Уязвимость CVE-2019-0215: Информация

Описание

In Apache HTTP Server 2.4 releases 2.4.37 and 2.4.38, a bug in mod_ssl when using per-location client certificate verification with TLSv1.3 allowed a client to bypass configured access control restrictions.

Важность: HIGH (7,5) Вектор: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

URL: https://nvd.nist.gov/vuln/detail/CVE-2019-0215
Опубликовано: 8 апреля 2019 г.
Изменено: 7 ноября 2023 г.

Исправленные пакеты

Имя пакета
Ветка
Исправлено в версии
Версия в репозитории
Errata ID
№ Задания
Состояние
apache2sisyphus2.4.39-alt12.4.59-alt1ALT-PU-2019-1580-1226417Исправлено
apache2p102.4.39-alt12.4.59-alt1ALT-PU-2019-1580-1226417Исправлено
apache2p92.4.39-alt12.4.58-alt1ALT-PU-2019-1580-1226417Исправлено
apache2p82.4.39-alt12.4.43-alt1ALT-PU-2019-1585-1226418Исправлено
apache2c10f12.4.39-alt12.4.59-alt1ALT-PU-2019-1580-1226417Исправлено
apache2c9f22.4.39-alt12.4.59-alt1ALT-PU-2019-1580-1226417Исправлено
apache2p112.4.39-alt12.4.59-alt1ALT-PU-2019-1580-1226417Исправлено

Ссылки на рекомендации, решения и инструменты

Ссылка
Ресурс
https://httpd.apache.org/security/vulnerabilities_24.html
  • Vendor Advisory
107667
  • Third Party Advisory
  • VDB Entry
[oss-security] 20190401 CVE-2019-0215: mod_ssl access control bypass
  • Mailing List
  • Mitigation
  • Third Party Advisory
https://support.f5.com/csp/article/K59440504
  • Third Party Advisory
https://security.netapp.com/advisory/ntap-20190423-0001/
  • Third Party Advisory
RHSA-2019:0980
    https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
      N/A
        https://www.oracle.com/security-alerts/cpujan2020.html
          https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
            [httpd-cvs] 20190402 svn commit: r1856807 - /httpd/test/framework/trunk/t/security/CVE-2019-0215.t
              FEDORA-2019-cf7695b470
                FEDORA-2019-119b14075a
                  FEDORA-2019-a4ed7400f4
                    [httpd-dev] 20190804 Re: svn commit: r1856807 - /httpd/test/framework/trunk/t/security/CVE-2019-0215.t
                      [httpd-cvs] 20190806 svn commit: r1864463 - /httpd/test/framework/trunk/t/security/CVE-2019-0215.t
                        [httpd-dev] 20190806 Re: svn commit: r1856807 - /httpd/test/framework/trunk/t/security/CVE-2019-0215.t
                          [httpd-cvs] 20190815 svn commit: r1048743 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
                            [httpd-cvs] 20190815 svn commit: r1048742 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
                              [httpd-cvs] 20200401 svn commit: r1058586 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
                                [httpd-cvs] 20200401 svn commit: r1058587 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
                                  [httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/
                                    [httpd-cvs] 20210330 svn commit: r1073143 [3/3] - in /websites/staging/httpd/trunk/content: ./ security/
                                      [httpd-cvs] 20210330 svn commit: r1073140 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
                                        [httpd-cvs] 20210330 svn commit: r1073139 [12/13] - in /websites/staging/httpd/trunk/content: ./ security/json/
                                          [httpd-cvs] 20210330 svn commit: r1888194 [12/13] - /httpd/site/trunk/content/security/json/
                                            [httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/
                                              [httpd-cvs] 20210330 svn commit: r1073149 [12/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/
                                                [httpd-cvs] 20210606 svn commit: r1075470 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html

                                                    1. Конфигурация 1

                                                      cpe:2.3:a:apache:http_server:2.4.37:*:*:*:*:*:*:*
                                                      cpe:2.3:a:apache:http_server:2.4.38:*:*:*:*:*:*:*

                                                      Конфигурация 2

                                                      cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*
                                                      cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*
                                                  VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
                                                  Версия: v24.5.3
                                                  Наверх