VulnerableCode Vulnerability Details

Staging Environment: Content and features may be unstable or change without notice.

Search for vulnerabilities

Vulnerability details: VCID-4sss-a8ne-kqbc

Vulnerability ID	VCID-4sss-a8ne-kqbc
Aliases	CVE-2019-0197
Summary	When HTTP/2 was enabled for a http: host or H2Upgrade was enabled for h2 on a https: host, an Upgrade request from http/1.1 to http/2 that was not the first request on a connection could lead to a misconfiguration and crash. A server that never enabled the h2 protocol or that only enabled it for https: and did not configure the "H2Upgrade on" is unaffected by this.
Status	Published
Exploitability	0.5
Weighted Severity	9.0
Risk	4.5
Affected and Fixed Packages	Package Details

Weaknesses (1)

CWE-444

System	Score	Found at
cvssv3	4.2	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-0197.json
epss	0.02193	https://api.first.org/data/v1/epss?cve=CVE-2019-0197
epss	0.02193	https://api.first.org/data/v1/epss?cve=CVE-2019-0197
epss	0.02193	https://api.first.org/data/v1/epss?cve=CVE-2019-0197
epss	0.02193	https://api.first.org/data/v1/epss?cve=CVE-2019-0197
epss	0.02193	https://api.first.org/data/v1/epss?cve=CVE-2019-0197
epss	0.02193	https://api.first.org/data/v1/epss?cve=CVE-2019-0197
epss	0.02193	https://api.first.org/data/v1/epss?cve=CVE-2019-0197
epss	0.02193	https://api.first.org/data/v1/epss?cve=CVE-2019-0197
epss	0.02193	https://api.first.org/data/v1/epss?cve=CVE-2019-0197
epss	0.02193	https://api.first.org/data/v1/epss?cve=CVE-2019-0197
epss	0.02193	https://api.first.org/data/v1/epss?cve=CVE-2019-0197
epss	0.02193	https://api.first.org/data/v1/epss?cve=CVE-2019-0197
epss	0.02193	https://api.first.org/data/v1/epss?cve=CVE-2019-0197
epss	0.02193	https://api.first.org/data/v1/epss?cve=CVE-2019-0197
apache_httpd	low	https://httpd.apache.org/security/json/CVE-2019-0197.json
archlinux	Critical	https://security.archlinux.org/AVG-946

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-0197.json
		https://api.first.org/data/v1/epss?cve=CVE-2019-0197
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0197
1695042		https://bugzilla.redhat.com/show_bug.cgi?id=1695042
ASA-201904-3		https://security.archlinux.org/ASA-201904-3
AVG-946		https://security.archlinux.org/AVG-946
CVE-2019-0197		https://httpd.apache.org/security/json/CVE-2019-0197.json
RHSA-2019:3932		https://access.redhat.com/errata/RHSA-2019:3932
RHSA-2019:3933		https://access.redhat.com/errata/RHSA-2019:3933
RHSA-2019:3935		https://access.redhat.com/errata/RHSA-2019:3935
RHSA-2020:2644		https://access.redhat.com/errata/RHSA-2020:2644
RHSA-2020:2646		https://access.redhat.com/errata/RHSA-2020:2646
RHSA-2020:4751		https://access.redhat.com/errata/RHSA-2020:4751
USN-4113-1		https://usn.ubuntu.com/4113-1/

No exploits are available.

Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-0197.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Date	Actor	Action	Source	VulnerableCode Version
2026-04-01T12:36:22.008978+00:00	Apache HTTPD Importer	Import	https://httpd.apache.org/security/json/CVE-2019-0197.json	38.0.0