Apache – CVE-2019-0196

Description

Kayran has detected that the Version of Apache HTTP Server being used is vulnerable to a read-after-free on a string compare in ‘mod_http2’.

CVE-2019-0196 is categorized as a ‘Use After Free’ vulnerability (CWE-416).
A Use After Free occurs when we Reference memory after it has been freed. That can cause a program to crash, use unexpected values, or to execute codes.

By using a fuzzed network input, the http/2 request handling could be made to access freed memory in strings comparison when determining the method of a request.
That will lead to processing the request incorrectly.

It could lead to a decrease in performance and interruptions in the availability of resources.

Recommendation

To fix CVE-2019-0196, upgrade the version of Apache HTTP Server being used to 2.4.39.

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0196

https://cwe.mitre.org/data/definitions/416.html

< Return to all Vulnerabilities

The Dark Web

Let’s talk about the darker and more mysterious side of the internet, also known as The Dark Web. You’ve probably heard about it, whether it’s

Read More »

Blue Team

We’ve talked about The Red Team before, but what about The Blue Team? How is this group different from the red one? Why would we

Read More »