CVE-2018-17189

{"id": "CVE-2018-17189", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 3.9}]}, "published": "2019-01-30T22:29:00.357", "references": [{"url": "http://www.securityfocus.com/bid/106685", "tags": ["Third Party Advisory", "VDB Entry"], "source": "security@apache.org"}, {"url": "https://access.redhat.com/errata/RHSA-2019:3932", "tags": ["Third Party Advisory"], "source": "security@apache.org"}, {"url": "https://access.redhat.com/errata/RHSA-2019:3933", "tags": ["Third Party Advisory"], "source": "security@apache.org"}, {"url": "https://access.redhat.com/errata/RHSA-2019:3935", "tags": ["Third Party Advisory"], "source": "security@apache.org"}, {"url": "https://access.redhat.com/errata/RHSA-2019:4126", "tags": ["Third Party Advisory"], "source": "security@apache.org"}, {"url": "https://httpd.apache.org/security/vulnerabilities_24.html", "tags": ["Vendor Advisory"], "source": "security@apache.org"}, {"url": "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E", "source": "security@apache.org"}, {"url": "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E", "source": "security@apache.org"}, {"url": "https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E", "source": "security@apache.org"}, {"url": "https://lists.apache.org/thread.html/r15f9aa4427581a1aecb4063f1b4b983511ae1c9935e2a0a6876dad3c%40%3Ccvs.httpd.apache.org%3E", "source": "security@apache.org"}, {"url": "https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E", "source": "security@apache.org"}, {"url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E", "source": "security@apache.org"}, {"url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E", "source": "security@apache.org"}, {"url": "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E", "source": "security@apache.org"}, {"url": "https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538%40%3Ccvs.httpd.apache.org%3E", "source": "security@apache.org"}, {"url": "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E", "source": "security@apache.org"}, {"url": "https://lists.apache.org/thread.html/re473305a65b4db888e3556e4dae10c2a04ee89dcff2e26ecdbd860a9%40%3Ccvs.httpd.apache.org%3E", "source": "security@apache.org"}, {"url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E", "source": "security@apache.org"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IY7SJQOO3PYFVINZW6H5EK4EZ3HSGZNM/", "source": "security@apache.org"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U7N3DUEBFVGQWQEME5HTPTTKDHGHBAC6/", "source": "security@apache.org"}, {"url": "https://seclists.org/bugtraq/2019/Apr/5", "tags": ["Mailing List", "Issue Tracking", "Third Party Advisory"], "source": "security@apache.org"}, {"url": "https://security.gentoo.org/glsa/201903-21", "tags": ["Third Party Advisory"], "source": "security@apache.org"}, {"url": "https://security.netapp.com/advisory/ntap-20190125-0001/", "tags": ["Third Party Advisory"], "source": "security@apache.org"}, {"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03950en_us", "tags": ["Third Party Advisory"], "source": "security@apache.org"}, {"url": "https://usn.ubuntu.com/3937-1/", "tags": ["Third Party Advisory"], "source": "security@apache.org"}, {"url": "https://www.debian.org/security/2019/dsa-4422", "tags": ["Third Party Advisory"], "source": "security@apache.org"}, {"url": "https://www.oracle.com/security-alerts/cpujan2020.html", "tags": ["Third Party Advisory"], "source": "security@apache.org"}, {"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", "tags": ["Third Party Advisory"], "source": "security@apache.org"}, {"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", "tags": ["Third Party Advisory"], "source": "security@apache.org"}, {"url": "https://www.tenable.com/security/tns-2019-09", "tags": ["Third Party Advisory"], "source": "security@apache.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-400"}]}], "descriptions": [{"lang": "en", "value": "In Apache HTTP server versions 2.4.37 and prior, by sending request bodies in a slow loris way to plain resources, the h2 stream for that request unnecessarily occupied a server thread cleaning up that incoming data. This affects only HTTP/2 (mod_http2) connections."}, {"lang": "es", "value": "En Apache HTTP Server, en sus versiones 2.4.37 y anteriores, mediante el env\u00edo de cuerpos de respuesta mediante la t\u00e9cnica del \"slow loris\" a recursos planos, la transmisi\u00f3n h2 para esa petici\u00f3n ocup\u00f3 de forma innecesaria un hilo de servidor que limpiaba tales datos entrantes. Esto afecta solo a las conexiones HTTP/2 (mod_http2)."