CVE-2019-0197 log

Source
Severity Medium
Remote Yes
Type Denial of service
Description
An issue has been found in Apache HTTPd >= 2.4.34 and <= 2.4.38. When HTTP/2 was enabled for a http: host or H2Upgrade was enabled for h2 on a https: host, an Upgrade request from http/1.1 to http/2 that was not the first request on a connection could lead to a misconfiguration and crash. A server that never enabled the h2 protocol or that only enabled it for https: and did not configure the "H2Upgrade on" is unaffected by this.
Group Package Affected Fixed Severity Status Ticket
AVG-946 apache 2.4.38-1 2.4.39-1 Critical Fixed
Date Advisory Group Package Severity Description
05 Apr 2019 ASA-201904-3 AVG-946 apache Critical multiple issues
References
https://httpd.apache.org/security/vulnerabilities_24.html