Description
Kayran has detected that the Apache HTTP Server version being used might be vulnerable to Inconsistent Interpretation of HTTP Requests.
Also known as CVE-2019-0197.
When HTTP/2 was enabled for a http: host or H2Upgrade was enabled for h2 on a https: host, an Upgrade request from http/1.1 to http/2 that was not the first request on a connection could lead to a misconfigurations and eventually crash.
Severity/Score
CVSS Version 3.x – 4.2 Medium
Recommendation
To fix CVE-2019-0197, upgrade your Apache Server to version 2.4.38.
Servers that never enabled the h2 protocol or that only enabled it for https: and did not set “H2Upgrade on” are unaffected by this issue.
References
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0197
