Lucene search

Basic search
Lucene search
Search by product

Database

Vendors

FreeBSD8E6F684B-F333-11EE-A573-84A93843EB75

HistoryApr 04, 2024 - 12:00 a.m.

Vulners
/
Freebsd
/
Apache httpd -- multiple vulnerabilities

Apache httpd -- multiple vulnerabilities

2024-04-0400:00:00

vuxml.freebsd.org

apache httpd

http/2

dos

memory exhaustion

http response splitting

modules

unix

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

Confidence

Low

EPSS

0.001

Percentile

47.6%

JSON

The Apache httpd project reports:

HTTP/2 DoS by memory exhaustion on endless continuation frames
HTTP Response Splitting in multiple modules

OSVersionArchitecturePackageVersionFilename
FreeBSDanynoarchapache24< 2.4.59UNKNOWN
FreeBSDanynoarchmod_http2< 2.0.27UNKNOWN

OS	Version	Architecture	Package	Version	Filename
FreeBSD	any	noarch	apache24	< 2.4.59	UNKNOWN
FreeBSD	any	noarch	mod_http2	< 2.0.27	UNKNOWN

References

downloads.apache.org/httpd/CHANGES_2.4.59

nessus 70

openvas 47

osv 16

ubuntu 3

slackware 1

kaspersky 1

mageia 1

vulnrichment 3

cvelist 3

nvd 3

redos 1

ibm 4

cve 3

redhat 7

rocky 2

debiancve 2

veracode 2

almalinux 3

githubexploit 1

ubuntucve 2

cbl_mariner 4

redhatcve 2

oraclelinux 3

hackerone 1

amazon 2

debian 3

f5 2

alpinelinux 2

fedora 5

nessus

FreeBSD : Apache httpd -- multiple vulnerabilities (8e6f684b-f333-11ee-a573-84a93843eb75)

2024-04-06 00:00:00

EulerOS 2.0 SP8 : httpd (EulerOS-SA-2024-2035)

2024-07-22 00:00:00

EulerOS 2.0 SP12 : httpd (EulerOS-SA-2024-2215)

2024-08-21 00:00:00

openvas

Ubuntu: Security Advisory (USN-6729-3)

2024-04-30 00:00:00

SUSE: Security Advisory (SUSE-SU-2024:1627-1)

2024-05-14 00:00:00

Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2024-1886)

2024-07-16 00:00:00

osv

apache2 vulnerabilities

2024-04-29 11:31:21

apache2 vulnerabilities

2024-04-11 16:19:44

apache2 vulnerabilities

2024-04-17 15:26:47

ubuntu

Apache HTTP Server vulnerabilities

2024-04-17 00:00:00

Apache HTTP Server vulnerabilities

2024-04-11 00:00:00

Apache HTTP Server vulnerabilities

2024-04-29 00:00:00

slackware

[slackware-security] httpd

2024-04-04 19:16:44

kaspersky

KLA65470 Multiple vulnerabilities in Apache HTTP Server

2024-04-04 00:00:00

mageia

Updated apache packages fix security vulnerabilities

2024-04-10 07:03:52

vulnrichment

CVE-2024-38709 WordPress GD Rating System plugin <= 3.6 - Local File Inclusion vulnerability

2024-07-12 14:10:24

CVE-2024-27316 Apache HTTP Server: HTTP/2 DoS by memory exhaustion on endless continuation frames

2024-04-04 19:21:41

CVE-2024-24795 Apache HTTP Server: HTTP Response Splitting in multiple modules

2024-04-04 19:20:48

cvelist

CVE-2024-38709 WordPress GD Rating System plugin <= 3.6 - Local File Inclusion vulnerability

2024-07-12 14:10:24

CVE-2024-24795 Apache HTTP Server: HTTP Response Splitting in multiple modules

2024-04-04 19:20:48

CVE-2024-27316 Apache HTTP Server: HTTP/2 DoS by memory exhaustion on endless continuation frames

