Azure Linux 3.0 Security Update: httpd / mod_http2 (CVE-2023-43622)

The version of httpd / modhttp2 installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-43622 advisory. - An attacker, opening a HTTP/2 connection with an initial window size of 0, was able to block...

AZL-43978 CVE-2024-27316 affecting package mod_http2 1.15.14-2

HTTP/2 incoming headers exceeding the limit are temporarily buffered in nghttp2 in order to generate an informative HTTP 413 response. If a client does not stop sending headers, this leads to memory exhaustion...