{"containers": {"cna": {"affected": [{"product": "Apache HTTP Server", "vendor": "Apache Software Foundation", "versions": [{"status": "affected", "version": "2.4.17 to 2.4.37"}]}], "datePublic": "2019-01-22T00:00:00", "descriptions": [{"lang": "en", "value": "In Apache HTTP server versions 2.4.37 and prior, by sending request bodies in a slow loris way to plain resources, the h2 stream for that request unnecessarily occupied a server thread cleaning up that incoming data. This affects only HTTP/2 (mod_http2) connections."}], "problemTypes": [{"descriptions": [{"description": "mod_http2, DoS via slow request bodies", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-06-06T10:10:55", "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://httpd.apache.org/security/vulnerabilities_24.html"}, {"name": "106685", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/106685"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://security.netapp.com/advisory/ntap-20190125-0001/"}, {"name": "FEDORA-2019-0300c36537", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U7N3DUEBFVGQWQEME5HTPTTKDHGHBAC6/"}, {"name": "FEDORA-2019-133a8a7cb5", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IY7SJQOO3PYFVINZW6H5EK4EZ3HSGZNM/"}, {"name": "GLSA-201903-21", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/201903-21"}, {"name": "20190403 [SECURITY] [DSA 4422-1] apache2 security update", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "https://seclists.org/bugtraq/2019/Apr/5"}, {"name": "USN-3937-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/3937-1/"}, {"name": "DSA-4422", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "https://www.debian.org/security/2019/dsa-4422"}, {"tags": ["x_refsource_MISC"], "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"}, {"tags": ["x_refsource_MISC"], "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"}, {"name": "[httpd-cvs] 20190815 svn commit: r1048743 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E"}, {"name": "[httpd-cvs] 20190815 svn commit: r1048742 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03950en_us"}, {"name": "RHSA-2019:3933", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2019:3933"}, {"name": "RHSA-2019:3935", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2019:3935"}, {"name": "RHSA-2019:3932", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2019:3932"}, {"name": "RHSA-2019:4126", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2019:4126"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://www.tenable.com/security/tns-2019-09"}, {"tags": ["x_refsource_MISC"], "url": "https://www.oracle.com/security-alerts/cpujan2020.html"}, {"name": "[httpd-cvs] 20200401 svn commit: r1058586 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E"}, {"name": "[httpd-cvs] 20200401 svn commit: r1058587 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E"}, {"name": "[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E"}, {"name": "[httpd-cvs] 20210330 svn commit: r1073143 [3/3] - in /websites/staging/httpd/trunk/content: ./ security/", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E"}, {"name": "[httpd-cvs] 20210330 svn commit: r1073140 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E"}, {"name": "[httpd-cvs] 20210330 svn commit: r1073139 [11/13] - in /websites/staging/httpd/trunk/content: ./ security/json/", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/r15f9aa4427581a1aecb4063f1b4b983511ae1c9935e2a0a6876dad3c%40%3Ccvs.httpd.apache.org%3E"}, {"name": "[httpd-cvs] 20210330 svn commit: r1888194 [12/13] - /httpd/site/trunk/content/security/json/", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538%40%3Ccvs.httpd.apache.org%3E"}, {"name": "[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E"}, {"name": "[httpd-cvs] 20210330 svn commit: r1073149 [12/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/re473305a65b4db888e3556e4dae10c2a04ee89dcff2e26ecdbd860a9%40%3Ccvs.httpd.apache.org%3E"}, {"name": "[httpd-cvs] 20210606 svn commit: r1075470 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@apache.org", "DATE_PUBLIC": "2019-01-22T00:00:00", "ID": "CVE-2018-17189", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Apache HTTP Server", "version": {"version_data": [{"version_value": "2.4.17 to 2.4.37"}]}}]}, "vendor_name": "Apache Software Foundation"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In Apache HTTP server versions 2.4.37 and prior, by sending request bodies in a slow loris way to plain resources, the h2 stream for that request unnecessarily occupied a server thread cleaning up that incoming data. This affects only HTTP/2 (mod_http2) connections."