CVE-2019-0190

{"id": "CVE-2019-0190", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2019-01-30T22:29:00.497", "references": [{"url": "http://www.securityfocus.com/bid/106743", "tags": ["Third Party Advisory", "VDB Entry"], "source": "security@apache.org"}, {"url": "https://httpd.apache.org/security/vulnerabilities_24.html", "tags": ["Vendor Advisory"], "source": "security@apache.org"}, {"url": "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E", "source": "security@apache.org"}, {"url": "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E", "source": "security@apache.org"}, {"url": "https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d%40%3Ccvs.httpd.apache.org%3E", "source": "security@apache.org"}, {"url": "https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E", "source": "security@apache.org"}, {"url": "https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E", "source": "security@apache.org"}, {"url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E", "source": "security@apache.org"}, {"url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E", "source": "security@apache.org"}, {"url": "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E", "source": "security@apache.org"}, {"url": "https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538%40%3Ccvs.httpd.apache.org%3E", "source": "security@apache.org"}, {"url": "https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9%40%3Ccvs.httpd.apache.org%3E", "source": "security@apache.org"}, {"url": "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E", "source": "security@apache.org"}, {"url": "https://lists.apache.org/thread.html/re473305a65b4db888e3556e4dae10c2a04ee89dcff2e26ecdbd860a9%40%3Ccvs.httpd.apache.org%3E", "source": "security@apache.org"}, {"url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E", "source": "security@apache.org"}, {"url": "https://security.gentoo.org/glsa/201903-21", "tags": ["Third Party Advisory"], "source": "security@apache.org"}, {"url": "https://security.netapp.com/advisory/ntap-20190125-0001/", "tags": ["Third Party Advisory"], "source": "security@apache.org"}, {"url": "https://www.oracle.com//security-alerts/cpujul2021.html", "source": "security@apache.org"}, {"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", "tags": ["Third Party Advisory"], "source": "security@apache.org"}, {"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", "tags": ["Third Party Advisory"], "source": "security@apache.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "A bug exists in the way mod_ssl handled client renegotiations. A remote attacker could send a carefully crafted request that would cause mod_ssl to enter a loop leading to a denial of service. This bug can be only triggered with Apache HTTP Server version 2.4.37 when using OpenSSL version 1.1.1 or later, due to an interaction in changes to handling of renegotiation attempts."}, {"lang": "es", "value": "Existe un problema en la manera en la que mod_ssl gestionaba registros de cliente. Un atacante remoto podr\u00eda enviar una petici\u00f3n especialmente manipulada que conducir\u00eda a que mod_ssl entre en un bucle, provocando una denegaci\u00f3n de servicio (DoS). Este problema puede desencadenarse con Apache HTTP Server, en su versi\u00f3n 2.4.37, a la hora de utilizar OpenSSL, en versiones 1.1.1 o anteriores, debido a una interacci\u00f3n en cambios de la gesti\u00f3n de intentos de renegociaci\u00f3n."}], "lastModified": "2023-11-07T03:01:47.243", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:apache:http_server:2.4.37:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DE5F8320-A680-4E2F-B32F-F7DBEED09ED6"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "8822FB8F-06BE-4B95-8385-148A1F1F7255", "versionStartIncluding": "1.1.1"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AB654DFA-FEF9-4D00-ADB0-F3F2B6ACF13E"}, {"criteria": "cpe:2.3:a:oracle:hospitality_guest_access:4.2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1A3DC116-2844-47A1-BEC2-D0675DD97148"}, {"criteria": "cpe:2.3:a:oracle:hospitality_guest_access:4.2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E0F1DF3E-0F2D-4EFC-9A3E-F72149C8AE94"}, {"criteria": "cpe:2.3:a:oracle:instantis_enterprisetrack:17.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "82EA4BA7-C38B-4AF3-8914-9E3D089EBDD4"}, {"criteria": "cpe:2.3:a:oracle:instantis_enterprisetrack:17.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B9C9BC66-FA5F-4774-9BDA-7AB88E2839C4"}, {"criteria": "cpe:2.3:a:oracle:instantis_enterprisetrack:17.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7F69B9A5-F21B-4904-9F27-95C0F7A628E3"}, {"criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:7.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2F87FC90-16D0-4051-8280-B0DD4441F10B"}, {"criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:7.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A0ED83E3-E6BF-4EAA-AF8F-33485A88A218"}], "operator": "OR"}]}], "sourceIdentifier": "security@apache.org"}