LOGIN
CONTACT SALES
LOGIN
CONTACT SALES

Apache – CVE-2019-0217

Description

Cytrix has detected that the Version of Apache HTTP Server being used is vulnerable to the ‘mod_auth_digest access control bypass’ vulnerability.

CVE-2019-0217 is categorized as a ‘Concurrent Execution using Shared Resource with Improper Synchronization (aka “Race Condition”)’ vulnerability (CWE-362).
These vulnerabilities occur when the code requires that certain state should not be modified between two operations, but a timing window exists in which the state can be modified by an unauthorized actor or a process.

The Version of Apache HTTP Server being used has a Race Condition in ‘mod_auth_digest’ when running in a threaded server.
That could allow users with valid credentials to authenticate using different usernames.
Bypassing the configured access control restrictions is possible.

It could lead to information being disclosed, assisting attackers in performing attacks against your assets.
There’s a chance that this vulnerability will allow attackers to modify system files and information.
Also, it may lead to a decrease in performance and interruptions in the availability of resources.

Recommendation

To fix CVE-2019-0217, upgrade the version of Apache HTTP Server being used to 2.4.39.

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0217

https://cwe.mitre.org/data/definitions/362.html

< Return to all Vulnerabilities

Request a Demo

The Dark Web

Let’s talk about the darker and more mysterious side of the internet, also known as The Dark Web. You’ve probably heard about it, whether it’s

Read More »

Browser Exploitation

We know that it’s possible to exploit weaknesses (or vulnerabilities) that exist in anything, from a certain code to the entire application, let’s talk about

Read More »
Facebook Linkedin

Company

Resources

Docs

Latest posts

PING US
Facebook Linkedin