KLA10907Denial of service vulnerability in Apache HTTP Server

2016-12-05T00:00:00
ID KLA10907
Type kaspersky
Reporter Kaspersky Lab
Modified 2018-07-05T00:00:00

Description

CVSS:

5.0

Detect date:

12/05/2016

Severity:

Warning

Description:

An unspecified vulnerability was found in Apache HTTP Server 2.4.17 through 2.4.23. By exploiting this vulnerability malicious users can cause denial of service. This vulnerability can be exploited remotely via crafted continuation frames in a HTTP/2 request.

Affected products:

Apache HTTP Server from 2.4.17 to 2.4.23

Solution:

For a 2.4.23 version a patch is supplied. This will be included in the next release.
Security Advisory – Apache Software Foundation

Original advisories:

Apache httpd 2.4 vulnerabilities

Impacts:

DoS

Related products:

Apache HTTP Server

CVE-IDS:

CVE-2016-8740