According to its banner, the version of Apache running on the remote host is 2.4.x prior to 2.4.34. It is, therefore, affected by the following vulnerabilities:
By specially crafting HTTP/2 requests, workers would be allocated 60 seconds longer than necessary, leading to worker exhaustion and a denial of service. (CVE-2018-1333)
By specially crafting HTTP requests, the mod_md challenge handler would dereference a NULL pointer and cause the child process to segfault. This could be used to DoS the server. (CVE-2018-8011)
Note that the scanner has not tested for these issues but has instead relied only on the application’s self-reported version number.
No source data
Vendor | Product | Version | CPE |
---|---|---|---|
apache | http_server | * | cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:* |