suse · CVE-2018-17189

Quick triage

Priority: medium Published: 2021-05-30 14:17:11 UTC Updated: 2026-03-05 06:40:01 UTC

View at Official suse advisory, NVD, CVE.org · CVE detail

Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.

Tracker summary

CVE-2018-17189 severity moderate: SUSE including 47 source package names (apache2, apache2-2.4.23-29.34.4, …), 110 product×package rows across 25 product lines (SLES for SAP Applications 11 SP3, SUSE Liberty Linux 8, … (25 product lines)): Fixed 84, Known Not Affected 26.

Description:

In Apache HTTP server versions 2.4.37 and prior, by sending request bodies in a slow loris way to plain resources, the h2 stream for that request unnecessarily occupied a server thread cleaning up that incoming data. This affects only HTTP/2 (mod_http2) connections.

cvelogic Threat Intelligence