CVE-2019-0215

Priority
Description
In Apache HTTP Server 2.4 releases 2.4.37 and 2.4.38, a bug in mod_ssl when
using per-location client certificate verification with TLSv1.3 allowed a
client to bypass configured access control restrictions.
Assigned-to
mdeslaur
Notes
mdeslaur2.4.37 and 2.4.38 only
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):not-affected
Ubuntu 14.04 ESM (Trusty Tahr):not-affected
Ubuntu 16.04 LTS (Xenial Xerus):not-affected
Ubuntu 18.04 LTS (Bionic Beaver):not-affected
Patches:
Upstream:https://github.com/apache/httpd/commit/84edf5f49db23ced03259812bbf9426685f7d82a
More Information

Updated: 2020-01-29 20:04:13 UTC (commit 768ceb2fdee6790d707d0f681e1b54916744af1e)