Back to search
CVE-2019-0197
Published: Jun 11, 2019
Modified: Aug 4, 2024
PUBLISHED
Description
A vulnerability was found in Apache HTTP Server 2.4.34 to 2.4.38. When HTTP/2 was enabled for a http: host or H2Upgrade was enabled for h2 on a https: host, an Upgrade request from http/1.1 to http/2 that was not the first request on a connection could lead to a misconfiguration and crash. Server that never enabled the h2 protocol or that only enabled it for https: and did not set "H2Upgrade on" are unaffected by this issue.
| Vendor | Product | Versions |
|---|---|---|
Apache Software Foundation | Apache HTTP Server | affected 2.4.34 to 2.4.38 |
References
https://httpd.apache.org/security/vulnerabilities_24.html
x_refsource_CONFIRM
[oss-security] 20190401 CVE-2019-0197: mod_http2, possible crash on late upgrade
mailing-list
x_refsource_MLIST
107665
vdb-entry
x_refsource_BID
FEDORA-2019-cf7695b470
vendor-advisory
x_refsource_FEDORA
openSUSE-SU-2019:1190
vendor-advisory
x_refsource_SUSE
openSUSE-SU-2019:1209
vendor-advisory
x_refsource_SUSE
openSUSE-SU-2019:1258
vendor-advisory
x_refsource_SUSE
https://support.f5.com/csp/article/K44591505
x_refsource_CONFIRM
https://security.netapp.com/advisory/ntap-20190617-0002/
x_refsource_CONFIRM
USN-4113-1
vendor-advisory
x_refsource_UBUNTU
RHSA-2019:3933
vendor-advisory
x_refsource_REDHAT
RHSA-2019:3935
vendor-advisory
x_refsource_REDHAT
RHSA-2019:3932
vendor-advisory
x_refsource_REDHAT
https://www.oracle.com/security-alerts/cpuapr2020.html
x_refsource_MISC
[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/
mailing-list
x_refsource_MLIST
[httpd-cvs] 20210330 svn commit: r1073143 [3/3] - in /websites/staging/httpd/trunk/content: ./ security/
mailing-list
x_refsource_MLIST
[httpd-cvs] 20210330 svn commit: r1073139 [12/13] - in /websites/staging/httpd/trunk/content: ./ security/json/
mailing-list
x_refsource_MLIST
[httpd-cvs] 20210330 svn commit: r1888194 [12/13] - /httpd/site/trunk/content/security/json/
mailing-list
x_refsource_MLIST
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now