Apache – CVE-2019-0190

Home » Blog » Apache – CVE-2019-0190

Description

Kayran has detected that the version of Apache being used has a bug that exists in the way mod_ssl handled client re-negotiations.

Remote attackers can abuse it to send carefully crafted requests that would cause mod_ssl to enter a “loop” leading to service being denied (DoS). Also known as CVE-2019-0190.

Severity/Score

CVSS Version 3.x – 7.5 High

Recommendation

This bug can be only triggered with Apache HTTP Server in version 2.4.37 when using OpenSSL version 1.1.1 or later.
That happens due to an interaction in changes to handling of renegotiation attempts.

To deal with CVE-2019-0190, update your Apache to version 2.4.38 or higher.

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0190

< Return to all Vulnerabilities

Apache – CVE-2019-0190

Description

Severity/Score

Recommendation

References

Terms and Topics in Cybersecurity that you should know

Cyberbullying – We Need to Talk About it

Continuous Scanning and Monitoring – the Why’s

SPA vs. MPA – the tale of Single and Multi-Page Applications

The best or the worst? – Pros and Cons in WordPress…

Links

registered user?

Apache – CVE-2019-0190

Description

Severity/Score

Recommendation

References

Networking? – Social Engineering

Terms and Topics in Cybersecurity that you should know

Cyberbullying – We Need to Talk About it

Continuous Scanning and Monitoring – the Why’s

SPA vs. MPA – the tale of Single and Multi-Page Applications

The best or the worst? – Pros and Cons in WordPress…

Links

registered user?