Lucene search
K

5 matches found

AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.7 views

Astra Linux – Vulnerability in Apache2

An attacker who establishes an HTTP/2 connection with an initial window size of 0 was able to indefinitely block the handling of that connection in Apache HTTP Server. This could be used to exhaust server resources, similar to the well-known “slow loris” attack pattern. This issue has been fixed ...

7.5CVSS7.2AI score0.70595EPSS
Exploits0References2
OSV
OSV
added 2023/11/10 11:6 a.m.5 views

OESA-2023-1803 httpd security update

Apache HTTP Server is a powerful and flexible HTTP/1.1 compliant web server. Security Fixes: When a HTTP/2 stream was reset RST frame by a client, there was a time window were the request's memory resources were not reclaimed immediately. Instead, de-allocation was deferred to connection close. A...

5.9CVSS8.2AI score0.03024EPSS
Exploits1References2
OSV
OSV
added 2023/11/10 11:6 a.m.5 views

OESA-2023-1806 httpd security update

Apache HTTP Server is a powerful and flexible HTTP/1.1 compliant web server. Security Fixes: Out-of-bounds Read vulnerability in modmacro of Apache HTTP Server.This issue affects Apache HTTP Server: through 2.4.57. CVE-2023-31122 When a HTTP/2 stream was reset RST frame by a client, there was a...

7.5CVSS8.1AI score0.03024EPSS
Exploits1References3
OSV
OSV
added 2023/10/23 7:15 a.m.3 views

DEBIAN-CVE-2023-45802

When a HTTP/2 stream was reset RST frame by a client, there was a time window were the request's memory resources were not reclaimed immediately. Instead, de-allocation was deferred to connection close. A client could send new requests and resets, keeping the connection busy and open and causing...

5.9CVSS7.4AI score0.03024EPSS
Exploits1References1
OSV
OSV
added 2023/10/23 7:15 a.m.6 views

AZL-43639 CVE-2023-43622 affecting package mod_http2 1.15.14-2

An attacker, opening a HTTP/2 connection with an initial window size of 0, was able to block handling of that connection indefinitely in Apache HTTP Server. This could be used to exhaust worker resources in the server, similar to the well known "slow loris" attack pattern. This has been fixed in...

7.5CVSS7AI score0.70595EPSS
Exploits0References1
Rows per page
Query Builder