Apache 2.4.39 to fix important web server vulnerabilities
The CVE-2019-0211, a privilege escalation vulnerability, affecting Apache versions 2.4.17 to 2.4.38 could allow any under-privileged user to execute arbitrary code on the targeted server with root privileges.
This vulnerability along with three low and two other important severity issues are addressed in the latest Apache httpd 2.4.39 version.
With Vulnerability Manager Plus, you can detect these vulnerabilities and your network servers that are affected by these vulnerabilities. It is advisable to update your Apache servers to 2.4.39. To download the Apache 2.4.39 version, refer this link.
Details on the vulnerabilities patched in Apache 2.4.39:
CVE ID |
Vulnerability |
Severity |
Affected versions |
(CVE-2019-0211)
|
Apache HTTP Server privilege escalation from modules' scripts
|
important
|
2.4.17 to 2.4.38 |
(CVE-2019-0217)
|
mod_auth_digest access control bypass
|
important
|
2.4.38 and prior versions |
(CVE-2019-0215)
|
mod_ssl access control bypass
|
important
|
2.4.37 and 2.4.38 |
(CVE-2019-0197)
|
mod_http2, possible crash on late upgrade
|
low
|
2.4.38, 2.4.37, 2.4.35, 2.4.34 |
(CVE-2019-0196)
|
mod_http2, read-after-free on a string compare
|
low
|
2.4.38, 2.4.37, 2.4.35, 2.4.34, 2.4.33, 2.4.30, 2.4.29, 2.4.28, 2.4.27, 2.4.26, 2.4.25, 2.4.23, 2.4.20, 2.4.18 |
(CVE-2019-0220)
|
Apache httpd URL normalization inconsistincy
|
low
|
2.4.38, 2.4.37, 2.4.35, 2.4.34, 2.4.33, 2.4.30, 2.4.29, 2.4.28, 2.4.27, 2.4.26, 2.4.25, 2.4.23, 2.4.20, 2.4.18, 2.4.17, 2.4.16, 2.4.12, 2.4.10, 2.4.9, 2.4.7, 2.4.6, 2.4.4, 2.4.3, 2.4.2, 2.4.1, 2.4.0 |