Published: 30/01/2019 Updated: 07/11/2023

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 446

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

A bug exists in the way mod_ssl handled client renegotiations. A remote attacker could send a carefully crafted request that would cause mod_ssl to enter a loop leading to a denial of service. This bug can be only triggered with Apache HTTP Server version 2.4.37 when using OpenSSL version 1.1.1 or later, due to an interaction in changes to handling of renegotiation attempts.

Vulnerable Product	Search on Vulmon	Subscribe to Product
apache http_server 2.4.37
oracle retail xstore point of service 7.1
oracle retail xstore point of service 7.0
oracle hospitality guest access 4.2.0
oracle hospitality guest access 4.2.1
oracle enterprise manager ops center 12.3.3
oracle instantis enterprisetrack 17.1
oracle instantis enterprisetrack 17.2
oracle instantis enterprisetrack 17.3

Debian Bug report logs - #920220 apache2: CVE-2019-0190: mod_ssl 2437 remote DoS when used with OpenSSL 111 Package: src:apache2; Maintainer for src:apache2 is Debian Apache Maintainers <debian-apache@listsdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Tue, 22 Jan 2019 20:21:02 UTC Seve ...

In Apache HTTP server by sending request bodies in a slow loris way to plain resources, the h2 stream for that request unnecessarily occupied a server thread cleaning up that incoming data This affects only HTTP/2 (mod_http2) connections (CVE-2018-17189) A bug exists in the way mod_ssl handled client renegotiations A remote attacker could send ...

** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem When the candidate has been publicized, the details for this candidate will be provided ...

A bug exists in the way mod_ssl handled client renegotiations A remote attacker could send a carefully crafted request that would cause mod_ssl to enter a loop leading to a denial of service This bug can be only triggered with Apache HTTP Server version 2437 when using OpenSSL version 111 or later, due to an interaction in changes to handling ...

Simulating a DoS attack - Client SSL Renegotiation - mod_ssl 2.4.37 & openssl 1.1.1

SIMPY_DoS Simulating a DoS attack - Client SSL Renegotiation - mod_ssl 2437 & openssl 111 CVE 2019-0190 Requirements: SimPy version 231 This code simulates with SimPy parallel SSLConnection and many Renegotiation for each SSLConnection Variables: time >> represents the CPU time of full handshake (You can observe, capture, and test your CPU time for

Jake GitHub Action play project The Dockerfile in this project generates a list of conda packages for use by Jake, and more specifically, the jake-github-action See the CI config in this project for an example of using the Jake Action docker build -t conda-list docker run conda-list > packageslist The openssl package has a vul

CVE-2019-0190

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Github Repositories

References

Vulmon Search

About

Products

Connect