mod_http2 security update

1.15.19-5.1 - Resolves: RHEL-29826 - modhttp2: httpd: CONTINUATION frames DoS CVE-2024-27316...

Oracle Linux 8 : httpd:2.4/mod_http2 (ELSA-2024-1786)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-1786 advisory. httpd modhttp2 1.15.7-8.5 - Resolves: RHEL-29816 - httpd:2.4/modhttp2: httpd: CONTINUATION frames DoS CVE-2024-27316 modmd Tenable has extracted the preceding...

AlmaLinux 8 : httpd:2.4/mod_http2 (ALSA-2024:1786)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2024:1786 advisory. httpd: modhttp2: CONTINUATION frames DoS CVE-2024-27316 Tenable has extracted the preceding description block directly from the AlmaLinux security advisory. Note...

Important: Red Hat Security Advisory: httpd:2.4/mod_http2 security update

An update for the httpd:2.4 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

RHEL 8 : httpd:2.4/mod_http2 (RHSA-2024:1786)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:1786 advisory. The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: modhttp2: CONTINUATION...

ALSA-2024:1786 Important: httpd:2.4/mod_http2 security update

The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: modhttp2: CONTINUATION frames DoS CVE-2024-27316 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related...

Important: httpd:2.4/mod_http2 security update

The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: modhttp2: CONTINUATION frames DoS CVE-2024-27316 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related...

httpd:2.4/mod_http2 security update

httpd modhttp2 1.15.7-8.5 - Resolves: RHEL-29816 - httpd:2.4/modhttp2: httpd: CONTINUATION frames DoS CVE-2024-27316 modmd...

AZL-44151 CVE-2024-27316 affecting package mod_http2 for versions less than 2.0.29-3

HTTP/2 incoming headers exceeding the limit are temporarily buffered in nghttp2 in order to generate an informative HTTP 413 response. If a client does not stop sending headers, this leads to memory exhaustion...

AZL-43978 CVE-2024-27316 affecting package mod_http2 1.15.14-2

HTTP/2 incoming headers exceeding the limit are temporarily buffered in nghttp2 in order to generate an informative HTTP 413 response. If a client does not stop sending headers, this leads to memory exhaustion...

BIT-APACHE-2020-11993

Apache HTTP Server versions 2.4.20 to 2.4.43 When trace/debug was enabled for the HTTP/2 module and on certain traffic edge patterns, logging statements were made on the wrong connection, causing concurrent use of memory pools. Configuring the LogLevel of modhttp2 above "info" will mitigate this...

BIT-APACHE-2021-31618 NULL pointer dereference on specially crafted HTTP/2 request

Apache HTTP Server protocol handler for the HTTP/2 protocol checks received request headers against the size limitations as configured for the server and used for the HTTP/1 protocol as well. On violation of these restrictions and HTTP response is sent to the client with a status code indicating...

CentOS 9 : mod_http2-1.15.19-4.el9

The remote CentOS Linux 9 host has a package installed that is affected by a vulnerability as referenced in the modhttp2-1.15.19-4.el9 build changelog. - possible NULL dereference or SSRF in forward proxy configurations CVE-2021-44224 Note that Nessus has not tested for this issue but has instead...

CentOS 9 : mod_http2-1.15.19-5.el9

The remote CentOS Linux 9 host has a package installed that is affected by a vulnerability as referenced in the modhttp2-1.15.19-5.el9 build changelog. - HTTP request splitting with modrewrite and modproxy CVE-2023-25690 Note that Nessus has not tested for this issue but has instead relied only o...

mod_http2: reset requests exhaust memory (incomplete fix of CVE-2023-44487)

A flaw was found in modhttp2. When a HTTP/2 stream is reset RST frame by a client, there is a time window were the request's memory resources were not reclaimed immediately. Instead, de-allocation was deferred to connection close. A client could send new requests and resets, keeping the connectio...

Important: Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.57 SP2 security update

Red Hat JBoss Core Services Apache HTTP Server 2.4.57 Service Pack 2 is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

mod_http2: reset requests exhaust memory (incomplete fix of CVE-2023-44487)

A flaw was found in modhttp2. When a HTTP/2 stream is reset RST frame by a client, there is a time window were the request's memory resources were not reclaimed immediately. Instead, de-allocation was deferred to connection close. A client could send new requests and resets, keeping the connectio...

Important: Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.57 SP2 security update

An update is now available for Red Hat JBoss Core Services. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link...

httpd and mod_http2 security, bug fix, and enhancement update

httpd 2.4.57-5.0.1 - Replace index.html with Oracle's index page oracleindex.html. 2.4.57-5 - Fix issue found by covscan - Related: 2222001 2.4.57-4 - Resolves: 2217726 - Make PROPFIND tolerant of deletion race 2.4.57-3 - Resolves: 2222001 - modstatus lists BusyWorkers IdleWorkers keys twice...

Fedora: Security Advisory for mod_http2 (FEDORA-2023-c0c6a91330)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...