401 matches found
Apache 2.4.23 mod_http2 - Denial of Service
Apache 2.4.23 modhttp2 - Denial of Service !/usr/bin/python """ source : http://seclists.org/bugtraq/2016/Dec/3 The modhttp2 module in the Apache HTTP Server 2.4.17 through 2.4.23, when the Protocols configuration includes h2 or h2c, does not restrict request-header length, which allows remote...
Apache HTTP Server 'mod_http2' Denial of Service Vulnerability - Windows
Apache HTTP Server is prone to a denial of service vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
Apache HTTP Server 'mod_http2' Denial of Service Vulnerability - Linux
Apache HTTP Server is prone to a denial of service vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
Apache HTTP Server Denial of Service Vulnerability (CNVD-2016-12036)
Apache HTTP Server is the United States Apache Apache Software Foundation of an open source web server. modhttp2 is one of the modules on the HTTP/2 protocol . A denial of service vulnerability exists in Apache HTTP Server. Exploitation of the vulnerability by a remote attacker could cause memory...
Cross site request forgery (csrf)
The modhttp2 module in the Apache HTTP Server 2.4.17 through 2.4.23, when the Protocols configuration includes h2 or h2c, does not restrict request-header length, which allows remote attackers to cause a denial of service memory consumption via crafted CONTINUATION frames in an HTTP/2 request...
DEBIAN-CVE-2016-8740
The modhttp2 module in the Apache HTTP Server 2.4.17 through 2.4.23, when the Protocols configuration includes h2 or h2c, does not restrict request-header length, which allows remote attackers to cause a denial of service memory consumption via crafted CONTINUATION frames in an HTTP/2 request...
CVE-2016-8740
The modhttp2 module in the Apache HTTP Server 2.4.17 through 2.4.23, when the Protocols configuration includes h2 or h2c, does not restrict request-header length, which allows remote attackers to cause a denial of service memory consumption via crafted CONTINUATION frames in an HTTP/2 request...
CVE-2016-8740
The modhttp2 module in the Apache HTTP Server 2.4.17 through 2.4.23, when the Protocols configuration includes h2 or h2c, does not restrict request-header length, which allows remote attackers to cause a denial of service memory consumption via crafted CONTINUATION frames in an HTTP/2 request...
CVE-2016-8740
The modhttp2 module in the Apache HTTP Server 2.4.17 through 2.4.23, when the Protocols configuration includes h2 or h2c, does not restrict request-header length, which allows remote attackers to cause a denial of service memory consumption via crafted CONTINUATION frames in an HTTP/2 request...
CVE-2016-8740
CVE-2016-8740 affects Apache HTTP Server mod_http2 when Protocols includes h2/h2c. A memory-exhaustion DoS arises from improper restriction of request-header length in crafted CONTINUATION frames in versions 2.4.17–2.4.23. Connected sources confirm the root cause is header-length handling without...
Apache Httpd < 2.4.26 : mod_http2 Null Pointer Dereference
A maliciously constructed HTTP/2 request could cause modhttp2 to dereference a NULL pointer and crash the server process...
Apache HTTP Server Security Bypass Vulnerability (Jul 2016)
Apache HTTP Server is prone to a security bypass vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apache:httpserver...
DEBIAN-CVE-2016-1546
The Apache HTTP Server 2.4.17 and 2.4.18, when modhttp2 is enabled, does not limit the number of simultaneous stream workers for a single HTTP/2 connection, which allows remote attackers to cause a denial of service stream-processing outage via modified flow-control windows...
Buffer overflow
The Apache HTTP Server 2.4.17 and 2.4.18, when modhttp2 is enabled, does not limit the number of simultaneous stream workers for a single HTTP/2 connection, which allows remote attackers to cause a denial of service stream-processing outage via modified flow-control windows...
Authorization
The Apache HTTP Server 2.4.18 through 2.4.20, when modhttp2 and modssl are enabled, does not properly recognize the "SSLVerifyClient require" directive for HTTP/2 request authorization, which allows remote attackers to bypass intended access restrictions by leveraging the ability to send multiple...
CVE-2016-4979
The Apache HTTP Server 2.4.18 through 2.4.20, when modhttp2 and modssl are enabled, does not properly recognize the "SSLVerifyClient require" directive for HTTP/2 request authorization, which allows remote attackers to bypass intended access restrictions by leveraging the ability to send multiple...
CVE-2016-4979
The Apache HTTP Server 2.4.18 through 2.4.20, when modhttp2 and modssl are enabled, does not properly recognize the "SSLVerifyClient require" directive for HTTP/2 request authorization, which allows remote attackers to bypass intended access restrictions by leveraging the ability to send multiple...
CVE-2016-1546
CVE-2016-1546 affects Apache HTTP Server 2.4.17/2.4.18 with mod_http2 enabled, where there is no limit on the number of simultaneous stream workers for a single HTTP/2 connection. This can allow remote attackers to cause a denial of service (stream-processing outage) via modified flow-control win...
CVE-2016-4979
CVE-2016-4979 affects Apache HTTP Server 2.4.18–2.4.20 when mod_http2 and mod_ssl are enabled; it fails to recognize the SSLVerifyClient require directive for HTTP/2 request authorization, enabling bypass of access restrictions by abusing multiple requests on a single connection and renegotiation...
EUVD-2016-5947
The Apache HTTP Server 2.4.18 through 2.4.20, when modhttp2 and modssl are enabled, does not properly recognize the "SSLVerifyClient require" directive for HTTP/2 request authorization, which allows remote attackers to bypass intended access restrictions by leveraging the ability to send multiple...