Apache – CVE-2019-0190

Description

Cytrix has detected that the version of Apache being used has a bug that exists in the way mod_ssl handled client re-negotiations.

Remote attackers can abuse it to send carefully crafted requests that would cause mod_ssl to enter a “loop” leading to service being denied (DoS). Also known as CVE-2019-0190.

Severity/Score

CVSS Version 3.x – 7.5 High

Recommendation

This bug can be only triggered with Apache HTTP Server in version 2.4.37 when using OpenSSL version 1.1.1 or later.
That happens due to an interaction in changes to handling of renegotiation attempts.

To deal with CVE-2019-0190, update your Apache to version 2.4.38 or higher.

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0190

< Return to all Vulnerabilities

APT vs. ATP

In this article we will talk about APT vs. ATP. In other words, Advanced Persistent Threat and Advanced Threat Protection and the context between these

Read More »

Servers 101

Let’s have a “quick” Servers 101 Course. Courtesy of Cytrix! If you’ve been on the internet for over an hour, you probably already heard of

Read More »

What is a CWE ?

Similar to the article written on CVEs, in this article we will answer the questions :What is CWE ? and, what is the difference between

Read More »