Lucene search
K

4 matches found

CVE
CVE
added 2016/07/19 1:0 a.m.1524 views

CVE-2016-5387

CVE-2016-5387 affects Apache httpd prior to 2.4.25, where RFC 3875 compliance allows untrusted HTTP_PROXY data to influence outbound proxy selection via a crafted Proxy header (the httpoxy issue). Public docs indicate the issue arises from the HTTP_PROXY environment variable being exposed to appl...

8.1CVSS8AI score0.55724EPSS
CVE
CVE
added 2016/07/06 2:0 p.m.650 views

CVE-2016-4979

CVE-2016-4979 affects Apache HTTP Server 2.4.18–2.4.20 when mod_http2 and mod_ssl are enabled; it fails to recognize the SSLVerifyClient require directive for HTTP/2 request authorization, enabling bypass of access restrictions by abusing multiple requests on a single connection and renegotiation...

7.5CVSS7.5AI score0.18802EPSS
CVE
CVE
added 2016/12/05 7:0 p.m.609 views

CVE-2016-8740

CVE-2016-8740 affects Apache HTTP Server mod_http2 when Protocols includes h2/h2c. A memory-exhaustion DoS arises from improper restriction of request-header length in crafted CONTINUATION frames in versions 2.4.17–2.4.23. Connected sources confirm the root cause is header-length handling without...

7.5CVSS7.2AI score0.7907EPSS
CVE
CVE
added 2016/07/06 2:0 p.m.568 views

CVE-2016-1546

CVE-2016-1546 affects Apache HTTP Server 2.4.17/2.4.18 with mod_http2 enabled, where there is no limit on the number of simultaneous stream workers for a single HTTP/2 connection. This can allow remote attackers to cause a denial of service (stream-processing outage) via modified flow-control win...

5.9CVSS5.7AI score0.15327EPSS