Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2016-1546

Опубликовано: 11 апр. 2016
Источник: redhat
CVSS2: 4.3
EPSS Средний

Описание

The Apache HTTP Server 2.4.17 and 2.4.18, when mod_http2 is enabled, does not limit the number of simultaneous stream workers for a single HTTP/2 connection, which allows remote attackers to cause a denial of service (stream-processing outage) via modified flow-control windows.

A denial of service flaw was found in httpd's mod_http2 module. A remote attacker could use this flaw to block server threads for long times, causing starvation of worker threads, by manipulating the flow control windows on streams.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
CloudForms Management Engine 5httpdNot affected
Red Hat Directory Server 8httpdNot affected
Red Hat Enterprise Linux 5httpdNot affected
Red Hat Enterprise Linux 6httpdNot affected
Red Hat Enterprise Linux 7httpdNot affected
Red Hat JBoss Enterprise Application Platform 5httpdNot affected
Red Hat JBoss Enterprise Application Platform 6httpdNot affected
Red Hat JBoss Enterprise Web Server 1httpdNot affected
Red Hat JBoss Enterprise Web Server 2httpdNot affected
Red Hat JBoss Enterprise Web Server 3httpdNot affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
https://bugzilla.redhat.com/show_bug.cgi?id=1336350httpd: mod_http2 denial-of-service by thread starvation

EPSS

Процентиль: 97%
0.36839
Средний

4.3 Medium

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2016-1546

CVSS3: 5.9
ubuntu
больше 9 лет назад

The Apache HTTP Server 2.4.17 and 2.4.18, when mod_http2 is enabled, does not limit the number of simultaneous stream workers for a single HTTP/2 connection, which allows remote attackers to cause a denial of service (stream-processing outage) via modified flow-control windows.

nvd логотип

CVE-2016-1546

CVSS3: 5.9
nvd
больше 9 лет назад

The Apache HTTP Server 2.4.17 and 2.4.18, when mod_http2 is enabled, does not limit the number of simultaneous stream workers for a single HTTP/2 connection, which allows remote attackers to cause a denial of service (stream-processing outage) via modified flow-control windows.

debian логотип

CVE-2016-1546

CVSS3: 5.9
debian
больше 9 лет назад

The Apache HTTP Server 2.4.17 and 2.4.18, when mod_http2 is enabled, d ...

github логотип

GHSA-f6fj-787v-v59m

CVSS3: 5.9
github
больше 3 лет назад

The Apache HTTP Server 2.4.17 and 2.4.18, when mod_http2 is enabled, does not limit the number of simultaneous stream workers for a single HTTP/2 connection, which allows remote attackers to cause a denial of service (stream-processing outage) via modified flow-control windows.

fstec логотип

BDU:2016-01707

fstec
больше 9 лет назад

Уязвимость веб-сервера Apache HTTP Server, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 97%
0.36839
Средний

4.3 Medium

CVSS2