Exploit the possiblities
Showing 1 - 10 of 10 RSS Feed

CVE-2016-8740

Status Candidate

Overview

The mod_http2 module in the Apache HTTP Server 2.4.17 through 2.4.23, when the Protocols configuration includes h2 or h2c, does not restrict request-header length, which allows remote attackers to cause a denial of service (memory consumption) via crafted CONTINUATION frames in an HTTP/2 request.

Related Files

Apple Security Advisory 2017-10-31-8
Posted Nov 2, 2017
Authored by Apple | Site apple.com

Apple Security Advisory 2017-10-31-8 - Additional information for the APPLE-SA-2017-09-25-1 macOS High Sierra 10.13 advisory has been provided that relates to Apache and various other software.

tags | advisory
systems | apple
advisories | CVE-2016-2161, CVE-2016-4736, CVE-2016-5387, CVE-2016-8740, CVE-2016-8743, CVE-2016-9042, CVE-2016-9063, CVE-2016-9840, CVE-2016-9841, CVE-2016-9842, CVE-2016-9843, CVE-2017-0381, CVE-2017-1000373, CVE-2017-10989, CVE-2017-13782, CVE-2017-13807, CVE-2017-13808, CVE-2017-13809, CVE-2017-13810, CVE-2017-13811, CVE-2017-13812, CVE-2017-13813, CVE-2017-13814, CVE-2017-13815, CVE-2017-13816, CVE-2017-13817
MD5 | f551c8cf2ba4fdb8abb612d2d110fed3
Apple Security Advisory 2017-10-31-2
Posted Nov 1, 2017
Authored by Apple | Site apple.com

Apple Security Advisory 2017-10-31-2 - macOS High Sierra 10.13.1, Security Update 2017-001 Sierra, Security Update 2017-004 El Capitan are now available and address TLS weaknesses, issues in Apache, and many more vulnerabilities.

tags | advisory, vulnerability
systems | apple
advisories | CVE-2016-2161, CVE-2016-4736, CVE-2016-5387, CVE-2016-8740, CVE-2016-8743, CVE-2017-1000100, CVE-2017-1000101, CVE-2017-11103, CVE-2017-11108, CVE-2017-11541, CVE-2017-11542, CVE-2017-11543, CVE-2017-12893, CVE-2017-12894, CVE-2017-12895, CVE-2017-12896, CVE-2017-12897, CVE-2017-12898, CVE-2017-12899, CVE-2017-12900, CVE-2017-12901, CVE-2017-12902, CVE-2017-12985, CVE-2017-12986, CVE-2017-12987, CVE-2017-1298
MD5 | 0a3f85251303c010a3fa74783867a502
Red Hat Security Advisory 2017-1414-01
Posted Jun 7, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-1414-01 - Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience. This release of Red Hat JBoss Core Services Apache HTTP Server 2.4.23 Service Pack 1 serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.23, and includes bug fixes, which are documented in the Release Notes document linked to in the References.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2016-0736, CVE-2016-2161, CVE-2016-6304, CVE-2016-7056, CVE-2016-8610, CVE-2016-8740, CVE-2016-8743
MD5 | 848fab94797eb5aa2aa12309ab277852
Red Hat Security Advisory 2017-1413-01
Posted Jun 7, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-1413-01 - Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience. This release of Red Hat JBoss Core Services Apache HTTP Server 2.4.23 Service Pack 1 serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.23, and includes bug fixes, which are documented in the Release Notes document linked to in the References.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2016-0736, CVE-2016-2161, CVE-2016-6304, CVE-2016-7056, CVE-2016-8610, CVE-2016-8740, CVE-2016-8743
MD5 | 09e08d9bd5d4778fc51fd66f08804151
Red Hat Security Advisory 2017-1415-01
Posted Jun 7, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-1415-01 - Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience. This release of Red Hat JBoss Core Services Apache HTTP Server 2.4.23 Service Pack 1 serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.23, and includes bug fixes, which are documented in the Release Notes document linked to in the References.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2016-0736, CVE-2016-2161, CVE-2016-6304, CVE-2016-7056, CVE-2016-8610, CVE-2016-8740, CVE-2016-8743
MD5 | c555d9948e27e5468c40aa139259d9cb
Red Hat Security Advisory 2017-1161-01
Posted Apr 26, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-1161-01 - The Apache HTTP Server is a powerful, efficient, and extensible web server. The httpd24 packages provide a recent stable release of version 2.4 of the Apache HTTP Server, along with the mod_auth_kerb module. The httpd24 Software Collection has been upgraded to version 2.4.25, which provides a number of bug fixes and enhancements over the previous version.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2016-0736, CVE-2016-1546, CVE-2016-2161, CVE-2016-8740, CVE-2016-8743
MD5 | d2cdbfc49ae3b71b875790f9786780d9
HP Security Bulletin HPESBUX03725 1
Posted Mar 30, 2017
Authored by HP | Site hp.com

