Apache – CVE-2019-0197

Description

Kayran has detected that the Apache HTTP Server version being used might be vulnerable to Inconsistent Interpretation of HTTP Requests.
Also known as CVE-2019-0197.

When HTTP/2 was enabled for a http: host or H2Upgrade was enabled for h2 on a https: host, an Upgrade request from http/1.1 to http/2 that was not the first request on a connection could lead to a misconfigurations and eventually crash.

Severity/Score

CVSS Version 3.x – 4.2 Medium

Recommendation

To fix CVE-2019-0197, upgrade your Apache Server to version 2.4.38.

Servers that never enabled the h2 protocol or that only enabled it for https: and did not set “H2Upgrade on” are unaffected by this issue.

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0197

https://cwe.mitre.org/data/definitions/444.html

< Return to all Vulnerabilities

HTTP VS. HTTPS

You must have once wondered what HTTP means and what is the difference between that ugly word to HTTPS, and if not, then please read

Read More »

Red Team

You’ve probably heard that there are teams in the Cyber field called Red Team and Blue Team. Let’s talk about the red one, shall we?

Read More »