According to its banner, the version of Apache running on the remote host is either 2.4.18 or 2.4.20. Additionally, HTTP/2 is enabled over TLS or SSL. It is, therefore, affected by the an authentication bypass vulnerability in the experimental module for the HTTP/2 protocol due to a failure to correctly validate X.509 certificates, allowing access to resources that otherwise would not be allowed. An unauthenticated, remote attacker can exploit this to disclose potentially sensitive information.

The remote host is affected by the vulnerability described in GLSA-201610-02 (Apache: Multiple vulnerabilities)

    Multiple vulnerabilities have been discovered in Apache HTTP Server.
      Please review the CVE identifiers referenced below for details.
  Impact :

    Remote attackers could bypass intended access restrictions, conduct HTTP       request smuggling attacks, or cause a Denial of Service condition.
  Workaround :

    There is no known workaround at this time.

Security fix for CVE-2016-4979

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Apache Software Foundation reports :

The Apache HTTPD web server (from 2.4.18-2.4.20) did not validate a X509 client certificate correctly when experimental module for the HTTP/2 protocol is used to access a resource.

The net result is that a resource that should require a valid client certificate in order to get access can be accessed without that credential.

The version of Apache HTTP Server 2.4 installed on the remote host is prior to 2.4.23. It is, therefore, affected by the following vulnerabilities : 

 - A flaw exists within the 'read_request_line()' function located in 'server/protocol.c'. The issue is triggered when handling invalid 'CONNECT' requests with a custom status 'code 400 error' page using server side includes. With a specially crafted request, a remote attacker can cause a crash.
 - A flaw can be triggered when a stream's flow control windows are manipulated. This may allow an authenticated remote attacker to block server threads for an extended period of time, allowing them to exhaust worker threads and prevent the processing of streams. (CVE-2016-1546) - A flaw is triggered when an experimental module for the 'HTTP/2' protocol is used to access a resource. This may result in X.509 certificates not being properly validated, allowing an unauthorized user to disclose potentially sensitive information in resources that should require valid certificates. (CVE-2016-4979)

ID	Name	Product	Family	Published	Updated	Severity
98909	Apache 2.4.18 / 2.4.20 X.509 Certificate Authentication Bypass	Web App Scanning	Component Vulnerability	1/9/2019	3/14/2023	high
92320	Apache 2.4.18 / 2.4.20 X.509 Certificate Authentication Bypass	Nessus	Web Servers	7/15/2016	4/11/2022	high
93903	GLSA-201610-02 : Apache: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	10/7/2016	1/11/2021	high
92289	Fedora 24 : httpd (2016-c7288a5b36)	Nessus	Fedora Local Security Checks	7/15/2016	1/11/2021	high
91949	FreeBSD : apache24 -- X509 Client certificate based authentication can be bypassed when HTTP/2 is used (e9d1e040-42c9-11e6-9608-20cf30e32f6d)	Nessus	FreeBSD Local Security Checks	7/6/2016	1/4/2021	high
92334	Fedora 23 : httpd (2016-e256a03791)	Nessus	Fedora Local Security Checks	7/18/2016	1/11/2021	high
9394	Apache HTTP Server 2.4.x < 2.4.23 Multiple Vulnerabilities	Nessus Network Monitor	Web Servers	7/15/2016	3/6/2019	medium

Detections

Analytics

Plugins Search

high

high

high

high

high

high

medium