7.5

CVE-2019-19886

EPSS 4.01%
Published 21.01.2020 22:15:15
Last modified 03.07.2025 20:59:18
Source cve@mitre.org
Teams watchlist Login
Open Login

Trustwave ModSecurity 3.0.0 through 3.0.3 allows an attacker to send crafted requests that may, when sent quickly in large volumes, lead to the server becoming slow or unresponsive (Denial of Service) because of a flaw in Transaction::addRequestHeader in transaction.cc.

Affected products Warnungen 0 Metrics 3 CWE 1 References 7

Data is provided by the National Vulnerability Database (NVD)

Owasp ≫ Modsecurity Version >= 3.0.0 <= 3.0.3

Fedoraproject ≫ Fedora Version30

Fedoraproject ≫ Fedora Version31

Fedoraproject ≫ Fedora Version32

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	4.01%	0.88

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:N/A:P

CWE-404 Improper Resource Shutdown or Release

The product does not release or incorrectly releases a resource before it is made available for re-use.

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GWVUC54OPU7ICFYIXXVGQ5DOTMR4Z6ZY/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JI3MNFRNUZD6RAJ5CPQZSUXQXDZ2K7IL/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M7IIUNYIEZOWHRWWRVT3FR45MLE6HGDY/

https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/modsecurity-denial-of-service-details-cve-2019-19886/

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2019-19886

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2019-19886

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2019-19886

EUVD