CVE-2024-36387

Опубликовано: 01 июл. 2024

Источник: nvd

CVSS3: 5.4

EPSS Низкий

Описание

Serving WebSocket protocol upgrades over a HTTP/2 connection could result in a Null Pointer dereference, leading to a crash of the server process, degrading performance.

Ссылки

https://httpd.apache.org/security/vulnerabilities_24.html
Vendor Advisory
https://security.netapp.com/advisory/ntap-20240712-0001/
Third Party Advisory
http://www.openwall.com/lists/oss-security/2024/07/01/4
Mailing List
Third Party Advisory
https://httpd.apache.org/security/vulnerabilities_24.html
Vendor Advisory
https://security.netapp.com/advisory/ntap-20240712-0001/
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*

Версия от 2.4.55 (включая) до 2.4.59 (включая)

Конфигурация 2

cpe:2.3:a:netapp:ontap:9:*:*:*:*:*:*:*

EPSS

Процентиль: 33%

0.0013

Низкий

5.4 Medium

CVSS3

Дефекты

CWE-476

Связанные уязвимости

CVE-2024-36387

CVSS3: 5.4

ubuntu

больше 1 года назад

Serving WebSocket protocol upgrades over a HTTP/2 connection could result in a Null Pointer dereference, leading to a crash of the server process, degrading performance.

CVE-2024-36387

CVSS3: 3.7

redhat

больше 1 года назад

Serving WebSocket protocol upgrades over a HTTP/2 connection could result in a Null Pointer dereference, leading to a crash of the server process, degrading performance.

CVE-2024-36387

CVSS3: 5.4

msrc

11 месяцев назад

Apache HTTP Server: DoS by Null pointer in websocket over HTTP/2

CVE-2024-36387

CVSS3: 5.4

debian

больше 1 года назад

Serving WebSocket protocol upgrades over a HTTP/2 connection could res ...

RLSA-2024:8680

rocky

около 1 года назад

Low: mod_http2 security update

EPSS

Процентиль: 33%

0.0013

Низкий

5.4 Medium

CVSS3

Дефекты

CWE-476