CVE-2019-0217 vulnerability in Apache and Other Products
Published on April 8, 2019

In Apache HTTP Server 2.4 release 2.4.38 and prior, a race condition in mod_auth_digest when running in a threaded server could allow a user with valid credentials to authenticate using another username, bypassing configured access control restrictions.

Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory NVD

Products Associated with CVE-2019-0217

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2019-0217 are published in these products:

Apache HTTP Server

NetApp Oncommand Unified Manager

Oracle Enterprise Manager Ops Center

Oracle Http Server

Oracle Retail Xstore Point Of Service

Canonical Ubuntu Linux

Debian Linux

Fedora Project Fedora

NetApp Clustered Data Ontap

OpenSuse Leap

Red Hat Enterprise Linux (RHEL)

Red Hat Enterprise Linux Desktop

Red Hat Enterprise Linux Server

Red Hat Enterprise Linux Workstation

Affected Versions

Apache HTTP Server Version 2.4.0 to 2.4.38 is affected by CVE-2019-0217

Exploit Probability

EPSS

37.56%

Percentile

97.13%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

CVE-2019-0217 vulnerability in Apache and Other ProductsPublished on April 8, 2019

Products Associated with CVE-2019-0217

Affected Versions

Exploit Probability

CVE-2019-0217 vulnerability in Apache and Other Products
Published on April 8, 2019