A vulnerability was found in Apache HTTP Server 2.4.0 to 2.4.38. When the path component of a request URL contains multiple consecutive slashes ('/'), directives such as LocationMatch and RewriteRule must account for duplicates in regular expressions while other aspects of the servers processing will implicitly collapse them.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
apache http server |
||
opensuse leap 15.0 |
||
opensuse leap 42.3 |
||
debian debian linux 8.0 |
||
debian debian linux 9.0 |
||
fedoraproject fedora 28 |
||
fedoraproject fedora 29 |
||
fedoraproject fedora 30 |
||
canonical ubuntu linux 14.04 |
||
canonical ubuntu linux 16.04 |
||
canonical ubuntu linux 18.04 |
||
canonical ubuntu linux 18.10 |