Описание
A vulnerability was found in Apache HTTP Server 2.4.0 to 2.4.38. When the path component of a request URL contains multiple consecutive slashes ('/'), directives such as LocationMatch and RewriteRule must account for duplicates in regular expressions while other aspects of the servers processing will implicitly collapse them.
Отчет
Red Hat Enterprise Linux 6 is now in Maintenance Support 2 Phase of the support and maintenance life cycle. This flaw has been rated as having a security impact of Low, and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.
Меры по смягчению последствий
This flaw can be mitigation by replacing multiple consecutive slashes, used in directives that match against the path component of the request URL with regular expressions.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | httpd | Out of support scope | ||
| Red Hat Enterprise Linux 6 | httpd | Out of support scope | ||
| Red Hat JBoss Enterprise Web Server 2 | httpd | Out of support scope | ||
| Red Hat Virtualization 4 | rhvm-appliance | Not affected | ||
| JBoss Core Services on RHEL 6 | jbcs-httpd24-apr | Fixed | RHSA-2020:0250 | 27.01.2020 |
| JBoss Core Services on RHEL 6 | jbcs-httpd24-apr-util | Fixed | RHSA-2020:0250 | 27.01.2020 |
| JBoss Core Services on RHEL 6 | jbcs-httpd24-brotli | Fixed | RHSA-2020:0250 | 27.01.2020 |
| JBoss Core Services on RHEL 6 | jbcs-httpd24-curl | Fixed | RHSA-2020:0250 | 27.01.2020 |
| JBoss Core Services on RHEL 6 | jbcs-httpd24-httpd | Fixed | RHSA-2020:0250 | 27.01.2020 |
| JBoss Core Services on RHEL 6 | jbcs-httpd24-jansson | Fixed | RHSA-2020:0250 | 27.01.2020 |
Показывать по
Дополнительная информация
Статус:
EPSS
3.3 Low
CVSS3
Связанные уязвимости
A vulnerability was found in Apache HTTP Server 2.4.0 to 2.4.38. When the path component of a request URL contains multiple consecutive slashes ('/'), directives such as LocationMatch and RewriteRule must account for duplicates in regular expressions while other aspects of the servers processing will implicitly collapse them.
A vulnerability was found in Apache HTTP Server 2.4.0 to 2.4.38. When the path component of a request URL contains multiple consecutive slashes ('/'), directives such as LocationMatch and RewriteRule must account for duplicates in regular expressions while other aspects of the servers processing will implicitly collapse them.
A vulnerability was found in Apache HTTP Server 2.4.0 to 2.4.38. When ...
A vulnerability was found in Apache HTTP Server 2.4.0 to 2.4.38. When the path component of a request URL contains multiple consecutive slashes ('/'), directives such as LocationMatch and RewriteRule must account for duplicates in regular expressions while other aspects of the servers processing will implicitly collapse them.
Уязвимость модуля RewriteRule веб-сервера Apache, связанная с использованием имени с неправильной ссылкой, позволяющая нарушителю получить доступ к конфиденциальным данным
EPSS
3.3 Low
CVSS3