CVE-2019-0190 (retired)

Priority
Description
A bug exists in the way mod_ssl handled client renegotiations. A remote
attacker could send a carefully crafted request that would cause mod_ssl to
enter a loop leading to a denial of service. This bug can be only triggered
with Apache HTTP Server version 2.4.37 when using OpenSSL version 1.1.1 or
later, due to an interaction in changes to handling of renegotiation
attempts.
Notes
 leosilva> Issue only affects 2.4.37
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):not-affected (code not present)
Ubuntu 14.04 LTS (Trusty Tahr):not-affected (code not present)
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (code not present)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (code not present)
Ubuntu 18.10 (Cosmic Cuttlefish):not-affected (code not present)
Ubuntu 19.04 (Disco Dingo):not-affected (code not present)
More Information

Updated: 2019-03-26 12:27:52 UTC (commit ccdecfcf0fead22bd291e5f4ea745a46872dcb15)