CVE-2019-0197Apache HTTP Server 安全漏洞 发布时间:2019-04-01类型:CANstatus:Candidatephase:Assigned数据库:HTTPhttps 漏洞描述Apache HTTP Server是美国阿帕奇(Apache)基金会的一款开源网页服务器。该服务器具有快速、可靠且可通过简单的API进行扩充的特点。
Apache HTTP Server中存在环境问题漏洞。该漏洞源于网络系统或产品的环境因素不合理。以下产品及版本受到影响:Apache HTTP Server 2.4.38版本,2.4.37版本,2.4.35版本,2.4.34版本。
A vulnerability was found in Apache HTTP Server 2.4.34 to 2.4.38. When HTTP/2 was enabled for a http: host or H2Upgrade was enabled for h2 on a https: host, an Upgrade request from http/1.1 to http/2 that was not the first request on a connection could lead to a misconfiguration and crash. Server that never enabled the h2 protocol or that only enabled it for https: and did not set "H2Upgrade on" are unaffected by this issue. |
请发表评论