UBUNTU-CVE-2019-17567

Source
https://ubuntu.com/security/CVE-2019-17567
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2019/UBUNTU-CVE-2019-17567.json
JSON Data
https://api.osv.dev/v1/vulns/UBUNTU-CVE-2019-17567
Related
Published
2021-06-10T07:15:00Z
Modified
2024-10-15T14:07:03Z
Severity
  • 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVSS Calculator
Summary
[none]
Details

Apache HTTP Server versions 2.4.6 to 2.4.46 modproxywstunnel configured on an URL that is not necessarily Upgraded by the origin server was tunneling the whole connection regardless, thus allowing for subsequent requests on the same connection to pass through with no HTTP validation, authentication or authorization possibly configured.

References

Affected packages

Ubuntu:Pro:14.04:LTS / apache2

Package

Name
apache2
Purl
pkg:deb/ubuntu/apache2?arch=src?distro=trusty/esm

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.4.6-2ubuntu2
2.4.6-2ubuntu3
2.4.6-2ubuntu4
2.4.7-1ubuntu1
2.4.7-1ubuntu2
2.4.7-1ubuntu3
2.4.7-1ubuntu4
2.4.7-1ubuntu4.1
2.4.7-1ubuntu4.4
2.4.7-1ubuntu4.5
2.4.7-1ubuntu4.6
2.4.7-1ubuntu4.7
2.4.7-1ubuntu4.8
2.4.7-1ubuntu4.9
2.4.7-1ubuntu4.10
2.4.7-1ubuntu4.11
2.4.7-1ubuntu4.13
2.4.7-1ubuntu4.15
2.4.7-1ubuntu4.16
2.4.7-1ubuntu4.17
2.4.7-1ubuntu4.18
2.4.7-1ubuntu4.19
2.4.7-1ubuntu4.20
2.4.7-1ubuntu4.21
2.4.7-1ubuntu4.22
2.4.7-1ubuntu4.22+esm1
2.4.7-1ubuntu4.22+esm2
2.4.7-1ubuntu4.22+esm3
2.4.7-1ubuntu4.22+esm4
2.4.7-1ubuntu4.22+esm5
2.4.7-1ubuntu4.22+esm6
2.4.7-1ubuntu4.22+esm8
2.4.7-1ubuntu4.22+esm9

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:Pro:16.04:LTS / apache2

Package

Name
apache2
Purl
pkg:deb/ubuntu/apache2?arch=src?distro=esm-infra/xenial

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.4.12-2ubuntu2
2.4.17-1ubuntu1
2.4.17-2ubuntu1
2.4.17-3ubuntu1
2.4.18-1ubuntu1
2.4.18-2ubuntu1
2.4.18-2ubuntu2
2.4.18-2ubuntu3
2.4.18-2ubuntu3.1
2.4.18-2ubuntu3.2
2.4.18-2ubuntu3.3
2.4.18-2ubuntu3.4
2.4.18-2ubuntu3.5
2.4.18-2ubuntu3.7
2.4.18-2ubuntu3.8
2.4.18-2ubuntu3.9
2.4.18-2ubuntu3.10
2.4.18-2ubuntu3.12
2.4.18-2ubuntu3.13
2.4.18-2ubuntu3.14
2.4.18-2ubuntu3.15
2.4.18-2ubuntu3.17
2.4.18-2ubuntu3.17+esm1
2.4.18-2ubuntu3.17+esm2
2.4.18-2ubuntu3.17+esm3
2.4.18-2ubuntu3.17+esm4
2.4.18-2ubuntu3.17+esm5
2.4.18-2ubuntu3.17+esm6
2.4.18-2ubuntu3.17+esm7
2.4.18-2ubuntu3.17+esm8
2.4.18-2ubuntu3.17+esm9
2.4.18-2ubuntu3.17+esm10
2.4.18-2ubuntu3.17+esm11
2.4.18-2ubuntu3.17+esm12
2.4.18-2ubuntu3.17+esm13

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:Pro:18.04:LTS / apache2

Package

Name
apache2
Purl
pkg:deb/ubuntu/apache2?arch=src?distro=esm-infra/bionic

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.4.27-2ubuntu3
2.4.29-1ubuntu1
2.4.29-1ubuntu2
2.4.29-1ubuntu3
2.4.29-1ubuntu4
2.4.29-1ubuntu4.1
2.4.29-1ubuntu4.2
2.4.29-1ubuntu4.3
2.4.29-1ubuntu4.4
2.4.29-1ubuntu4.5
2.4.29-1ubuntu4.6
2.4.29-1ubuntu4.7
2.4.29-1ubuntu4.8
2.4.29-1ubuntu4.10
2.4.29-1ubuntu4.11
2.4.29-1ubuntu4.12
2.4.29-1ubuntu4.13
2.4.29-1ubuntu4.14
2.4.29-1ubuntu4.16
2.4.29-1ubuntu4.17
2.4.29-1ubuntu4.18
2.4.29-1ubuntu4.19
2.4.29-1ubuntu4.20
2.4.29-1ubuntu4.21
2.4.29-1ubuntu4.22
2.4.29-1ubuntu4.23
2.4.29-1ubuntu4.24
2.4.29-1ubuntu4.25
2.4.29-1ubuntu4.26
2.4.29-1ubuntu4.27
2.4.29-1ubuntu4.27+esm1
2.4.29-1ubuntu4.27+esm2
2.4.29-1ubuntu4.27+esm3

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:20.04:LTS / apache2

Package

Name
apache2
Purl
pkg:deb/ubuntu/apache2?arch=src?distro=focal

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.4.41-1ubuntu1
2.4.41-4ubuntu1
2.4.41-4ubuntu2
2.4.41-4ubuntu3
2.4.41-4ubuntu3.1
2.4.41-4ubuntu3.3
2.4.41-4ubuntu3.4
2.4.41-4ubuntu3.5
2.4.41-4ubuntu3.6
2.4.41-4ubuntu3.7
2.4.41-4ubuntu3.8
2.4.41-4ubuntu3.9
2.4.41-4ubuntu3.10
2.4.41-4ubuntu3.11
2.4.41-4ubuntu3.12
2.4.41-4ubuntu3.13
2.4.41-4ubuntu3.14
2.4.41-4ubuntu3.15
2.4.41-4ubuntu3.16
2.4.41-4ubuntu3.17
2.4.41-4ubuntu3.19
2.4.41-4ubuntu3.20
2.4.41-4ubuntu3.21

Ecosystem specific

{
    "ubuntu_priority": "medium"
}