Apache HTTP Server CVE-2019-0190 Denial of Service Vulnerability

Bugtraq ID:	106743
Class:	Failure to Handle Exceptional Conditions
CVE:	CVE-2019-0190
Remote:	Yes
Local:	No
Published:	Jan 22 2019 12:00AM
Updated:	Jul 17 2019 09:00AM
Credit:	The vendor reported this issue.
Vulnerable:	Oracle Retail Xstore Point of Service 7.1 Oracle Retail Xstore Point of Service 7.0 Oracle Instantis EnterpriseTrack 17.3 Oracle Instantis EnterpriseTrack 17.2 Oracle Instantis EnterpriseTrack 17.1 Apache Apache 2.4.37
Not Vulnerable:	Apache Apache 2.4.38

Apache HTTP Server CVE-2019-0190 Denial of Service Vulnerability

Apache HTTP Server is prone to a denial-of-service vulnerability.

Attackers may leverage this issue to cause a denial-of-service condition, denying service to legitimate users.

Apache HTTP Server CVE-2019-0190 Denial of Service Vulnerability

Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

Apache HTTP Server CVE-2019-0190 Denial of Service Vulnerability

Solution:
Updates are available. Please see the references or vendor advisory for more information.

Apache HTTP Server CVE-2019-0190 Denial of Service Vulnerability

References:

• Apache Homepage (Apache)
  
• Bug 1668488 (CVE-2019-0190) - CVE-2019-0190 httpd: mod_ssl: remote DoS when used (Red Hat Bugzilla)
  
• CVE-2019-0190 (Red Hat Bugzilla)
  
• CVE-2019-0190: mod_ssl 2.4.37 remote DoS when used with OpenSSL 1.1.1 (Seclist)
  
• Apache httpd 2.4 vulnerabilities (Apache)