7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
0.001 Low
EPSS
Percentile
25.1%
The mod_gnutls project reports:
Mod_gnutls is a TLS module for Apache HTTPD based on GnuTLS. Versions
from 0.9.0 to 0.12.0 (including) did not properly fail blocking
read operations on TLS connections when the transport hit timeouts.
Instead it entered an endless loop retrying the read operation,
consuming CPU resources. This could be exploited for denial of
service attacks. If trace level logging was enabled, it would also
produce an excessive amount of log output during the loop, consuming
disk space.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
FreeBSD | any | noarch | ap24-mod_gnutls | < 0.12.1 | UNKNOWN |
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
0.001 Low
EPSS
Percentile
25.1%