Detections
Analytics

Apache 2.4.18 / 2.4.20 X.509 Certificate Authentication Bypass

high Web App Scanning Plugin ID 98909

Language:

Synopsis

Apache 2.4.18 / 2.4.20 X.509 Certificate Authentication Bypass

Description

According to its banner, the version of Apache running on the remote host is either 2.4.18 or 2.4.20. Additionally, HTTP/2 is enabled over TLS or SSL. It is, therefore, affected by the an authentication bypass vulnerability in the experimental module for the HTTP/2 protocol due to a failure to correctly validate X.509 certificates, allowing access to resources that otherwise would not be allowed. An unauthenticated, remote attacker can exploit this to disclose potentially sensitive information.

Solution

Upgrade to Apache version 2.4.23 or later. Alternatively, as a temporary workaround, HTTP/2 can be disabled by changing the configuration by removing 'h2' and 'h2c' from the Protocols line(s) in the configuration file.

See Also

http://seclists.org/fulldisclosure/2016/Jul/11

https://archive.apache.org/dist/httpd/CHANGES_2.4.23

https://httpd.apache.org/security/vulnerabilities_24.html#2.4.23

Plugin Details

Severity: High

ID: 98909

Type: remote

Published: 1/9/2019

Updated: 3/14/2023

Scan Template: api, basic, full, pci, scan

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: Medium

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N

CVSS Score Source: CVE-2016-4979

CVSS v3

Risk Factor: High

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CVSS Score Source: CVE-2016-4979

Vulnerability Information

CPE: cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 7/6/2016

Vulnerability Publication Date: 7/6/2016

Reference Information

CVE: CVE-2016-4979

BID: 91566