Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

Apache HTTP Server Use After Free Vulnerability (CVE-2019-0196)

Description

A vulnerability was found in Apache HTTP Server 2.4.17 to 2.4.38. Using fuzzed network input, the http/2 request handling could be made to access freed memory in string comparison when determining the method of a request and thus process the request incorrectly.

Remediation

References

Related Vulnerabilities

WordPress Plugin Bold Page Builder PHP Object Injection (3.1.5)

WordPress Plugin SAM Pro (Free Edition) Local File Inclusion (1.9.6.67)

PrestaShop Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2013-6358)

phpMyFAQ Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-0786)

ownCloud Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-5665)

Severity

Medium

Classification

CVE-2019-0196 CWE-416 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Tags

Missing Update Known Vulnerabilities