CVE-2019-0197
Published Jun 11, 2019
Last updated a year ago
Overview
- Description
- A vulnerability was found in Apache HTTP Server 2.4.34 to 2.4.38. When HTTP/2 was enabled for a http: host or H2Upgrade was enabled for h2 on a https: host, an Upgrade request from http/1.1 to http/2 that was not the first request on a connection could lead to a misconfiguration and crash. Server that never enabled the h2 protocol or that only enabled it for https: and did not set "H2Upgrade on" are unaffected by this issue.
- Source
- security@apache.org
- NVD status
- Modified
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 4.2
- Impact score
- 2.5
- Exploitability score
- 1.6
- Vector string
- CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L
- Severity
- MEDIUM
CVSS 2.0
- Type
- Primary
- Base score
- 4.9
- Impact score
- 4.9
- Exploitability score
- 6.8
- Vector string
- AV:N/AC:M/Au:S/C:N/I:P/A:P
Weaknesses
- nvd@nist.gov
- CWE-444
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4AF58E59-C3D5-4899-808C-7D2F4DF93DFD",
"versionEndIncluding": "2.4.38",
"versionStartIncluding": "2.4.34"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6"
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"vulnerable": true,
"matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D"
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CD783B0C-9246-47D9-A937-6144FE8BFF0F"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F1E78106-58E6-4D59-990F-75DA575BFAD9"
},
{
"criteria": "cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5F65DAB0-3DAD-49FF-BC73-3581CC3D5BF3"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:jboss_core_services:1.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A2466282-51AB-478D-9FF4-FA524265ED2E"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC"
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:communications_session_report_manager:8.0.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7DDF6809-53A7-4F7D-9FA8-B522BE8F7A21"
},
{
"criteria": "cpe:2.3:a:oracle:communications_session_report_manager:8.1.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "AA86A15F-FAB8-4DF5-95AC-DA3D1CF7A720"
},
{
"criteria": "cpe:2.3:a:oracle:communications_session_report_manager:8.1.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DB43DFD4-D058-4001-BD19-488E059F4532"
},
{
"criteria": "cpe:2.3:a:oracle:communications_session_report_manager:8.2.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "086E2E5C-44EB-4C07-B298-C04189533996"
},
{
"criteria": "cpe:2.3:a:oracle:communications_session_route_manager:8.0.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4B042935-BC42-4CA8-9379-7F0F894F9653"
},
{
"criteria": "cpe:2.3:a:oracle:communications_session_route_manager:8.1.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3B374F86-4EC8-4797-A8C3-5C1FF1DFC9F8"
},
{
"criteria": "cpe:2.3:a:oracle:communications_session_route_manager:8.1.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5682DAEB-3810-4541-833A-568C868BCE0B"
},
{
"criteria": "cpe:2.3:a:oracle:communications_session_route_manager:8.2.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "01BC9AED-F81D-4344-AD97-EEF19B6EA8C7"
},
{
"criteria": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "AB654DFA-FEF9-4D00-ADB0-F3F2B6ACF13E"
},
{
"criteria": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "37209C6F-EF99-4D21-9608-B3A06D283D24"
},
{
"criteria": "cpe:2.3:a:oracle:http_server:12.2.1.3.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DFC79B17-E9D2-44D5-93ED-2F959E7A3D43"
},
{
"criteria": "cpe:2.3:a:oracle:instantis_enterprisetrack:17.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "82EA4BA7-C38B-4AF3-8914-9E3D089EBDD4"
},
{
"criteria": "cpe:2.3:a:oracle:instantis_enterprisetrack:17.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B9C9BC66-FA5F-4774-9BDA-7AB88E2839C4"
},
{
"criteria": "cpe:2.3:a:oracle:instantis_enterprisetrack:17.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7F69B9A5-F21B-4904-9F27-95C0F7A628E3"
},
{
"criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:7.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2F87FC90-16D0-4051-8280-B0DD4441F10B"
},
{
"criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:7.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A0ED83E3-E6BF-4EAA-AF8F-33485A88A218"
}
],
"operator": "OR"
}
]
}
]