CVE-2019-0220
CVE-2019-0220
A vulnerability was found in Apache HTTP Server 2.4.0 to 2.4.38. When the path component of a request URL contains multiple consecutive slashes ('/'), directives such as LocationMatch and RewriteRule must account for duplicates in regular expressions while other aspects of the servers processing will implicitly collapse them.
Productos afectados
Apache Software Foundation · Apache HTTP Server¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →Referencias
http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00051.htmlhttp://lists.opensuse.org/opensuse-security-announce/2019-04/msg00061.htmlhttp://lists.opensuse.org/opensuse-security-announce/2019-04/msg00084.htmlhttps://access.redhat.com/errata/RHSA-2019:2343https://access.redhat.com/errata/RHSA-2019:3436https://access.redhat.com/errata/RHSA-2019:4126https://access.redhat.com/errata/RHSA-2020:0250https://access.redhat.com/errata/RHSA-2020:0251https://httpd.apache.org/security/vulnerabilities_24.htmlhttps://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d%40%3Ccvs.httpd.apache.org%3E