The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Vulnerability of Apache httpd: infinite loop via mod_ssl OpenSSL 1.1.1 Client Renegotiations

Synthesis of the vulnerability 

An attacker can trigger an infinite loop via mod_ssl OpenSSL 1.1.1 Client Renegotiations of Apache httpd, in order to trigger a denial of service.
Impacted systems: Apache httpd, IBM i, Solaris, Slackware.
Severity of this alert: 3/4.
Creation date: 23/01/2019.
Références of this alert: bulletinapr2019, CERTFR-2019-AVI-031, CVE-2019-0190, ibm10872490, SSA:2019-022-01, VIGILANCE-VUL-28331.

Description of the vulnerability 

An attacker can trigger an infinite loop via mod_ssl OpenSSL 1.1.1 Client Renegotiations of Apache httpd, in order to trigger a denial of service.
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

This cybersecurity announce impacts software or systems such as Apache httpd, IBM i, Solaris, Slackware.

Our Vigil@nce team determined that the severity of this threat alert is important.

The trust level is of type confirmed by the editor, with an origin of internet client.

An attacker with a expert ability can exploit this computer weakness alert.

Solutions for this threat 

Apache httpd: version 2.4.38.
The version 2.4.38 is fixed:
  http://httpd.apache.org/download.cgi

IBM i: patch for HTTP Server.
A patch is indicated in information sources.

Oracle Solaris: patch for third party software of April 2019 v1.
A patch is available:
  https://support.oracle.com/rs?type=doc&id=1448883.1

Slackware: new httpd packages.
New packages are available:
  Slackware 14.0: httpd 2.4.38-*-1_slack14.0
  Slackware 14.1: httpd 2.4.38-*-1_slack14.1
  Slackware 14.2: httpd 2.4.38-*-1_slack14.2
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

Computer vulnerabilities tracking service 

Vigil@nce provides a systems vulnerabilities alert. The Vigil@nce vulnerability database contains several thousand vulnerabilities.