Описание
A vulnerability was found in Apache HTTP Server 2.4.17 to 2.4.38. Using fuzzed network input, the http/2 request handling could be made to access freed memory in string comparison when determining the method of a request and thus process the request incorrectly.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | released | 2.4.29-1ubuntu4.6 |
| cosmic | released | 2.4.34-1ubuntu2.1 |
| devel | released | 2.4.38-2ubuntu2 |
| esm-infra-legacy/trusty | not-affected | code not present |
| esm-infra/bionic | not-affected | 2.4.29-1ubuntu4.6 |
| esm-infra/xenial | not-affected | code not built |
| precise/esm | not-affected | code not present |
| trusty | not-affected | code not present |
| trusty/esm | not-affected | code not present |
| upstream | needs-triage |
Показывать по
EPSS
5 Medium
CVSS2
5.3 Medium
CVSS3
Связанные уязвимости
A vulnerability was found in Apache HTTP Server 2.4.17 to 2.4.38. Using fuzzed network input, the http/2 request handling could be made to access freed memory in string comparison when determining the method of a request and thus process the request incorrectly.
A vulnerability was found in Apache HTTP Server 2.4.17 to 2.4.38. Using fuzzed network input, the http/2 request handling could be made to access freed memory in string comparison when determining the method of a request and thus process the request incorrectly.
A vulnerability was found in Apache HTTP Server 2.4.17 to 2.4.38. Usin ...
A vulnerability was found in Apache HTTP Server 2.4.17 to 2.4.38. Using fuzzed network input, the http/2 request handling could be made to access freed memory in string comparison when determining the method of a request and thus process the request incorrectly.
Уязвимость модуля mod_http2 веб-сервера Apache HTTP Server, позволяющая нарушителю вызвать отказ в обслуживании или получить доступ к конфиденциальной информации
EPSS
5 Medium
CVSS2
5.3 Medium
CVSS3