Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2024-36387

Опубликовано: 01 июл. 2024
Источник: redhat
CVSS3: 3.7
EPSS Низкий

Описание

Serving WebSocket protocol upgrades over a HTTP/2 connection could result in a Null Pointer dereference, leading to a crash of the server process, degrading performance.

A flaw was found in the Apache HTTP Server. Serving WebSocket protocol upgrades over an HTTP/2 connection could result in a NULL pointer dereference, leading to a crash of the server process.

Меры по смягчению последствий

Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 10mod_http2Not affected
Red Hat Enterprise Linux 8httpd:2.4/mod_http2Not affected
JBoss Core Services for RHEL 8jbcs-httpd24-aprFixedRHSA-2025:345202.04.2025
JBoss Core Services for RHEL 8jbcs-httpd24-apr-utilFixedRHSA-2025:345202.04.2025
JBoss Core Services for RHEL 8jbcs-httpd24-httpdFixedRHSA-2025:345202.04.2025
JBoss Core Services for RHEL 8jbcs-httpd24-mod_http2FixedRHSA-2025:345202.04.2025
JBoss Core Services for RHEL 8jbcs-httpd24-mod_jkFixedRHSA-2025:345202.04.2025
JBoss Core Services for RHEL 8jbcs-httpd24-mod_mdFixedRHSA-2025:345202.04.2025
JBoss Core Services for RHEL 8jbcs-httpd24-mod_proxy_clusterFixedRHSA-2025:345202.04.2025
JBoss Core Services for RHEL 8jbcs-httpd24-mod_securityFixedRHSA-2025:345202.04.2025

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
Дефект:
CWE-476
https://bugzilla.redhat.com/show_bug.cgi?id=2295006mod_http2: DoS by null pointer in websocket over HTTP/2

EPSS

Процентиль: 51%
0.00282
Низкий

3.7 Low

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2024-36387

CVSS3: 5.4
ubuntu
12 месяцев назад

Serving WebSocket protocol upgrades over a HTTP/2 connection could result in a Null Pointer dereference, leading to a crash of the server process, degrading performance.

nvd логотип

CVE-2024-36387

CVSS3: 5.4
nvd
12 месяцев назад

Serving WebSocket protocol upgrades over a HTTP/2 connection could result in a Null Pointer dereference, leading to a crash of the server process, degrading performance.

msrc логотип

CVE-2024-36387

CVSS3: 5.4
msrc
7 месяцев назад

Описание отсутствует

debian логотип

CVE-2024-36387

CVSS3: 5.4
debian
12 месяцев назад

Serving WebSocket protocol upgrades over a HTTP/2 connection could res ...

rocky логотип

RLSA-2024:8680

rocky
7 месяцев назад

Low: mod_http2 security update

EPSS

Процентиль: 51%
0.00282
Низкий

3.7 Low

CVSS3