Apache – CVE-2019-0196

Description

Kayran has detected that the Version of Apache HTTP Server being used is vulnerable to a read-after-free on a string compare in ‘mod_http2’.

CVE-2019-0196 is categorized as a ‘Use After Free’ vulnerability (CWE-416).
A Use After Free occurs when we Reference memory after it has been freed. That can cause a program to crash, use unexpected values, or to execute codes.

By using a fuzzed network input, the http/2 request handling could be made to access freed memory in strings comparison when determining the method of a request.
That will lead to processing the request incorrectly.

It could lead to a decrease in performance and interruptions in the availability of resources.

Recommendation

To fix CVE-2019-0196, upgrade the version of Apache HTTP Server being used to 2.4.39.

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0196

https://cwe.mitre.org/data/definitions/416.html

< Return to all Vulnerabilities

Exposing the GIT

Let’s start with defining the meaning of GIT. GIT – is an open-source system which we use as a tool to store data and information

Read More »

Servers 101

Let’s have a “quick” Servers 101 Course. Courtesy of Kayran! If you’ve been on the internet for over an hour, you probably already heard of

Read More »