Excessive Memory Consumption in Apache HTTPD

Posted on Posted in Apache

Decription: A vulnerability was reported in Apache HTTPD. A remote user can consume excessive memory on the target system.

The system does not properly limit request headers sent via the HTTP/2 protocol.

The vulnerable mod_http2 module is not compiled in by default and is not enabled by default.

Affected versions: all with mod_http2 module

Recommended action: Recompile mod_http2 applying the source code fix from: https://github.com/apache/httpd/commit/29c63b786ae028d82405421585e91283c8fa0da3

Origin URLs:

Leave a Reply

Your email address will not be published. Required fields are marked *