-
Hello. I have a question about the aforementioned CVE-2019-0190. Thanks |
Beta Was this translation helpful? Give feedback.
Replies: 2 comments 2 replies
-
I do not see this is reported as open for openssl-1.1.1 in NVD - the openssl-1.1.1 or higher is just a condition |
Beta Was this translation helpful? Give feedback.
-
According to the CVE this is an issue specific to Apache HTTP Server version 2.4.37 and how it handles renegotiation. There is no indication that this is inherently an OpenSSL issue. Apache put out a fix, 2.4.38, on this CVE in 2019. I do not know why the CVE is still open with a fix available. https://httpd.apache.org/security/vulnerabilities_24.html |
Beta Was this translation helpful? Give feedback.
I do not see this is reported as open for openssl-1.1.1 in NVD - the openssl-1.1.1 or higher is just a condition
Running on/with
. It is not marked as an OpenSSL issue. IMO there is nothing to fix in this NVD entry.