CVE-2019-0197 log
| Source |
|
| Severity | Medium |
| Remote | Yes |
| Type | Denial of service |
| Description | An issue has been found in Apache HTTPd >= 2.4.34 and <= 2.4.38. When HTTP/2 was enabled for a http: host or H2Upgrade was enabled for h2 on a https: host, an Upgrade request from http/1.1 to http/2 that was not the first request on a connection could lead to a misconfiguration and crash. A server that never enabled the h2 protocol or that only enabled it for https: and did not configure the "H2Upgrade on" is unaffected by this. |
| Group | Package | Affected | Fixed | Severity | Status | Ticket |
|---|---|---|---|---|---|---|
| AVG-946 | apache | 2.4.38-1 | 2.4.39-1 | Critical | Fixed |
| Date | Advisory | Group | Package | Severity | Type |
|---|---|---|---|---|---|
| 05 Apr 2019 | ASA-201904-3 | AVG-946 | apache | Critical | multiple issues |
| References |
|---|
https://httpd.apache.org/security/vulnerabilities_24.html |