Free and open-source vulnerability scanner

Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.

Install Now

Available for macOS, Windows, and Linux

App screenshot

Apache HTTP Server < 2.4.39 mod_http2 DoS Vulnerability (Windows)

Information

Severity

Severity

Low

Family

Family

Web Servers

CVSSv2 Base

CVSSv2 Base

3.6

CVSSv2 Vector

CVSSv2 Vector

AV:N/AC:H/Au:S/C:N/I:P/A:P

Solution Type

Solution Type

Vendor Patch

Created

Created

4 years ago

Modified

Modified

4 years ago

Summary

When HTTP/2 was enabled for a http: host or H2Upgrade was enabled for h2 on a https: host, an Upgrade request from http/1.1 to http/2 that was not the first request on a connection could lead to a misconfiguration and crash. A server that never enabled the h2 protocol or that only enabled it for https: and did not configure the '2Upgrade on' is unaffected by this.

Affected Software

Affected Software

Apache HTTP server version 2.4.38, 2.4.37, 2.4.35 and 2.4.34.

Detection Method

Detection Method

Checks if a vulnerable version is present on the target host.

Solution

Solution

Update to version 2.4.39 or later.

Common Vulnerabilities and Exposures (CVE)