Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2019-0190

Опубликовано: 22 янв. 2019
Источник: redhat
CVSS3: 6.5
EPSS Средний

Описание

A bug exists in the way mod_ssl handled client renegotiations. A remote attacker could send a carefully crafted request that would cause mod_ssl to enter a loop leading to a denial of service. This bug can be only triggered with Apache HTTP Server version 2.4.37 when using OpenSSL version 1.1.1 or later, due to an interaction in changes to handling of renegotiation attempts.

A flaw was found in the way mod_ssl handled client renegotiations. A remote attacker could send a malicious request to cause mod_ssl to enter an infinite loop resulting in a denial of service.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
CloudForms Management Engine 5httpdNot affected
Red Hat Enterprise Linux 5httpdNot affected
Red Hat Enterprise Linux 6httpdNot affected
Red Hat Enterprise Linux 7httpdNot affected
Red Hat Enterprise Linux 8httpdNot affected
Red Hat JBoss Core ServiceshttpdNot affected
Red Hat JBoss Enterprise Application Platform 5httpdNot affected
Red Hat JBoss Enterprise Application Platform 6httpdNot affected
Red Hat JBoss Enterprise Web Server 2httpdNot affected
Red Hat JBoss Web Server 3httpdNot affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Important
Дефект:
CWE-835
https://bugzilla.redhat.com/show_bug.cgi?id=1668488httpd: mod_ssl: infinite loop triggered by client-initiated renegotiation when using OpenSSL 1.1.1

EPSS

Процентиль: 95%
0.18924
Средний

6.5 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2019-0190

CVSS3: 7.5
ubuntu
около 7 лет назад

A bug exists in the way mod_ssl handled client renegotiations. A remote attacker could send a carefully crafted request that would cause mod_ssl to enter a loop leading to a denial of service. This bug can be only triggered with Apache HTTP Server version 2.4.37 when using OpenSSL version 1.1.1 or later, due to an interaction in changes to handling of renegotiation attempts.

nvd логотип

CVE-2019-0190

CVSS3: 7.5
nvd
около 7 лет назад

A bug exists in the way mod_ssl handled client renegotiations. A remote attacker could send a carefully crafted request that would cause mod_ssl to enter a loop leading to a denial of service. This bug can be only triggered with Apache HTTP Server version 2.4.37 when using OpenSSL version 1.1.1 or later, due to an interaction in changes to handling of renegotiation attempts.

debian логотип

CVE-2019-0190

CVSS3: 7.5
debian
около 7 лет назад

A bug exists in the way mod_ssl handled client renegotiations. A remot ...

github логотип

GHSA-m3q7-x278-m229

CVSS3: 7.5
github
больше 3 лет назад

A bug exists in the way mod_ssl handled client renegotiations. A remote attacker could send a carefully crafted request that would cause mod_ssl to enter a loop leading to a denial of service. This bug can be only triggered with Apache HTTP Server version 2.4.37 when using OpenSSL version 1.1.1 or later, due to an interaction in changes to handling of renegotiation attempts.

fstec логотип

BDU:2019-03106

CVSS3: 7.5
fstec
около 7 лет назад

Уязвимость модуля mod_ssl веб-сервера Apache HTTP Server, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 95%
0.18924
Средний

6.5 Medium

CVSS3