Trustwave ModSecurity 3.0.0 through 3.0.3 Improper Resource Shutdown or Release Vulnerability

Summary

Trustwave ModSecurity 3.0.0 through 3.0.3 suffers from improper resource shutdown or release vulnerability

Credit:

The information has been provided by Vendor

The original article can be found at:https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/modsecurity-denial-of-service-details-cve-2019-19886/


Details

Trustwave ModSecurity 3.0.0 through 3.0.3 allows an attacker to send crafted requests that may, when sent quickly in large volumes, lead to the server becoming slow or unresponsive (Denial of Service) because of a flaw in Transaction::addRequestHeader in transaction.cc.

 

Vulnerable Systems:

Trustwave ModSecurity 3.0.0 through 3.0.3

 

CVE Information:

CVE-2019-19886

 

Disclosure Timeline:
Published Date:1/21/2020

Categories: FeaturedNews