CVE-2019-0220

Summary

A vulnerability was found in Apache HTTP Server 2.4.0 to 2.4.38. When the path component of a request URL contains multiple consecutive slashes ('/'), directives such as LocationMatch and RewriteRule must account for duplicates in regular expressions while other aspects of the servers processing will implicitly collapse them.

Affected Software

VendorProductVersion RangeStatus
Apache Software FoundationApache HTTP Server2.4.0 to 2.4.38affected

Weaknesses

  • URL normalization inconsistencies

ADP Enrichment

CVE Program Container

Additional References

References