4 matches found
httpd: Incomplete handling of LimitRequestFields directive in mod_http2
A vulnerability was found in httpd's handling of the LimitRequestFields directive in modhttp2, affecting servers with HTTP/2 enabled. An attacker could send crafted requests with headers larger than the server's available memory, causing httpd to crash...
httpd: Incomplete handling of LimitRequestFields directive in mod_http2
A vulnerability was found in httpd's handling of the LimitRequestFields directive in modhttp2, affecting servers with HTTP/2 enabled. An attacker could send crafted requests with headers larger than the server's available memory, causing httpd to crash...
httpd: Incomplete handling of LimitRequestFields directive in mod_http2
A vulnerability was found in httpd's handling of the LimitRequestFields directive in modhttp2, affecting servers with HTTP/2 enabled. An attacker could send crafted requests with headers larger than the server's available memory, causing httpd to crash...
PT-2016-7559
Name of the Vulnerable Software and Affected Versions Apache HTTP Server versions 2.4.17 through 2.4.23 Description The issue is related to the mod http2 module in the Apache HTTP Server, which does not restrict request-header length when the Protocols configuration includes h2 or h2c. This allow...