Download
| Alert*
oval:org.secpod.oval:def:55066
The host is installed with Apache HTTP Server version 2.4.37 with OpenSSL version 1.1.1 or later and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to properly handle the client negotiations by mod_ssl. Successful exploitation could allow attackers t ... oval:org.secpod.oval:def:1600980 A bug exists in the way mod_ssl handled client renegotiations. A remote attacker could send a carefully crafted request that would cause mod_ssl to enter a loop leading to a denial of service. This bug can be only triggered with Apache HTTP Server version 2.4.37 when using OpenSSL version 1.1.1 or l ... oval:org.secpod.oval:def:1000590 The remote host is missing a patch 152644-07 containing a security fix. For more information please visit the reference link. oval:org.secpod.oval:def:1000452 The remote host is missing a patch 152643-07 containing a security fix. For more information please visit the reference link. oval:org.secpod.oval:def:2104597 In Apache HTTP server versions 2.4.37 and prior, by sending request bodies in a slow loris way to plain resources, the h2 stream for that request unnecessarily occupied a server thread cleaning up that incoming data. This affects only HTTP/2 (mod_http2) connections. oval:org.secpod.oval:def:1801294 CVE-2018-17189: DoS for HTTP/2 connections via slow request bodies¶ By sending request bodies in a slow loris way to plain resources, the h2 stream for that request unnecessarily occupied a server thread cleaning up that incoming data. This affects only HTTP/2 connections. A possible mitigation ... oval:org.secpod.oval:def:1801296 CVE-2018-17189: DoS for HTTP/2 connections via slow request bodies¶ By sending request bodies in a slow loris way to plain resources, the h2 stream for that request unnecessarily occupied a server thread cleaning up that incoming data. This affects only HTTP/2 connections. A possible mitigation ... oval:org.secpod.oval:def:1801297 CVE-2018-17189: DoS for HTTP/2 connections via slow request bodies¶ By sending request bodies in a slow loris way to plain resources, the h2 stream for that request unnecessarily occupied a server thread cleaning up that incoming data. This affects only HTTP/2 connections. A possible mitigation ... oval:org.secpod.oval:def:1801348 CVE-2018-17189: DoS for HTTP/2 connections via slow request bodies¶ By sending request bodies in a slow loris way to plain resources, the h2 stream for that request unnecessarily occupied a server thread cleaning up that incoming data. This affects only HTTP/2 connections. A possible mitigation ... |