Candidate: CVE-2019-19886
PublicDate: 2020-01-21 22:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19886
 https://github.com/SpiderLabs/ModSecurity/pull/2202
 https://github.com/SpiderLabs/ModSecurity/commit/7ba77631f9a37e0680d23ee57c455c6a35c65cb9
 https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/modsecurity-denial-of-service-details-cve-2019-19886/
Description:
 Trustwave ModSecurity 3.0.0 through 3.0.3 allows an attacker to send
 crafted requests that may, when sent quickly in large volumes, lead to the
 server becoming slow or unresponsive (Denial of Service) because of a flaw
 in Transaction::addRequestHeader in transaction.cc.
Ubuntu-Description:
Notes:
Mitigation:
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=949682
Priority: untriaged
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H [7.5 HIGH]


Patches_modsecurity:
upstream_modsecurity: released (3.0.4-1)
precise/esm_modsecurity: DNE
trusty_modsecurity: ignored (out of standard support)
trusty/esm_modsecurity: DNE
xenial_modsecurity: DNE
bionic_modsecurity: DNE
eoan_modsecurity: ignored (reached end-of-life)
focal_modsecurity: not-affected (3.0.4-1)
devel_modsecurity: not-affected (3.0.4-1)