The vulnerability of the HTTP2 handler component in the Apache HTTP Server allows a attacker to cause a service failure.

🗓️ 22 Oct 2023 00:00:00Reported by FSTEC of Russia — Information Security Threat DatabaseType

bdu_fstec

bdu_fstec🔗 bdu.fstec.ru👁 3 Views

Apache server flaw in the Hypertext Transfer Protocol version two handler enables remote failure by forging requests on an existing connection.

Reporter	Title	Published	Views	Family All 190
GithubExploit	Exploit for Improper Resource Shutdown or Release in Apache Http_Server	19 Apr 202619:34	–	githubexploit
IBM Security Bulletins	Security Bulletin: Vulnerability in Apache HTTP Server (CVE-2023-45802) affects Power HMC.	14 Dec 202412:03	–	ibm
IBM Security Bulletins	Security Bulletin: IBM QRadar SIEM contains multiple vulnerabilities	11 Mar 202519:26	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilites in IBM Rational Build Forge.	2 Apr 202413:12	–	ibm
IBM Security Bulletins	Security Bulletin: IBM HTTP Server (powered by Apache) for IBM i is vulnerable to an attacker uploading arbitrary files and obtaining sensitive information (CVE-2023-45802, CVE-2023-31122)	16 Feb 202421:57	–	ibm
ATTACKERKB	CVE-2023-44487	10 Oct 202300:00	–	attackerkb
Tenable Nessus	Amazon Linux 2023 : httpd, httpd-core, httpd-devel (ALAS2023-2023-433)	15 Nov 202300:00	–	nessus
Tenable Nessus	Amazon Linux 2 : httpd (ALAS-2023-2322)	2 Nov 202300:00	–	nessus
Tenable Nessus	Amazon Linux AMI : httpd24 (ALAS-2023-1877)	3 Nov 202300:00	–	nessus
Tenable Nessus	Alibaba Cloud Linux 3 : 0116: httpd:2.4 (ALINUX3-SA-2024:0116)	14 May 202500:00	–	nessus

Vulners

Node

red_hat jboss_enterprise_application_platformMatch6

OR

apache http_serverRange≤2.4.57

OR

red_hat red_hat_enterprise_linuxMatch7

OR

red_hat red_hat_enterprise_linuxMatch8

OR

red_hat red_hat_enterprise_linuxMatch9

Source	Link
vuldb	www.vuldb.com/
httpd	www.httpd.apache.org/security/vulnerabilities_24.html
security-tracker	www.security-tracker.debian.org/tracker/CVE-2023-45802
access	www.access.redhat.com/security/cve/CVE-2023-45802
altsp	www.altsp.su/obnovleniya-bezopasnosti/
wiki	www.wiki.astralinux.ru/astra-linux-se16-bulletin-20231214SE16
xn--80ahaefyxhn	www.xn--80ahaefyxhn.xn--j1afgaq.xn--p1ai/bin/view/%D0%9E%D0%A1%D0%BD%D0%BE%D0%B2%D0%B0/%D0%9E%D0%B1%D0%BD%D0%BE%D0%B2%D0%BB%D0%B5%D0%BD%D0%B8%D1%8F/2.9/
wiki	www.wiki.astralinux.ru/astra-linux-se17-bulletin-2024-0212SE17
repo	www.repo.red-soft.ru/redos/7.3c/x86_64/updates/
wiki	www.wiki.astralinux.ru/astra-linux-se47-bulletin-2024-1031SE47

20 Apr 2026 00:00Current

6.7Medium risk

Vulners AI Score6.7

CVSS 37.5

CVSS 27.8

EPSS0.01821

server flaw hypertext transfer protocol remote failure existing connection