_affected": "7.0"
                },
                {
                    "last_affected": "7.1"
                }
            ]
        },
        {
            "cpes": [
                "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*"
            ],
            "source": "CPE_FIELD",
            "vendor_product": "redhat:enterprise_linux_desktop",
            "extracted_events": [
                {
                    "last_affected": "7.0"
                }
            ]
        },
        {
            "cpes": [
                "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*"
            ],
            "source": "CPE_FIELD",
            "vendor_product": "redhat:enterprise_linux_server",
            "extracted_events": [
                {
                    "last_affected": "7.0"
                }
            ]
        },
        {
            "extracted_events": [
                {
                    "last_affected": "7.0"
                }
            ],
            "source": "CPE_FIELD",
            "vendor_product": "redhat:enterprise_linux_workstation",
            "cpes": [
                "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*"
            ]
        }
    ]
}
References

Affected packages

Git / github.com/apache/httpd

Affected ranges

Type
GIT
Repo
https://github.com/apache/httpd
Events
Introduced
da5873e80d6eee7a0838793bf68f1d0254745fbb
Last affected
3090a40b568b675c6b09a4f008b421a747e2731c
Database specific 
{
    "cpe": "cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*",
    "source": "CPE_FIELD",
    "extracted_events": [
        {
            "introduced": "2.4.0"
        },
        {
            "last_affected": "2.4.38"
        }
    ]
}

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-0217.json"