vulnerability

Oracle Linux: CVE-2019-0215: ELSA-2019-0980: httpd:2.4 security update (IMPORTANT) (Multiple Advisories)

Severity
7
CVSS
(AV:N/AC:H/Au:S/C:C/I:C/A:N)
Published
2019-04-01
Added
2024-07-22
Modified
2024-11-29

Description

In Apache HTTP Server 2.4 releases 2.4.37 and 2.4.38, a bug in mod_ssl when using per-location client certificate verification with TLSv1.3 allowed a client to bypass configured access control restrictions.
A flaw was found in Apache HTTP Server 2.4 (releases 2.4.37 and 2.4.38). A bug in mod_ssl, when using per-location client certificate verification with TLSv1.3, allowed a client supporting Post-Handshake Authentication to bypass configured access control restrictions. An attacker could perform various unauthorized actions after bypassing the restrictions. The highest threat from this vulnerability is to data confidentiality and integrity.

Solution(s)

oracle-linux-upgrade-httpdoracle-linux-upgrade-httpd-develoracle-linux-upgrade-httpd-filesystemoracle-linux-upgrade-httpd-manualoracle-linux-upgrade-httpd-toolsoracle-linux-upgrade-mod-http2oracle-linux-upgrade-mod-ldaporacle-linux-upgrade-mod-mdoracle-linux-upgrade-mod-proxy-htmloracle-linux-upgrade-mod-sessionoracle-linux-upgrade-mod-ssl
Title
NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.