Back to search
CVE-2019-0196
Published: Jun 11, 2019
Modified: Aug 4, 2024
PUBLISHED
Description
A vulnerability was found in Apache HTTP Server 2.4.17 to 2.4.38. Using fuzzed network input, the http/2 request handling could be made to access freed memory in string comparison when determining the method of a request and thus process the request incorrectly.
| Vendor | Product | Versions |
|---|---|---|
Apache Software Foundation | Apache HTTP Server | affected 2.4.17 to 2.4.38 |
References
https://httpd.apache.org/security/vulnerabilities_24.html
x_refsource_CONFIRM
[oss-security] 20190401 CVE-2019-0196: mod_http2, read-after-free on a string compare
mailing-list
x_refsource_MLIST
107669
vdb-entry
x_refsource_BID
20190403 [SECURITY] [DSA 4422-1] apache2 security update
mailing-list
x_refsource_BUGTRAQ
USN-3937-1
vendor-advisory
x_refsource_UBUNTU
FEDORA-2019-cf7695b470
vendor-advisory
x_refsource_FEDORA
DSA-4422
vendor-advisory
x_refsource_DEBIAN
http://www.apache.org/dist/httpd/CHANGES_2.4.39
x_refsource_MISC
openSUSE-SU-2019:1190
vendor-advisory
x_refsource_SUSE
openSUSE-SU-2019:1209
vendor-advisory
x_refsource_SUSE
openSUSE-SU-2019:1258
vendor-advisory
x_refsource_SUSE
https://support.f5.com/csp/article/K44591505
x_refsource_CONFIRM
FEDORA-2019-08e57d15fd
vendor-advisory
x_refsource_FEDORA
[httpd-cvs] 20190611 svn commit: r1861068 - /httpd/site/trunk/content/security/vulnerabilities-httpd.xml
mailing-list
x_refsource_MLIST
[httpd-cvs] 20190611 svn commit: r1046148 - in /websites/production/httpd/content: ./ mail
mailing-list
x_refsource_MLIST
https://security.netapp.com/advisory/ntap-20190617-0002/
x_refsource_CONFIRM
FEDORA-2019-c7187e6dc7
vendor-advisory
x_refsource_FEDORA
RHSA-2019:3933
vendor-advisory
x_refsource_REDHAT
RHSA-2019:3935
vendor-advisory
x_refsource_REDHAT
RHSA-2019:3932
vendor-advisory
x_refsource_REDHAT
https://www.oracle.com/security-alerts/cpuapr2020.html
x_refsource_MISC
[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/
mailing-list
x_refsource_MLIST
[httpd-cvs] 20210330 svn commit: r1073143 [3/3] - in /websites/staging/httpd/trunk/content: ./ security/
mailing-list
x_refsource_MLIST
[httpd-cvs] 20210330 svn commit: r1073139 [12/13] - in /websites/staging/httpd/trunk/content: ./ security/json/
mailing-list
x_refsource_MLIST
[httpd-cvs] 20210330 svn commit: r1888194 [12/13] - /httpd/site/trunk/content/security/json/
mailing-list
x_refsource_MLIST
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now