2023-04-24 12:24:31 +02:00
{
"id" : "CVE-2018-17189" ,
"sourceIdentifier" : "security@apache.org" ,
"published" : "2019-01-30T22:29:00.357" ,
2023-11-07 21:03:21 +00:00
"lastModified" : "2023-11-07T02:54:11.787" ,
"vulnStatus" : "Modified" ,
2023-04-24 12:24:31 +02:00
"descriptions" : [
{
"lang" : "en" ,
"value" : "In Apache HTTP server versions 2.4.37 and prior, by sending request bodies in a slow loris way to plain resources, the h2 stream for that request unnecessarily occupied a server thread cleaning up that incoming data. This affects only HTTP/2 (mod_http2) connections."
} ,
{
"lang" : "es" ,
"value" : "En Apache HTTP Server, en sus versiones 2.4.37 y anteriores, mediante el env\u00edo de cuerpos de respuesta mediante la t\u00e9cnica del \"slow loris\" a recursos planos, la transmisi\u00f3n h2 para esa petici\u00f3n ocup\u00f3 de forma innecesaria un hilo de servidor que limpiaba tales datos entrantes. Esto afecta solo a las conexiones HTTP/2 (mod_http2)."
}
] ,
"metrics" : {
"cvssMetricV31" : [
{
"source" : "nvd@nist.gov" ,
"type" : "Primary" ,
"cvssData" : {
"version" : "3.1" ,
"vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" ,
"attackVector" : "NETWORK" ,
"attackComplexity" : "LOW" ,
"privilegesRequired" : "NONE" ,
"userInteraction" : "NONE" ,
"scope" : "UNCHANGED" ,
"confidentialityImpact" : "NONE" ,
"integrityImpact" : "NONE" ,
"availabilityImpact" : "LOW" ,
"baseScore" : 5.3 ,
"baseSeverity" : "MEDIUM"
} ,
"exploitabilityScore" : 3.9 ,
"impactScore" : 1.4
}
] ,
"cvssMetricV2" : [
{
"source" : "nvd@nist.gov" ,
"type" : "Primary" ,
"cvssData" : {
"version" : "2.0" ,
"vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P" ,
"accessVector" : "NETWORK" ,
"accessComplexity" : "LOW" ,
"authentication" : "NONE" ,
"confidentialityImpact" : "NONE" ,
"integrityImpact" : "NONE" ,
"availabilityImpact" : "PARTIAL" ,
"baseScore" : 5.0
} ,
"baseSeverity" : "MEDIUM" ,
"exploitabilityScore" : 10.0 ,
"impactScore" : 2.9 ,
"acInsufInfo" : false ,
"obtainAllPrivilege" : false ,
"obtainUserPrivilege" : false ,
"obtainOtherPrivilege" : false ,
"userInteractionRequired" : false
}
]
} ,
"weaknesses" : [
{
"source" : "nvd@nist.gov" ,
"type" : "Primary" ,
"description" : [
{
"lang" : "en" ,
"value" : "CWE-400"
}
]
}
] ,
"configurations" : [
{
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:apache:http_server:2.4.17:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "E1F45B27-504B-4202-87B8-BD3B094003F1"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:apache:http_server:2.4.18:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "F2FB2B98-DFD2-420A-8A7F-9B288651242F"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:apache:http_server:2.4.20:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "B803D25B-0A19-4569-BA05-09D58F33917C"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:apache:http_server:2.4.23:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "8510442C-212F-4013-85FA-E0AB59F6F2C6"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:apache:http_server:2.4.25:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "FB5673AB-53BB-40B2-83A7-8B82B2D0EBB8"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:apache:http_server:2.4.26:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "FBB3ED63-45CA-44AB-973C-9AD2569AD800"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:apache:http_server:2.4.27:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "FF30AD98-9CBA-456E-A827-79FCEDEB30A1"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:apache:http_server:2.4.28:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "C117BF2F-1E5B-4AEC-8770-3153E5B4CD07"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:apache:http_server:2.4.29:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "437BC6D8-D103-452C-9C86-D89FC977A50F"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:apache:http_server:2.4.30:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "B652B1D0-CCDA-46C6-BCFE-A1478CD0A0DC"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:apache:http_server:2.4.33:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "344A54D6-1120-4EFB-990D-2837562889A2"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:apache:http_server:2.4.34:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "9BA36996-04B2-4DFB-86BC-4E655347E06C"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:apache:http_server:2.4.35:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "BD011C87-5F0C-48AE-88A7-B3A9BD8144EF"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:apache:http_server:2.4.37:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "DE5F8320-A680-4E2F-B32F-F7DBEED09ED6"
