Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
440
VMScore

CVE-2019-0197

Published: 11/06/2019 Updated: 07/11/2023
CVSS v2 Base Score: 4.9 | Impact Score: 4.9 | Exploitability Score: 6.8
CVSS v3 Base Score: 4.2 | Impact Score: 2.5 | Exploitability Score: 1.6
VMScore: 440
Vector: AV:N/AC:M/Au:S/C:N/I:P/A:P
Subscribe to Http Server

Vulnerability Summary

A vulnerability was found in Apache HTTP Server 2.4.34 to 2.4.38. When HTTP/2 was enabled for a http: host or H2Upgrade was enabled for h2 on a https: host, an Upgrade request from http/1.1 to http/2 that was not the first request on a connection could lead to a misconfiguration and crash. Server that never enabled the h2 protocol or that only enabled it for https: and did not set "H2Upgrade on" are unaffected by this issue.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

apache http server

canonical ubuntu linux 18.04

canonical ubuntu linux 19.04

canonical ubuntu linux 16.04

fedoraproject fedora 30

opensuse leap 42.3

opensuse leap 15.0

redhat jboss_core_services 1.0

oracle retail xstore point of service 7.1

oracle retail xstore point of service 7.0

oracle http server 12.2.1.3.0

oracle enterprise manager ops center 12.3.3

oracle instantis enterprisetrack 17.1

oracle instantis enterprisetrack 17.2

oracle instantis enterprisetrack 17.3

oracle enterprise manager ops center 12.4.0

oracle communications session report manager 8.1.1

oracle communications session report manager 8.2.0

oracle communications session route manager 8.1.1

oracle communications session route manager 8.2.0

oracle communications session route manager 8.0.0

oracle communications session route manager 8.1.0

oracle communications session report manager 8.0.0

oracle communications session report manager 8.1.0

Vendor Advisories

Ubuntu Security Notice: apache2 vulnerabilities
Several security issues were fixed in Apache ...
Ubuntu Security Notice: apache2 regression
USN-4113-1 introduced a regression in Apache ...
Red Hat: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 SP3 security update
Synopsis Important: Red Hat JBoss Core Services Apache HTTP Server 2437 SP3 security update Type/Severity Security Advisory: Important Topic Red Hat JBoss Core Services Pack Apache Server 2437 Service Pack 3 zip release for RHEL 6, RHEL 7 and Microsoft Windows is availableRed Hat Product Security has r ...
Red Hat: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 SP3 security update
Synopsis Important: Red Hat JBoss Core Services Apache HTTP Server 2437 SP3 security update Type/Severity Security Advisory: Important Topic Updated packages that provide Red Hat JBoss Core Services Pack Apache Server 2437 and fix several bugs, and add various enhancements are now available for Red Hat ...
Red Hat: Moderate: httpd:2.4 security, bug fix, and enhancement update
Synopsis Moderate: httpd:24 security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Topic An update for the httpd:24 module is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerabi ...
Red Hat: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 Security Release
Synopsis Important: Red Hat JBoss Core Services Apache HTTP Server 2437 Security Release Type/Severity Security Advisory: Important Topic Red Hat JBoss Core Services Pack Apache Server 2437 zip releasefor RHEL 6, RHEL 7 and Microsoft Windows is availableRed Hat Product Security has rated this update as ...
Red Hat: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 Security Release on RHEL 6
Synopsis Important: Red Hat JBoss Core Services Apache HTTP Server 2437 Security Release on RHEL 6 Type/Severity Security Advisory: Important Topic Updated packages that provide Red Hat JBoss Core Services Pack Apache Server 2437 and fix several bugs, and add various enhancements are now available for R ...
Red Hat: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 Security Release on RHEL 7
Synopsis Important: Red Hat JBoss Core Services Apache HTTP Server 2437 Security Release on RHEL 7 Type/Severity Security Advisory: Important Topic An update is now available for JBoss Core Services on RHEL 7Red Hat Product Security has rated this update as having a security impact of Important A Common ...
Amazon Linux AMI: ALAS-2019-1189
In Apache HTTP Server with MPM event, worker or prefork, code executing in less-privileged child processes or threads (including scripts executed by an in-process scripting interpreter) could execute arbitrary code with the privileges of the parent process (usually root) by manipulating the scoreboard (CVE-2019-0211) A vulnerability was found in ...
Amazon Linux 2: ALAS2-2019-1189
In Apache HTTP Server with MPM event, worker or prefork, code executing in less-privileged child processes or threads (including scripts executed by an in-process scripting interpreter) could execute arbitrary code with the privileges of the parent process (usually root) by manipulating the scoreboard (CVE-2019-0211) mod_http2: read-after-free on ...
Arch Linux Issues:
Severity Unknown Remote Unknown Type Unknown Description AVG-946 apache 2438-1 2439-1 Medium Testing ...

References

CWE-444https://support.f5.com/csp/article/K44591505https://httpd.apache.org/security/vulnerabilities_24.htmlhttp://www.securityfocus.com/bid/107665http://www.openwall.com/lists/oss-security/2019/04/02/2http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00084.htmlhttp://lists.opensuse.org/opensuse-security-announce/2019-04/msg00061.htmlhttp://lists.opensuse.org/opensuse-security-announce/2019-04/msg00051.htmlhttps://security.netapp.com/advisory/ntap-20190617-0002/https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.htmlhttps://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03950en_ushttps://usn.ubuntu.com/4113-1/https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.htmlhttps://access.redhat.com/errata/RHSA-2019:3933https://access.redhat.com/errata/RHSA-2019:3935https://access.redhat.com/errata/RHSA-2019:3932https://www.oracle.com/security-alerts/cpuapr2020.htmlhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WETXNQWNQLWHV6XNW6YTO5UGDTIWAQGT/https://lists.apache.org/thread.html/e0b8f6e858b1c8ec2ce8e291a2c543d438915037c7af661ab6d33808%40%3Cdev.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/re473305a65b4db888e3556e4dae10c2a04ee89dcff2e26ecdbd860a9%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3Ehttps://nvd.nist.govhttps://usn.ubuntu.com/4113-1/
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-32744privilege escalationCVE-2024-30253CVE-2024-3914cross-site scriptingCVE-2024-31497CVE-2024-3400CVE-2024-32341hardcoded
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook