CVE-2019-0215

High

7.5/10

Summary

In Apache HTTP Server 2.4 releases 2.4.37 and 2.4.38, a bug in mod_ssl when using per-location client certificate verification with TLSv1.3 allowed a client to bypass configured access control restrictions.

Attack Complexity: HIGH
Attack Vector: NETWORK
Integrity Impact: HIGH
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: LOW
Confidentiality Impact: HIGH
Availability Impact: HIGH

References

Advisory Timeline

Published Apr 08, 2019

CVE-2019-0215

Summary

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS