Lucene search
K

33 matches found

Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.3 views

MiracleLinux 9 : mod_http2-2.0.26-2.el9_4.1 (AXSA:2024-8954:04)

The remote MiracleLinux 9 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2024-8954:04 advisory. modhttp2: DoS by null pointer in websocket over HTTP/2 CVE-2024-36387 Tenable has extracted the preceding description block directly from the MiracleLinux...

5.4CVSS5.6AI score0.01715EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/15 2:57 a.m.77 views

Security Bulletin: Multiple vulnerabilites in IBM Rational Build Forge.

Summary IBM Rational Build Forge 8.0.0.27 addresses multiple vulnerabilites Vulnerability Details CVEID:CVE-2024-40898 DESCRIPTION: Apache HTTP Server is vulnerable to server-side request forgery, caused by an error on Windows with modrewrite in server/vhost context. By sending a specially crafte...

9.8CVSS9.8AI score0.6795EPSS
Exploits6Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/02/10 12:0 a.m.11 views

Azure Linux 3.0 Security Update: httpd (CVE-2024-36387)

The version of httpd installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-36387 advisory. - Serving WebSocket protocol upgrades over a HTTP/2 connection could result in a Null Pointer dereference,...

5.4CVSS6.9AI score0.01715EPSS
Exploits0References2
OSV
OSV
added 2024/11/08 3:57 p.m.27 views

RLSA-2024:8680 Low: mod_http2 security update

The modh2 Apache httpd module implements the HTTP2 protocol h2+h2c on top of libnghttp2 for httpd 2.4 servers. Security Fixes: modhttp2: DoS by null pointer in websocket over HTTP/2 CVE-2024-36387 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and...

5.4CVSS7.1AI score0.01715EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2024/11/08 12:0 a.m.12 views

RockyLinux 9 : mod_http2 (RLSA-2024:8680)

The remote RockyLinux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2024:8680 advisory. modhttp2: DoS by null pointer in websocket over HTTP/2 CVE-2024-36387 Tenable has extracted the preceding description block directly from the RockyLinux security...

5.4CVSS6.9AI score0.01715EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2024/11/04 12:0 a.m.12 views

AlmaLinux 9 : mod_http2 (ALSA-2024:8680)

The remote AlmaLinux 9 host has a package installed that is affected by a vulnerability as referenced in the ALSA-2024:8680 advisory. modhttp2: DoS by null pointer in websocket over HTTP/2 CVE-2024-36387 Tenable has extracted the preceding description block directly from the AlmaLinux security...

5.4CVSS6.9AI score0.01715EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2024/10/31 12:8 a.m.16 views

Low: Red Hat Security Advisory: mod_http2 security update

An update for modhttp2 is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CV...

5.4CVSS6.7AI score0.01715EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2024/10/31 12:0 a.m.17 views

Oracle Linux 9 : mod_http2 (ELSA-2024-8680)

The remote Oracle Linux 9 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2024-8680 advisory. 2.0.26-2.1 - Resolves: RHEL-45803 - modhttp2: DoS by null pointer in websocket over HTTP/2 CVE-2024-36387 Tenable has extracted the preceding description block...

5.4CVSS6.9AI score0.01715EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2024/10/31 12:0 a.m.15 views

RHEL 9 : mod_http2 (RHSA-2024:8680)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:8680 advisory. The modh2 Apache httpd module implements the HTTP2 protocol h2+h2c on top of libnghttp2 for httpd 2.4 servers. Security Fixes: modhttp2: DoS by null...

5.4CVSS7AI score0.01715EPSS
Exploits0References5
Oracle linux
Oracle linux
added 2024/10/30 12:0 a.m.281 views

mod_http2 security update

2.0.26-2.1 - Resolves: RHEL-45803 - modhttp2: DoS by null pointer in websocket over HTTP/2 CVE-2024-36387...

