Zero-friction vulnerability management platform

Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.

Install Now

Available for macOS, Windows, and Linux

App screenshot

CVE-2019-0197

CVE information

Published

3 years ago

Last Modified

1 year ago

CVSSv2.0 Severity

Medium

CVSSv3.1 Severity

Medium

Impact Analysis

Description

A vulnerability was found in Apache HTTP Server 2.4.34 to 2.4.38. When HTTP/2 was enabled for a http: host or H2Upgrade was enabled for h2 on a https: host, an Upgrade request from http/1.1 to http/2 that was not the first request on a connection could lead to a misconfiguration and crash. Server that never enabled the h2 protocol or that only enabled it for https: and did not set "H2Upgrade on" are unaffected by this issue..

CVSSv2.0 Score

Severity
Medium
Base Score
4.9/10
Exploit Score
6.8/10
Access Vector
Network
Access Complexity
Medium
Authentication Required
Single
Impact Score
4.9/10
Confidentiality Impact
None
Availability Impact
Partial
Integrity Impact
Partial

CVSSv3.1 Score

Severity
Medium
Base Score
4.2/10
Exploit Score
1.6/10
Access Vector
Network
Access Complexity
High
Privileges Required
Low
Impact Score
2.5/10
Confidentiality Impact
None
Availability Impact
Low
Integrity Impact
Low
Scope
Unchanged
User Interaction
None

Products Affected

CPE Affected Vulnerable Excluding Edit
cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*
  Yes
2.4.17 -

References