CVE-2019-0190

A bug exists in the way mod_ssl handled client renegotiations. A remote attacker could send a carefully crafted request that would cause mod_ssl to enter a loop leading to a denial of service. This bug can be only triggered with Apache HTTP Server version 2.4.37 when using OpenSSL version 1.1.1 or later, due to an interaction in changes to handling of renegotiation attempts.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 99%
Affected Products (NVD)
VendorProductVersion
apachehttp_server
2.4.37
oracleenterprise_manager_ops_center
12.3.3
oraclehospitality_guest_access
4.2.0
oraclehospitality_guest_access
4.2.1
oracleinstantis_enterprisetrack
17.1
oracleinstantis_enterprisetrack
17.2
oracleinstantis_enterprisetrack
17.3
oracleretail_xstore_point_of_service
7.0
oracleretail_xstore_point_of_service
7.1
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
apache2
bookworm
2.4.62-1~deb12u1
fixed
bookworm (security)
2.4.62-1~deb12u2
fixed
bullseye
2.4.62-1~deb11u1
fixed
bullseye (security)
2.4.62-1~deb11u2
fixed
jessie
not-affected
sid
2.4.62-3
fixed
stretch
not-affected
trixie
2.4.62-3
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
apache2
bionic
not-affected
cosmic
not-affected
trusty
not-affected
xenial
not-affected
Amazon Linux logo
Amazon Linux Releases
Amazon Package
Release
httpd24
Amazon Linux 1
0:2.4.38-1.86.amzn1
fixed
httpd24-debuginfo
Amazon Linux 1
0:2.4.38-1.86.amzn1
fixed
httpd24-devel
Amazon Linux 1
0:2.4.38-1.86.amzn1
fixed
httpd24-manual
Amazon Linux 1
0:2.4.38-1.86.amzn1
fixed
httpd24-tools
Amazon Linux 1
0:2.4.38-1.86.amzn1
fixed
mod24_ldap
Amazon Linux 1
0:2.4.38-1.86.amzn1
fixed
mod24_md
Amazon Linux 1
0:2.4.38-1.86.amzn1
fixed
mod24_proxy_html
Amazon Linux 1
1:2.4.38-1.86.amzn1
fixed
mod24_session
Amazon Linux 1
0:2.4.38-1.86.amzn1
fixed
mod24_ssl
Amazon Linux 1
1:2.4.38-1.86.amzn1
fixed
References