Wind River Support Network

HomeDefectsLIN9-2678
Fixed

LIN9-2678 : Security Advisory - apache - CVE-2016-8740

Created: Dec 15, 2016    Updated: May 29, 2018
Resolved Date: Apr 10, 2018
Found In Version: unknown
Fix Version: 9.0.0.4
Severity: Standard
Applicable for: Wind River Linux 9
Component/s: Userspace

Description

The mod_http2 module in the Apache HTTP Server 2.4.17 through 2.4.23, when the Protocols configuration includes h2 or h2c, does not restrict request-header length, which allows remote attackers to cause a denial of service (memory consumption) via crafted CONTINUATION frames in an HTTP/2 request.

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-8740

Other Downloads


CVEs


Live chat
Online