PublicDateAtUSN: 2019-04-02
Candidate: CVE-2019-0220
PublicDate: 2019-06-11 21:29:00 UTC
References: 
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0220
 https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2019-0220
 https://ubuntu.com/security/notices/USN-3937-1
Description:
 A vulnerability was found in Apache HTTP Server 2.4.0 to 2.4.38. When the
 path component of a request URL contains multiple consecutive slashes
 ('/'), directives such as LocationMatch and RewriteRule must account for
 duplicates in regular expressions while other aspects of the servers
 processing will implicitly collapse them.
Ubuntu-Description: 
Notes: 
Bugs: 
Priority: low
Discovered-by: Bernhard Lorenz
Assigned-to: mdeslaur
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N [5.3 MEDIUM]


Patches_apache2:
 upstream: https://github.com/apache/httpd/commit/9bc1917a27a2323e535aadb081e38172ae0e3fc2
 upstream: https://github.com/apache/httpd/commit/c4ef468b25718a26f2b92cbea3ca093729b79331
 upstream: https://github.com/apache/httpd/commit/a428b2ce4a2a1250e0eab66edc283f58ea643602
 upstream: https://github.com/apache/httpd/commit/3451fc2bf8708b0dc8cd6a7d0ac0fe5b6401befc
upstream_apache2: needs-triage
precise/esm_apache2: ignored (end of ESM support, was needed)
trusty_apache2: released (2.4.7-1ubuntu4.22)
trusty/esm_apache2: released (2.4.7-1ubuntu4.22)
xenial_apache2: released (2.4.18-2ubuntu3.10)
esm-infra/xenial_apache2: released (2.4.18-2ubuntu3.10)
bionic_apache2: released (2.4.29-1ubuntu4.6)
cosmic_apache2: released (2.4.34-1ubuntu2.1)
disco_apache2: released (2.4.38-2ubuntu2)
eoan_apache2: released (2.4.38-2ubuntu2)
focal_apache2: released (2.4.38-2ubuntu2)
groovy_apache2: released (2.4.38-2ubuntu2)
hirsute_apache2: released (2.4.38-2ubuntu2)
devel_apache2: released (2.4.38-2ubuntu2)