{"api_version":"1","generated_at":"2026-04-23T01:43:01+00:00","cve":"CVE-2019-19886","urls":{"html":"https://cve.report/CVE-2019-19886","api":"https://cve.report/api/cve/CVE-2019-19886.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2019-19886","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2019-19886"},"summary":{"title":"CVE-2019-19886","description":"Trustwave ModSecurity 3.0.0 through 3.0.3 allows an attacker to send crafted requests that may, when sent quickly in large volumes, lead to the server becoming slow or unresponsive (Denial of Service) because of a flaw in Transaction::addRequestHeader in transaction.cc.","state":"PUBLIC","assigner":"cve@mitre.org","published_at":"2020-01-21 22:15:00","updated_at":"2023-11-07 03:07:00"},"problem_types":["CWE-404"],"metrics":[],"references":[{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GWVUC54OPU7ICFYIXXVGQ5DOTMR4Z6ZY/","name":"FEDORA-2020-f7ba0ac7a4","refsource":"FEDORA","tags":[],"title":"[SECURITY] Fedora 30 Update: libmodsecurity-3.0.2-6.fc30 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GWVUC54OPU7ICFYIXXVGQ5DOTMR4Z6ZY/","name":"FEDORA-2020-f7ba0ac7a4","refsource":"","tags":[],"title":"[SECURITY] Fedora 30 Update: libmodsecurity-3.0.2-6.fc30 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/modsecurity-denial-of-service-details-cve-2019-19886/","name":"https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/modsecurity-denial-of-service-details-cve-2019-19886/","refsource":"CONFIRM","tags":["Vendor Advisory"],"title":"ModSecurity Denial of Service - CVE-2019-19886 | Trustwave","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M7IIUNYIEZOWHRWWRVT3FR45MLE6HGDY/","name":"FEDORA-2020-1b5b3b465d","refsource":"FEDORA","tags":[],"title":"[SECURITY] Fedora 32 Update: libmodsecurity-3.0.3-6.fc32 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M7IIUNYIEZOWHRWWRVT3FR45MLE6HGDY/","name":"FEDORA-2020-1b5b3b465d","refsource":"","tags":[],"title":"[SECURITY] Fedora 32 Update: libmodsecurity-3.0.3-6.fc32 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JI3MNFRNUZD6RAJ5CPQZSUXQXDZ2K7IL/","name":"FEDORA-2020-dc9aee5510","refsource":"","tags":[],"title":"[SECURITY] Fedora 31 Update: libmodsecurity-3.0.3-6.fc31 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JI3MNFRNUZD6RAJ5CPQZSUXQXDZ2K7IL/","name":"FEDORA-2020-dc9aee5510","refsource":"FEDORA","tags":[],"title":"[SECURITY] Fedora 31 Update: libmodsecurity-3.0.3-6.fc31 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2019-19886","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-19886","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2019","cve_id":"19886","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"fedoraproject","cpe5":"fedora","cpe6":"30","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2019","cve_id":"19886","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"fedoraproject","cpe5":"fedora","cpe6":"31","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2019","cve_id":"19886","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"fedoraproject","cpe5":"fedora","cpe6":"32","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2019","cve_id":"19886","vulnerable":"1","versionEndIncluding":"3.0.3","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"trustwave","cpe5":"modsecurity","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2019-19886","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Trustwave ModSecurity 3.0.0 through 3.0.3 allows an attacker to send crafted requests that may, when sent quickly in large volumes, lead to the server becoming slow or unresponsive (Denial of Service) because of a flaw in Transaction::addRequestHeader in transaction.cc."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"refsource":"CONFIRM","name":"https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/modsecurity-denial-of-service-details-cve-2019-19886/","url":"https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/modsecurity-denial-of-service-details-cve-2019-19886/"},{"refsource":"FEDORA","name":"FEDORA-2020-1b5b3b465d","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M7IIUNYIEZOWHRWWRVT3FR45MLE6HGDY/"},{"refsource":"FEDORA","name":"FEDORA-2020-f7ba0ac7a4","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GWVUC54OPU7ICFYIXXVGQ5DOTMR4Z6ZY/"},{"refsource":"FEDORA","name":"FEDORA-2020-dc9aee5510","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JI3MNFRNUZD6RAJ5CPQZSUXQXDZ2K7IL/"}]}},"nvd":{"publishedDate":"2020-01-21 22:15:00","lastModifiedDate":"2023-11-07 03:07:00","problem_types":["CWE-404"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH","baseScore":7.5,"baseSeverity":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:N/A:P","accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL","baseScore":5},"severity":"MEDIUM","exploitabilityScore":10,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:trustwave:modsecurity:*:*:*:*:*:*:*:*","versionStartIncluding":"3.0.0","versionEndIncluding":"3.0.3","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2019","CveId":"19886","Ordinal":"163597","Title":"CVE-2019-19886","CVE":"CVE-2019-19886","Year":"2019"},"notes":[{"CveYear":"2019","CveId":"19886","Ordinal":"1","NoteData":"Trustwave ModSecurity 3.0.0 through 3.0.3 allows an attacker to send crafted requests that may, when sent quickly in large volumes, lead to the server becoming slow or unresponsive (Denial of Service) because of a flaw in Transaction::addRequestHeader in transaction.cc.","Type":"Description","Title":null},{"CveYear":"2019","CveId":"19886","Ordinal":"2","NoteData":"2020-01-21","Type":"Other","Title":"Published"},{"CveYear":"2019","CveId":"19886","Ordinal":"3","NoteData":"2020-03-29","Type":"Other","Title":"Modified"}]}}}