CVE-2019-0220

MEDIUM Year: 2019
CVSS v3 Score
5.3
Medium
CVSS v2 Score
5.0
Medium
Weakness Type
CWE-706
View all →

Vulnerability Description

A vulnerability was found in Apache HTTP Server 2.4.0 to 2.4.38. When the path component of a request URL contains multiple consecutive slashes ('/'), directives such as LocationMatch and RewriteRule must account for duplicates in regular expressions while other aspects of the servers processing will implicitly collapse them.

Related Vulnerabilities

CVE-2020-35566

MEDIUM
CVSS:5.3(Medium)

An issue was discovered in MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2. An attacker can read arbitrary JSON files via Local File...

CWE-7062020

CVE-2021-37212

MEDIUM
CVSS:5.4(Medium)

The bulletin function of Flygo contains Insecure Direct Object Reference (IDOR) vulnerability. After being authenticated as a general user, remote attackers can manipulate the bulletin ID in specific ...

CWE-7062021

CVE-2025-29914

MEDIUM
CVSS:5.4(Medium)

OWASP Coraza WAF is a golang modsecurity compatible web application firewall library. Prior to 3.3.3, if a request is made on an URI starting with //, coraza will set a wrong value in REQUEST_FILENAME...

CWE-7062025

CVE-2019-0816

MEDIUM
CVSS:5.1(Medium)

A security feature bypass exists in Azure SSH Keypairs, due to a change in the provisioning logic for some Linux images that use cloud-init, aka 'Azure SSH Keypairs Security Feature Bypass Vulnerabili...

CWE-7062019

CVE-2021-47276

MEDIUM
CVSS:5.5(Medium)

In the Linux kernel, the following vulnerability has been resolved: ftrace: Do not blindly read the ip address in ftrace_bug() It was reported that a bug on arm64 caused a bad ip address to be used fo...

CWE-7062021

CVE-2020-4719

MEDIUM
CVSS:4.9(Medium)

The IBM Cloud APM 8.1.4 server will issue a DNS request to resolve any hostname specified in the Cloud Event Management Webhook URL configuration definition. This could enable an authenticated user wi...

CWE-7062020