NA

CVE-2019-0196

Vulnerability Summary

A vulnerability in the Apache HTTP Server could allow an unauthenticated, remote malicious user to access sensitive information on a targeted system. The vulnerability exists because the affected software improperly accesses previously freed memory when determining a request method. An attacker could exploit this vulnerability by sending requests that submit malicious input to the affected software. A successful exploit could allow the malicious user to access sensitive information, which could be used to launch additional attacks. Apache has confirmed the vulnerability and released software updates.

Vulnerability Trend

Vendor Advisories

A use-after-free issue has been found in the http/2 request handling code of Apache HTTPd <= 2418 and >= 2438 Using crafted network input, the http/2 request handling could be made to access freed memory in string comparison when determining the method of a request and thus process the request incorrectly ...
Several vulnerabilities have been found in the Apache HTTP server CVE-2018-17189 Gal Goldshtein of F5 Networks discovered a denial of service vulnerability in mod_http2 By sending malformed requests, the http/2 stream for that request unnecessarily occupied a server thread cleaning up incoming data, resulting in denial of service ...
Several security issues were fixed in the Apache HTTP Server ...

Mailing Lists

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-4422-1 security () debian org wwwdebianorg/security/ Stefan Fritsch April 03, 2019 wwwdebianorg/security/faq ...
CVE-2019-0196: mod_http2, read-after-free on a string compare Severity: Low Vendor: The Apache Software Foundation Versions Affected: httpd 2417 to 2438 Description: Using fuzzed network input, the http/2 request handling could be made to access freed memory in string comparision when determining the method of a request and thus process the ...