Apache » Http Server : Security Vulnerabilities, CVEs, Published In 2016 (Denial of service)
The mod_http2 module in the Apache HTTP Server 2.4.17 through 2.4.23, when the Protocols configuration includes h2 or h2c, does not restrict request-header length, which allows remote attackers to cause a denial of service (memory consumption) via crafted CONTINUATION frames in an HTTP/2 request.
Max CVSS
7.5
EPSS Score
2.68%
Published
2016-12-05
Updated
2021-06-06
The Apache HTTP Server 2.4.17 and 2.4.18, when mod_http2 is enabled, does not limit the number of simultaneous stream workers for a single HTTP/2 connection, which allows remote attackers to cause a denial of service (stream-processing outage) via modified flow-control windows.
Max CVSS
5.9
EPSS Score
4.61%
Published
2016-07-06
Updated
2021-06-06
2 vulnerabilities found