Lucene search

K
kasperskyKaspersky LabKLA10907
HistoryDec 05, 2016 - 12:00 a.m.

KLA10907 Denial of service vulnerability in Apache HTTP Server

2016-12-0500:00:00
Kaspersky Lab
threats.kaspersky.com
38

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.3 High

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.027 Low

EPSS

Percentile

90.2%

Detect date:

12/05/2016

Severity:

Warning

Description:

An unspecified vulnerability was found in Apache HTTP Server 2.4.17 through 2.4.23. By exploiting this vulnerability malicious users can cause denial of service. This vulnerability can be exploited remotely via crafted continuation frames in a HTTP/2 request.

Affected products:

Apache HTTP Server from 2.4.17 to 2.4.23

Solution:

For a 2.4.23 version a patch is supplied. This will be included in the next release.
Security Advisory – Apache Software Foundation

Original advisories:

Apache httpd 2.4 vulnerabilities

Impacts:

DoS

Related products:

Apache HTTP Server

CVE-IDS:

CVE-2016-87405.0Warning

Exploitation:

Public exploits exist for this vulnerability.

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.3 High

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.027 Low

EPSS

Percentile

90.2%