Russian Vulnerability Scanner Database

Back to List

CVE-2016-8740

Scores

EPSS

0.683medium68.3%
0%20%40%60%80%100%

Percentile: 68.3%

CVSS

5.9medium3.x
0246810

CVSS Score: 5.9/10

All CVSS Scores

CVSS 3.x
5.9

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

CVSS 2.0
4.3

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

Description

The mod_http2 module in the Apache HTTP Server 2.4.17 through 2.4.23, when the Protocols configuration includes h2 or h2c, does not restrict request-header length, which allows remote attackers to cause a denial of service (memory consumption) via crafted CONTINUATION frames in an HTTP/2 request.

Scaner-VS 7 — a modern vulnerability management solution

Uses this database for vulnerability detection. High-speed search, cross-platform, advanced configuration audit, and flexible filtering. Suitable for organizations of any size.
Learn more about Scaner-VS 7

Sources

debiannvdredhatubuntu

CWEs

CWE-20

Exploits

Exploit ID: 40909

Source: exploitdb

URL: https://www.exploit-db.com/exploits/40909

Vulnerable Software (18)

Type: Configuration

Product: apache2

Operating System: debian

Trait: 
{  "fixed": "2.4.25-1"}

Source: debian

Type: Configuration

Product: apache2

Operating System: debian jessie 8

Trait: 
{  "unaffected": true}

Source: debian

Type: Configuration

Product: apache2

Operating System: debian wheezy 7

Trait: 
{  "unaffected": true}

Source: debian

Type: Configuration

Product: apache2

Operating System: ubuntu trusty 14.04

Trait: 
{  "unaffected": true}

Source: ubuntu

Type: Configuration

Product: apache2

Operating System: ubuntu xenial 16.04

Trait: 
{  "unaffected": true}

Source: ubuntu

Type: Configuration

Product: apache2

Operating System: ubuntu yakkety 16.10

Trait: 
{  "unaffected": true}

Source: ubuntu

Type: Configuration

Product: apache2

Operating System: ubuntu zesty 17.04

Trait: 
{  "unaffected": true}

Source: ubuntu

Type: Configuration

Product: httpd24-httpd

Operating System: rhel

Trait: 
{  "fixed": "2.4.25-9.el6"}

Source: redhat

Type: Configuration

Product: httpd24-httpd

Operating System: rhel

Trait: 
{  "fixed": "2.4.25-9.el6"}

Source: redhat

Type: Configuration

Product: httpd24-httpd

Operating System: rhel

Trait: 
{  "fixed": "2.4.25-9.el7"}

Source: redhat

Type: Configuration

Product: httpd24-httpd

Operating System: rhel

Trait: 
{  "fixed": "2.4.25-9.el7"}

Source: redhat

Type: Configuration

Product: jbcs-httpd24-httpd

Operating System: rhel

Trait: 
{  "fixed": "2.4.23-120.jbcs.el6"}

Source: redhat

Type: Configuration

Product: jbcs-httpd24-httpd

Operating System: rhel

Trait: 
{  "fixed": "2.4.23-120.jbcs.el7"}

Source: redhat

Type: Configuration

Product: jbcs-httpd24-mod_security

Operating System: rhel

Trait: 
{  "fixed": "2.9.1-19.GA.jbcs.el6"}

Source: redhat

Type: Configuration

Product: jbcs-httpd24-mod_security

Operating System: rhel

Trait: 
{  "fixed": "2.9.1-19.GA.jbcs.el7"}

Source: redhat

Type: Configuration

Product: jbcs-httpd24-openssl

Operating System: rhel

Trait: 
{  "fixed": "1.0.2h-13.jbcs.el6"}

Source: redhat

Type: Configuration

Product: jbcs-httpd24-openssl

Operating System: rhel

Trait: 
{  "fixed": "1.0.2h-13.jbcs.el7"}

Source: redhat

Type: Configuration

Vendor: *

Product: http_server

Operating System: * * *

Trait: 
{  "cpe_match": [    {      "cpe23uri": "cpe:2.3:a:apache:http_server:2.4.17:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:apache:http_server:2.4.18:*:*:*:*:*:*...

Source: nvd

End of list