}], "lastModified": "2023-11-07T02:54:11.787", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:apache:http_server:2.4.17:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E1F45B27-504B-4202-87B8-BD3B094003F1"}, {"criteria": "cpe:2.3:a:apache:http_server:2.4.18:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F2FB2B98-DFD2-420A-8A7F-9B288651242F"}, {"criteria": "cpe:2.3:a:apache:http_server:2.4.20:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B803D25B-0A19-4569-BA05-09D58F33917C"}, {"criteria": "cpe:2.3:a:apache:http_server:2.4.23:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8510442C-212F-4013-85FA-E0AB59F6F2C6"}, {"criteria": "cpe:2.3:a:apache:http_server:2.4.25:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FB5673AB-53BB-40B2-83A7-8B82B2D0EBB8"}, {"criteria": "cpe:2.3:a:apache:http_server:2.4.26:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FBB3ED63-45CA-44AB-973C-9AD2569AD800"}, {"criteria": "cpe:2.3:a:apache:http_server:2.4.27:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FF30AD98-9CBA-456E-A827-79FCEDEB30A1"}, {"criteria": "cpe:2.3:a:apache:http_server:2.4.28:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C117BF2F-1E5B-4AEC-8770-3153E5B4CD07"}, {"criteria": "cpe:2.3:a:apache:http_server:2.4.29:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "437BC6D8-D103-452C-9C86-D89FC977A50F"}, {"criteria": "cpe:2.3:a:apache:http_server:2.4.30:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B652B1D0-CCDA-46C6-BCFE-A1478CD0A0DC"}, {"criteria": "cpe:2.3:a:apache:http_server:2.4.33:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "344A54D6-1120-4EFB-990D-2837562889A2"}, {"criteria": "cpe:2.3:a:apache:http_server:2.4.34:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9BA36996-04B2-4DFB-86BC-4E655347E06C"}, {"criteria": "cpe:2.3:a:apache:http_server:2.4.35:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BD011C87-5F0C-48AE-88A7-B3A9BD8144EF"}, {"criteria": "cpe:2.3:a:apache:http_server:2.4.37:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DE5F8320-A680-4E2F-B32F-F7DBEED09ED6"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:netapp:santricity_cloud_connector:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AB15BCF1-1B1D-49D8-9B76-46DCB10044DB"}, {"criteria": "cpe:2.3:a:netapp:storage_automation_store:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7B7A6697-98CC-4E36-93DB-B7160F8399F9"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:28:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DC1BD7B7-6D88-42B8-878E-F1318CA5FCAF"}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D100F7CE-FC64-4CC6-852A-6136D72DA419"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AB654DFA-FEF9-4D00-ADB0-F3F2B6ACF13E"}, {"criteria": "cpe:2.3:a:oracle:hospitality_guest_access:4.2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1A3DC116-2844-47A1-BEC2-D0675DD97148"}, {"criteria": "cpe:2.3:a:oracle:hospitality_guest_access:4.2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E0F1DF3E-0F2D-4EFC-9A3E-F72149C8AE94"}, {"criteria": "cpe:2.3:a:oracle:instantis_enterprisetrack:17.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "82EA4BA7-C38B-4AF3-8914-9E3D089EBDD4"}, {"criteria": "cpe:2.3:a:oracle:instantis_enterprisetrack:17.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B9C9BC66-FA5F-4774-9BDA-7AB88E2839C4"}, {"criteria": "cpe:2.3:a:oracle:instantis_enterprisetrack:17.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7F69B9A5-F21B-4904-9F27-95C0F7A628E3"}, {"criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:7.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2F87FC90-16D0-4051-8280-B0DD4441F10B"}, {"criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:7.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A0ED83E3-E6BF-4EAA-AF8F-33485A88A218"}, {"criteria": "cpe:2.3:a:oracle:sun_zfs_storage_appliance_kit:8.8.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "517A2282-C254-49EB-A52D-FC2B45E70ADD"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*", "vulnerable": true, "matchCriteriaId": "815D70A8-47D3-459C-A32C-9FEACA0659D1"}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*", "vulnerable": true, "matchCriteriaId": "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6"}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "vulnerable": true, "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D"}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "07C312A0-CD2C-4B9C-B064-6409B25C278F"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:redhat:jboss_core_services:1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A2466282-51AB-478D-9FF4-FA524265ED2E"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC"}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "security@apache.org"}