Vulnerability CVE-2019-0190


Published: 2019-01-30

Description:
A bug exists in the way mod_ssl handled client renegotiations. A remote attacker could send a carefully crafted request that would cause mod_ssl to enter a loop leading to a denial of service. This bug can be only triggered with Apache HTTP Server version 2.4.37 when using OpenSSL version 1.1.1 or later, due to an interaction in changes to handling of renegotiation attempts.

Type:

CWE-20

(Improper Input Validation)

CVSS2 => (AV:N/AC:L/Au:N/C:N/I:N/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
5/10
2.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
None
None
Partial
Affected software
Oracle -> Enterprise manager ops center 
Openssl -> Openssl 
Netapp -> Santricity cloud connector 
Apache -> Http server 

 References:
http://www.securityfocus.com/bid/106743
https://httpd.apache.org/security/vulnerabilities_24.html
https://security.gentoo.org/glsa/201903-21
https://security.netapp.com/advisory/ntap-20190125-0001/
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html

Copyright 2020, cxsecurity.com

 

Back to Top