CVE-2018-17189

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2018-17189
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-17189.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2018-17189
Downstream
Related
Published
2019-01-30T22:29:00.357Z
Modified
2026-02-06T04:09:54.716615Z
Severity
  • 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVSS Calculator
Summary
[none]
Details

In Apache HTTP server versions 2.4.37 and prior, by sending request bodies in a slow loris way to plain resources, the h2 stream for that request unnecessarily occupied a server thread cleaning up that incoming data. This affects only HTTP/2 (mod_http2) connections.

References

Affected packages

Git / github.com/apache/httpd

Affected ranges

Type
GIT
Repo
https://github.com/apache/httpd
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
3cdd2d84507d2a86eb5dab2eec96f1035bb76d6c
Last affected
3fe4a02b4936b73a10009ac8ea2c742730ccbe42
Last affected
47a9d8e8abf5697b4580c3ee2ade302b5c058fa6
Last affected
48a67b87136be1426f2cc84de9c4e1101b37a2b9
Last affected
4a283f70d99e6535b0be857261d297946a7c58bc
Last affected
6431bbb0da47dd984110dc32728a84e5cc990313
Last affected
69374fc08f3cda06a7acfc1cb6fe4fc0ce277f63
Last affected
6e65a7f3dadcade4274ae53f734d4c35188e3786
Last affected
8048373d9a8bd8c7237829b56a06485d5f5bf2e4
Last affected
954dfbe8a95dac3b93e12761f65754104f1696ea
Last affected
a168e4e5bab311688e66564ad230f32818adbacc
Last affected
b7ef32c4957883ab17105fa82e6331bf48bed78a
Last affected
b898ce7c11834c1ca9bcff7aa85f9d42ee254d26
Last affected
e0b198f98b01973f75cb734b3864c429945dbdb0
Last affected
ef07cb031c6f8f7ac483c26fc858aad68c365fd9

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-17189.json"

Git / github.com/bbbrumley/portsmash

Affected ranges

Type
GIT
Repo
https://github.com/bbbrumley/portsmash
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
014b1cf4b5e203d849e55387564a28994b01c708

Affected versions

v1.*
v1.0.0

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-17189.json"

Git / github.com/php/php-src

Affected ranges

Type
GIT
Repo
https://github.com/php/php-src
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
0221e9f827632942225586687a33cfd554860d5e
Last affected
0cf31a3d89b872e89110f19fd7393ad72934aadc
Last affected
60fffd296abce5fc071f3c173c25a2696cf683c6
Last affected
8328c689402a5c3c244b5eba6679892b561c83f2
Last affected
ae2e5e64f4a1e355095e08365387d05fc19797ee
Last affected
c7fdb98bc59fe743c682e1362456474da6c92402

Affected versions

Other
NEWS
NEWS-cvs2svn
POST_64BIT_BRANCH_MERGE
POST_AST_MERGE
POST_NATIVE_TLS_MERGE
POST_PHP7_EREG_MYSQL_REMOVALS
POST_PHP7_NSAPI_REMOVAL
POST_PHP7_REMOVALS
POST_PHPNG_MERGE
PRE_64BIT_BRANCH_MERGE
PRE_AST_MERGE
PRE_NATIVE_TLS_MERGE
PRE_PHP7_EREG_MYSQL_REMOVALS
PRE_PHP7_NSAPI_REMOVAL
PRE_PHP7_REMOVALS
PRE_PHPNG_MERGE
php-5.*
php-5.3.23RC1
php-5.3.29
php-5.3.29RC1
php-5.4.30RC1
php-5.4.32RC1
php-5.4.4RC2
php-5.5.24RC1
php-7.*
php-7.0.0
php-7.0.0RC1
php-7.0.0RC2
php-7.0.0RC3
php-7.0.0RC4
php-7.0.0RC5
php-7.0.0RC6
php-7.0.0RC7
php-7.0.0RC8
php-7.0.0alpha1
php-7.0.0alpha2
php-7.0.0beta1
php-7.0.0beta2
php-7.0.0beta3

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-17189.json"