Description
Cytrix has detected that the version of Apache being used has a bug that exists in the way mod_ssl handled client re-negotiations.
Remote attackers can abuse it to send carefully crafted requests that would cause mod_ssl to enter a “loop” leading to service being denied (DoS). Also known as CVE-2019-0190.
Severity/Score
CVSS Version 3.x – 7.5 High
Recommendation
This bug can be only triggered with Apache HTTP Server in version 2.4.37 when using OpenSSL version 1.1.1 or later.
That happens due to an interaction in changes to handling of renegotiation attempts.
To deal with CVE-2019-0190, update your Apache to version 2.4.38 or higher.
References
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0190