Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2018-16844

Опубликовано: 06 нояб. 2018
Источник: redhat
CVSS3: 5.3

Описание

nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the implementation of HTTP/2 that can allow for excessive CPU usage. This issue affects nginx compiled with the ngx_http_v2_module (not compiled by default) if the 'http2' option of the 'listen' directive is used in a configuration file.

Отчет

This issue did not affect the versions of rh-nginx18-nginx as shipped with Red Hat Software Collections as they did not include the vulnerable module ngx_http_v2_module.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
CloudForms Management Engine 5nginxNot affected
Red Hat Ansible Tower 3nginxNot affected
Red Hat Enterprise Linux 8nginxNot affected
Red Hat Software Collectionsrh-nginx110-nginxWill not fix
Red Hat Software Collectionsrh-nginx18-nginxNot affected
Red Hat Software Collections for Red Hat Enterprise Linux 7rh-nginx112-nginxFixedRHSA-2018:368027.11.2018
Red Hat Software Collections for Red Hat Enterprise Linux 7rh-nginx114-nginxFixedRHSA-2018:368127.11.2018
Red Hat Software Collections for Red Hat Enterprise Linux 7.4 EUSrh-nginx112-nginxFixedRHSA-2018:368027.11.2018
Red Hat Software Collections for Red Hat Enterprise Linux 7.4 EUSrh-nginx114-nginxFixedRHSA-2018:368127.11.2018
Red Hat Software Collections for Red Hat Enterprise Linux 7.5 EUSrh-nginx112-nginxFixedRHSA-2018:368027.11.2018

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-400
https://bugzilla.redhat.com/show_bug.cgi?id=1644510nginx: Excessive CPU usage via flaw in HTTP/2 implementation

5.3 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2018-16844

CVSS3: 7.5
ubuntu
около 7 лет назад

nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the implementation of HTTP/2 that can allow for excessive CPU usage. This issue affects nginx compiled with the ngx_http_v2_module (not compiled by default) if the 'http2' option of the 'listen' directive is used in a configuration file.

nvd логотип

CVE-2018-16844

CVSS3: 7.5
nvd
около 7 лет назад

nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the implementation of HTTP/2 that can allow for excessive CPU usage. This issue affects nginx compiled with the ngx_http_v2_module (not compiled by default) if the 'http2' option of the 'listen' directive is used in a configuration file.

debian логотип

CVE-2018-16844

CVSS3: 7.5
debian
около 7 лет назад

nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the imp ...

github логотип

GHSA-4576-cf38-77f2

CVSS3: 7.5
github
больше 3 лет назад

nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the implementation of HTTP/2 that can allow for excessive CPU usage. This issue affects nginx compiled with the ngx_http_v2_module (not compiled by default) if the 'http2' option of the 'listen' directive is used in a configuration file.

fstec логотип

BDU:2019-00983

CVSS3: 7.5
fstec
больше 7 лет назад

Уязвимость реализации протокола HTTP/2 сервера nginx, позволяющая нарушителю вызвать отказ в обслуживании

5.3 Medium

CVSS3