Apache – CVE-2019-0197

Description

Kayran has detected that the Apache HTTP Server version being used might be vulnerable to Inconsistent Interpretation of HTTP Requests.
Also known as CVE-2019-0197.

When HTTP/2 was enabled for a http: host or H2Upgrade was enabled for h2 on a https: host, an Upgrade request from http/1.1 to http/2 that was not the first request on a connection could lead to a misconfigurations and eventually crash.

Severity/Score

CVSS Version 3.x – 4.2 Medium

Recommendation

To fix CVE-2019-0197, upgrade your Apache Server to version 2.4.38.

Servers that never enabled the h2 protocol or that only enabled it for https: and did not set “H2Upgrade on” are unaffected by this issue.

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0197

https://cwe.mitre.org/data/definitions/444.html

< Return to all Vulnerabilities

Bug Bounties

As pirates, we all love plundering, we all love raiding, but mostly, we all love bounties, especially Bug Bounties. Let’s talk about it. Bug Bounties

Read More »

Explaining API

We’ve talked about API’s Vulnerability in here, but i feel like there’s much more to talk about and explain since this is a big and

Read More »