Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2018-17189

Опубликовано: 22 янв. 2019
Источник: redhat
CVSS3: 4.3
EPSS Низкий

Описание

In Apache HTTP server versions 2.4.37 and prior, by sending request bodies in a slow loris way to plain resources, the h2 stream for that request unnecessarily occupied a server thread cleaning up that incoming data. This affects only HTTP/2 (mod_http2) connections.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
CloudForms Management Engine 5httpdNot affected
Red Hat Enterprise Linux 5httpdNot affected
Red Hat Enterprise Linux 6httpdNot affected
Red Hat Enterprise Linux 7httpdNot affected
Red Hat JBoss Enterprise Application Platform 5httpdNot affected
Red Hat JBoss Enterprise Application Platform 6httpdNot affected
Red Hat JBoss Enterprise Web Server 2httpdNot affected
Red Hat JBoss Web Server 3httpdNot affected
Red Hat Virtualization 4rhvm-applianceNot affected
JBoss Core Services on RHEL 6jbcs-httpd24-aprFixedRHSA-2019:393220.11.2019

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
Дефект:
CWE-400
https://bugzilla.redhat.com/show_bug.cgi?id=1668497httpd: mod_http2: DoS via slow, unneeded request bodies

EPSS

Процентиль: 89%
0.04923
Низкий

4.3 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2018-17189

CVSS3: 5.3
ubuntu
больше 6 лет назад

In Apache HTTP server versions 2.4.37 and prior, by sending request bodies in a slow loris way to plain resources, the h2 stream for that request unnecessarily occupied a server thread cleaning up that incoming data. This affects only HTTP/2 (mod_http2) connections.

nvd логотип

CVE-2018-17189

CVSS3: 5.3
nvd
больше 6 лет назад

In Apache HTTP server versions 2.4.37 and prior, by sending request bodies in a slow loris way to plain resources, the h2 stream for that request unnecessarily occupied a server thread cleaning up that incoming data. This affects only HTTP/2 (mod_http2) connections.

debian логотип

CVE-2018-17189

CVSS3: 5.3
debian
больше 6 лет назад

In Apache HTTP server versions 2.4.37 and prior, by sending request bo ...

github логотип

GHSA-xcwr-pcwv-7gm8

CVSS3: 5.3
github
около 3 лет назад

In Apache HTTP server versions 2.4.37 and prior, by sending request bodies in a slow loris way to plain resources, the h2 stream for that request unnecessarily occupied a server thread cleaning up that incoming data. This affects only HTTP/2 (mod_http2) connections.

fstec логотип

BDU:2019-01749

CVSS3: 5.3
fstec
больше 6 лет назад

Уязвимость веб-сервера Apache HTTP Server, связанная с неконтролируемым расходом ресурсов, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 89%
0.04923
Низкий

4.3 Medium

CVSS3