CVE-2019-0197medium
New! CVE Severity Now Using CVSS v3
The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.
Description
A vulnerability was found in Apache HTTP Server 2.4.34 to 2.4.38. When HTTP/2 was enabled for a http: host or H2Upgrade was enabled for h2 on a https: host, an Upgrade request from http/1.1 to http/2 that was not the first request on a connection could lead to a misconfiguration and crash. Server that never enabled the h2 protocol or that only enabled it for https: and did not set "H2Upgrade on" are unaffected by this issue.
References
https://support.f5.com/csp/article/K44591505
https://lists.apache.org/thread.html/[email protected]%3Cdev.httpd.apache.org%3E
https://httpd.apache.org/security/vulnerabilities_24.html
http://www.securityfocus.com/bid/107665
http://www.openwall.com/lists/oss-security/2019/04/02/2
http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00084.html
http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00061.html
http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00051.html
https://security.netapp.com/advisory/ntap-20190617-0002/
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03950en_us
https://usn.ubuntu.com/4113-1/
https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
https://access.redhat.com/errata/RHSA-2019:3933
https://access.redhat.com/errata/RHSA-2019:3935
https://access.redhat.com/errata/RHSA-2019:3932
https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E
https://www.oracle.com/security-alerts/cpuapr2020.html
https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E
Details
Source: MITRE
Published: 2019-06-11
Updated: 2021-06-06
Type: CWE-444
Risk Information
CVSS v2
Base Score: 4.9
Vector: AV:N/AC:M/Au:S/C:N/I:P/A:P
Impact Score: 4.9
Exploitability Score: 6.8
Severity: MEDIUM
CVSS v3
Base Score: 4.2
Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L
Impact Score: 2.5
Exploitability Score: 1.6
Severity: MEDIUM
Vulnerable Software
Configuration 1
OR
cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:* versions from 2.4.17 to 2.4.38 (inclusive)
Tenable Plugins
| ID | Name | Product | Family | Severity |
|---|---|---|---|---|
| 145821 | CentOS 8 : httpd:2.4 (CESA-2020:4751) | Nessus | CentOS Local Security Checks | critical |
| 142762 | Oracle Linux 8 : httpd:2.4 (ELSA-2020-4751) | Nessus | Oracle Linux Local Security Checks | critical |
| 142397 | RHEL 8 : httpd:2.4 (RHSA-2020:4751) | Nessus | Red Hat Local Security Checks | critical |
| 137705 | RHEL 6 / 7 : Red Hat JBoss Core Services Apache HTTP Server 2.4.37 SP3 (RHSA-2020:2644) | Nessus | Red Hat Local Security Checks | medium |
| 134781 | EulerOS 2.0 SP8 : httpd (EulerOS-SA-2020-1289) | Nessus | Huawei Local Security Checks | medium |
| 131216 | RHEL 7 : JBoss Core Services (RHSA-2019:3933) (0-Length Headers Leak) (Data Dribble) (Internal Data Buffering) (Resource Loop) | Nessus | Red Hat Local Security Checks | high |
| 131215 | RHEL 6 : JBoss Core Services (RHSA-2019:3932) (0-Length Headers Leak) (Data Dribble) (Internal Data Buffering) (Resource Loop) | Nessus | Red Hat Local Security Checks | high |
| 128993 | Ubuntu 16.04 LTS / 18.04 LTS / 19.04 : Apache HTTP Server regression (USN-4113-2) (Internal Data Buffering) | Nessus | Ubuntu Local Security Checks | critical |
| 128412 | Ubuntu 16.04 LTS / 18.04 LTS / 19.04 : Apache HTTP Server vulnerabilities (USN-4113-1) (Internal Data Buffering) | Nessus | Ubuntu Local Security Checks | critical |
| 126777 | Oracle Enterprise Manager Ops Center (Jul 2019 CPU) | Nessus | Misc. | critical |
| 124541 | Fedora 30 : httpd (2019-cf7695b470) | Nessus | Fedora Local Security Checks | high |
| 124264 | openSUSE Security Update : apache2 (openSUSE-2019-1258) | Nessus | SuSE Local Security Checks | high |
| 124125 | Amazon Linux 2 : httpd (ALAS-2019-1189) | Nessus | Amazon Linux Local Security Checks | high |
| 124102 | openSUSE Security Update : apache2 (openSUSE-2019-1209) | Nessus | SuSE Local Security Checks | high |
| 124017 | openSUSE Security Update : apache2 (openSUSE-2019-1190) | Nessus | SuSE Local Security Checks | high |
| 123958 | Amazon Linux AMI : httpd24 (ALAS-2019-1189) | Nessus | Amazon Linux Local Security Checks | high |
| 98530 | Apache 2.4.x < 2.4.39 Multiple Vulnerabilities | Web Application Scanning | Component Vulnerability | high |
| 700509 | Apache HTTP Server < 2.4.39 Multiple Vulnerabilities | Nessus Network Monitor | Web Servers | high |
| 123785 | SUSE SLES12 Security Update : apache2 (SUSE-SU-2019:0878-1) | Nessus | SuSE Local Security Checks | high |
| 123782 | SUSE SLED15 / SLES15 Security Update : apache2 (SUSE-SU-2019:0873-1) | Nessus | SuSE Local Security Checks | high |
| 123642 | Apache 2.4.x < 2.4.39 Multiple Vulnerabilities | Nessus | Web Servers | high |