CVE-2019-0190

Name of the Vulnerable Software and Affected Versions Apache HTTP Server version 2.4.37 OpenSSL versions 1.1.1 or earlier

Description A problem exists in the way mod ssl handles client renegotiations, allowing a remote attacker to send a specially crafted request that could cause mod ssl to enter a loop, leading to a denial of service. This issue can be triggered due to an interaction in changes to the handling of renegotiation attempts when using Apache HTTP Server with OpenSSL.

Recommendations For Apache HTTP Server version 2.4.37, consider disabling the renegotiation feature as a temporary workaround until a patch is available. For OpenSSL versions 1.1.1 or earlier, restrict the use of the TLS connection renegotiation parameter to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.