CVE-2024-27316 affecting package mod_http2 for versions less than 2.0.29-3

CVE-2024-27316 affecting package modhttp2 for versions less than 2.0.29-3. An upgraded version of the package is available that resolves this issue...

Advisory ROSA-SA-2025-2852

Software: modhttp2 1.15.7 OS: ROSA Virtualization 2.1 packageevrstring: modhttp2-1.15.7-10.rv3.3 CVE-ID: CVE-2023-25690 BDU-ID: 2023-01738 CVE-Crit: CRITICAL. CVE-DESC.: A vulnerability in the modproxy module of the Apache HTTP Server web server is related to flaws in the handling of the...

Advisory ROSA-SA-2025-2740

Software: modhttp2 1.15.7 OS: ROSA Virtualization 3.0 packageevrstring: modhttp2-1.15.7-10.rv30.1 CVE-ID: CVE-2023-44487 BDU-ID: 2023-06559 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the HTTP/2 protocol implementation is related to the ability to generate a stream of requests within an already...

mod_http2 security update

An update is available for modhttp2. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The modh2 Apache httpd module implements the HTTP2 protocol h2+h2c on top of...

RLSA-2024:8680 Low: mod_http2 security update

The modh2 Apache httpd module implements the HTTP2 protocol h2+h2c on top of libnghttp2 for httpd 2.4 servers. Security Fixes: modhttp2: DoS by null pointer in websocket over HTTP/2 CVE-2024-36387 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and...

RockyLinux 9 : mod_http2 (RLSA-2024:8680)

The remote RockyLinux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2024:8680 advisory. modhttp2: DoS by null pointer in websocket over HTTP/2 CVE-2024-36387 Tenable has extracted the preceding description block directly from the RockyLinux security...

AlmaLinux 9 : mod_http2 (ALSA-2024:8680)

The remote AlmaLinux 9 host has a package installed that is affected by a vulnerability as referenced in the ALSA-2024:8680 advisory. modhttp2: DoS by null pointer in websocket over HTTP/2 CVE-2024-36387 Tenable has extracted the preceding description block directly from the AlmaLinux security...

RHSA-2024:8680 Red Hat Security Advisory: mod_http2 security update

Bulletin has no description...

Low: Red Hat Security Advisory: mod_http2 security update

An update for modhttp2 is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CV...

RHEL 9 : mod_http2 (RHSA-2024:8680)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:8680 advisory. The modh2 Apache httpd module implements the HTTP2 protocol h2+h2c on top of libnghttp2 for httpd 2.4 servers. Security Fixes: modhttp2: DoS by null...

Oracle Linux 9 : mod_http2 (ELSA-2024-8680)

The remote Oracle Linux 9 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2024-8680 advisory. 2.0.26-2.1 - Resolves: RHEL-45803 - modhttp2: DoS by null pointer in websocket over HTTP/2 CVE-2024-36387 Tenable has extracted the preceding description block...

Medium: kernel

Issue Overview: A vulnerability, which was classified as problematic, was found in Linux Kernel. This affects the function tcpgetsockopt/tcpsetsockopt of the component TCP Handler. The manipulation leads to race condition. It is recommended to apply a patch to fix this issue. The identifier...

ALSA-2024:8680 Low: mod_http2 security update

The modh2 Apache httpd module implements the HTTP2 protocol h2+h2c on top of libnghttp2 for httpd 2.4 servers. Security Fixes: modhttp2: DoS by null pointer in websocket over HTTP/2 CVE-2024-36387 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and...

Low: mod_http2 security update

The modh2 Apache httpd module implements the HTTP2 protocol h2+h2c on top of libnghttp2 for httpd 2.4 servers. Security Fixes: modhttp2: DoS by null pointer in websocket over HTTP/2 CVE-2024-36387 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and...

RHSA-2024:1786 Red Hat Security Advisory: httpd:2.4/mod_http2 security update

Bulletin has no description...

RHSA-2024:3417 Red Hat Security Advisory: mod_http2 security update

Bulletin has no description...

RHSA-2024:3402 Red Hat Security Advisory: mod_http2 security update

Bulletin has no description...

RHSA-2024:2564 Red Hat Security Advisory: mod_http2 security update

Bulletin has no description...

RHSA-2024:1872 Red Hat Security Advisory: mod_http2 security update

Bulletin has no description...

EulerOS 2.0 SP8 : mod_http2 (EulerOS-SA-2024-2480)

According to the versions of the modhttp2 package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : HTTP/2 incoming headers exceeding the limit are temporarily buffered in nghttp2 in order to generate an informative HTTP 413 response. If a clien...