CVE-2019-0197 vulnerability in Apache and Other Products
Published on June 11, 2019
A vulnerability was found in Apache HTTP Server 2.4.34 to 2.4.38. When HTTP/2 was enabled for a http: host or H2Upgrade was enabled for h2 on a https: host, an Upgrade request from http/1.1 to http/2 that was not the first request on a connection could lead to a misconfiguration and crash. Server that never enabled the h2 protocol or that only enabled it for https: and did not set "H2Upgrade on" are unaffected by this issue.
Vendor Advisory
Vendor Advisory
Vendor Advisory
Vendor Advisory
Vendor Advisory
Vendor Advisory
Vendor Advisory
Vendor Advisory
NVD
Products Associated with CVE-2019-0197
You can be notified by email with stack.watch whenever vulnerabilities like CVE-2019-0197 are published in these products:
Affected Versions
Apache Software Foundation Apache HTTP Server Version 2.4.34 to 2.4.38 is affected by CVE-2019-0197Exploit Probability
EPSS
2.27%
Percentile
84.41%
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.