Vulnerability Description
Trustwave ModSecurity 3.0.0 through 3.0.3 allows an attacker to send crafted requests that may, when sent quickly in large volumes, lead to the server becoming slow or unresponsive (Denial of Service) because of a flaw in Transaction::addRequestHeader in transaction.cc.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Owasp | Modsecurity | >= 3.0.0, <= 3.0.3 |
| Fedoraproject | Fedora | 30 |
Related Weaknesses (CWE)
References
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/modsecurity-deniVendor Advisory
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/modsecurity-deniVendor Advisory
FAQ
What is CVE-2019-19886?
CVE-2019-19886 is a vulnerability with a CVSS score of 7.5 (HIGH). Trustwave ModSecurity 3.0.0 through 3.0.3 allows an attacker to send crafted requests that may, when sent quickly in large volumes, lead to the server becoming slow or unresponsive (Denial of Service)...
How severe is CVE-2019-19886?
CVE-2019-19886 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-19886?
Check the references section above for vendor advisories and patch information. Affected products include: Owasp Modsecurity, Fedoraproject Fedora.