HP Security Bulletin HPESBUX03725 1 - Potential security vulnerabilities have been identified with HP-UX Web Server Suite running Apache on HP-UX 11iv3. These vulnerabilities could be exploited remotely to create a Denial of Service (DoS), Unauthorized Read Access to Data and other impacts including: * Padding Oracle attack in Apache mod_session_crypto * Apache HTTP Request Parsing Whitespace Defects. Revision 1 of this advisory.

tags | advisory, web, denial of service, vulnerability
systems | hpux
advisories | CVE-2016-0736, CVE-2016-2161, CVE-2016-2183, CVE-2016-8740, CVE-2016-8743
MD5 | 62093eab7a4c2c4b060ec05c72eca532
Gentoo Linux Security Advisory 201701-36
Posted Jan 16, 2017
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201701-36 - Multiple vulnerabilities have been found in Apache, the worst of which could lead to a Denial of Service condition. Versions less than 2.4.25 are affected.

tags | advisory, denial of service, vulnerability
systems | linux, gentoo
advisories | CVE-2014-3583, CVE-2016-0736, CVE-2016-2161, CVE-2016-5387, CVE-2016-8073, CVE-2016-8740, CVE-2016-8743
MD5 | 6d481e903a3d0cf6b7a5e328042c47d6
Slackware Security Advisory - httpd Updates
Posted Dec 25, 2016
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New httpd packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues.

tags | advisory
systems | linux, slackware
advisories | CVE-2016-0736, CVE-2016-2161, CVE-2016-5387, CVE-2016-8740, CVE-2016-8743
MD5 | ca47561858ce857f48179e38c7538ee3
Apache HTTPD Web Server 2.4.23 Memory Exhaustion
Posted Dec 5, 2016
Authored by Naveen Tiwari

Apache HTTPD web server versions 2.4.17 through 2.4.23 did not apply limitations on request headers correctly when experimental module for the HTTP/2 protocol is used to access a resource. The net result is that a server allocates too much memory instead of denying the request. This can lead to memory exhaustion of the server by a properly crafted request.

tags | advisory, web, protocol
advisories | CVE-2016-8740
MD5 | c842fcb4e9605beaf9695dcc9fd9c570
Page 1 of 1
Back1Next

File Archive:

December 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    15 Files
  • 2
    Dec 2nd
    2 Files
  • 3
    Dec 3rd
    1 Files
  • 4
    Dec 4th
    15 Files
  • 5
    Dec 5th
    15 Files
  • 6
    Dec 6th
    18 Files
  • 7
    Dec 7th
    17 Files
  • 8
    Dec 8th
    15 Files
  • 9
    Dec 9th
    13 Files
  • 10
    Dec 10th
    4 Files
  • 11
    Dec 11th
    41 Files
  • 12
    Dec 12th
    44 Files
  • 13
    Dec 13th
    25 Files
  • 14
    Dec 14th
    10 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close