CVE-2019-17567

See a problem?
Source
https://nvd.nist.gov/vuln/detail/CVE-2019-17567
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-17567.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2019-17567
Related
Published
2021-06-10T07:15:07Z
Modified
2024-06-10T17:16:08Z
Severity
  • 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVSS Calculator
Summary
[none]
Details

Apache HTTP Server versions 2.4.6 to 2.4.46 modproxywstunnel configured on an URL that is not necessarily Upgraded by the origin server was tunneling the whole connection regardless, thus allowing for subsequent requests on the same connection to pass through with no HTTP validation, authentication or authorization possibly configured.

References

Affected packages

Git / github.com/apache/httpd

Affected ranges

Type
GIT
Repo
https://github.com/apache/httpd
Events