}
]
}
]
} ,
{
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:netapp:santricity_cloud_connector:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "AB15BCF1-1B1D-49D8-9B76-46DCB10044DB"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:netapp:storage_automation_store:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "7B7A6697-98CC-4E36-93DB-B7160F8399F9"
}
]
}
]
} ,
{
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:fedoraproject:fedora:28:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "DC1BD7B7-6D88-42B8-878E-F1318CA5FCAF"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "D100F7CE-FC64-4CC6-852A-6136D72DA419"
}
]
}
]
} ,
{
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "DEECE5FC-CACF-4496-A3E7-164736409252"
}
]
}
]
} ,
{
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "AB654DFA-FEF9-4D00-ADB0-F3F2B6ACF13E"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:oracle:hospitality_guest_access:4.2.0:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "1A3DC116-2844-47A1-BEC2-D0675DD97148"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:oracle:hospitality_guest_access:4.2.1:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "E0F1DF3E-0F2D-4EFC-9A3E-F72149C8AE94"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:oracle:instantis_enterprisetrack:17.1:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "82EA4BA7-C38B-4AF3-8914-9E3D089EBDD4"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:oracle:instantis_enterprisetrack:17.2:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "B9C9BC66-FA5F-4774-9BDA-7AB88E2839C4"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:oracle:instantis_enterprisetrack:17.3:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "7F69B9A5-F21B-4904-9F27-95C0F7A628E3"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:oracle:retail_xstore_point_of_service:7.0:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "2F87FC90-16D0-4051-8280-B0DD4441F10B"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:oracle:retail_xstore_point_of_service:7.1:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "A0ED83E3-E6BF-4EAA-AF8F-33485A88A218"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:oracle:sun_zfs_storage_appliance_kit:8.8.6:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "517A2282-C254-49EB-A52D-FC2B45E70ADD"
}
]
}
]
} ,
{
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*" ,
"matchCriteriaId" : "815D70A8-47D3-459C-A32C-9FEACA0659D1"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*" ,
"matchCriteriaId" : "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*" ,
"matchCriteriaId" : "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "07C312A0-CD2C-4B9C-B064-6409B25C278F"
}
]
}
]
} ,
{
"operator" : "AND" ,
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:redhat:jboss_core_services:1.0:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "A2466282-51AB-478D-9FF4-FA524265ED2E"
}
]
} ,
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : false ,
"criteria" : "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC"
} ,
{
"vulnerable" : false ,
"criteria" : "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "142AD0DD-4CF3-4D74-9442-459CE3347E3A"
}
]
}
]
}
] ,
"references" : [
{
"url" : "http://www.securityfocus.com/bid/106685" ,
"source" : "security@apache.org" ,
"tags" : [
"Third Party Advisory" ,
"VDB Entry"
]
} ,
{
"url" : "https://access.redhat.com/errata/RHSA-2019:3932" ,
"source" : "security@apache.org" ,
"tags" : [
"Third Party Advisory"
]
} ,
{
"url" : "https://access.redhat.com/errata/RHSA-2019:3933" ,
"source" : "security@apache.org" ,
"tags" : [
"Third Party Advisory"
]
} ,
{
"url" : "https://access.redhat.com/errata/RHSA-2019:3935" ,
"source" : "security@apache.org" ,
"tags" : [
