Apache – CVE-2019-0197

Description

Kayran has detected that the Apache HTTP Server version being used might be vulnerable to Inconsistent Interpretation of HTTP Requests.
Also known as CVE-2019-0197.

When HTTP/2 was enabled for a http: host or H2Upgrade was enabled for h2 on a https: host, an Upgrade request from http/1.1 to http/2 that was not the first request on a connection could lead to a misconfigurations and eventually crash.

Recommendation

To fix CVE-2019-0197, upgrade your Apache Server to version 2.4.38.

Servers that never enabled the h2 protocol or that only enabled it for https: and did not set “H2Upgrade on” are unaffected by this issue.

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0197

https://cwe.mitre.org/data/definitions/444.html

< Return to all Vulnerabilities

Bug Bounties

As pirates, we all love plundering, we all love raiding, but mostly, we all love bounties, especially Bug Bounties. Let’s talk about it. Bug Bounties

Read More »

Exposing the GIT

Let’s start with defining the meaning of GIT. GIT – is an open-source system which we use as a tool to store data and information

Read More »