Vulnerability Details CVE-2018-16844
nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the implementation of HTTP/2 that can allow for excessive CPU usage. This issue affects nginx compiled with the ngx_http_v2_module (not compiled by default) if the 'http2' option of the 'listen' directive is used in a configuration file.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.061
EPSS Ranking 90.2%
CVSS Severity
CVSS v3 Score 5.3
CVSS v2 Score 7.8
References
- http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00035.html
- http://mailman.nginx.org/pipermail/nginx-announce/2018/000220.html
- http://seclists.org/fulldisclosure/2021/Sep/36
- http://www.securityfocus.com/bid/105868
- http://www.securitytracker.com/id/1042038
- https://access.redhat.com/errata/RHSA-2018:3680
- https://access.redhat.com/errata/RHSA-2018:3681
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16844
- https://support.apple.com/kb/HT212818
- https://usn.ubuntu.com/3812-1/
- https://www.debian.org/security/2018/dsa-4335
- http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00035.html
- http://mailman.nginx.org/pipermail/nginx-announce/2018/000220.html
- http://seclists.org/fulldisclosure/2021/Sep/36
- http://www.securityfocus.com/bid/105868
- http://www.securitytracker.com/id/1042038
- https://access.redhat.com/errata/RHSA-2018:3680
- https://access.redhat.com/errata/RHSA-2018:3681
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16844
- https://support.apple.com/kb/HT212818
- https://usn.ubuntu.com/3812-1/
- https://www.debian.org/security/2018/dsa-4335
Products affected by CVE-2018-16844
-
cpe:2.3:a:apple:xcode:-
-
cpe:2.3:a:apple:xcode:1.5.0
-
cpe:2.3:a:apple:xcode:10
-
cpe:2.3:a:apple:xcode:11.0
-
cpe:2.3:a:apple:xcode:11.2
-
cpe:2.3:a:apple:xcode:11.3
-
cpe:2.3:a:apple:xcode:12.0
-
cpe:2.3:a:apple:xcode:12.4
-
cpe:2.3:a:apple:xcode:12.5
-
cpe:2.3:a:apple:xcode:12.5.1
-
cpe:2.3:a:apple:xcode:2.0.0
-
cpe:2.3:a:apple:xcode:2.1.0
-
cpe:2.3:a:apple:xcode:2.2.0
-
cpe:2.3:a:apple:xcode:2.3.0
-
cpe:2.3:a:apple:xcode:2.4.0
-
cpe:2.3:a:apple:xcode:2.4.1
-
cpe:2.3:a:apple:xcode:3.1
-
cpe:2.3:a:apple:xcode:3.1.1
-
cpe:2.3:a:apple:xcode:3.1.2
-
cpe:2.3:a:apple:xcode:3.1.3
-
cpe:2.3:a:apple:xcode:3.1.4
-
cpe:2.3:a:apple:xcode:3.2.1
-
cpe:2.3:a:apple:xcode:3.2.2
-
cpe:2.3:a:apple:xcode:3.2.3
-
cpe:2.3:a:apple:xcode:3.2.4
-
cpe:2.3:a:apple:xcode:3.2.5
-
cpe:2.3:a:apple:xcode:4.0
-
cpe:2.3:a:apple:xcode:4.0.1
-
cpe:2.3:a:apple:xcode:4.0.2
-
cpe:2.3:a:apple:xcode:4.1
-
cpe:2.3:a:apple:xcode:4.1.1
-
cpe:2.3:a:apple:xcode:4.2
-
cpe:2.3:a:apple:xcode:4.2.1
-
cpe:2.3:a:apple:xcode:4.3
-
cpe:2.3:a:apple:xcode:4.3.1
-
cpe:2.3:a:apple:xcode:4.3.2
-
cpe:2.3:a:apple:xcode:4.3.3
-
cpe:2.3:a:apple:xcode:4.4
-
cpe:2.3:a:apple:xcode:4.4.1
-
cpe:2.3:a:apple:xcode:4.5
-
cpe:2.3:a:apple:xcode:4.5.1
-
cpe:2.3:a:apple:xcode:4.5.2
-
cpe:2.3:a:apple:xcode:4.6
