LOGIN
CONTACT SALES
LOGIN
CONTACT SALES

Apache – CVE-2019-0197

Description

Cytrix has detected that the Apache HTTP Server version being used might be vulnerable to Inconsistent Interpretation of HTTP Requests.
Also known as CVE-2019-0197.

When HTTP/2 was enabled for a http: host or H2Upgrade was enabled for h2 on a https: host, an Upgrade request from http/1.1 to http/2 that was not the first request on a connection could lead to a misconfigurations and eventually crash.

Severity/Score

CVSS Version 3.x – 4.2 Medium

Recommendation

To fix CVE-2019-0197, upgrade your Apache Server to version 2.4.38.

Servers that never enabled the h2 protocol or that only enabled it for https: and did not set “H2Upgrade on” are unaffected by this issue.

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0197

https://cwe.mitre.org/data/definitions/444.html

< Return to all Vulnerabilities

Request a Demo

Browser Exploitation

We know that it’s possible to exploit weaknesses (or vulnerabilities) that exist in anything, from a certain code to the entire application, let’s talk about

Read More »

Servers 101

Let’s have a “quick” Servers 101 Course. Courtesy of Cytrix! If you’ve been on the internet for over an hour, you probably already heard of

Read More »

Man-In-The-Middle Attacks

Do you know these people who just push themselves into conversations?That’s Man-In-The-Middle Attacks. And from a wider angle, Man-In-The-Middle Attacks, or MITM, are built around

Read More »

Passwords 101

Unlike basketballs, “passwords” are things we don’t want to be passed around, especially in a society built around the idea that “mystery” is appealing. We

Read More »
Facebook Linkedin

Company

Resources

Docs

Latest posts

PING US
Facebook Linkedin