Apache – CVE-2019-0190


Kayran has detected that the version of Apache being used has a bug that exists in the way mod_ssl handled client re-negotiations.

Remote attackers can abuse it to send carefully crafted requests that would cause mod_ssl to enter a “loop” leading to service being denied (DoS). Also known as CVE-2019-0190.


CVSS Version 3.x – 7.5 High


This bug can be only triggered with Apache HTTP Server in version 2.4.37 when using OpenSSL version 1.1.1 or later.
That happens due to an interaction in changes to handling of renegotiation attempts.

To deal with CVE-2019-0190, update your Apache to version 2.4.38 or higher.



< Return to all Vulnerabilities