ID CVE-2017-9789
Summary When under stress, closing many connections, the HTTP/2 handling code in Apache httpd 2.4.26 would sometimes access memory after it has been freed, resulting in potentially erratic behaviour.
References
Vulnerable Configurations
  • cpe:2.3:a:apache:http_server:2.4.26
    cpe:2.3:a:apache:http_server:2.4.26
CVSS
Base: 5.0
Impact:
Exploitability:
CWE CWE-416
CAPEC
refmap via4
bid 99568
confirm https://httpd.apache.org/security/vulnerabilities_24.html
mlist [announce] 20170713 CVE-2017-9789: Apache httpd 2.4 Read after free in mod_http2
sectrack 1038907
Last major update 13-07-2017 - 12:29
Published 13-07-2017 - 12:29
Last modified 21-07-2017 - 12:52
Back to Top