Is CVE-2019-0190 known to be exploited?

8 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Apache Software Foundation Http Server

CVE-2019-0190

A bug exists in the way mod_ssl handled client renegotiations. A remote attacker could send a carefully crafted request that would cause mod_ssl to enter a loop leading to a denial of service. This bug can be only triggered with Apache HTT…

EPSS: 0.599 (99.0th percentile) — read the EPSS interpretation.

Affected products

Apache Software Foundation Http Server — versions Apache HTTP Server 2.4.37

Public proof-of-concept exploits

References

106743 (vdb-entry, x_refsource_BID)
GLSA-201903-21 (vendor-advisory, x_refsource_GENTOO)
[httpd-cvs] 20190815 svn commit: r1048743 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html (mailing-list, x_refsource_MLIST)
[httpd-cvs] 20190815 svn commit: r1048742 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html (mailing-list, x_refsource_MLIST)
[httpd-cvs] 20200401 svn commit: r1058586 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html (mailing-list, x_refsource_MLIST)
[httpd-cvs] 20200401 svn commit: r1058587 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html (mailing-list, x_refsource_MLIST)
www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html (x_refsource_MISC)
www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html (x_refsource_MISC)
httpd.apache.org/security/vulnerabilities_24.html (x_refsource_CONFIRM)
[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/ (mailing-list, x_refsource_MLIST)

Frequently asked questions

What is CVE-2019-0190?: CVE-2019-0190 is a vulnerability in Apache Software Foundation Http Server. Published 2019-01-30.
Is CVE-2019-0190 known to be exploited?: 8 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.