Launchpad CVE tracker

CVE 2019-0197

A vulnerability was found in Apache HTTP Server 2.4.34 to 2.4.38. When HTTP/2 was enabled for a http: host or H2Upgrade was enabled for h2 on a https: host, an Upgrade request from http/1.1 to http/2 that was not the first request on a connection could lead to a misconfiguration and crash. Server that never enabled the h2 protocol or that only enabled it for https: and did not set "H2Upgrade on" are unaffected by this issue.

Related bugs and status

CVE-2019-0197 (Candidate) is related to these bugs:

Bug #1840188: Apply fix for CVE-2019-0197 in v2.4.29 in Bionic and Disco

Summary				In	Importance	Status
	1840188	Apply fix for CVE-2019-0197 in v2.4.29 in Bionic and Disco		apache2 (Ubuntu)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

References

BID: 107665
CONFIRM: https://httpd.apache.o...
CONFIRM: https://security.netap...
CONFIRM: https://support.f5.com...
FEDORA: FEDORA-2019-cf7695b470
MISC: https://lists.apache.o...
MLIST: [oss-security] 2019040...
SUSE: openSUSE-SU-2019:1190
SUSE: openSUSE-SU-2019:1209
SUSE: openSUSE-SU-2019:1258
MISC: https://www.oracle.com...
MLIST: [httpd-cvs] 20190815 s...
MLIST: [httpd-cvs] 20190815 s...
CONFIRM: https://support.hpe.co...
UBUNTU: USN-4113-1
MISC: https://www.oracle.com...
REDHAT: RHSA-2019:3932
REDHAT: RHSA-2019:3933
REDHAT: RHSA-2019:3935
MLIST: [httpd-cvs] 20200401 s...
MLIST: [httpd-cvs] 20200401 s...
MISC: https://www.oracle.com...
MLIST: [httpd-cvs] 20210330 s...
MLIST: [httpd-cvs] 20210330 s...
MLIST: [httpd-cvs] 20210330 s...
MLIST: [httpd-cvs] 20210330 s...
MLIST: [httpd-cvs] 20210330 s...
MLIST: [httpd-cvs] 20210330 s...
MLIST: [httpd-cvs] 20210330 s...
MLIST: [httpd-cvs] 20210606 s...

Launchpad.net

CVE 2019-0197

Related bugs and status

Related bugs

References