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "mod_http2, DoS via slow request bodies"}]}]}, "references": {"reference_data": [{"name": "https://httpd.apache.org/security/vulnerabilities_24.html", "refsource": "CONFIRM", "url": "https://httpd.apache.org/security/vulnerabilities_24.html"}, {"name": "106685", "refsource": "BID", "url": "http://www.securityfocus.com/bid/106685"}, {"name": "https://security.netapp.com/advisory/ntap-20190125-0001/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20190125-0001/"}, {"name": "FEDORA-2019-0300c36537", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U7N3DUEBFVGQWQEME5HTPTTKDHGHBAC6/"}, {"name": "FEDORA-2019-133a8a7cb5", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IY7SJQOO3PYFVINZW6H5EK4EZ3HSGZNM/"}, {"name": "GLSA-201903-21", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201903-21"}, {"name": "20190403 [SECURITY] [DSA 4422-1] apache2 security update", "refsource": "BUGTRAQ", "url": "https://seclists.org/bugtraq/2019/Apr/5"}, {"name": "USN-3937-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3937-1/"}, {"name": "DSA-4422", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2019/dsa-4422"}, {"name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", "refsource": "MISC", "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"}, {"name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", "refsource": "MISC", "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"}, {"name": "[httpd-cvs] 20190815 svn commit: r1048743 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba@%3Ccvs.httpd.apache.org%3E"}, {"name": "[httpd-cvs] 20190815 svn commit: r1048742 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830@%3Ccvs.httpd.apache.org%3E"}, {"name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03950en_us", "refsource": "CONFIRM", "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03950en_us"}, {"name": "RHSA-2019:3933", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:3933"}, {"name": "RHSA-2019:3935", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:3935"}, {"name": "RHSA-2019:3932", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:3932"}, {"name": "RHSA-2019:4126", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:4126"}, {"name": "https://www.tenable.com/security/tns-2019-09", "refsource": "CONFIRM", "url": "https://www.tenable.com/security/tns-2019-09"}, {"name": "https://www.oracle.com/security-alerts/cpujan2020.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpujan2020.html"}, {"name": "[httpd-cvs] 20200401 svn commit: r1058586 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f@%3Ccvs.httpd.apache.org%3E"}, {"name": "[httpd-cvs] 20200401 svn commit: r1058587 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234@%3Ccvs.httpd.apache.org%3E"}, {"name": "[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E"}, {"name": "[httpd-cvs] 20210330 svn commit: r1073143 [3/3] - in /websites/staging/httpd/trunk/content: ./ security/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf@%3Ccvs.httpd.apache.org%3E"}, {"name": "[httpd-cvs] 20210330 svn commit: r1073140 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a@%3Ccvs.httpd.apache.org%3E"}, {"name": "[httpd-cvs] 20210330 svn commit: r1073139 [11/13] - in /websites/staging/httpd/trunk/content: ./ security/json/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r15f9aa4427581a1aecb4063f1b4b983511ae1c9935e2a0a6876dad3c@%3Ccvs.httpd.apache.org%3E"}, {"name": "[httpd-cvs] 20210330 svn commit: r1888194 [12/13] - /httpd/site/trunk/content/security/json/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538@%3Ccvs.httpd.apache.org%3E"}, {"name": "[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E"}, {"name": "[httpd-cvs] 20210330 svn commit: r1073149 [12/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/re473305a65b4db888e3556e4dae10c2a04ee89dcff2e26ecdbd860a9@%3Ccvs.httpd.apache.org%3E"}, {"name": "[httpd-cvs] 20210606 svn commit: r1075470 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d@%3Ccvs.httpd.apache.org%3E"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T10:39:59.646Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://httpd.apache.org/security/vulnerabilities_24.html"}, {"name": "106685", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/106685"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://security.netapp.com/advisory/ntap-20190125-0001/"}, {"name": "FEDORA-2019-0300c36537", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U7N3DUEBFVGQWQEME5HTPTTKDHGHBAC6/"}, {"name": "FEDORA-2019-133a8a7cb5", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IY7SJQOO3PYFVINZW6H5EK4EZ3HSGZNM/"}, {"name": "GLSA-201903-21", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "https://security.gentoo.org/glsa/201903-21"}, {"name": "20190403 [SECURITY] [DSA 4422-1] apache2 security update", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "https://seclists.org/bugtraq/2019/Apr/5"}, {"name": "USN-3937-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/3937-1/"}, {"name": "DSA-4422", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "https://www.debian.org/security/2019/dsa-4422"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"}, {"name": "[httpd-cvs] 20190815 svn commit: r1048743 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E"}, {"name": "[httpd-cvs] 20190815 svn commit: r1048742 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03950en_us"}, {"name": "RHSA-2019:3933", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2019:3933"}, {"name": "RHSA-2019:3935", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2019:3935"}, {"name": "RHSA-2019:3932", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2019:3932"}, {"name": "RHSA-2019:4126", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2019:4126"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.tenable.com/security/tns-2019-09"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.oracle.com/security-alerts/cpujan2020.html"}, {"name": "[httpd-cvs] 20200401 svn commit: r1058586 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E"}, {"name": "[httpd-cvs] 20200401 svn commit: r1058587 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E"}, {"name": "[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E"}, {"name": "[httpd-cvs] 20210330 svn commit: r1073143 [3/3] - in /websites/staging/httpd/trunk/content: ./ security/", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E"}, {"name": "[httpd-cvs] 20210330 svn commit: r1073140 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E"}, {"name": "[httpd-cvs] 20210330 svn commit: r1073139 [11/13] - in /websites/staging/httpd/trunk/content: ./ security/json/", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/r15f9aa4427581a1aecb4063f1b4b983511ae1c9935e2a0a6876dad3c%40%3Ccvs.httpd.apache.org%3E"}, {"name": "[httpd-cvs] 20210330 svn commit: r1888194 [12/13] - /httpd/site/trunk/content/security/json/", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538%40%3Ccvs.httpd.apache.org%3E"}, {"name": "[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E"}, {"name": "[httpd-cvs] 20210330 svn commit: r1073149 [12/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/re473305a65b4db888e3556e4dae10c2a04ee89dcff2e26ecdbd860a9%40%3Ccvs.httpd.apache.org%3E"}, {"name": "[httpd-cvs] 20210606 svn commit: r1075470 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E"}]}]}, "cveMetadata": {"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "assignerShortName": "apache", "cveId": "CVE-2018-17189", "datePublished": "2019-01-30T22:00:00Z", "dateReserved": "2018-09-19T00:00:00", "dateUpdated": "2024-09-17T01:21:57.609Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apache:http_server:2.4.17:*:*:*:*:*:*:*", "matchCriteriaId": "E1F45B27-504B-4202-87B8-BD3B094003F1", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:http_server:2.4.18:*:*:*:*:*:*:*", "matchCriteriaId": "F2FB2B98-DFD2-420A-8A7F-9B288651242F", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:http_server:2.4.20:*:*:*:*:*:*:*", "matchCriteriaId": "B803D25B-0A19-4569-BA05-09D58F33917C", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:http_server:2.4.23:*:*:*:*:*:*:*", "matchCriteriaId": "8510442C-212F-4013-85FA-E0AB59F6F2C6", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:http_server:2.4.25:*:*:*:*:*:*:*", "matchCriteriaId": "FB5673AB-53BB-40B2-83A7-8B82B2D0EBB8", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:http_server:2.4.26:*:*:*:*:*:*:*", "matchCriteriaId": "FBB3ED63-45CA-44AB-973C-9AD2569AD800", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:http_server:2.4.27:*:*:*:*:*:*:*", "matchCriteriaId": "FF30AD98-9CBA-456E-A827-79FCEDEB30A1", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:http_server:2.4.28:*:*:*:*:*:*:*", "matchCriteriaId": "C117BF2F-1E5B-4AEC-8770-3153E5B4CD07", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:http_server:2.4.29:*:*:*:*:*:*:*", "matchCriteriaId": "437BC6D8-D103-452C-9C86-D89FC977A50F", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:http_server:2.4.30:*:*:*:*:*:*:*", "matchCriteriaId": "B652B1D0-CCDA-46C6-BCFE-A