Vulnerability CVE-2019-0220: Information
Description
A vulnerability was found in Apache HTTP Server 2.4.0 to 2.4.38. When the path component of a request URL contains multiple consecutive slashes ('/'), directives such as LocationMatch and RewriteRule must account for duplicates in regular expressions while other aspects of the servers processing will implicitly collapse them.
Severity: MEDIUM (5.3) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Fixed packages
Package name | Branch | Fixed in version | Version from repository | Errata ID | Task # | State |
---|---|---|---|---|---|---|
apache2 | sisyphus | 2.4.39-alt1 | 2.4.59-alt1 | ALT-PU-2019-1580-1 | 226417 | Fixed |
apache2 | p10 | 2.4.39-alt1 | 2.4.59-alt1 | ALT-PU-2019-1580-1 | 226417 | Fixed |
apache2 | p9 | 2.4.39-alt1 | 2.4.58-alt1 | ALT-PU-2019-1580-1 | 226417 | Fixed |
apache2 | p8 | 2.4.39-alt1 | 2.4.43-alt1 | ALT-PU-2019-1585-1 | 226418 | Fixed |
apache2 | c10f1 | 2.4.39-alt1 | 2.4.59-alt1 | ALT-PU-2019-1580-1 | 226417 | Fixed |
apache2 | c9f2 | 2.4.39-alt1 | 2.4.59-alt1 | ALT-PU-2019-1580-1 | 226417 | Fixed |
apache2 | p11 | 2.4.39-alt1 | 2.4.59-alt1 | ALT-PU-2019-1580-1 | 226417 | Fixed |