CVE-2024-36387

Опубликовано: 01 июл. 2024

Источник: nvd

CVSS3: 5.4

EPSS Низкий

Описание

Serving WebSocket protocol upgrades over a HTTP/2 connection could result in a Null Pointer dereference, leading to a crash of the server process, degrading performance.

Ссылки

https://httpd.apache.org/security/vulnerabilities_24.html
Vendor Advisory
https://security.netapp.com/advisory/ntap-20240712-0001/
Third Party Advisory
http://www.openwall.com/lists/oss-security/2024/07/01/4
Mailing List
Third Party Advisory
https://httpd.apache.org/security/vulnerabilities_24.html
Vendor Advisory
https://security.netapp.com/advisory/ntap-20240712-0001/
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*

Версия от 2.4.55 (включая) до 2.4.59 (включая)

Конфигурация 2

cpe:2.3:a:netapp:ontap:9:*:*:*:*:*:*:*

EPSS

Процентиль: 78%

0.01226

Низкий

5.4 Medium

CVSS3

Дефекты

CWE-476

Связанные уязвимости

CVE-2024-36387

CVSS3: 5.4

ubuntu

около 1 года назад

Serving WebSocket protocol upgrades over a HTTP/2 connection could result in a Null Pointer dereference, leading to a crash of the server process, degrading performance.

CVE-2024-36387

CVSS3: 3.7

redhat

около 1 года назад

Serving WebSocket protocol upgrades over a HTTP/2 connection could result in a Null Pointer dereference, leading to a crash of the server process, degrading performance.

CVE-2024-36387

CVSS3: 5.4

msrc

8 месяцев назад

Описание отсутствует

CVE-2024-36387

CVSS3: 5.4

debian

около 1 года назад

Serving WebSocket protocol upgrades over a HTTP/2 connection could res ...

RLSA-2024:8680

rocky

9 месяцев назад

Low: mod_http2 security update

EPSS

Процентиль: 78%

0.01226

Низкий

5.4 Medium

CVSS3

Дефекты

CWE-476