Lucene search

Veracode Vulnerability DatabaseVERACODE:19705

HistoryMay 16, 2019 - 3:22 a.m.

Denial Of Service (DoS) Through CPU Exhaustion

2019-05-1603:22:55

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

0.025 Low

EPSS

Percentile

90.3%

JSON

nginx is vulnerable to denial of service(DoS) attacks. A remote user could issue a specially crafted HTTP/2 request to cause excessive CPU consumption.

CPENameOperatorVersion
rh-nginx114-nginxeq1.14.0__3.el7
rh-nginx114-nginxeq1.14.0__3.el7

CPE	Name	Operator	Version
	rh-nginx114-nginx	eq	1.14.0__3.el7
	rh-nginx114-nginx	eq	1.14.0__3.el7

References

lists.opensuse.org/opensuse-security-announce/2019-09/msg00035.html

mailman.nginx.org/pipermail/nginx-announce/2018/000220.html

seclists.org/fulldisclosure/2021/Sep/36

www.securityfocus.com/bid/105868

www.securitytracker.com/id/1042038

access.redhat.com/errata/RHSA-2018:3680

access.redhat.com/errata/RHSA-2018:3681

access.redhat.com/security/updates/classification/#important

bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16844

support.apple.com/kb/HT212818

usn.ubuntu.com/3812-1/

www.debian.org/security/2018/dsa-4335

0.025 Low

EPSS

Percentile

90.3%

JSON

Related for VERACODE:19705