ID CVE-2019-0196
Summary A vulnerability was found in Apache HTTP Server 2.4.17 to 2.4.38. Using fuzzed network input, the http/2 request handling could be made to access freed memory in string comparison when determining the method of a request and thus process the request incorrectly.
References
Vulnerable Configurations
  • Apache Software Foundation Apache HTTP Server 2.4.17
    cpe:2.3:a:apache:http_server:2.4.17
  • Apache Software Foundation Apache HTTP Server 2.4.18
    cpe:2.3:a:apache:http_server:2.4.18
  • Apache Software Foundation HTTP Server 2.4.19
    cpe:2.3:a:apache:http_server:2.4.19
  • Apache Software Foundation HTTP Server 2.4.20
    cpe:2.3:a:apache:http_server:2.4.20
  • Apache Software Foundation Apache HTTP Server 2.4.21
    cpe:2.3:a:apache:http_server:2.4.21
  • Apache Software Foundation Apache HTTP Server 2.4.22
    cpe:2.3:a:apache:http_server:2.4.22
  • Apache Software Foundation HTTP Server 2.4.23
    cpe:2.3:a:apache:http_server:2.4.23
  • Apache Software Foundation HTTP Server 2.4.24
    cpe:2.3:a:apache:http_server:2.4.24
  • Apache Software Foundation Apache HTTP Server 2.4.25
    cpe:2.3:a:apache:http_server:2.4.25
  • Apache Software Foundation Apache HTTP Server 2.4.26
    cpe:2.3:a:apache:http_server:2.4.26
  • Apache Software Foundation Apache HTTP Server 2.4.27
    cpe:2.3:a:apache:http_server:2.4.27
  • Apache Software Foundation Apache HTTP Server 2.4.28
    cpe:2.3:a:apache:http_server:2.4.28
  • Apache Software Foundation Apache HTTP Server 2.4.29
    cpe:2.3:a:apache:http_server:2.4.29
  • Apache Software Foundation HTTP Server 2.4.30
    cpe:2.3:a:apache:http_server:2.4.30
  • Apache Software Foundation Apache HTTP Server 2.4.32
    cpe:2.3:a:apache:http_server:2.4.32
  • Apache Software Foundation Apache HTTP Server 2.4.33
    cpe:2.3:a:apache:http_server:2.4.33
  • Apache Software Foundation HTTP Server 2.4.34
    cpe:2.3:a:apache:http_server:2.4.34
  • Apache Software Foundation HTTP Server 2.4.35
    cpe:2.3:a:apache:http_server:2.4.35
  • Apache Software Foundation HTTP Server 2.4.36
    cpe:2.3:a:apache:http_server:2.4.36
  • Apache Software Foundation HTTP Server 2.4.37
    cpe:2.3:a:apache:http_server:2.4.37
  • Apache Software Foundation HTTP Server 2.4.38
    cpe:2.3:a:apache:http_server:2.4.38
  • Canonical Ubuntu Linux 14.04 LTS (Long-Term Support)
    cpe:2.3:o:canonical:ubuntu_linux:14.04:-:-:-:lts
  • Canonical Ubuntu Linux 16.04 LTS (Long-Term Support)
    cpe:2.3:o:canonical:ubuntu_linux:16.04:-:-:-:lts
  • Canonical Ubuntu Linux 18.04 LTS Edition
    cpe:2.3:o:canonical:ubuntu_linux:18.04:-:-:-:lts
  • Canonical Ubuntu Linux 18.10
    cpe:2.3:o:canonical:ubuntu_linux:18.10
  • Debian Linux 9.0
    cpe:2.3:o:debian:debian_linux:9.0
CVSS
Base: 5.0
Impact:
Exploitability:
CWE CWE-416
CAPEC
Last major update 11-06-2019 - 18:29
Published 11-06-2019 - 18:29
Last modified 17-06-2019 - 15:15
Back to Top