Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2016-4979

Опубликовано: 06 июл. 2016
Источник: ubuntu
Приоритет: medium
EPSS Средний
CVSS2: 5
CVSS3: 7.5

Описание

The Apache HTTP Server 2.4.18 through 2.4.20, when mod_http2 and mod_ssl are enabled, does not properly recognize the "SSLVerifyClient require" directive for HTTP/2 request authorization, which allows remote attackers to bypass intended access restrictions by leveraging the ability to send multiple requests over a single connection and aborting a renegotiation.

РелизСтатусПримечание
devel

not-affected

no mod_http2 support
esm-infra-legacy/trusty

not-affected

code not present
esm-infra/xenial

not-affected

no mod_http2 support
precise

not-affected

code not present
trusty

not-affected

code not present
trusty/esm

not-affected

code not present
upstream

released

2.4.23-1
vivid/stable-phone-overlay

DNE

vivid/ubuntu-core

DNE

wily

not-affected

code not present

Показывать по

Ссылки на источники

EPSS

Процентиль: 97%
0.32726
Средний

5 Medium

CVSS2

7.5 High

CVSS3

Связанные уязвимости

redhat логотип

CVE-2016-4979

CVSS3: 9.1
redhat
больше 9 лет назад

The Apache HTTP Server 2.4.18 through 2.4.20, when mod_http2 and mod_ssl are enabled, does not properly recognize the "SSLVerifyClient require" directive for HTTP/2 request authorization, which allows remote attackers to bypass intended access restrictions by leveraging the ability to send multiple requests over a single connection and aborting a renegotiation.

nvd логотип

CVE-2016-4979

CVSS3: 7.5
nvd
больше 9 лет назад

The Apache HTTP Server 2.4.18 through 2.4.20, when mod_http2 and mod_ssl are enabled, does not properly recognize the "SSLVerifyClient require" directive for HTTP/2 request authorization, which allows remote attackers to bypass intended access restrictions by leveraging the ability to send multiple requests over a single connection and aborting a renegotiation.

debian логотип

CVE-2016-4979

CVSS3: 7.5
debian
больше 9 лет назад

The Apache HTTP Server 2.4.18 through 2.4.20, when mod_http2 and mod_s ...

github логотип

GHSA-r48c-7gpg-9q4x

CVSS3: 7.5
github
больше 3 лет назад

The Apache HTTP Server 2.4.18 through 2.4.20, when mod_http2 and mod_ssl are enabled, does not properly recognize the "SSLVerifyClient require" directive for HTTP/2 request authorization, which allows remote attackers to bypass intended access restrictions by leveraging the ability to send multiple requests over a single connection and aborting a renegotiation.

EPSS

Процентиль: 97%
0.32726
Средний

5 Medium

CVSS2

7.5 High

CVSS3