1478CD0A0DC", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:http_server:2.4.33:*:*:*:*:*:*:*", "matchCriteriaId": "344A54D6-1120-4EFB-990D-2837562889A2", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:http_server:2.4.34:*:*:*:*:*:*:*", "matchCriteriaId": "9BA36996-04B2-4DFB-86BC-4E655347E06C", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:http_server:2.4.35:*:*:*:*:*:*:*", "matchCriteriaId": "BD011C87-5F0C-48AE-88A7-B3A9BD8144EF", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:http_server:2.4.37:*:*:*:*:*:*:*", "matchCriteriaId": "DE5F8320-A680-4E2F-B32F-F7DBEED09ED6", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:netapp:santricity_cloud_connector:-:*:*:*:*:*:*:*", "matchCriteriaId": "AB15BCF1-1B1D-49D8-9B76-46DCB10044DB", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:storage_automation_store:-:*:*:*:*:*:*:*", "matchCriteriaId": "7B7A6697-98CC-4E36-93DB-B7160F8399F9", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:28:*:*:*:*:*:*:*", "matchCriteriaId": "DC1BD7B7-6D88-42B8-878E-F1318CA5FCAF", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*", "matchCriteriaId": "D100F7CE-FC64-4CC6-852A-6136D72DA419", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*", "matchCriteriaId": "AB654DFA-FEF9-4D00-ADB0-F3F2B6ACF13E", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:hospitality_guest_access:4.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "1A3DC116-2844-47A1-BEC2-D0675DD97148", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:hospitality_guest_access:4.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "E0F1DF3E-0F2D-4EFC-9A3E-F72149C8AE94", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:instantis_enterprisetrack:17.1:*:*:*:*:*:*:*", "matchCriteriaId": "82EA4BA7-C38B-4AF3-8914-9E3D089EBDD4", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:instantis_enterprisetrack:17.2:*:*:*:*:*:*:*", "matchCriteriaId": "B9C9BC66-FA5F-4774-9BDA-7AB88E2839C4", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:instantis_enterprisetrack:17.3:*:*:*:*:*:*:*", "matchCriteriaId": "7F69B9A5-F21B-4904-9F27-95C0F7A628E3", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "2F87FC90-16D0-4051-8280-B0DD4441F10B", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:7.1:*:*:*:*:*:*:*", "matchCriteriaId": "A0ED83E3-E6BF-4EAA-AF8F-33485A88A218", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:sun_zfs_storage_appliance_kit:8.8.6:*:*:*:*:*:*:*", "matchCriteriaId": "517A2282-C254-49EB-A52D-FC2B45E70ADD", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*", "matchCriteriaId": "815D70A8-47D3-459C-A32C-9FEACA0659D1", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*", "matchCriteriaId": "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*", "matchCriteriaId": "07C312A0-CD2C-4B9C-B064-6409B25C278F", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:jboss_core_services:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "A2466282-51AB-478D-9FF4-FA524265ED2E", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC", "vulnerable": false}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In Apache HTTP server versions 2.4.37 and prior, by sending request bodies in a slow loris way to plain resources, the h2 stream for that request unnecessarily occupied a server thread cleaning up that incoming data. This affects only HTTP/2 (mod_http2) connections."}, {"lang": "es", "value": "En Apache HTTP Server, en sus versiones 2.4.37 y anteriores, mediante el env\u00edo de cuerpos de respuesta mediante la t\u00e9cnica del \"slow loris\" a recursos planos, la transmisi\u00f3n h2 para esa petici\u00f3n ocup\u00f3 de forma innecesaria un hilo de servidor que limpiaba tales datos entrantes. Esto afecta solo a las conexiones HTTP/2 (mod_http2)."}], "id": "CVE-2018-17189", "lastModified": "2023-11-07T02:54:11.787", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-01-30T22:29:00.357", "references": [{"source": "security@apache.