-
cpe:2.3:a:apple:xcode:4.6.1
-
cpe:2.3:a:apple:xcode:4.6.2
-
cpe:2.3:a:apple:xcode:4.6.3
-
cpe:2.3:a:apple:xcode:5.0
-
cpe:2.3:a:apple:xcode:5.0.1
-
cpe:2.3:a:apple:xcode:5.0.2
-
cpe:2.3:a:apple:xcode:5.1
-
cpe:2.3:a:apple:xcode:5.1.1
-
cpe:2.3:a:apple:xcode:6.0
-
cpe:2.3:a:apple:xcode:6.0.1
-
cpe:2.3:a:apple:xcode:6.1
-
cpe:2.3:a:apple:xcode:6.1.1
-
cpe:2.3:a:apple:xcode:6.2
-
cpe:2.3:a:apple:xcode:6.3
-
cpe:2.3:a:apple:xcode:6.3.1
-
cpe:2.3:a:apple:xcode:6.3.2
-
cpe:2.3:a:apple:xcode:6.4
-
cpe:2.3:a:apple:xcode:7.0
-
cpe:2.3:a:apple:xcode:7.0.1
-
cpe:2.3:a:apple:xcode:7.1
-
cpe:2.3:a:apple:xcode:7.1.1
-
cpe:2.3:a:apple:xcode:7.2
-
cpe:2.3:a:apple:xcode:7.2.1
-
cpe:2.3:a:apple:xcode:7.3
-
cpe:2.3:a:apple:xcode:7.3.1
-
cpe:2.3:a:apple:xcode:8.0
-
cpe:2.3:a:apple:xcode:8.1
-
cpe:2.3:a:apple:xcode:8.2
-
cpe:2.3:a:apple:xcode:8.2.1
-
cpe:2.3:a:apple:xcode:8.3
-
cpe:2.3:a:apple:xcode:8.3.1
-
cpe:2.3:a:apple:xcode:8.3.2
-
cpe:2.3:a:apple:xcode:8.3.3
-
cpe:2.3:a:apple:xcode:9.0
-
cpe:2.3:a:apple:xcode:9.0.1
-
cpe:2.3:a:apple:xcode:9.1
-
cpe:2.3:a:apple:xcode:9.2
-
cpe:2.3:a:apple:xcode:9.3
-
cpe:2.3:a:apple:xcode:9.3.1
-
cpe:2.3:a:apple:xcode:9.4
-
cpe:2.3:a:apple:xcode:9.4.1
-
cpe:2.3:a:f5:nginx:1.10.0
-
cpe:2.3:a:f5:nginx:1.10.1
-
cpe:2.3:a:f5:nginx:1.10.2
-
cpe:2.3:a:f5:nginx:1.10.3
-
cpe:2.3:a:f5:nginx:1.11.0
-
cpe:2.3:a:f5:nginx:1.11.1
-
cpe:2.3:a:f5:nginx:1.11.10
-
cpe:2.3:a:f5:nginx:1.11.11
-
cpe:2.3:a:f5:nginx:1.11.12
-
cpe:2.3:a:f5:nginx:1.11.13
-
cpe:2.3:a:f5:nginx:1.11.2
-
cpe:2.3:a:f5:nginx:1.11.3
-
cpe:2.3:a:f5:nginx:1.11.4
-
cpe:2.3:a:f5:nginx:1.11.5
-
cpe:2.3:a:f5:nginx:1.11.6
-
cpe:2.3:a:f5:nginx:1.11.7
-
cpe:2.3:a:f5:nginx:1.11.8
-
cpe:2.3:a:f5:nginx:1.11.9
-
cpe:2.3:a:f5:nginx:1.12.0
-
cpe:2.3:a:f5:nginx:1.12.1
-
cpe:2.3:a:f5:nginx:1.12.2
-
cpe:2.3:a:f5:nginx:1.13.0
-
cpe:2.3:a:f5:nginx:1.13.1
-
cpe:2.3:a:f5:nginx:1.13.10
-
cpe:2.3:a:f5:nginx:1.13.11
-
cpe:2.3:a:f5:nginx:1.13.12
-
cpe:2.3:a:f5:nginx:1.13.2
-
cpe:2.3:a:f5:nginx:1.13.3
-
cpe:2.3:a:f5:nginx:1.13.4
-
cpe:2.3:a:f5:nginx:1.13.5
-
cpe:2.3:a:f5:nginx:1.13.6
-
cpe:2.3:a:f5:nginx:1.13.7
-
cpe:2.3:a:f5:nginx:1.13.8
-
cpe:2.3:a:f5:nginx:1.13.9
-
cpe:2.3:a:f5:nginx:1.14.0
-
cpe:2.3:a:f5:nginx:1.15.0
-
cpe:2.3:a:f5:nginx:1.15.1
-
cpe:2.3:a:f5:nginx:1.15.2
-
cpe:2.3:a:f5:nginx:1.15.3
-
cpe:2.3:a:f5:nginx:1.15.4
-
cpe:2.3:a:f5:nginx:1.15.5
-
cpe:2.3:a:f5:nginx:1.9.10
-
cpe:2.3:a:f5:nginx:1.9.11
-
cpe:2.3:a:f5:nginx:1.9.12
-
cpe:2.3:a:f5:nginx:1.9.13
-
cpe:2.3:a:f5:nginx:1.9.14
-
cpe:2.3:a:f5:nginx:1.9.15
-
cpe:2.3:a:f5:nginx:1.9.5
-
cpe:2.3:a:f5:nginx:1.9.6
-
cpe:2.3:a:f5:nginx:1.9.7
-
cpe:2.3:a:f5:nginx:1.9.8
-
cpe:2.3:a:f5:nginx:1.9.9
-
cpe:2.3:o:canonical:ubuntu_linux:14.04
-
cpe:2.3:o:canonical:ubuntu_linux:16.04
-
cpe:2.3:o:canonical:ubuntu_linux:18.04
-
cpe:2.3:o:canonical:ubuntu_linux:18.10
-
cpe:2.3:o:debian:debian_linux:9.0