Lucene search
AlmaLinuxALSA-2024:1872HistoryApr 18, 2024 - 12:00 a.m.
Important: mod_http2 security update
2024-04-1800:00:00
errata.almalinux.org
23
mod_http2
apache httpd
http2 protocol
libnghttp2
continuation frames
dos
cve-2024-27316
security update
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.3 High
AI Score
Confidence
Low
0.005 Low
EPSS
Percentile
75.5%
The mod_h2 Apache httpd module implements the HTTP2 protocol (h2+h2c) on top of libnghttp2 for httpd 2.4 servers.
Security Fix(es):
- httpd: CONTINUATION frames DoS (CVE-2024-27316)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| almalinux | 9 | aarch64 | mod_http2 | < 1.15.19-5.el9_3.1 | mod_http2-1.15.19-5.el9_3.1.aarch64.rpm |
| almalinux | 9 | ppc64le | mod_http2 | < 1.15.19-5.el9_3.1 | mod_http2-1.15.19-5.el9_3.1.ppc64le.rpm |
| almalinux | 9 | x86_64 | mod_http2 | < 1.15.19-5.el9_3.1 | mod_http2-1.15.19-5.el9_3.1.x86_64.rpm |
| almalinux | 9 | s390x | mod_http2 | < 1.15.19-5.el9_3.1 | mod_http2-1.15.19-5.el9_3.1.s390x.rpm |
Related
nessus
nessus
EulerOS 2.0 SP11 : mod_http2 (EulerOS-SA-2024-1819)
2024-06-25 00:00:00
RHEL 8 : httpd:2.4/mod_http2 (RHSA-2024:1786)
2024-04-11 00:00:00
Oracle Linux 8 : httpd:2.4/mod_http2 (ELSA-2024-1786)
2024-04-13 00:00:00
ibm
ibm
nvd
nvd
CVE-2024-27316
2024-04-04 20:15:08
redos
redos
ROS-20240425-01
2024-04-25 00:00:00
osv
osv
CVE-2024-27316
2024-04-04 20:15:08
Moderate: mod_http2 security update
2024-05-10 14:32:42
BIT-apache-2024-27316
2024-04-06 18:17:01
alpinelinux
alpinelinux
CVE-2024-27316
2024-04-04 20:15:08
redhat
redhat
(RHSA-2024:1786) Important: httpd:2.4/mod_http2 security update
2024-04-11 15:27:17
(RHSA-2024:2907) Moderate: httpd:2.4 security update
2024-05-20 01:02:25
(RHSA-2024:1872) Important: mod_http2 security update
2024-04-18 00:58:11
fedora
fedora
[SECURITY] Fedora 40 Update: mod_http2-2.0.27-1.fc40
2024-04-21 01:08:56
[SECURITY] Fedora 39 Update: mod_http2-2.0.27-1.fc39
2024-04-21 01:20:22
[SECURITY] Fedora 38 Update: mod_http2-2.0.27-1.fc38
2024-04-21 02:57:21
redhatcve
redhatcve
CVE-2024-27316
2024-04-03 19:27:03
oraclelinux
oraclelinux
mod_http2 security update
2024-05-07 00:00:00
httpd:2.4/mod_http2 security update
2024-04-11 00:00:00
mod_http2 security update
2024-04-18 00:00:00
openvas
openvas
Fedora: Security Advisory for mod_http2 (FEDORA-2024-528301bac2)
2024-05-27 00:00:00
Huawei EulerOS: Security Advisory for mod_http2 (EulerOS-SA-2024-1840)
2024-06-25 00:00:00
Fedora: Security Advisory for mod_http2 (FEDORA-2024-4812897dd1)
2024-05-27 00:00:00
veracode
veracode
Memory Exhaustion
2024-04-10 19:25:29
rocky
rocky
httpd:2.4/mod_http2 security update
2024-05-06 13:04:21
mod_http2 security update
2024-05-10 14:32:42
almalinux
almalinux
Moderate: mod_http2 security update
2024-04-30 00:00:00
Important: httpd:2.4/mod_http2 security update
2024-04-11 00:00:00
debiancve
debiancve
CVE-2024-27316
2024-04-04 20:15:08
githubexploit
githubexploit
cbl_mariner
cbl_mariner
CVE-2024-27316 affecting package httpd for versions less than 2.4.59-1
2024-05-06 17:48:02
cvelist
cvelist
amazon
amazon
Important: httpd24
2024-04-25 16:04:00
Important: mod_http2
2024-04-24 22:15:00
f5
f5
K000139214 : Apache httpd vulnerability CVE-2024-27316
2024-04-08 00:00:00
cve
cve
CVE-2024-27316
2024-04-04 20:15:08
ubuntucve
ubuntucve
CVE-2024-27316
2024-03-27 00:00:00
hackerone
hackerone
photon
photon
Important Photon OS Security Update - PHSA-2024-3.0-0748
2024-04-11 00:00:00
Important Photon OS Security Update - PHSA-2024-5.0-0242
2024-04-10 00:00:00
Important Photon OS Security Update - PHSA-2024-4.0-0591
2024-04-11 00:00:00
ubuntu
ubuntu
Apache HTTP Server vulnerabilities
2024-04-17 00:00:00
Apache HTTP Server vulnerabilities
2024-04-11 00:00:00
Apache HTTP Server vulnerabilities
2024-04-29 00:00:00
slackware
slackware
[slackware-security] httpd
2024-04-04 19:16:44
mageia
mageia
Updated apache packages fix security vulnerabilities
2024-04-10 07:03:52
freebsd
freebsd
Apache httpd -- multiple vulnerabilities
2024-04-04 00:00:00
kaspersky
kaspersky
KLA65470 Multiple vulnerabilities in Apache HTTP Server
2024-04-04 00:00:00
debian
debian
[SECURITY] [DLA 3818-1] apache2 security update
2024-05-25 11:06:45
[SECURITY] [DSA 5662-1] apache2 security update
2024-04-16 18:32:07
arista
arista
Security Advisory 0094
2024-04-05 00:00:00
thn
thn
New HTTP/2 Vulnerability Exposes Web Servers to DoS Attacks
2024-04-04 11:15:00
cert
cert
HTTP/2 CONTINUATION frames can be utilized for DoS attacks
2024-04-03 00:00:00
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.3 High
AI Score
Confidence
Low
0.005 Low
EPSS
Percentile
75.5%
Related for ALSA-2024:1872