Published on: 03 April 2019
Last update on: 10 April 2019
The Apache Software Foundation released a security update to address multiple vulnerabilities in the modules of HTTP Server, including mod_auth_digest, mod_ssl and mod_http2.
A report indicates that the exploit code against the vulnerability (CVE-2019-0211) has been released publicly. Users are advised to take immediate action to patch your affected systems and update all affected modules to mitigate the elevated risk of cyber attacks, if not yet. For systems hosted at outsourced platforms, system owners should confirm with the web hosting service providers that the relevant patches have been applied.
Successful exploitation of the vulnerabilities could lead to system crash, access control restrictions bypass, arbitrary code execution and privilege escalation on an affected system.
The Apache Software Foundation has released new version of the product to address the issues and they can be downloaded at the following URL:
https://github.com/cfreal/exploits/tree/master/CVE-2019-0211-apache
http://httpd.apache.org/security/vulnerabilities_24.html
https://www.hkcert.org/my_url/en/alert/19040302
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0196
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0197
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0220
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0211
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0215
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0217