CVE-2016-8740, Server memory can be exhausted and service denied when HTTP/2 is used

December 5, 2016 007admin Leave a comment

Posted by Eissing Stefan on Dec 05

Security Advisory – Apache Software Foundation
Apache HTTPD WebServer / httpd.apache.org

Server memory can be exhausted and service denied when HTTP/2 is used

CVE-2016-8740

The Apache HTTPD web server (from 2.4.17-2.4.23) did not apply limitations
on request headers correctly when experimental module for the HTTP/2
protocol is used to access a resource.

The net result is that a the server…

007 Software

CVE-2016-8740, Server memory can be exhausted and service denied when HTTP/2 is used

Leave a Reply Cancel reply

Software and Security Information