httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ic...@apache.org
Subject svn commit: r1772611 - /httpd/site/trunk/content/security/vulnerabilities-httpd.xml
Date Mon, 05 Dec 2016 09:04:52 GMT
Author: icing
Date: Mon Dec  5 09:04:51 2016
New Revision: 1772611

URL: http://svn.apache.org/viewvc?rev=1772611&view=rev
Log:
added CVE-2016-8740 description

Modified:
    httpd/site/trunk/content/security/vulnerabilities-httpd.xml

Modified: httpd/site/trunk/content/security/vulnerabilities-httpd.xml
URL: http://svn.apache.org/viewvc/httpd/site/trunk/content/security/vulnerabilities-httpd.xml?rev=1772611&r1=1772610&r2=1772611&view=diff
==============================================================================
--- httpd/site/trunk/content/security/vulnerabilities-httpd.xml (original)
+++ httpd/site/trunk/content/security/vulnerabilities-httpd.xml Mon Dec  5 09:04:51 2016
@@ -1,5 +1,27 @@
 <security updated="20160726">
 
+<issue fixed="2.4.24-dev" reported="20161122" public="20161204" released="20161204">
+<cve name="CVE-2016-8740"/>
+<severity level="0">n/a</severity>
+<title></title>
+<description><p>
+
+  The HTTP/2 protocol implementation (mod_http2) had an incomplete handling
+  of the 
+  <a href="https://httpd.apache.org/docs/2.4/mod/core.html#limitrequestfields">LimitRequestFields</a>
+  directive. This allowed an attacker to inject unlimited request headers into
+  the server, leading to eventual memory exhaustion.
+</p></description>
+<acknowledgements>
+We would like to thank <a href="naveen.tiwari@asu.edu">Naveen Tiwari</a> 
+and CDF/SEFCOM at Arizona State University to reporting this issue.
+</acknowledgements>
+<affects prod="httpd" version="2.4.23"/>
+<affects prod="httpd" version="2.4.20"/>
+<affects prod="httpd" version="2.4.18"/>
+<affects prod="httpd" version="2.4.17"/>
+</issue>
+
 <issue fixed="2.4.24-dev" reported="20160702" public="20160718" released="20160718">
 <cve name="CVE-2016-5387"/>
 <severity level="0">n/a</severity>



Mime
View raw message