FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Apache -- Multiple vulnerabilities

Affected packages
apache24 < 2.4.39

Details

VuXML ID cf2105c6-551b-11e9-b95c-b499baebfeaf
Discovery 2019-04-01
Entry 2019-04-02

The Apache httpd Project reports:

Apache HTTP Server privilege escalation from modules' scripts (CVE-2019-0211) (important)

mod_auth_digest access control bypass (CVE-2019-0217) (important)

mod_ssl access control bypass (CVE-2019-0215) (important)

mod_http2, possible crash on late upgrade (CVE-2019-0197) (low)

mod_http2, read-after-free on a string compare (CVE-2019-0196) (low)

Apache httpd URL normalization inconsistincy (CVE-2019-0220) (low)

References

CVE Name CVE-2019-0196
CVE Name CVE-2019-0211
CVE Name CVE-2019-0215
CVE Name CVE-2019-0217
CVE Name CVE-2019-0220
URL https://httpd.apache.org/security/vulnerabilities_24.html
URL https://www.apache.org/dist/httpd/CHANGES_2.4.39