The mod_http2 module in the Apache HTTP Server 2.4.17 up to and including 2.4.23, when the Protocols configuration includes h2 or h2c, does not restrict request-header length, which allows remote malicious users to cause a denial of service (memory consumption) via crafted CONTINUATION frames in an HTTP/2 request.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
apache http server 2.4.20 |
||
apache http server 2.4.23 |
||
apache http server 2.4.18 |
||
apache http server 2.4.22 |
||
apache http server 2.4.19 |
||
apache http server 2.4.17 |
||
apache http server 2.4.21 |