Apache Releases Security Update for Apache HTTP Server – 4th April 2019

Alert: The Apache Software Foundation has released Apache HTTP Server version 2.4.39 to address multiple vulnerabilities.

  • mod_auth_digest access control bypass (CVE-2019-0217)
  • mod_ssl access control bypass (CVE-2019-0215)
  • mod_http2, possible crash on late upgrade (CVE-2019-0197)

CVE-2019-0211 bring to my attention. For the synopsis of this matter, please refer to attached diagram.

Remedy: The Apache Software Foundation has released Apache HTTP Server version 2.4.39 to address multiple vulnerabilities. See the URL for more information.

https://httpd.apache.org/security/vulnerabilities_24.html