EulerOS 2.0 SP8 : httpd (EulerOS-SA-2019-2080)
Medium Nessus Plugin ID 129439
SynopsisThe remote EulerOS host is missing a security update.
DescriptionAccording to the version of the httpd packages installed, the EulerOS installation on the remote host is affected by the following vulnerability :
- A vulnerability was found in Apache HTTP Server 2.4.0 to 2.4.38. When the path component of a request URL contains multiple consecutive slashes ('/'), directives such as LocationMatch and RewriteRule must account for duplicates in regular expressions while other aspects of the servers processing will implicitly collapse them.(CVE-2019-0220)
Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
SolutionUpdate the affected httpd package.