Apache » Http Server » 2.4.17 : Security Vulnerabilities, CVEs, Published In 2016 (Denial of service)

cpe:2.3:a:apache:http_server:2.4.17:*:*:*:*:*:*:*

CVE-2016-8740

The mod_http2 module in the Apache HTTP Server 2.4.17 through 2.4.23, when the Protocols configuration includes h2 or h2c, does not restrict request-header length, which allows remote attackers to cause a denial of service (memory consumption) via crafted CONTINUATION frames in an HTTP/2 request.
Max CVSS
7.5
EPSS Score
2.68%
Published
2016-12-05
Updated
2021-06-06

CVE-2016-1546

The Apache HTTP Server 2.4.17 and 2.4.18, when mod_http2 is enabled, does not limit the number of simultaneous stream workers for a single HTTP/2 connection, which allows remote attackers to cause a denial of service (stream-processing outage) via modified flow-control windows.
Max CVSS
5.9
EPSS Score
4.61%
Published
2016-07-06
Updated
2021-06-06
2 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close