content/security/json/CVE-2018-17189.json - httpd-site - Git at Google

 {
   "data_type": "CVE",
   "data_format": "MITRE",
   "data_version": "4.0",
   "generator": {
     "engine": "xmltojsonmjc 1.0"
   },
   "references": {},
   "timeline": [
     {
       "time": "2018-10-16",
       "lang": "eng",
       "value": "reported"
     },
     {
       "time": "2019-01-22",
       "lang": "eng",
       "value": "public"
     },
     {
       "time": "2019-02-28",
       "lang": "eng",
       "value": "2.4.38 released"
     }
   ],
   "CNA_private": {
     "owner": "httpd"
   },
   "CVE_data_meta": {
     "ASSIGNER": "security@apache.org",
     "AKA": "",
     "STATE": "PUBLIC",
     "DATE_PUBLIC": "2019-01-22",
     "ID": "CVE-2018-17189",
     "TITLE": "DoS for HTTP/2 connections via slow request bodies"
   },
   "source": {
     "defect": [],
     "advisory": "",
     "discovery": "UNKNOWN"
   },
   "problemtype": {
     "problemtype_data": [
       {
         "description": [
           {
             "lang": "eng",
             "value": "DoS for HTTP/2 connections via slow request bodies"
           }
         ]
       }
     ]
   },
   "credit": [
     {
       "lang": "eng",
       "value": "The issue was discovered by Gal Goldshtein of F5 Networks."
     }
   ],
   "description": {
     "description_data": [
       {
         "lang": "eng",
         "value": "By sending request bodies in a slow loris way to plain resources, the h2 stream for that request unnecessarily occupied a server thread cleaning up that incoming data. This affects only HTTP/2 connections. A possible mitigation is to not enable the h2 protocol."
       }
     ]
   },
   "impact": [
     {
       "other": "low"
     }
   ],
   "affects": {
     "vendor": {
       "vendor_data": [
         {
           "vendor_name": "Apache Software Foundation",
           "product": {
             "product_data": [
               {
                 "product_name": "Apache HTTP Server",
                 "version": {
                   "version_data": [
                     {
                       "version_name": "2.4",
                       "version_affected": "=",
                       "version_value": "2.4.37"
                     },
                     {
                       "version_name": "2.4",
                       "version_affected": "=",
                       "version_value": "2.4.35"
                     },
                     {
                       "version_name": "2.4",
                       "version_affected": "=",
                       "version_value": "2.4.34"
                     },
                     {
                       "version_name": "2.4",
                       "version_affected": "=",
                       "version_value": "2.4.33"
                     },
                     {
                       "version_name": "2.4",
                       "version_affected": "=",
                       "version_value": "2.4.30"
                     },
                     {
                       "version_name": "2.4",
                       "version_affected": "=",
                       "version_value": "2.4.29"
                     },
                     {
                       "version_name": "2.4",
                       "version_affected": "=",
                       "version_value": "2.4.28"
                     },
                     {
                       "version_name": "2.4",
                       "version_affected": "=",
                       "version_value": "2.4.27"
                     },
                     {
                       "version_name": "2.4",
                       "version_affected": "=",
                       "version_value": "2.4.26"
                     },
                     {
                       "version_name": "2.4",
                       "version_affected": "=",
                       "version_value": "2.4.25"
                     },
                     {
                       "version_name": "2.4",
                       "version_affected": "=",
                       "version_value": "2.4.23"
                     },
                     {
                       "version_name": "2.4",
                       "version_affected": "=",
                       "version_value": "2.4.20"
                     },
                     {
                       "version_name": "2.4",
                       "version_affected": "=",
                       "version_value": "2.4.18"
                     },
                     {
                       "version_name": "2.4",
                       "version_affected": "=",
                       "version_value": "2.4.17"
                     }
                   ]
                 }
               }
             ]
           }
         }
       ]
     }
   }
 }
	{
	"data_type": "CVE",
	"data_format": "MITRE",
	"data_version": "4.0",
	"generator": {
	"engine": "xmltojsonmjc 1.0"
	},
	"references": {},
	"timeline": [
	{
	"time": "2018-10-16",
	"lang": "eng",
	"value": "reported"
	},
	{
	"time": "2019-01-22",
	"lang": "eng",
	"value": "public"
	},
	{
	"time": "2019-02-28",
	"lang": "eng",
	"value": "2.4.38 released"
	}
	],
	"CNA_private": {
	"owner": "httpd"
	},
	"CVE_data_meta": {
	"ASSIGNER": "security@apache.org",
	"AKA": "",
	"STATE": "PUBLIC",
	"DATE_PUBLIC": "2019-01-22",
	"ID": "CVE-2018-17189",
	"TITLE": "DoS for HTTP/2 connections via slow request bodies"
	},
	"source": {
	"defect": [],
	"advisory": "",
	"discovery": "UNKNOWN"
	},
	"problemtype": {
	"problemtype_data": [
	{
	"description": [
	{
	"lang": "eng",
	"value": "DoS for HTTP/2 connections via slow request bodies"
	}
	]
	}
	]
	},
	"credit": [
	{
	"lang": "eng",
	"value": "The issue was discovered by Gal Goldshtein of F5 Networks."
	}
	],
	"description": {
	"description_data": [
	{
	"lang": "eng",
	"value": "By sending request bodies in a slow loris way to plain resources, the h2 stream for that request unnecessarily occupied a server thread cleaning up that incoming data. This affects only HTTP/2 connections. A possible mitigation is to not enable the h2 protocol."
	}
	]
	},
	"impact": [
	{
	"other": "low"
	}
	],
	"affects": {
	"vendor": {
	"vendor_data": [
	{
	"vendor_name": "Apache Software Foundation",
	"product": {
	"product_data": [
	{
	"product_name": "Apache HTTP Server",
	"version": {
	"version_data": [
	{
	"version_name": "2.4",
	"version_affected": "=",
	"version_value": "2.4.37"
	},
	{
	"version_name": "2.4",
	"version_affected": "=",
	"version_value": "2.4.35"
	},
	{
	"version_name": "2.4",
	"version_affected": "=",
	"version_value": "2.4.34"
	},
	{
	"version_name": "2.4",
	"version_affected": "=",
	"version_value": "2.4.33"
	},
	{
	"version_name": "2.4",
	"version_affected": "=",
	"version_value": "2.4.30"
	},
	{
	"version_name": "2.4",
	"version_affected": "=",
	"version_value": "2.4.29"
	},
	{
	"version_name": "2.4",
	"version_affected": "=",
	"version_value": "2.4.28"
	},
	{
	"version_name": "2.4",
	"version_affected": "=",
	"version_value": "2.4.27"
	},
	{
	"version_name": "2.4",
	"version_affected": "=",
	"version_value": "2.4.26"
	},
	{
	"version_name": "2.4",
	"version_affected": "=",
	"version_value": "2.4.25"
	},
	{
	"version_name": "2.4",
	"version_affected": "=",
	"version_value": "2.4.23"
	},
	{
	"version_name": "2.4",
	"version_affected": "=",
	"version_value": "2.4.20"
	},
	{
	"version_name": "2.4",
	"version_affected": "=",
	"version_value": "2.4.18"
	},
	{
	"version_name": "2.4",
	"version_affected": "=",
	"version_value": "2.4.17"
	}
	]
	}
	}
	]
	}
	}
	]
	}
	}
	}