Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog Latest Updates Security News
Sign In Sign Up

CVE-2019-17567

UNKNOWN
Published 2021-06-10T07:10:19
Actions:
No CVSS data available

Description

Apache HTTP Server versions 2.4.6 to 2.4.46 mod_proxy_wstunnel configured on an URL that is not necessarily Upgraded by the origin server was tunneling the whole connection regardless, thus allowing for subsequent requests on the same connection to pass through with no HTTP validation, authentication or authorization possibly configured.

Available Exploits

No exploits available for this CVE.

Related News

No news articles found for this CVE.

Affected Products

Apache Software Foundation

Apache HTTP Server

Affected Versions:

2.4.46 2.4.43 2.4.41 2.4.39 2.4.38 2.4.37 2.4.35 2.4.34 2.4.33 2.4.29 2.4.28 2.4.27 2.4.26 2.4.25 2.4.23 2.4.20 2.4.18 2.4.17 2.4.16 2.4.12 2.4.10 2.4.9 2.4.7 2.4.6

References

http://httpd.apache.org/security/vulnerabilities_24.html
https://lists.apache.org/thread.html/re026d3da9d7824bd93b9f871c0fdda978d960c7e62d8c43cba8d0bf3%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r90f693a5c9fb75550ef1412436d5e682a5f845beb427fa6f23419a3c%40%3Cannounce.httpd.apache.org%3E
https://lists.apache.org/thread.html/r7f2b70b621651548f4b6f027552f1dd91705d7111bb5d15cda0a68dd%40%3Cdev.httpd.apache.org%3E
http://www.openwall.com/lists/oss-security/2021/06/10/2
https://security.gentoo.org/glsa/202107-38
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SPBR6WUYBJNACHKE65SPL7TJOHX7RHWD/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZNCYSR3BXT36FFF4XTCPL3HDQK4VP45R/
https://www.oracle.com/security-alerts/cpuoct2021.html
https://security.netapp.com/advisory/ntap-20210702-0001/
https://lists.debian.org/debian-lts-announce/2024/05/msg00013.html
Published: 2021-06-10T07:10:19
Last Modified: 2024-08-05T01:40:15.824Z
Copied to clipboard!