Apache 2.4.18 / 2.4.20 X.509 Certificate Authentication Bypass

Medium Nessus Plugin ID 92320


The remote web server is affected by an authentication bypass vulnerability.


According to its banner, the version of Apache running on the remote host is either 2.4.18 or 2.4.20. Additionally, HTTP/2 is enabled over TLS or SSL. It is, therefore, affected by the an authentication bypass vulnerability in the experimental module for the HTTP/2 protocol due to a failure to correctly validate X.509 certificates, allowing access to resources that otherwise would not be allowed. An unauthenticated, remote attacker can exploit this to disclose potentially sensitive information.


Upgrade to Apache version 2.4.23 or later. Alternatively, as a temporary workaround, HTTP/2 can be disabled by changing the configuration by removing 'h2' and 'h2c' from the Protocols line(s) in the configuration file.

See Also




Plugin Details

Severity: Medium

ID: 92320

File Name: apache_2_4_23.nasl

Version: $Revision: 1.6 $

Type: remote

Family: Web Servers

Published: 2016/07/15

Modified: 2018/01/23

Dependencies: 84821, 48204

Risk Information

Risk Factor: Medium


Base Score: 5

Temporal Score: 4.1

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Temporal Vector: CVSS2#E:F/RL:OF/RC:ND


Base Score: 5.3

Temporal Score: 4.9

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Temporal Vector: CVSS:3.0/E:F/RL:O/RC:X

Vulnerability Information

CPE: cpe:/a:apache:http_server

Required KB Items: installed_sw/Apache

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2016/07/05

Vulnerability Publication Date: 2016/07/05

Reference Information

CVE: CVE-2016-4979

BID: 91566

OSVDB: 140986