Apache – CVE-2019-0190

Description

Kayran has detected that the version of Apache being used has a bug that exists in the way mod_ssl handled client re-negotiations.

Remote attackers can abuse it to send carefully crafted requests that would cause mod_ssl to enter a “loop” leading to service being denied (DoS). Also known as CVE-2019-0190.

Recommendation

This bug can be only triggered with Apache HTTP Server in version 2.4.37 when using OpenSSL version 1.1.1 or later.
That happens due to an interaction in changes to handling of renegotiation attempts.

To deal with CVE-2019-0190, update your Apache to version 2.4.38 or higher.

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0190

< Return to all Vulnerabilities

HTTP VS. HTTPS

You must have once wondered what HTTP means and what is the difference between that ugly word to HTTPS, and if not, then please read

Read More »