Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2018-17189

Опубликовано: 22 янв. 2019
Источник: redhat
CVSS3: 4.3

Описание

In Apache HTTP server versions 2.4.37 and prior, by sending request bodies in a slow loris way to plain resources, the h2 stream for that request unnecessarily occupied a server thread cleaning up that incoming data. This affects only HTTP/2 (mod_http2) connections.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
CloudForms Management Engine 5httpdNot affected
Red Hat Enterprise Linux 5httpdNot affected
Red Hat Enterprise Linux 6httpdNot affected
Red Hat Enterprise Linux 7httpdNot affected
Red Hat JBoss Enterprise Application Platform 5httpdNot affected
Red Hat JBoss Enterprise Application Platform 6httpdNot affected
Red Hat JBoss Enterprise Web Server 2httpdNot affected
Red Hat JBoss Web Server 3httpdNot affected
Red Hat Virtualization 4rhvm-applianceNot affected
JBoss Core Services on RHEL 6jbcs-httpd24-aprFixedRHSA-2019:393220.11.2019

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
Дефект:
CWE-400
https://bugzilla.redhat.com/show_bug.cgi?id=1668497httpd: mod_http2: DoS via slow, unneeded request bodies

4.3 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2018-17189

CVSS3: 5.3
ubuntu
почти 7 лет назад

In Apache HTTP server versions 2.4.37 and prior, by sending request bodies in a slow loris way to plain resources, the h2 stream for that request unnecessarily occupied a server thread cleaning up that incoming data. This affects only HTTP/2 (mod_http2) connections.

nvd логотип

CVE-2018-17189

CVSS3: 5.3
nvd
почти 7 лет назад

In Apache HTTP server versions 2.4.37 and prior, by sending request bodies in a slow loris way to plain resources, the h2 stream for that request unnecessarily occupied a server thread cleaning up that incoming data. This affects only HTTP/2 (mod_http2) connections.

debian логотип

CVE-2018-17189

CVSS3: 5.3
debian
почти 7 лет назад

In Apache HTTP server versions 2.4.37 and prior, by sending request bo ...

github логотип

GHSA-xcwr-pcwv-7gm8

CVSS3: 5.3
github
больше 3 лет назад

In Apache HTTP server versions 2.4.37 and prior, by sending request bodies in a slow loris way to plain resources, the h2 stream for that request unnecessarily occupied a server thread cleaning up that incoming data. This affects only HTTP/2 (mod_http2) connections.

fstec логотип

BDU:2019-01749

CVSS3: 5.3
fstec
около 7 лет назад

Уязвимость веб-сервера Apache HTTP Server, связанная с неконтролируемым расходом ресурсов, позволяющая нарушителю вызвать отказ в обслуживании

4.3 Medium

CVSS3