Apache » Http Server : Security Vulnerabilities, CVEs, Published In July 2016 (Denial of service)
The Apache HTTP Server 2.4.17 and 2.4.18, when mod_http2 is enabled, does not limit the number of simultaneous stream workers for a single HTTP/2 connection, which allows remote attackers to cause a denial of service (stream-processing outage) via modified flow-control windows.
Max CVSS
5.9
EPSS Score
4.61%
Published
2016-07-06
Updated
2021-06-06
1 vulnerabilities found