Apache – CVE-2019-0197

Description

Kayran has detected that the Apache HTTP Server version being used might be vulnerable to Inconsistent Interpretation of HTTP Requests.
Also known as CVE-2019-0197.

When HTTP/2 was enabled for a http: host or H2Upgrade was enabled for h2 on a https: host, an Upgrade request from http/1.1 to http/2 that was not the first request on a connection could lead to a misconfigurations and eventually crash.

Severity/Score

CVSS Version 3.x – 4.2 Medium

Recommendation

To fix CVE-2019-0197, upgrade your Apache Server to version 2.4.38.

Servers that never enabled the h2 protocol or that only enabled it for https: and did not set “H2Upgrade on” are unaffected by this issue.

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0197

https://cwe.mitre.org/data/definitions/444.html

< Return to all Vulnerabilities