Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

CVE-2019-0220

Published: 2 April 2019

A vulnerability was found in Apache HTTP Server 2.4.0 to 2.4.38. When the path component of a request URL contains multiple consecutive slashes ('/'), directives such as LocationMatch and RewriteRule must account for duplicates in regular expressions while other aspects of the servers processing will implicitly collapse them.

Priority

Low

Cvss 3 Severity Score

5.3

Score breakdown

Status

Package Release Status
apache2
Launchpad, Ubuntu, Debian
bionic
Released (2.4.29-1ubuntu4.6)
cosmic
Released (2.4.34-1ubuntu2.1)
disco
Released (2.4.38-2ubuntu2)
eoan
Released (2.4.38-2ubuntu2)
focal
Released (2.4.38-2ubuntu2)
groovy
Released (2.4.38-2ubuntu2)
hirsute
Released (2.4.38-2ubuntu2)
trusty
Released (2.4.7-1ubuntu4.22)
upstream Needs triage

xenial
Released (2.4.18-2ubuntu3.10)
Patches:
upstream: https://github.com/apache/httpd/commit/9bc1917a27a2323e535aadb081e38172ae0e3fc2
upstream: https://github.com/apache/httpd/commit/c4ef468b25718a26f2b92cbea3ca093729b79331
upstream: https://github.com/apache/httpd/commit/a428b2ce4a2a1250e0eab66edc283f58ea643602
upstream: https://github.com/apache/httpd/commit/3451fc2bf8708b0dc8cd6a7d0ac0fe5b6401befc

Severity score breakdown

Parameter Value
Base score 5.3
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Scope Unchanged
Confidentiality Low
Integrity impact None
Availability impact None
Vector CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N