ID de Prueba:	1.3.6.1.4.1.25623.1.0.142229
Categoría:	Web Servers
Título:	Apache HTTP Server < 2.4.39 URL Normalization Vulnerability - Windows
Resumen:	When the path component of a request URL contains multiple consecutive slashes; ('/'), directives such as LocationMatch and RewriteRule must account for duplicates in regular expressions while; other aspects of the servers processing will implicitly collapse them.
Descripción:	Summary: When the path component of a request URL contains multiple consecutive slashes ('/'), directives such as LocationMatch and RewriteRule must account for duplicates in regular expressions while other aspects of the servers processing will implicitly collapse them. Affected Software/OS: Apache HTTP Server version 2.4.38 and prior. Solution: Update to version 2.4.39 or later. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2019-0220 BugTraq ID: 107670 http://www.securityfocus.com/bid/107670 Bugtraq: 20190403 [SECURITY] [DSA 4422-1] apache2 security update (Google Search) https://seclists.org/bugtraq/2019/Apr/5 https://httpd.apache.org/security/vulnerabilities_24.html https://security.netapp.com/advisory/ntap-20190625-0007/ https://support.f5.com/csp/article/K44591505 https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03950en_us Debian Security Information: DSA-4422 (Google Search) https://www.debian.org/security/2019/dsa-4422 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EZRMTEIGZKYFNGIDOTXN3GNEJTLVCYU7/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ALIR5S3O7NRHEGFMIDMUSYQIZOE4TJJN/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WETXNQWNQLWHV6XNW6YTO5UGDTIWAQGT/ https://www.oracle.com/security-alerts/cpuapr2020.html https://www.oracle.com/security-alerts/cpujul2020.html https://www.oracle.com/security-alerts/cpujul2022.html https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html https://lists.debian.org/debian-lts-announce/2019/04/msg00008.html https://lists.apache.org/thread.html/r31f46d1f16ffcafa68058596b21f6eaf6d352290e522690a1cdccdd7@%3Cbugs.httpd.apache.org%3E https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/re473305a65b4db888e3556e4dae10c2a04ee89dcff2e26ecdbd860a9@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d@%3Ccvs.httpd.apache.org%3E http://www.openwall.com/lists/oss-security/2019/04/02/6 RedHat Security Advisories: RHSA-2019:2343 https://access.redhat.com/errata/RHSA-2019:2343 RedHat Security Advisories: RHSA-2019:3436 https://access.redhat.com/errata/RHSA-2019:3436 RedHat Security Advisories: RHSA-2019:4126 https://access.redhat.com/errata/RHSA-2019:4126 RedHat Security Advisories: RHSA-2020:0250 https://access.redhat.com/errata/RHSA-2020:0250 RedHat Security Advisories: RHSA-2020:0251 https://access.redhat.com/errata/RHSA-2020:0251 SuSE Security Announcement: openSUSE-SU-2019:1190 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00051.html SuSE Security Announcement: openSUSE-SU-2019:1209 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00061.html SuSE Security Announcement: openSUSE-SU-2019:1258 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00084.html https://usn.ubuntu.com/3937-1/
Copyright	Copyright (C) 2019 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.