CVE-2019-19886 — Improper Resource Shutdown or Release in Modsecurity

CWE-404 — Improper Resource Shutdown or Release8 documents6 sources

Severity

7.5HIGHNVD

EPSS

4.0%

top 11.54%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Trustwave Modsecurity Owasp Modsecurity Fedoraproject Fedora

Timeline

PublishedJan 21

Latest updateMay 24

Description

Trustwave ModSecurity 3.0.0 through 3.0.3 allows an attacker to send crafted requests that may, when sent quickly in large volumes, lead to the server becoming slow or unresponsive (Denial of Service) because of a flaw in Transaction::addRequestHeader in transaction.cc.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

▶Debiantrustwave/modsecurity< 3.0.4-1+3

▶NVDowasp/modsecurity3.0.0 — 3.0.3

Also affects: Fedora 30, 31, 32

🔴Vulnerability Details

GHSA

GHSA-p5f3-2x3f-r9c7: Trustwave ModSecurity 3↗2022-05-24

▶

CVEList

CVE-2019-19886: Trustwave ModSecurity 3↗2020-01-21

▶

OSV

CVE-2019-19886: Trustwave ModSecurity 3↗2020-01-21

▶

📋Vendor Advisories

Debian

CVE-2019-19886: modsecurity - Trustwave ModSecurity 3.0.0 through 3.0.3 allows an attacker to send crafted req...↗2019

▶

💬Community

Bugzilla

CVE-2019-19886 libmodsecurity: denial of service in Transaction::addRequestHeader in transaction.cc [epel-7]↗2020-02-11

▶

Bugzilla

CVE-2019-19886 libmodsecurity: denial of service in Transaction::addRequestHeader in transaction.cc↗2020-02-11

▶

Bugzilla

CVE-2019-19886 libmodsecurity: denial of service in Transaction::addRequestHeader in transaction.cc [fedora-all]↗2020-02-11

▶