Signature Detail

This site is deprecated. Please CLICK HERE for latest updates

Short Name	HTTP:APACHE:MOD-HTTP2-DOS
Severity	Major
Recommended	Yes
Recommended Action	Drop
Category	HTTP
Keywords	Apache HTTP Server mod_http2 Module Denial of Service
Release Date	2017/02/02
Update Number	2826
Supported Platforms	idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+

HTTP: Apache HTTP Server mod_http2 Module Denial of Service

This signature detects attempts to exploit a known vulnerability in the Apache HTTP server. Successful exploitation would use up all the available memory on the server, resulting in a denial of service condition on the target.

Extended Description

The mod_http2 module in the Apache HTTP Server 2.4.17 through 2.4.23, when the Protocols configuration includes h2 or h2c, does not restrict request-header length, which allows remote attackers to cause a denial of service (memory consumption) via crafted CONTINUATION frames in an HTTP/2 request.

Affected Products

Apache http_server 2.4.17
Apache http_server 2.4.18
Apache http_server 2.4.19
Apache http_server 2.4.20
Apache http_server 2.4.21
Apache http_server 2.4.22
Apache http_server 2.4.23

References

BugTraq: 94650
CVE: CVE-2016-8740

Signature Detail

This site is deprecated. Please CLICK HERE for latest updates

Short Name

Severity

Recommended

Recommended Action

Category

Keywords

Release Date

Update Number

Supported Platforms

HTTP: Apache HTTP Server mod_http2 Module Denial of Service

Extended Description

Affected Products

References