Moderate: Red Hat Security Advisory: mod_http2 security update

An update for modhttp2 is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...

Oracle Linux 9 : mod_http2 (ELSA-2025-14983)

The remote Oracle Linux 9 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2025-14983 advisory. 2.0.26-4.1 - Resolves: RHEL-99956 - CVE-2025-49630 httpd: untrusted input from a client causes an assertion to fail in the Apache modproxyhttp2 module Tenable...

RHSA-2025:14625 Red Hat Security Advisory: mod_http2 security update

Bulletin has no description...

OESA-2025-2076 mod_http2 security update

The modh2 Apache httpd module implements the HTTP2 protocol h2+h2c on top of libnghttp2 for httpd 2.4 servers. Security Fixes: A vulnerability classified as problematic has been found in Apache HTTP Server up to 2.4.63 Web Server.CWE is classifying the issue as CWE-617. The product contains an...

Moderate: Red Hat Security Advisory: mod_http2 security update

An update for modhttp2 is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

ALSA-2025:14625 Moderate: mod_http2 security update

The modh2 Apache httpd module implements the HTTP2 protocol h2+h2c on top of libnghttp2 for httpd 2.4 servers. Security Fixes: httpd: modproxyhttp2: untrusted input from a client causes an assertion to fail in the Apache modproxyhttp2 module CVE-2025-49630 For more details about the security...

Oracle Linux 10 : mod_http2 (ELSA-2025-14625)

The remote Oracle Linux 10 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2025-14625 advisory. 2.0.29-2.1 - Resolves: RHEL-106263 - CVE-2025-49630 httpd: untrusted input from a client causes an assertion to fail in the Apache modproxyhttp2 module Tenabl...

FreeBSD : mod_http2 -- Multiple vulnerabilities (61d74f80-5e9e-11f0-8baa-8447094a420f)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 61d74f80-5e9e-11f0-8baa-8447094a420f advisory. The modhttp2 project reports: a client can increase memory consumption for a HTTP/2 connection...

TencentOS Server 3: httpd:2.4 (TSSA-2024:0217)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2024:0217 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

CBL Mariner 2.0 Security Update: httpd / mod_http2 (CVE-2023-45802)

The version of httpd / modhttp2 installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-45802 advisory. - When a HTTP/2 stream was reset RST frame by a client, there was a time window were the request's...

Azure Linux 3.0 Security Update: httpd / mod_http2 (CVE-2023-43622)

The version of httpd / modhttp2 installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-43622 advisory. - An attacker, opening a HTTP/2 connection with an initial window size of 0, was able to block...

Azure Linux 3.0 Security Update: httpd / mod_http2 (CVE-2023-25690)

The version of httpd / modhttp2 installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-25690 advisory. - Some modproxy configurations on Apache HTTP Server versions 2.4.0 through 2.4.55 allow a HTTP...

Azure Linux 3.0 Security Update: httpd / mod_http2 (CVE-2023-45802)

The version of httpd / modhttp2 installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-45802 advisory. - When a HTTP/2 stream was reset RST frame by a client, there was a time window were the request's...

CBL Mariner 2.0 Security Update: httpd / mod_http2 (CVE-2023-43622)

The version of httpd / modhttp2 installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-43622 advisory. - An attacker, opening a HTTP/2 connection with an initial window size of 0, was able to block...

Azure Linux 3.0 Security Update: httpd / mod_http2 (CVE-2022-37436)

The version of httpd / modhttp2 installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2022-37436 advisory. - Prior to Apache HTTP Server 2.4.55, a malicious backend can cause the response headers to be...

CVE-2022-37436 affecting package mod_http2 for versions less than 2.0.29-3

CVE-2022-37436 affecting package modhttp2 for versions less than 2.0.29-3. An upgraded version of the package is available that resolves this issue...

CVE-2023-25690 affecting package mod_http2 for versions less than 2.0.29-3

CVE-2023-25690 affecting package modhttp2 for versions less than 2.0.29-3. An upgraded version of the package is available that resolves this issue...

CVE-2021-31618 affecting package mod_http2 for versions less than 2.0.29-3

CVE-2021-31618 affecting package modhttp2 for versions less than 2.0.29-3. An upgraded version of the package is available that resolves this issue...

CVE-2023-45802 affecting package mod_http2 for versions less than 2.0.29-3

CVE-2023-45802 affecting package modhttp2 for versions less than 2.0.29-3. An upgraded version of the package is available that resolves this issue...

CVE-2023-43622 affecting package mod_http2 for versions less than 2.0.29-3

CVE-2023-43622 affecting package modhttp2 for versions less than 2.0.29-3. An upgraded version of the package is available that resolves this issue...