CVE-2016-4979Improper Access Control in Apache Http Server

CWE-284Improper Access ControlCWE-287Improper Authentication9 documents8 sources
Severity
7.5HIGHNVD
EPSS
17.4%
top 4.93%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Apache Http Server
Timeline
PublishedJul 6
Latest updateMay 13

Description

The Apache HTTP Server 2.4.18 through 2.4.20, when mod_http2 and mod_ssl are enabled, does not properly recognize the "SSLVerifyClient require" directive for HTTP/2 request authorization, which allows remote attackers to bypass intended access restrictions by leveraging the ability to send multiple requests over a single connection and aborting a renegotiation.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages1 packages

NVDapache/http_server2.4.18, 2.4.19, 2.4.20+2

Patches

Patch: httpd.apache.orgPatch: httpd.apache.org

🔴Vulnerability Details

3
GHSA
GHSA-r48c-7gpg-9q4x: The Apache HTTP Server 22022-05-13
OSV
CVE-2016-4979: The Apache HTTP Server 22016-07-06
CVEList
CVE-2016-4979: The Apache HTTP Server 22016-07-06

📋Vendor Advisories

3
Red Hat
httpd: X509 client certificate authentication bypass using HTTP/22016-07-05
Debian
CVE-2016-4979: apache2 - The Apache HTTP Server 2.4.18 through 2.4.20, when mod_http2 and mod_ssl are ena...2016
Apache
Apache httpd: CVE-2016-4979

💬Community

2
Bugzilla
CVE-2016-4979 httpd: X509 Client certificate based authentication can be bypassed when HTTP/2 is used [fedora-all]2016-07-06
Bugzilla
CVE-2016-4979 httpd: X509 client certificate authentication bypass using HTTP/22016-07-04
CVE-2016-4979 — Improper Access Control in Apache | cvebase