CVE-2018-17189

In Apache HTTP server versions 2.4.37 and prior, by sending request bodies in a slow loris way to plain resources, the h2 stream for that request unnecessarily occupied a server thread cleaning up that incoming data. This affects only HTTP/2 (mod_http2) connections.

Published : 2019-01-30 22:29 Updated : 2019-04-18 15:31

5.0
CVSS Score More info
Score 5.0 / 10
5.0
Vendor Product Version URI
Apache Http Server 2.4.37 cpe:/a:apache:http_server:2.4.37
Netapp Santricity Cloud Connector - cpe:/a:netapp:santricity_cloud_connector:-
Netapp Storage Automation Store - cpe:/a:netapp:storage_automation_store:-
Debian Debian Linux 9.0 cpe:/o:debian:debian_linux:9.0
Fedoraproject Fedora 28 cpe:/o:fedoraproject:fedora:28
Fedoraproject Fedora 29 cpe:/o:fedoraproject:fedora:29
  1. Debian (1) Search CVE
    1. Debian Linux (1) Search CVE
      1. 9.0
  2. Netapp (2) Search CVE
    1. Santricity Cloud Connector (1) Search CVE
      1. -
    2. Storage Automation Store (1) Search CVE
      1. -
  3. Fedoraproject (1) Search CVE
    1. Fedora (2) Search CVE
      1. 28
      2. 29
  4. Apache (1) Search CVE
    1. Http Server (1) Search CVE
      1. 2.4.37

CWE

ID Name Description Links
CWE-400 Uncontrolled Resource Consumption ('Resource Exhaustion') The software does not properly restrict the size or amount of resources that are requested or influenced by an actor, which can be used to consume more resources than intended. CVE

History of changes

Date Event
2019-04-18 15:31
2019-03-23 04:29
2019-03-21 17:29
2019-02-15 19:10
2019-01-31 11:29
2019-01-30 22:29

New CVE