Showing 1 - 3 of 3

CVE-2023-43622

Status Candidate

Overview

An attacker, opening a HTTP/2 connection with an initial window size of 0, was able to block handling of that connection indefinitely in Apache HTTP Server. This could be used to exhaust worker resources in the server, similar to the well known "slow loris" attack pattern. This has been fixed in version 2.4.58, so that such connection are terminated properly after the configured connection timeout. This issue affects Apache HTTP Server: from 2.4.55 through 2.4.57. Users are recommended to upgrade to version 2.4.58, which fixes the issue.

Related Files

Red Hat Security Advisory 2024-2368-03: Posted Apr 30, 2024; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2024-2368-03 - An update for mod_http2 is now available for Red Hat Enterprise Linux 9. Issues addressed include a denial of service vulnerability.; tags | advisory, denial of service; systems | linux, redhat; advisories | CVE-2023-43622; SHA-256 | 0f5aa200c9600539480d0e610eaa416fe914f44d18db901641229f81dadf01f1; Download | Favorite | View

Debian Security Advisory 5662-1: Posted Apr 17, 2024; Authored by Debian | Site debian.org; Debian Linux Security Advisory 5662-1 - Multiple vulnerabilities have been discovered in the Apache HTTP server, which may result in HTTP response splitting or denial of service.; tags | advisory, web, denial of service, vulnerability; systems | linux, debian; advisories | CVE-2023-31122, CVE-2023-38709, CVE-2023-43622, CVE-2023-45802, CVE-2024-24795, CVE-2024-27316; SHA-256 | 91dd197c5a6d8baaed2ebca649cbbb006dfaa18a448d23acca955357225d36eb; Download | Favorite | View

Ubuntu Security Notice USN-6506-1: Posted Nov 22, 2023; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 6506-1 - David Shoon discovered that the Apache HTTP Server mod_macro module incorrectly handled certain memory operations. A remote attacker could possibly use this issue to cause the server to crash, resulting in a denial of service. Prof. Sven Dietrich, Isa Jafarov, Prof. Heejo Lee, and Choongin Lee discovered that the Apache HTTP Server incorrectly handled certain HTTP/2 connections. A remote attacker could possibly use this issue to cause the server to consume resources, leading to a denial of service. This issue only affected Ubuntu 23.04, and Ubuntu 23.10.; tags | advisory, remote, web, denial of service; systems | linux, ubuntu; advisories | CVE-2023-31122, CVE-2023-43622, CVE-2023-45802; SHA-256 | 8a919d1a4d307c69872670d645ac6969f558a3c26282d75583807e9eb42825c5; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 315 files
Ubuntu 65 files
Debian 25 files
LiquidWorm 11 files
Valentin Lobstein 10 files
nu11secur1ty 8 files
Google Security Research 6 files
Milad Karimi 6 files
Yevhenii Butenko 4 files
Jann Horn 4 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,024)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,467)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,473)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,698)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,477)
UNIX (9,394)
UnixWare (187)
Windows (6,653)
Other

CVE-2023-43622

Overview

Related Files

File Archive:

May 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems