CVE-2019-0190

CVE Database · CVE-2019-0190

CVE-2019-0190

· HIGHModified

CVSS v3.1

7.5

EPSS

59.94%

Published

Jan 30, 2019

Modified

Nov 21, 2024

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

A bug exists in the way mod_ssl handled client renegotiations. A remote attacker could send a carefully crafted request that would cause mod_ssl to enter a loop leading to a denial of service. This bug can be only triggered with Apache HTTP Server version 2.4.37 when using OpenSSL version 1.1.1 or later, due to an interaction in changes to handling of renegotiation attempts.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products (10)

apache · http_servervulnerable

openssl · openssl

oracle · enterprise_manager_ops_centervulnerable

oracle · hospitality_guest_accessvulnerable

oracle · instantis_enterprisetrackvulnerable

oracle · retail_xstore_point_of_servicevulnerable

References (20)

http://www.securityfocus.com/bid/106743

Third Party AdvisoryVDB Entry