FreeBSD: (Multiple Advisories) (CVE-2016-8740): Apache httpd -- several vulnerabilities
Severity | CVSS | Published | Added | Modified |
---|---|---|---|---|
5 | (AV:N/AC:L/Au:N/C:N/I:N/A:P) | December 05, 2016 | December 06, 2016 | December 22, 2017 |
Description
The mod_http2 module in the Apache HTTP Server 2.4.17 through 2.4.23, when the Protocols configuration includes h2 or h2c, does not restrict request-header length, which allows remote attackers to cause a denial of service (memory consumption) via crafted CONTINUATION frames in an HTTP/2 request.
Free Nexpose Download
Discover, prioritize, and remediate security risks today!
References
Solution
freebsd-upgrade-package-apache24Related Vulnerabilities
- SUSE: CVE-2016-8740: SUSE Linux Security Advisory
- HP-UX: CVE-2016-8740: HPE HP-UX Web Server Suite running Apache, Multiple Vulnerabilities
- Gentoo Linux: CVE-2016-8740: Apache: Multiple vulnerabilities
- Alpine Linux: CVE-2016-8740: apache2 Multiple vulnerabilities
- OS X update for apache (CVE-2016-8740)
- Oracle Solaris 11: CVE-2016-8740: Vulnerability in Apache HTTP server
- Apache HTTPD: HTTP/2 CONTINUATION denial of service (CVE-2016-8740)