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/106685"}, {"source": "security@apache.org", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2019:3932"}, {"source": "security@apache.org", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2019:3933"}, {"source": "security@apache.org", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2019:3935"}, {"source": "security@apache.org", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2019:4126"}, {"source": "security@apache.org", "tags": ["Vendor Advisory"], "url": "https://httpd.apache.org/security/vulnerabilities_24.html"}, {"source": "security@apache.org", "url": "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E"}, {"source": "security@apache.org", "url": "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E"}, {"source": "security@apache.org", "url": "https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E"}, {"source": "security@apache.org", "url": "https://lists.apache.org/thread.html/r15f9aa4427581a1aecb4063f1b4b983511ae1c9935e2a0a6876dad3c%40%3Ccvs.httpd.apache.org%3E"}, {"source": "security@apache.org", "url": "https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E"}, {"source": "security@apache.org", "url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E"}, {"source": "security@apache.org", "url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E"}, {"source": "security@apache.org", "url": "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E"}, {"source": "security@apache.org", "url": "https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538%40%3Ccvs.httpd.apache.org%3E"}, {"source": "security@apache.org", "url": "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E"}, {"source": "security@apache.org", "url": "https://lists.apache.org/thread.html/re473305a65b4db888e3556e4dae10c2a04ee89dcff2e26ecdbd860a9%40%3Ccvs.httpd.apache.org%3E"}, {"source": "security@apache.org", "url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E"}, {"source": "security@apache.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IY7SJQOO3PYFVINZW6H5EK4EZ3HSGZNM/"}, {"source": "security@apache.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U7N3DUEBFVGQWQEME5HTPTTKDHGHBAC6/"}, {"source": "security@apache.org", "tags": ["Mailing List", "Issue Tracking", "Third Party Advisory"], "url": "https://seclists.org/bugtraq/2019/Apr/5"}, {"source": "security@apache.org", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/201903-21"}, {"source": "security@apache.org", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20190125-0001/"}, {"source": "security@apache.org", "tags": ["Third Party Advisory"], "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03950en_us"}, {"source": "security@apache.org", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/3937-1/"}, {"source": "security@apache.org", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2019/dsa-4422"}, {"source": "security@apache.org", "tags": ["Third Party Advisory"], "url": "https://www.oracle.com/security-alerts/cpujan2020.html"}, {"source": "security@apache.org", "tags": ["Third Party Advisory"], "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"}, {"source": "security@apache.org", "tags": ["Third Party Advisory"], "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"}, {"source": "security@apache.org", "tags": ["Third Party Advisory"], "url": "https://www.tenable.com/security/tns-2019-09"}], "sourceIdentifier": "security@apache.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-400"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2019:3932", "cpe": "cpe:/a:redhat:jboss_core_services:1::el6", "package": "jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6", "product_name": "JBoss Core Services on RHEL 6", "release_date": "2019-11-20T00:00:00Z"}, {"advisory": "RHSA-2019:3932", "cpe": "cpe:/a:redhat:jboss_core_services:1::el6", "package": "jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6", "product_name": "JBoss Core Services on RHEL 6", "release_date": "2019-11-20T00:00:00Z"}, {"advisory": "RHSA-2019:3932", "cpe": "cpe:/a:redhat:jboss_core_services:1::el6", "package": "jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6", "product_name": "JBoss Core Services on RHEL 6", "release_date": "2019-11-20T00:00:00Z"}, {"advisory": "RHSA-2019:3932", "cpe": "cpe:/a:redhat:jboss_core_services:1::el6", "package": "jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6", "product_name": "JBoss Core Services on RHEL 6", "release_date": "2019-11-20T00:00:00Z"}, {"advisory": "RHSA-2019:3932", "cpe": "cpe:/a:redhat:jboss_core_services:1::el6", "package": "jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6", "product_name": "JBoss Core Services on RHEL 6", "release_date": "2019-11-20T00:00:00Z"}, {"advisory": "RHSA-2019:3932", "cpe": "cpe:/a:redhat:jboss_core_services:1::el6", "package": "jbcs-httpd24-jansson-0:2.11-20.jbcs.el6", "product_name": "JBoss Core Services on RHEL 6", "release_date": "2019-11-20T00:00:00Z"}, {"advisory": "RHSA-2019:3932", "cpe": "cpe:/a:redhat:jboss_core_services:1::el6", "package": "jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6", "product_name": "JBoss Core Services on RHEL 