PT-2019-2672 · Apache+7 · Apache Http Server+7

Publicado

2019-04-01

·

Atualizado

2021-06-06

·

CVE-2019-0196

CVSS v3.1

5.3

Média

VetorAV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Name of the Vulnerable Software and Affected Versions Apache HTTP Server versions 2.4.17 through 2.4.38
Description A vulnerability was discovered in the Apache HTTP Server, specifically in the mod http2 module, related to the use of freed memory. This issue could allow a remote attacker to cause a denial of service or access sensitive information by sending a specially crafted request. The vulnerability is triggered by using fuzzed network input, which can cause the http/2 request handling to access freed memory during string comparison when determining the method of a request, leading to incorrect request processing.
Recommendations For Apache HTTP Server versions 2.4.17 through 2.4.38, update to a version that includes the fix for this issue. As a temporary workaround, consider disabling the http/2 protocol until a patch is available. Restrict access to the mod http2 module to minimize the risk of exploitation.

Correção

DoS

Use After Free

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-416

Identificadores relacionados

ALSA-2020:4751
ALT-PU-2019-1580
BDU:2019-02559
CESA-2020_4751
CVE-2019-0196
DSA-4422-1
OPENSUSE-SU-2019:1209-1
OPENSUSE-SU-2019_1190-1
OPENSUSE-SU-2019_1209-1
OPENSUSE-SU-2019_1258-1
RHSA-2019:3932
RHSA-2019:3933
RHSA-2020:2644
RHSA-2020:4751
RHSA-2020_4751
RLSA-2020:4751
SUSE-SU-2019:0873-1
SUSE-SU-2019:0878-1
USN-3937-1

Produtos afetados

Alt Linux
Almalinux
Apache Http Server
Centos
Red Hat
Rocky Linux
Suse
Ubuntu