CVE-2019-17567

See a problem?

Source

https://nvd.nist.gov/vuln/detail/CVE-2019-17567

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-17567.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2019-17567

Related

Published

2021-06-10T07:15:07Z

Modified

2024-09-11T02:00:06Z

Severity

5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVSS Calculator

Summary

[none]

Details

Apache HTTP Server versions 2.4.6 to 2.4.46 modproxywstunnel configured on an URL that is not necessarily Upgraded by the origin server was tunneling the whole connection regardless, thus allowing for subsequent requests on the same connection to pass through with no HTTP validation, authentication or authorization possibly configured.

References

Affected packages

Debian:11 / apache2

Package

Name: apache2
Purl: pkg:deb/debian/apache2?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.4.48-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / apache2

Package

Name: apache2
Purl: pkg:deb/debian/apache2?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.4.48-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / apache2

Package

Name: apache2
Purl: pkg:deb/debian/apache2?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.4.48-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/apache/httpd

Affected ranges

Type: GIT
Repo: https://github.com/apache/httpd
Events: Introduced

7650f0ca88028593a7c5fbba2e20bca4a65b031d

Last affected

8064ccc50bffe86ad464246b9bfac7d78d7dbc1f