ID CVE-2016-1546
Summary The Apache HTTP Server 2.4.17 and 2.4.18, when mod_http2 is enabled, does not limit the number of simultaneous stream workers for a single HTTP/2 connection, which allows remote attackers to cause a denial of service (stream-processing outage) via modified flow-control windows.
References
Vulnerable Configurations
  • cpe:2.3:a:apache:http_server:2.4.17:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.4.17:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.4.18:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.4.18:*:*:*:*:*:*:*
CVSS
Base: 4.3 (as of 03-06-2018 - 01:29)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:M/Au:N/C:N/I:N/A:P
redhat via4
advisories
rhsa
id RHSA-2017:1161
rpms
  • httpd24-httpd-0:2.4.25-9.el6
  • httpd24-httpd-0:2.4.25-9.el7
  • httpd24-httpd-debuginfo-0:2.4.25-9.el6
  • httpd24-httpd-debuginfo-0:2.4.25-9.el7
  • httpd24-httpd-devel-0:2.4.25-9.el6
  • httpd24-httpd-devel-0:2.4.25-9.el7
  • httpd24-httpd-manual-0:2.4.25-9.el6
  • httpd24-httpd-manual-0:2.4.25-9.el7
  • httpd24-httpd-tools-0:2.4.25-9.el6
  • httpd24-httpd-tools-0:2.4.25-9.el7
  • httpd24-mod_ldap-0:2.4.25-9.el6
  • httpd24-mod_ldap-0:2.4.25-9.el7
  • httpd24-mod_proxy_html-1:2.4.25-9.el6
  • httpd24-mod_proxy_html-1:2.4.25-9.el7
  • httpd24-mod_session-0:2.4.25-9.el6
  • httpd24-mod_session-0:2.4.25-9.el7
  • httpd24-mod_ssl-1:2.4.25-9.el6
  • httpd24-mod_ssl-1:2.4.25-9.el7
refmap via4
bid 92331
confirm
gentoo GLSA-201610-02
mlist
  • [httpd-cvs] 20190815 svn commit: r1048742 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
  • [httpd-cvs] 20190815 svn commit: r1048743 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
  • [httpd-cvs] 20200401 svn commit: r1058586 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
  • [httpd-cvs] 20200401 svn commit: r1058587 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
Last major update 03-06-2018 - 01:29
Published 06-07-2016 - 14:59
Last modified 03-06-2018 - 01:29
Back to Top