What is the severity of RHSA-2019:3436?

The severity of RHSA-2019:3436 is classified as important due to the potential for access control bypass and URL normalization inconsistencies.

How do I fix RHSA-2019:3436?

To fix RHSA-2019:3436, you should update to the specified patched version of the httpd packages, which is 2.4.37-16.module+el8.1.0+4134+e6bad0ed.

What are the specific vulnerabilities addressed in RHSA-2019:3436?

RHSA-2019:3436 addresses CVE-2019-0217, which is an access control bypass due to a race condition, and CVE-2019-0220, which involves URL normalization inconsistency.

Which packages are affected by RHSA-2019:3436?

Affected packages in RHSA-2019:3436 include httpd, httpd-filesystem, httpd-manual, httpd-devel, httpd-tools, and their respective debuginfo and debugsource versions.

Is there a specific version I need to upgrade to for RHSA-2019:3436?

Yes, you need to upgrade to version 2.4.37-16.module+el8.1.0+4134+e6bad0ed to mitigate the vulnerabilities mentioned in RHSA-2019:3436.

Vulnerability/
RHSA-2019:3436

CWE

362

5/11/2019

RHSA-2019:3436: Moderate: httpd:2.4 security and bug fix update

First published: Tue Nov 05 2019(Updated: )

The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.<br>Security Fix(es):<br><li> httpd: mod_auth_digest: access control bypass due to race condition (CVE-2019-0217)</li> <li> httpd: URL normalization inconsistency (CVE-2019-0220)</li> For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.<br>Additional Changes:<br>For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.1 Release Notes linked from the References section.

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of RHSA-2019:3436?
The severity of RHSA-2019:3436 is classified as important due to the potential for access control bypass and URL normalization inconsistencies.
How do I fix RHSA-2019:3436?
To fix RHSA-2019:3436, you should update to the specified patched version of the httpd packages, which is 2.4.37-16.module+el8.1.0+4134+e6bad0ed.
What are the specific vulnerabilities addressed in RHSA-2019:3436?
RHSA-2019:3436 addresses CVE-2019-0217, which is an access control bypass due to a race condition, and CVE-2019-0220, which involves URL normalization inconsistency.
Which packages are affected by RHSA-2019:3436?
Affected packages in RHSA-2019:3436 include httpd, httpd-filesystem, httpd-manual, httpd-devel, httpd-tools, and their respective debuginfo and debugsource versions.
Is there a specific version I need to upgrade to for RHSA-2019:3436?
Yes, you need to upgrade to version 2.4.37-16.module+el8.1.0+4134+e6bad0ed to mitigate the vulnerabilities mentioned in RHSA-2019:3436.

agent/severity
agent/type
agent/softwarecombine
agent/first-publish-date
agent/last-modified-date
collector/redhat-errata
source/Red Hat
anchor-id/RHSA-2019:3436
agent/software-canonical-lookup
agent/event
agent/title
agent/weakness
agent/remedy
agent/references
agent/description
agent/trending
agent/tags
agent/source
package-manager/redhat