HomePentest-Tools.com Logo

Apache HTTP Server 2.4.6 - 2.4.46 Tunneling Misconfiguration Vulnerability - Windows CVE-2019-17567

Severity
CVSSv3 Score
5.3
Vulnerability description

Apache HTTP Server is prone to a tunneling misconfiguration vulnerability.

Risk description

mod_proxy_wstunnel configured on an URL that is not necessarily upgraded by the origin server was tunneling the whole connection regardless, thus allowing for subsequent requests on the same connection to pass through with no HTTP validation, authentication or authorization possibly configured.

Recommendation

Update to version 2.4.48 or later.

Codename
Not available
Detectable with
Network Scanner
Scan engine
OpenVAS
Exploitable with Sniper
No
CVE Published
Jun 10, 2021
Detection added at
Software Type
Not available
Vendor
Not available
Product
Not available