VDB

GCVE-VVD-MAGEIA-2019-109

GCVE-VVD-MAGEIA-2019-109
Advisory Published
Vulnetix · Advisory published August 31, 2019
By sending request bodies in a slow loris way to plain resources, the h2 stream for that request unnecessarily occupied a server thread cleaning up that incoming data. This affects only HTTP/2 (mod_http2) connections in Apache HTTP Server versions 2.4.37 and prior (CVE-2018-17189). In Apache HTTP Server 2.4 release 2.4.37 and prior, mod_session checks the session expiry time before decoding the session. This causes session expiry time to be ignored for mod_session_cookie sessions since the expiry time is loaded when the session is decoded (CVE-2018-17199). The apache package has been updated to version 2.4.38, fixing these issues and several other bugs. See the upstream CHANGES files for details.
Download JSON Open in Console

Affected Products

VendorProductVersionsPlatforms
Mageiamesa0 (affected), 19.1.5-2.mga7 (unaffected)
Mageiaapache0 (affected), 2.4.38-1.mga6 (unaffected), 0 (affected), 2.4.38-1.mga6 (unaffected)

References

Updated apache packages fix security vulnerability
advisory
Updated apache packages fix security vulnerability
issue
Updated apache packages fix security vulnerability
issue
Updated apache packages fix security vulnerability
issue
Mesa 19.1.5 maintenance release
advisory
Mesa 19.1.5 maintenance release
issue
Mesa 19.1.5 maintenance release
issue

Browse GCVE Records

100 records in the GCVE database · Updated April 16, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

Open in Console Download JSON
$ Console Community · 100/wk Open console ›