CVE-2019-19886
CVE-2019-19886
Vexday Risk Score
3Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS —EPSS 2.5%KEV nãoPoC —Nuclei —Metasploit —Patch referenciado
Lifecycle
21 Jan 2020Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
Trustwave ModSecurity 3.0.0 through 3.0.3 allows an attacker to send crafted requests that may, when sent quickly in large volumes, lead to the server becoming slow or unresponsive (Denial of Service) because of a flaw in Transaction::addRequestHeader in transaction.cc.
Affected products
n/a · n/aWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GWVUC54OPU7ICFYIXXVGQ5DOTMR4Z6ZY/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JI3MNFRNUZD6RAJ5CPQZSUXQXDZ2K7IL/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M7IIUNYIEZOWHRWWRVT3FR45MLE6HGDY/https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/modsecurity-denial-of-service-details-cve-2019-19886/