CVE-2019-0190
Description
A bug exists in the way mod_ssl handled client renegotiations. A remote attacker could send a carefully crafted request that would cause mod_ssl to enter a loop leading to a denial of service. This bug can be only triggered with Apache HTTP Server version 2.4.37 when using OpenSSL version 1.1.1 or later, due to an interaction in changes to handling of renegotiation attempts.
Risk Information
Base Score
7.5
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score
Exploitation Probability
18.924
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Update Apache to version 2.4.38 | Windows |
| Multiple Vulnerabilities are affected in OpenSSL 1.1.1 | Windows |
| Vulnerabilities CVE-2019-0190 are fixed in Apache 2.4.38 | Windows |
| Update Apache to version 2.4.38 (For Linux) | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234