CVE-2018-17189

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2018-17189
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-17189.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2018-17189
Downstream
Related
Published
2019-01-30T22:29:00.357Z
Modified
2026-04-16T00:06:15.264771069Z
Severity
  • 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVSS Calculator
Summary
[none]
Details

In Apache HTTP server versions 2.4.37 and prior, by sending request bodies in a slow loris way to plain resources, the h2 stream for that request unnecessarily occupied a server thread cleaning up that incoming data. This affects only HTTP/2 (mod_http2) connections.

Database specific 
{
    "unresolved_ranges": [
        {
            "extracted_events": [
                {
                    "last_affected": "12.3.3"
                }
            ],
            "cpe": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*",
            "source": "CPE_FIELD"
        },
        {
            "extracted_events": [
                {
                    "last_affected": "4.2.0"
                }
            ],
            "cpe": "cpe:2.3:a:oracle:hospitality_guest_access:4.2.0:*:*:*:*:*:*:*",
            "source": "CPE_FIELD"
        },
        {
            "extracted_events": [
                {
                    "last_affected": "4.2.1"
                }
            ],
            "cpe": "cpe:2.3:a:oracle:hospitality_guest_access:4.2.1:*:*:*:*:*:*:*",
            "source": "CPE_FIELD"
        },
        {
            "extracted_events": [
                {
                    "last_affected": "17.1"
                }
            ],
            "cpe": "cpe:2.3:a:oracle:instantis_enterprisetrack:17.1:*:*:*:*:*:*:*",
            "source": "CPE_FIELD"
        },
        {
            "extracted_events": [
                {
                    "last_affected": "17.2"
                }
            ],
            "cpe": "cpe:2.3:a:oracle:instantis_enterprisetrack:17.2:*:*:*:*:*:*:*",
            "source": "CPE_FIELD"
        },
        {
            "extracted_events": [
                {
                    "last_affected": "17.3"
                }
            ],
            "cpe": "cpe:2.3:a:oracle:instantis_enterprisetrack:17.3:*:*:*:*:*:*:*",
            "source": "CPE_FIELD"
        },
        {
            "extracted_events": [
                {
                    "last_affected": "7.0"
                }
            ],
            "cpe": "cpe:2.3:a:oracle:retail_xstore_point_of_service:7.0:*:*:*:*:*:*:*",
            "source": "CPE_FIELD"
        },
        {
            "extracted_events": [
                {
                    "last_affected": "7.1"
                }
            ],
            "cpe": "cpe:2.3:a:oracle:retail_xstore_point_of_service:7.1:*:*:*:*:*:*:*",
            "source": "CPE_FIELD"
        },
        {
            "extracted_events": [
                {
                    "last_affected": "8.8.6"
                }
            ],
            "cpe": "cpe:2.3:a:oracle:sun_zfs_storage_appliance_kit:8.8.6:*:*:*:*:*:*:*",
            "source": "CPE_FIELD"
        },
        {
            "extracted_events": [
                {
                    "last_affected": "14.04"
                }
            ],
            "cpe": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*",
            "source": "CPE_FIELD"
        },
        {
            "extracted_events": [
                {
                    "last_affected": "16.04"
                }
            ],
            "cpe": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*",
            "source": "CPE_FIELD"
        },
        {
            "extracted_events": [
                {
                    "last_affected": "18.04"
                }
            ],
            "cpe": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
            "source": "CPE_FIELD"
        },
        {
            "extracted_events": [
                {
                    "last_affected": "18.10"
                }
            ],
            "cpe": "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*",
            "source": "CPE_FIELD"
        },
        {
            "extracted_events": [
                {
                    "last_affected": "9.0"
                }
            ],
            "cpe": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
            "source": "CPE_FIELD"
        },
        {
            "extracted_events": [
                {
                    "last_affected": "28"
                }
            ],
            "cpe": "cpe:2.3:o:fedoraproject:fedora:28:*:*:*:*:*:*:*",
            "source": "CPE_FIELD"
        },
        {
            "extracted_events": [
                {
                    "last_affected": "29"
                }
            ],
            "cpe": "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*",
            "source": "CPE_FIELD"
        }
    ]
}
References

Affected packages

Git / github.com/apache/httpd

Affected ranges

Type
GIT
Repo
https://github.com/apache/httpd
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
47a9d8e8abf5697b4580c3ee2ade302b5c058fa6
Last affected
b7ef32c4957883ab17105fa82e6331bf48bed78a
Last affected
6e65a7f3dadcade4274ae53f734d4c35188e3786
Last affected
ef07cb031c6f8f7ac483c26fc858aad68c365fd9
Last affected
954dfbe8a95dac3b93e12761f65754104f1696ea
Last affected
3cdd2d84507d2a86eb5dab2eec96f1035bb76d6c
Last affected
b898ce7c11834c1ca9bcff7aa85f9d42ee254d26
Last affected
48a67b87136be1426f2cc84de9c4e1101b37a2b9
Last affected
a168e4e5bab311688e66564ad230f32818adbacc
Last affected
3fe4a02b4936b73a10009ac8ea2c742730ccbe42
Last affected
4a283f70d99e6535b0be857261d297946a7c58bc
Last affected
e0b198f98b01973f75cb734b3864c429945dbdb0
Last affected
69374fc08f3cda06a7acfc1cb6fe4fc0ce277f63
Last affected
6431bbb0da47dd984110dc32728a84e5cc990313
Last affected
8048373d9a8bd8c7237829b56a06485d5f5bf2e4
Database specific 
{
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.4.17"
        },
        {
            "last_affected": "2.4.18"
        },
        {
            "last_affected": "2.4.20"
        },
        {
            "last_affected": "2.4.23"
        },
        {
            "last_affected": "2.4.25"
        },
        {
            "last_affected": "2.4.26"
        },
        {
            "last_affected": "2.4.27"
        },
        {
            "last_affected": "2.4.28"
        },
        {
            "last_affected": "2.4.29"
        },
        {
            "last_affected": "2.4.30"
        },
        {
            "last_affected": "2.4.33"
        },
        {
            "last_affected": "2.4.34"
        },
        {
            "last_affected": "2.4.35"
        },
        {
            "last_affected": "2.4.37"
        },
        {
            "last_affected": "1.0"
        }
    ],
    "cpe": [
        "cpe:2.3:a:apache:http_server:2.4.17:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:http_server:2.4.18:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:http_server:2.4.20:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:http_server:2.4.23:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:http_server:2.4.25:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:http_server:2.4.26:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:http_server:2.4.27:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:http_server:2.4.28:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:http_server:2.4.29:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:http_server:2.4.30:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:http_server:2.4.33:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:http_server:2.4.34:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:http_server:2.4.35:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:http_server:2.4.37:*:*:*:*:*:*:*",
        "cpe:2.3:a:redhat:jboss_core_services:1.0:*:*:*:*:*:*:*"
    ],
    "source": "CPE_FIELD"
}

Affected versions

2.*
2.4.17
2.4.18
2.4.20
2.4.23
2.4.25
2.4.26
2.4.27
2.4.28
2.4.29
2.4.30
2.4.33
2.4.34
2.4.35
2.4.37
Other
HTTPD_LDAP_1_0_0

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-17189.json"