5.4CVSS7.3AI score0.01715EPSS
Exploits0
OSV
OSV
added 2024/10/30 12:0 a.m.29 views

ALSA-2024:8680 Low: mod_http2 security update

The modh2 Apache httpd module implements the HTTP2 protocol h2+h2c on top of libnghttp2 for httpd 2.4 servers. Security Fixes: modhttp2: DoS by null pointer in websocket over HTTP/2 CVE-2024-36387 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and...

5.4CVSS7AI score0.01715EPSS
Exploits0References4
AlmaLinux
AlmaLinux
added 2024/10/30 12:0 a.m.23 views

Low: mod_http2 security update

The modh2 Apache httpd module implements the HTTP2 protocol h2+h2c on top of libnghttp2 for httpd 2.4 servers. Security Fixes: modhttp2: DoS by null pointer in websocket over HTTP/2 CVE-2024-36387 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and...

5.4CVSS7.2AI score0.01715EPSS
Exploits0References4
Amazon
Amazon
added 2024/08/15 12:0 a.m.10 views

Medium: mod_http2

Issue Overview: Serving WebSocket protocol upgrades over a HTTP/2 connection could result in a Null Pointer dereference, leading to a crash of the server process, degrading performance. CVE-2024-36387 Affected Packages: modhttp2 Issue Correction: Run dnf update modhttp2 --releasever 2023.5.202408...

5.4CVSS7.2AI score0.01715EPSS
Exploits0
CBLMariner
CBLMariner
added 2024/08/14 8:43 p.m.22 views

CVE-2024-36387 affecting package httpd for versions less than 2.4.61-1

CVE-2024-36387 affecting package httpd for versions less than 2.4.61-1. An upgraded version of the package is available that resolves this issue...

5.4CVSS6.9AI score0.01715EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2024/08/14 12:0 a.m.59 views

Tenable Security Center Multiple Vulnerabilities (TNS-2024-13)

According to its self-reported version, the Tenable Security Center running on the remote host is 6.2.1, 6.3.0 or 6.4.0. It is, therefore, affected by multiple vulnerabilities as referenced in the TNS-2024-13 advisory. - Security Center leverages third-party software to help provide underlying...

9.8CVSS7.5AI score0.99957EPSS
Exploits14References19
Tenable Nessus
Tenable Nessus
added 2024/07/27 12:0 a.m.21 views

Fedora 39 : mod_http2 (2024-661bb6322d)

The remote Fedora 39 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-661bb6322d advisory. - version update to 2.0.29 - security update Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Ness...

5.4CVSS6.9AI score0.01715EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2024/07/25 12:0 a.m.42 views

SUSE SLED15: apache2 / apache2-devel / apache2-event / apache2-manual / etc (SUSE-SU-2024:2597-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2597-1 advisory. - CVE-2024-36387: Fixed DoS by null pointer in websocket over HTTP/2 bsc1227272 - CVE-2024-38475...

9.8CVSS7.1AI score0.99957EPSS
Exploits1References10
OpenVAS
OpenVAS
added 2024/07/24 12:0 a.m.44 views

openSUSE Security Advisory (SUSE-SU-2024:2597-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS8AI score0.99957EPSS
Exploits1References8
OSV
OSV
added 2024/07/23 7:4 a.m.43 views

SUSE-SU-2024:2597-1 Security update for apache2

This update for apache2 fixes the following issues: - CVE-2024-36387: Fixed DoS by null pointer in websocket over HTTP/2 bsc1227272 - CVE-2024-38475: Fixed improper escaping of output in modrewrite bsc1227268 - CVE-2024-38476: Fixed server may use exploitable/malicious backend application output ...

9.8CVSS7.3AI score0.99957EPSS
Exploits1References7
Tenable Nessus
Tenable Nessus
added 2024/07/20 12:0 a.m.29 views

CBL Mariner 2.0 Security Update: httpd (CVE-2024-36387)

The version of httpd installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-36387 advisory. - Serving WebSocket protocol upgrades over a HTTP/2 connection could result in a Null Pointer dereference,...

5.4CVSS6.9AI score0.01715EPSS
Exploits0References2
Rows per page
Query Builder