CVE-2019-0196
moderate-risk
Published 2019-06-11
A vulnerability was found in Apache HTTP Server 2.4.17 to 2.4.38. Using fuzzed network input, the http/2 request handling could be made to access freed memory in string comparison when determining the method of a request and thus process the request incorrectly.
Do I need to act?
~
9.5% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
5
CVSS 5.3/10
Medium
NETWORK
/ LOW complexity
Affected Products (6)
References (72)
Release Notes
http://www.apache.org/dist/httpd/CHANGES_2.4.39
Third Party Advisory
http://www.securityfocus.com/bid/107669
Vendor Advisory
https://httpd.apache.org/security/vulnerabilities_24.html
and 52 more references
45
/ 100
moderate-risk
Severity
21/34 · High
Exploitability
11/34 · Low
Exposure
13/34 · Low