Vulnerabilities
Vulnerable Software

Vulnerability Details CVE-2016-8740

The mod_http2 module in the Apache HTTP Server 2.4.17 through 2.4.23, when the Protocols configuration includes h2 or h2c, does not restrict request-header length, which allows remote attackers to cause a denial of service (memory consumption) via crafted CONTINUATION frames in an HTTP/2 request.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.626
EPSS Ranking 98.3%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
References
Products affected by CVE-2016-8740


Contact Us

Shodan ® - All rights reserved