Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2018-17189

In Apache HTTP server versions 2.4.37 and prior, by sending request bodies in a slow loris way to plain resources, the h2 stream for that request unnecessarily occupied a server thread cleaning up that incoming data. This affects only HTTP/2 (mod_http2) connections.

Related bugs and status

CVE-2018-17189 (Candidate) is related to these bugs:

Bug #1840188: Apply fix for CVE-2019-0197 in v2.4.29 in Bionic and Disco

Summary				In	Importance	Status
	1840188	Apply fix for CVE-2019-0197 in v2.4.29 in Bionic and Disco		apache2 (Ubuntu)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

References

CONFIRM: https://httpd.apache.o...
CONFIRM: https://security.netap...
BID: 106685
BUGTRAQ: 20190403 [SECURITY] [D...
DEBIAN: DSA-4422
FEDORA: FEDORA-2019-0300c36537
FEDORA: FEDORA-2019-133a8a7cb5
GENTOO: GLSA-201903-21
MISC: https://www.oracle.com...
UBUNTU: USN-3937-1
MISC: https://www.oracle.com...
MLIST: [httpd-cvs] 20190815 s...
MLIST: [httpd-cvs] 20190815 s...
CONFIRM: https://support.hpe.co...
REDHAT: RHSA-2019:3932
REDHAT: RHSA-2019:3933
REDHAT: RHSA-2019:3935
REDHAT: RHSA-2019:4126
CONFIRM: https://www.tenable.co...
MISC: https://www.oracle.com...
MLIST: [httpd-cvs] 20200401 s...
MLIST: [httpd-cvs] 20200401 s...
MLIST: [httpd-cvs] 20210330 s...
MLIST: [httpd-cvs] 20210330 s...
MLIST: [httpd-cvs] 20210330 s...
MLIST: [httpd-cvs] 20210330 s...
MLIST: [httpd-cvs] 20210330 s...
MLIST: [httpd-cvs] 20210330 s...
MLIST: [httpd-cvs] 20210330 s...
MLIST: [httpd-cvs] 20210606 s...