Vulnerability Details : CVE-2019-0196
A vulnerability was found in Apache HTTP Server 2.4.17 to 2.4.38. Using fuzzed network input, the http/2 request handling could be made to access freed memory in string comparison when determining the method of a request and thus process the request incorrectly.
Products affected by CVE-2019-0196
- cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
- cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*
Threat overview for CVE-2019-0196
Top countries where our scanners detected CVE-2019-0196
Top open port discovered on systems with this issue
80
IPs affected by CVE-2019-0196 3,121,994
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2019-0196!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2019-0196
8.20%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 91 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2019-0196
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:N/A:P |
10.0
|
2.9
|
NIST | |
|
5.3
|
MEDIUM | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L |
3.9
|
1.4
|
NIST |
CWE ids for CVE-2019-0196
-
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.Assigned by: nvd@nist.gov (Primary)
References for CVE-2019-0196
-
https://lists.apache.org/thread.html/re473305a65b4db888e3556e4dae10c2a04ee89dcff2e26ecdbd860a9@%3Ccvs.httpd.apache.org%3E
svn commit: r1073149 [12/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/ - Pony Mail
-
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03950en_us
HPESBUX03950 rev.1 - HP-UX Web Server Suite running Apache on HP-UX 11iv3, Multiple Remote Vulnerabilities
-
https://www.oracle.com/security-alerts/cpuapr2020.html
Oracle Critical Patch Update Advisory - April 2020
-
http://www.apache.org/dist/httpd/CHANGES_2.4.39
Release Notes;Vendor Advisory
-
https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234@%3Ccvs.httpd.apache.org%3E
Pony Mail!
-
https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f@%3Ccvs.httpd.apache.org%3E
Pony Mail!
-
https://lists.apache.org/thread.html/97a1c58e138ed58a364513b58d807a802e72bf6079ff81a10948ef7c@%3Ccvs.httpd.apache.org%3E
svn commit: r1046148 - in /websites/production/httpd/content: ./ mail - Pony MailMailing List;Vendor Advisory
-
https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
Page not found | Oracle
-
http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00051.html
[security-announce] openSUSE-SU-2019:1190-1: important: Security updateMailing List;Patch;Third Party Advisory
-
https://seclists.org/bugtraq/2019/Apr/5
Bugtraq: [SECURITY] [DSA 4422-1] apache2 security updateMailing List;Third Party Advisory
-
https://httpd.apache.org/security/vulnerabilities_24.html
httpd 2.4 vulnerabilities - The Apache HTTP Server ProjectVendor Advisory
-
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
Oracle Critical Patch Update - July 2019
-
https://security.netapp.com/advisory/ntap-20190617-0002/
June 2019 Apache HTTP Server Vulnerabilities in NetApp Products | NetApp Product Security
-
http://www.securityfocus.com/bid/107669
Apache httpd CVE-2019-0196 Security Bypass VulnerabilityVDB Entry;Third Party Advisory
-
https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a@%3Ccvs.httpd.apache.org%3E
svn commit: r1073140 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html s
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WETXNQWNQLWHV6XNW6YTO5UGDTIWAQGT/
[SECURITY] Fedora 30 Update: httpd-2.4.39-2.fc30 - package-announce - Fedora Mailing-ListsMailing List;Patch;Third Party Advisory
-
https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf@%3Ccvs.httpd.apache.org%3E
svn commit: r1073143 [3/3] - in /websites/staging/httpd/trunk/content: ./ security/ - Pony Mail
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XWRYD6JMEJ6O3JKJZFNOYXMJJU5JMEJK/
[SECURITY] Fedora 29 Update: mod_http2-1.15.1-1.fc29 - package-announce - Fedora Mailing-Lists
-
https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E
svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/ - Pony Mail
-
https://usn.ubuntu.com/3937-1/
USN-3937-1: Apache HTTP Server vulnerabilities | Ubuntu security noticesThird Party Advisory
-
https://lists.apache.org/thread.html/fd110f4ace2d8364c7d9190e1993cde92f79e4eb85576ed9285686ac@%3Ccvs.httpd.apache.org%3E
svn commit: r1861068 - /httpd/site/trunk/content/security/vulnerabilities-httpd.xml - Pony MailMailing List;Vendor Advisory
-
https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d@%3Ccvs.httpd.apache.org%3E
svn commit: r1073139 [12/13] - in /websites/staging/httpd/trunk/content: ./ security/json/ - Pony Mail
-
https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830@%3Ccvs.httpd.apache.org%3E
Pony Mail!
-
http://www.openwall.com/lists/oss-security/2019/04/02/1
oss-security - CVE-2019-0196: mod_http2, read-after-free on a string compareMailing List;Mitigation;Third Party Advisory
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YTJPHI3E3OKW7OT7COQXVG7DE7IDQ2OT/
[SECURITY] Fedora 30 Update: mod_http2-1.15.0-1.fc30 - package-announce - Fedora Mailing-ListsMailing List;Patch;Third Party Advisory
-
https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba@%3Ccvs.httpd.apache.org%3E
svn commit: r1048743 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_
-
https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E
Pony Mail!
-
https://access.redhat.com/errata/RHSA-2019:3935
RHSA-2019:3935 - Security Advisory - Red Hat Customer Portal
-
https://access.redhat.com/errata/RHSA-2019:3932
RHSA-2019:3932 - Security Advisory - Red Hat Customer Portal
-
https://access.redhat.com/errata/RHSA-2019:3933
RHSA-2019:3933 - Security Advisory - Red Hat Customer Portal
-
http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00061.html
[security-announce] openSUSE-SU-2019:1209-1: important: Security updateMailing List;Patch;Third Party Advisory
-
https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d@%3Ccvs.httpd.apache.org%3E
svn commit: r1075470 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_2
-
https://www.debian.org/security/2019/dsa-4422
Debian -- Security Information -- DSA-4422-1 apache2Third Party Advisory
-
https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538@%3Ccvs.httpd.apache.org%3E
svn commit: r1888194 [12/13] - /httpd/site/trunk/content/security/json/ - Pony Mail
-
http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00084.html
[security-announce] openSUSE-SU-2019:1258-1: important: Security updateMailing List;Patch;Third Party Advisory
-
https://support.f5.com/csp/article/K44591505
Third Party Advisory
Jump to