Lucene search
AlmaLinuxALSA-2024:2564HistoryApr 30, 2024 - 12:00 a.m.
Moderate: mod_http2 security update
2024-04-3000:00:00
errata.almalinux.org
7
apache
http2
protocol
security fix
cvss
dos
cve-2024-27316
unix
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
6.6 Medium
AI Score
Confidence
Low
0.005 Low
EPSS
Percentile
75.5%
The mod_h2 Apache httpd module implements the HTTP2 protocol (h2+h2c) on top of libnghttp2 for httpd 2.4 servers.
Security Fix(es):
- mod_http2: httpd: CONTINUATION frames DoS (CVE-2024-27316)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| almalinux | 9 | aarch64 | mod_http2 | < 2.0.26-2.el9_4 | mod_http2-2.0.26-2.el9_4.aarch64.rpm |
| almalinux | 9 | ppc64le | mod_http2 | < 2.0.26-2.el9_4 | mod_http2-2.0.26-2.el9_4.ppc64le.rpm |
| almalinux | 9 | x86_64 | mod_http2 | < 2.0.26-2.el9_4 | mod_http2-2.0.26-2.el9_4.x86_64.rpm |
| almalinux | 9 | s390x | mod_http2 | < 2.0.26-2.el9_4 | mod_http2-2.0.26-2.el9_4.s390x.rpm |
Related
osv
osv
CVE-2024-27316
2024-04-04 20:15:08
Moderate: mod_http2 security update
2024-05-10 14:32:42
BIT-apache-2024-27316
2024-04-06 18:17:01
nessus
nessus
Oracle Linux 8 : httpd:2.4/mod_http2 (ELSA-2024-1786)
2024-04-13 00:00:00
RHEL 8 : httpd:2.4/mod_http2 (RHSA-2024:1786)
2024-04-11 00:00:00
EulerOS 2.0 SP11 : mod_http2 (EulerOS-SA-2024-1819)
2024-06-25 00:00:00
redos
redos
ROS-20240425-01
2024-04-25 00:00:00
nvd
nvd
CVE-2024-27316
2024-04-04 20:15:08
ibm
ibm
openvas
openvas
Fedora: Security Advisory for mod_http2 (FEDORA-2024-528301bac2)
2024-05-27 00:00:00
Huawei EulerOS: Security Advisory for mod_http2 (EulerOS-SA-2024-1840)
2024-06-25 00:00:00
Fedora: Security Advisory for mod_http2 (FEDORA-2024-1f11550e31)
2024-05-27 00:00:00
redhat
redhat
(RHSA-2024:1786) Important: httpd:2.4/mod_http2 security update
2024-04-11 15:27:17
(RHSA-2024:2907) Moderate: httpd:2.4 security update
2024-05-20 01:02:25
(RHSA-2024:1872) Important: mod_http2 security update
2024-04-18 00:58:11
oraclelinux
oraclelinux
mod_http2 security update
2024-05-07 00:00:00
mod_http2 security update
2024-04-18 00:00:00
httpd:2.4/mod_http2 security update
2024-04-11 00:00:00
alpinelinux
alpinelinux
CVE-2024-27316
2024-04-04 20:15:08
fedora
fedora
[SECURITY] Fedora 40 Update: mod_http2-2.0.27-1.fc40
2024-04-21 01:08:56
[SECURITY] Fedora 39 Update: mod_http2-2.0.27-1.fc39
2024-04-21 01:20:22
[SECURITY] Fedora 38 Update: mod_http2-2.0.27-1.fc38
2024-04-21 02:57:21
redhatcve
redhatcve
CVE-2024-27316
2024-04-03 19:27:03
debiancve
debiancve
CVE-2024-27316
2024-04-04 20:15:08
rocky
rocky
httpd:2.4/mod_http2 security update
2024-05-06 13:04:21
mod_http2 security update
2024-05-10 14:32:42
veracode
veracode
Memory Exhaustion
2024-04-10 19:25:29
githubexploit
githubexploit
ubuntucve
ubuntucve
CVE-2024-27316
2024-03-27 00:00:00
amazon
amazon
Important: mod_http2
2024-04-24 22:15:00
Important: httpd24
2024-04-25 16:04:00
hackerone
hackerone
almalinux
almalinux
Important: mod_http2 security update
2024-04-18 00:00:00
Important: httpd:2.4/mod_http2 security update
2024-04-11 00:00:00
cbl_mariner
cbl_mariner
CVE-2024-27316 affecting package httpd for versions less than 2.4.59-1
2024-05-06 17:48:02
cvelist
cvelist
cve
cve
CVE-2024-27316
2024-04-04 20:15:08
f5
f5
K000139214 : Apache httpd vulnerability CVE-2024-27316
2024-04-08 00:00:00
photon
photon
Important Photon OS Security Update - PHSA-2024-3.0-0748
2024-04-11 00:00:00
Important Photon OS Security Update - PHSA-2024-5.0-0242
2024-04-10 00:00:00
Important Photon OS Security Update - PHSA-2024-4.0-0591
2024-04-11 00:00:00
slackware
slackware
[slackware-security] httpd
2024-04-04 19:16:44
ubuntu
ubuntu
Apache HTTP Server vulnerabilities
2024-04-17 00:00:00
Apache HTTP Server vulnerabilities
2024-04-11 00:00:00
Apache HTTP Server vulnerabilities
2024-04-29 00:00:00
mageia
mageia
Updated apache packages fix security vulnerabilities
2024-04-10 07:03:52
freebsd
freebsd
Apache httpd -- multiple vulnerabilities
2024-04-04 00:00:00
kaspersky
kaspersky
KLA65470 Multiple vulnerabilities in Apache HTTP Server
2024-04-04 00:00:00
debian
debian
[SECURITY] [DLA 3818-1] apache2 security update
2024-05-25 11:06:45
[SECURITY] [DSA 5662-1] apache2 security update
2024-04-16 18:32:07
arista
arista
Security Advisory 0094
2024-04-05 00:00:00
cert
cert
HTTP/2 CONTINUATION frames can be utilized for DoS attacks
2024-04-03 00:00:00
thn
thn
New HTTP/2 Vulnerability Exposes Web Servers to DoS Attacks
2024-04-04 11:15:00
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
6.6 Medium
AI Score
Confidence
Low
0.005 Low
EPSS
Percentile
75.5%
Related for ALSA-2024:2564