Test Kennung:	1.3.6.1.4.1.25623.1.0.807855
Kategorie:	Web Servers
Titel:	Apache HTTP Server Security Bypass Vulnerability (Jul 2016)
Zusammenfassung:	Apache HTTP Server is prone to a security bypass vulnerability.
Beschreibung:	Summary: Apache HTTP Server is prone to a security bypass vulnerability. Vulnerability Insight: The flaw affects servers that have http/2 enabled and use TLS client certificates for authentication. It is due to have forgotten the return to the original verify_mode when released to the connection of the HTTP/1.1 Vulnerability Impact: Successful exploitation will allow remote attackers to bypass the client authentication at the time of HTTP/2 use. Affected Software/OS: Apache HTTP Server 2.4.18 through 2.4.20, when mod_http2 and mod_ssl are enabled. Solution: Update to version 2.4.23 or later. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2016-4979 BugTraq ID: 91566 http://www.securityfocus.com/bid/91566 http://seclists.org/fulldisclosure/2016/Jul/11 https://security.gentoo.org/glsa/201610-02 http://packetstormsecurity.com/files/137771/Apache-2.4.20-X509-Authentication-Bypass.html https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r04e89e873d54116a0635ef2f7061c15acc5ed27ef7500997beb65d6f@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rb14daf9cc4e28d18cdc15d6a6ca74e565672fabf7ad89541071d008b@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/re1e3a24664d35bcd0a0e793e0b5fc6ca6c107f99a1b2c545c5d4b467@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d@%3Ccvs.httpd.apache.org%3E http://www.openwall.com/lists/oss-security/2016/07/05/5 RedHat Security Advisories: RHSA-2016:1420 https://access.redhat.com/errata/RHSA-2016:1420 http://www.securitytracker.com/id/1036225
Copyright	Copyright (C) 2016 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.