Lucene search

K
f5F5F5:K71436934
HistoryJul 18, 2016 - 12:00 a.m.

K71436934 : Apache httpd vulnerability CVE-2016-4979

2016-07-1800:00:00
my.f5.com
24

7.5 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

59.3%

Security Advisory Description

The Apache HTTP Server 2.4.18 through 2.4.20, when mod_http2 and mod_ssl are enabled, does not properly recognize the β€œSSLVerifyClient require” directive for HTTP/2 request authorization, which allows remote attackers to bypass intended access restrictions by leveraging the ability to send multiple requests over a single connection and aborting a renegotiation. (CVE-2016-4979)
Impact
There is no impact; F5 products are not affected by this vulnerability.