2024-04-04 19:21:41

nvd

CVE-2024-38709

2024-07-12 14:15:16

CVE-2024-27316

2024-04-04 20:15:08

CVE-2024-24795

2024-04-04 20:15:08

redos

ROS-20240425-01

2024-04-25 00:00:00

ibm

Security Bulletin: IBM HTTP Server (powered by Apache) for IBM i is vulnerable to a denial of service attack using HTTP/2 protocol. [CVE-2024-27316]

2024-06-25 23:52:39

Security Bulletin: IBM Aspera Console has addressed a denial of service vulnerability (CVE-2024-27316)

2024-05-29 21:22:20

Security Bulletin: IBM HTTP Server is vulnerable to HTTP response splitting due to the included Apache HTTP Server (CVE-2024-24795, CVE-2023-38709)

2024-09-05 18:20:04

cve

CVE-2024-38709

2024-07-12 14:15:16

CVE-2024-24795

2024-04-04 20:15:08

CVE-2024-27316

2024-04-04 20:15:08

redhat

(RHSA-2024:1872) Important: mod_http2 security update

2024-04-18 00:58:11

(RHSA-2024:4390) Moderate: Red Hat JBoss Enterprise Application Platform 8.0 security update

2024-07-08 21:26:13

(RHSA-2024:2907) Moderate: httpd:2.4 security update

2024-05-20 01:02:25

rocky

httpd:2.4/mod_http2 security update

2024-05-06 13:04:21

mod_http2 security update

2024-05-10 14:32:42

debiancve

CVE-2024-27316

2024-04-04 20:15:08

CVE-2024-24795

2024-04-04 20:15:08

veracode

Memory Exhaustion

2024-04-10 19:25:29

HTTP Response Splitting

2024-04-10 21:30:32

almalinux

Moderate: mod_http2 security update

2024-04-30 00:00:00

Important: mod_http2 security update

2024-04-18 00:00:00

Important: httpd:2.4/mod_http2 security update

2024-04-11 00:00:00

githubexploit

Exploit for Allocation of Resources Without Limits or Throttling in Apache Http Server

2024-04-17 20:08:05

ubuntucve

CVE-2024-24795

2024-04-04 00:00:00

CVE-2024-27316

2024-03-27 00:00:00

cbl_mariner

CVE-2024-24795 affecting package httpd for versions less than 2.4.59-1

2024-05-06 17:48:02

CVE-2024-27316 affecting package httpd for versions less than 2.4.61-1

2024-08-14 20:43:58

CVE-2024-24795 affecting package httpd for versions less than 2.4.61-1

2024-08-14 20:43:58

redhatcve

CVE-2024-24795

2024-04-04 19:32:34

CVE-2024-27316

2024-04-03 19:27:03

oraclelinux

mod_http2 security update

2024-04-18 00:00:00

mod_http2 security update

2024-05-07 00:00:00

httpd:2.4/mod_http2 security update

2024-04-11 00:00:00

hackerone

Internet Bug Bounty: Apache HTTP Server: HTTP/2 DoS by memory exhaustion on endless continuation frames

2024-04-08 20:33:40

amazon

Important: mod_http2

2024-04-24 22:15:00

Important: httpd24

2024-04-25 16:04:00

debian

[SECURITY] [DLA 3819-1] fossil security update

2024-05-25 11:33:10

[SECURITY] [DSA 5662-1] apache2 security update

2024-04-16 18:32:07

[SECURITY] [DLA 3818-1] apache2 security update

2024-05-25 11:06:45

K000139447 : Apache httpd vulnerability CVE-2024-24795

2024-05-08 00:00:00

K000139214 : Apache httpd vulnerability CVE-2024-27316

2024-04-08 00:00:00

alpinelinux

CVE-2024-24795

2024-04-04 20:15:08

CVE-2024-27316

2024-04-04 20:15:08

fedora

[SECURITY] Fedora 40 Update: mod_http2-2.0.27-1.fc40

2024-04-21 01:08:56

[SECURITY] Fedora 38 Update: mod_http2-2.0.27-1.fc38

2024-04-21 02:57:21

[SECURITY] Fedora 39 Update: mod_http2-2.0.27-1.fc39

2024-04-21 01:20:22

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

Confidence

Low

EPSS

0.001

Percentile

47.6%

JSON

Related for 8E6F684B-F333-11EE-A573-84A93843EB75