CVE-2019-19886
First published: Tue Jan 21 2020(Updated: )
Trustwave ModSecurity 3.0.0 through 3.0.3 allows an attacker to send crafted requests that may, when sent quickly in large volumes, lead to the server becoming slow or unresponsive (Denial of Service) because of a flaw in Transaction::addRequestHeader in transaction.cc.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Trustwave ModSecurity | >=3.0.0<=3.0.3 | |
| Fedoraproject Fedora | =30 | |
| Fedoraproject Fedora | =31 | |
| Fedoraproject Fedora | =32 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GWVUC54OPU7ICFYIXXVGQ5DOTMR4Z6ZY/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JI3MNFRNUZD6RAJ5CPQZSUXQXDZ2K7IL/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M7IIUNYIEZOWHRWWRVT3FR45MLE6HGDY/
- https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/modsecurity-denial-of-service-details-cve-2019-19886/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M7IIUNYIEZOWHRWWRVT3FR45MLE6HGDY/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GWVUC54OPU7ICFYIXXVGQ5DOTMR4Z6ZY/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JI3MNFRNUZD6RAJ5CPQZSUXQXDZ2K7IL/
Frequently Asked Questions
What is CVE-2019-19886?
CVE-2019-19886 is a vulnerability in Trustwave ModSecurity 3.0.0 through 3.0.3 that allows an attacker to send crafted requests that may lead to a Denial of Service.
What is the severity of CVE-2019-19886?
CVE-2019-19886 has a severity value of 7.5 (high).
Which software versions are affected by CVE-2019-19886?
Trustwave ModSecurity versions 3.0.0 through 3.0.3 and Fedora versions 30, 31, and 32 are affected by CVE-2019-19886.
How can an attacker exploit CVE-2019-19886?
An attacker can exploit CVE-2019-19886 by sending crafted requests quickly and in large volumes, causing the server to become slow or unresponsive.
Are there any fixes or patches available for CVE-2019-19886?
Yes, patches are available for Trustwave ModSecurity and Fedora to address the vulnerability. Please refer to the provided references for more information.
- collector/nvd-index
- agent/references
- agent/weakness
- agent/severity
- agent/author
- agent/type
- agent/description
- agent/event
- agent/softwarecombine
- agent/first-publish-date
- agent/last-modified-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/trustwave
- canonical/trustwave modsecurity
- version/trustwave modsecurity/3.0.0
- version/trustwave modsecurity/3.0.3
- vendor/fedoraproject
- canonical/fedoraproject fedora
- version/fedoraproject fedora/30
- version/fedoraproject fedora/31
- version/fedoraproject fedora/32