"Third Party Advisory"
]
} ,
{
"url" : "https://access.redhat.com/errata/RHSA-2019:4126" ,
"source" : "security@apache.org" ,
"tags" : [
"Third Party Advisory"
]
} ,
{
"url" : "https://httpd.apache.org/security/vulnerabilities_24.html" ,
"source" : "security@apache.org" ,
"tags" : [
"Vendor Advisory"
]
} ,
{
2023-11-07 21:03:21 +00:00
"url" : "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E" ,
"source" : "security@apache.org"
2023-04-24 12:24:31 +02:00
} ,
{
2023-11-07 21:03:21 +00:00
"url" : "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E" ,
"source" : "security@apache.org"
2023-04-24 12:24:31 +02:00
} ,
{
2023-11-07 21:03:21 +00:00
"url" : "https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E" ,
"source" : "security@apache.org"
2023-04-24 12:24:31 +02:00
} ,
{
2023-11-07 21:03:21 +00:00
"url" : "https://lists.apache.org/thread.html/r15f9aa4427581a1aecb4063f1b4b983511ae1c9935e2a0a6876dad3c%40%3Ccvs.httpd.apache.org%3E" ,
"source" : "security@apache.org"
2023-04-24 12:24:31 +02:00
} ,
{
2023-11-07 21:03:21 +00:00
"url" : "https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E" ,
"source" : "security@apache.org"
2023-04-24 12:24:31 +02:00
} ,
{
2023-11-07 21:03:21 +00:00
"url" : "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E" ,
"source" : "security@apache.org"
2023-04-24 12:24:31 +02:00
} ,
{
2023-11-07 21:03:21 +00:00
"url" : "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E" ,
"source" : "security@apache.org"
2023-04-24 12:24:31 +02:00
} ,
{
2023-11-07 21:03:21 +00:00
"url" : "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E" ,
"source" : "security@apache.org"
2023-04-24 12:24:31 +02:00
} ,
{
2023-11-07 21:03:21 +00:00
"url" : "https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538%40%3Ccvs.httpd.apache.org%3E" ,
"source" : "security@apache.org"
2023-04-24 12:24:31 +02:00
} ,
{
2023-11-07 21:03:21 +00:00
"url" : "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E" ,
"source" : "security@apache.org"
2023-04-24 12:24:31 +02:00
} ,
{
2023-11-07 21:03:21 +00:00
"url" : "https://lists.apache.org/thread.html/re473305a65b4db888e3556e4dae10c2a04ee89dcff2e26ecdbd860a9%40%3Ccvs.httpd.apache.org%3E" ,
"source" : "security@apache.org"
2023-04-24 12:24:31 +02:00
} ,
{
2023-11-07 21:03:21 +00:00
"url" : "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E" ,
"source" : "security@apache.org"
2023-04-24 12:24:31 +02:00
} ,
{
2023-11-07 21:03:21 +00:00
"url" : "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IY7SJQOO3PYFVINZW6H5EK4EZ3HSGZNM/" ,
"source" : "security@apache.org"
2023-04-24 12:24:31 +02:00
} ,
{
2023-11-07 21:03:21 +00:00
"url" : "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U7N3DUEBFVGQWQEME5HTPTTKDHGHBAC6/" ,
"source" : "security@apache.org"
2023-04-24 12:24:31 +02:00
} ,
{
"url" : "https://seclists.org/bugtraq/2019/Apr/5" ,
"source" : "security@apache.org" ,
"tags" : [
"Mailing List" ,
"Issue Tracking" ,
"Third Party Advisory"
]
} ,
{
"url" : "https://security.gentoo.org/glsa/201903-21" ,
"source" : "security@apache.org" ,
"tags" : [
"Third Party Advisory"
]
} ,
{
"url" : "https://security.netapp.com/advisory/ntap-20190125-0001/" ,
"source" : "security@apache.org" ,
"tags" : [
"Third Party Advisory"
]
} ,
{
"url" : "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03950en_us" ,
"source" : "security@apache.org" ,
"tags" : [
"Third Party Advisory"
]
} ,
{
"url" : "https://usn.ubuntu.com/3937-1/" ,
"source" : "security@apache.org" ,
"tags" : [
"Third Party Advisory"
]
} ,
{
"url" : "https://www.debian.org/security/2019/dsa-4422" ,
"source" : "security@apache.org" ,
"tags" : [
"Third Party Advisory"
]
} ,
{
"url" : "https://www.oracle.com/security-alerts/cpujan2020.html" ,
"source" : "security@apache.org" ,
"tags" : [
"Third Party Advisory"
]
} ,
{
"url" : "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" ,
"source" : "security@apache.org" ,
"tags" : [
"Third Party Advisory"
]
} ,
{
"url" : "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" ,
"source" : "security@apache.org" ,
"tags" : [
"Third Party Advisory"
]
} ,
{
"url" : "https://www.tenable.com/security/tns-2019-09" ,
"source" : "security@apache.org" ,
"tags" : [
"Third Party Advisory"
]
}
]
}