6", "release_date": "2019-11-20T00:00:00Z"}, {"advisory": "RHSA-2019:3932", "cpe": "cpe:/a:redhat:jboss_core_services:1::el6", "package": "jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el6", "product_name": "JBoss Core Services on RHEL 6", "release_date": "2019-11-20T00:00:00Z"}, {"advisory": "RHSA-2019:3932", "cpe": "cpe:/a:redhat:jboss_core_services:1::el6", "package": "jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6", "product_name": "JBoss Core Services on RHEL 6", "release_date": "2019-11-20T00:00:00Z"}, {"advisory": "RHSA-2019:3932", "cpe": "cpe:/a:redhat:jboss_core_services:1::el6", "package": "jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6", "product_name": "JBoss Core Services on RHEL 6", "release_date": "2019-11-20T00:00:00Z"}, {"advisory": "RHSA-2019:3932", "cpe": "cpe:/a:redhat:jboss_core_services:1::el6", "package": "jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6", "product_name": "JBoss Core Services on RHEL 6", "release_date": "2019-11-20T00:00:00Z"}, {"advisory": "RHSA-2019:3933", "cpe": "cpe:/a:redhat:jboss_core_services:1::el7", "package": "jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7", "product_name": "JBoss Core Services on RHEL 7", "release_date": "2019-11-20T00:00:00Z"}, {"advisory": "RHSA-2019:3933", "cpe": "cpe:/a:redhat:jboss_core_services:1::el7", "package": "jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7", "product_name": "JBoss Core Services on RHEL 7", "release_date": "2019-11-20T00:00:00Z"}, {"advisory": "RHSA-2019:3933", "cpe": "cpe:/a:redhat:jboss_core_services:1::el7", "package": "jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7", "product_name": "JBoss Core Services on RHEL 7", "release_date": "2019-11-20T00:00:00Z"}, {"advisory": "RHSA-2019:3933", "cpe": "cpe:/a:redhat:jboss_core_services:1::el7", "package": "jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7", "product_name": "JBoss Core Services on RHEL 7", "release_date": "2019-11-20T00:00:00Z"}, {"advisory": "RHSA-2019:3933", "cpe": "cpe:/a:redhat:jboss_core_services:1::el7", "package": "jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7", "product_name": "JBoss Core Services on RHEL 7", "release_date": "2019-11-20T00:00:00Z"}, {"advisory": "RHSA-2019:3933", "cpe": "cpe:/a:redhat:jboss_core_services:1::el7", "package": "jbcs-httpd24-jansson-0:2.11-20.jbcs.el7", "product_name": "JBoss Core Services on RHEL 7", "release_date": "2019-11-20T00:00:00Z"}, {"advisory": "RHSA-2019:3933", "cpe": "cpe:/a:redhat:jboss_core_services:1::el7", "package": "jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7", "product_name": "JBoss Core Services on RHEL 7", "release_date": "2019-11-20T00:00:00Z"}, {"advisory": "RHSA-2019:3933", "cpe": "cpe:/a:redhat:jboss_core_services:1::el7", "package": "jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el7", "product_name": "JBoss Core Services on RHEL 7", "release_date": "2019-11-20T00:00:00Z"}, {"advisory": "RHSA-2019:3933", "cpe": "cpe:/a:redhat:jboss_core_services:1::el7", "package": "jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7", "product_name": "JBoss Core Services on RHEL 7", "release_date": "2019-11-20T00:00:00Z"}, {"advisory": "RHSA-2019:3933", "cpe": "cpe:/a:redhat:jboss_core_services:1::el7", "package": "jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7", "product_name": "JBoss Core Services on RHEL 7", "release_date": "2019-11-20T00:00:00Z"}, {"advisory": "RHSA-2019:3933", "cpe": "cpe:/a:redhat:jboss_core_services:1::el7", "package": "jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7", "product_name": "JBoss Core Services on RHEL 7", "release_date": "2019-11-20T00:00:00Z"}, {"advisory": "RHSA-2020:4751", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "httpd:2.4-8030020200818000036.30b713e6", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2020-11-04T00:00:00Z"}, {"advisory": "RHSA-2019:3935", "cpe": "cpe:/a:redhat:jboss_core_services:1", "package": "httpd", "product_name": "Red Hat JBoss Core Services 1", "release_date": "2019-11-20T00:00:00Z"}, {"advisory": "RHSA-2019:4126", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el6", "package": "httpd24-0:1.1-19.el6", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 6", "release_date": "2019-12-10T00:00:00Z"}, {"advisory": "RHSA-2019:4126", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el6", "package": "httpd24-httpd-0:2.4.34-15.el6", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 6", "release_date": "2019-12-10T00:00:00Z"}, {"advisory": "RHSA-2019:4126", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el6", "package": "httpd24-nghttp2-0:1.7.1-8.el6", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 6", "release_date": "2019-12-10T00:00:00Z"}, {"advisory": "RHSA-2019:4126", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "httpd24-0:1.1-19.