Showing 1 - 7 of 7

CVE-2024-27316

Status Candidate

Overview

HTTP/2 incoming headers exceeding the limit are temporarily buffered in nghttp2 in order to generate an informative HTTP 413 response. If a client does not stop sending headers, this leads to memory exhaustion.

Related Files

Red Hat Security Advisory 2024-2564-03: Posted May 1, 2024; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2024-2564-03 - An update for mod_http2 is now available for Red Hat Enterprise Linux 9. Issues addressed include a denial of service vulnerability.; tags | advisory, denial of service; systems | linux, redhat; advisories | CVE-2024-27316; SHA-256 | 8e6628488e6108ff6695d0307cffc55b4b26ddcfbc056abd4adf4256bdeb07ea; Download | Favorite | View

Ubuntu Security Notice USN-6729-3: Posted Apr 29, 2024; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 6729-3 - USN-6729-1 fixed vulnerabilities in Apache HTTP Server. This update provides the corresponding updates for Ubuntu 24.04 LTS. Orange Tsai discovered that the Apache HTTP Server incorrectly handled validating certain input. A remote attacker could possibly use this issue to perform HTTP request splitting attacks. Keran Mu and Jianjun Chen discovered that the Apache HTTP Server incorrectly handled validating certain input. A remote attacker could possibly use this issue to perform HTTP request splitting attacks. Bartek Nowotarski discovered that the Apache HTTP Server HTTP/2 module incorrectly handled endless continuation frames. A remote attacker could possibly use this issue to cause the server to consume resources, leading to a denial of service.; tags | advisory, remote, web, denial of service, vulnerability; systems | linux, ubuntu; advisories | CVE-2023-38709, CVE-2024-24795, CVE-2024-27316; SHA-256 | 64bc41b5243d484a6b2e16655cb72ea9b8aa3a19737b46627dbb01cfa4e8fb4e; Download | Favorite | View

Ubuntu Security Notice USN-6729-2: Posted Apr 18, 2024; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 6729-2 - USN-6729-1 fixed several vulnerabilities in Apache. This update provides the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Orange Tsai discovered that the Apache HTTP Server incorrectly handled validating certain input. A remote attacker could possibly use this issue to perform HTTP request splitting attacks.; tags | advisory, remote, web, vulnerability; systems | linux, ubuntu; advisories | CVE-2023-38709, CVE-2024-24795, CVE-2024-27316; SHA-256 | 48e8f6ab38e454ffe37a65ae74aa96cb5b3942a28276a0cc0f3a974d4716ae83; Download | Favorite | View

Red Hat Security Advisory 2024-1872-03: Posted Apr 18, 2024; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2024-1872-03 - An update for mod_http2 is now available for Red Hat Enterprise Linux 9. Issues addressed include a denial of service vulnerability.; tags | advisory, denial of service; systems | linux, redhat; advisories | CVE-2024-27316; SHA-256 | 952a7171d2dff7e044be850e1e4790ebf22de2edc2b661ca73ef284edf29b065; Download | Favorite | View

Debian Security Advisory 5662-1: Posted Apr 17, 2024; Authored by Debian | Site debian.org; Debian Linux Security Advisory 5662-1 - Multiple vulnerabilities have been discovered in the Apache HTTP server, which may result in HTTP response splitting or denial of service.; tags | advisory, web, denial of service, vulnerability; systems | linux, debian; advisories | CVE-2023-31122, CVE-2023-38709, CVE-2023-43622, CVE-2023-45802, CVE-2024-24795, CVE-2024-27316; SHA-256 | 91dd197c5a6d8baaed2ebca649cbbb006dfaa18a448d23acca955357225d36eb; Download | Favorite | View

Ubuntu Security Notice USN-6729-1: Posted Apr 12, 2024; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 6729-1 - Orange Tsai discovered that the Apache HTTP Server incorrectly handled validating certain input. A remote attacker could possibly use this issue to perform HTTP request splitting attacks. Keran Mu and Jianjun Chen discovered that the Apache HTTP Server incorrectly handled validating certain input. A remote attacker could possibly use this issue to perform HTTP request splitting attacks.; tags | advisory, remote, web; systems | linux, ubuntu; advisories | CVE-2023-38709, CVE-2024-24795, CVE-2024-27316; SHA-256 | b6b856a665b8ccd0c761b17ac9d0990bb16f01e11f4e9c76e440d6681ef8b0fd; Download | Favorite | View

Red Hat Security Advisory 2024-1786-03: Posted Apr 12, 2024; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2024-1786-03 - An update for the httpd:2.4 module is now available for Red Hat Enterprise Linux 8. Issues addressed include a denial of service vulnerability.; tags | advisory, denial of service; systems | linux, redhat; advisories | CVE-2024-27316; SHA-256 | 9838d3362a205bf95b6542e2c2caf6d6b03da8436f7ed6e2cd637f0e92a53504; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 285 files
Ubuntu 67 files
Debian 24 files
LiquidWorm 11 files
Valentin Lobstein 10 files
nu11secur1ty 7 files
Milad Karimi 5 files
Google Security Research 4 files
tmrswrr 3 files
Jann Horn 3 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,025)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,467)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,485)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,706)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,480)
UNIX (9,394)
UnixWare (187)
Windows (6,653)
Other

CVE-2024-27316

Overview

Related Files

File Archive:

May 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems