Free and open-source vulnerability scanner
Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.
Install NowAvailable for macOS, Windows, and Linux
Apache HTTP Server < 2.4.39 mod_http2 DoS Vulnerability (Windows)
Information
Severity
Severity
Low
Family
Family
Web Servers
CVSSv2 Base
CVSSv2 Base
3.6
CVSSv2 Vector
CVSSv2 Vector
AV:N/AC:H/Au:S/C:N/I:P/A:P
Solution Type
Solution Type
Vendor Patch
Created
Created
4 years ago
Modified
Modified
4 years ago
Summary
When HTTP/2 was enabled for a http: host or H2Upgrade was enabled for h2 on a https: host, an Upgrade request from http/1.1 to http/2 that was not the first request on a connection could lead to a misconfiguration and crash. A server that never enabled the h2 protocol or that only enabled it for https: and did not configure the '2Upgrade on' is unaffected by this.
Affected Software
Affected Software
Apache HTTP server version 2.4.38, 2.4.37, 2.4.35 and 2.4.34.
Detection Method
Detection Method
Checks if a vulnerable version is present on the target host.
Solution
Solution
Update to version 2.4.39 or later.