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7", "release_date": "2019-12-10T00:00:00Z"}, {"advisory": "RHSA-2019:4126", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "httpd24-httpd-0:2.4.34-15.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7", "release_date": "2019-12-10T00:00:00Z"}, {"advisory": "RHSA-2019:4126", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "httpd24-nghttp2-0:1.7.1-8.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7", "release_date": "2019-12-10T00:00:00Z"}, {"advisory": "RHSA-2019:4126", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "httpd24-0:1.1-19.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.5 EUS", "release_date": "2019-12-10T00:00:00Z"}, {"advisory": "RHSA-2019:4126", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "httpd24-httpd-0:2.4.34-15.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.5 EUS", "release_date": "2019-12-10T00:00:00Z"}, {"advisory": "RHSA-2019:4126", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "httpd24-nghttp2-0:1.7.1-8.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.5 EUS", "release_date": "2019-12-10T00:00:00Z"}, {"advisory": "RHSA-2019:4126", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "httpd24-0:1.1-19.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.6 EUS", "release_date": "2019-12-10T00:00:00Z"}, {"advisory": "RHSA-2019:4126", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "httpd24-httpd-0:2.4.34-15.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.6 EUS", "release_date": "2019-12-10T00:00:00Z"}, {"advisory": "RHSA-2019:4126", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "httpd24-nghttp2-0:1.7.1-8.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.6 EUS", "release_date": "2019-12-10T00:00:00Z"}, {"advisory": "RHSA-2019:4126", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "httpd24-0:1.1-19.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.7 EUS", "release_date": "2019-12-10T00:00:00Z"}, {"advisory": "RHSA-2019:4126", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "httpd24-httpd-0:2.4.34-15.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.7 EUS", "release_date": "2019-12-10T00:00:00Z"}, {"advisory": "RHSA-2019:4126", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "httpd24-nghttp2-0:1.7.1-8.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.7 EUS", "release_date": "2019-12-10T00:00:00Z"}], "bugzilla": {"description": "httpd: mod_http2: DoS via slow, unneeded request bodies", "id": "1668497", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1668497"}, "csaw": false, "cvss3": {"cvss3_base_score": "4.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "status": "verified"}, "cwe": "CWE-400", "details": ["In Apache HTTP server versions 2.4.37 and prior, by sending request bodies in a slow loris way to plain resources, the h2 stream for that request unnecessarily occupied a server thread cleaning up that incoming data. This affects only HTTP/2 (mod_http2) connections."], "name": "CVE-2018-17189", "package_state": [{"cpe": "cpe:/a:redhat:cloudforms_managementengine:5", "fix_state": "Not affected", "package_name": "httpd", "product_name": "CloudForms Management Engine 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "httpd", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "httpd", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "httpd", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:5", "fix_state": "Not affected", "package_name": "httpd", "product_name": "Red Hat JBoss Enterprise Application Platform 5"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6", "fix_state": "Not affected", "package_name": "httpd", "product_name": "Red Hat JBoss Enterprise Application Platform 6"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_web_server:2", "fix_state": "Not affected", "package_name": "httpd", "product_name": "Red Hat JBoss Enterprise Web Server 2"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_web_server:3", "fix_state": "Not affected", "package_name": "httpd", "product_name": "Red Hat JBoss Web Server 3"}, {"cpe": "cpe:/o:redhat:rhev_hypervisor:4", "fix_state": "Not affected", "package_name": "rhvm-appliance", "product_name": "Red Hat Virtualization 4"}], "public_date": "2019-01-22T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2018-17189\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-17189"], "threat_severity": "Low", "upstream_fix": "httpd 2.4.38"}