CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2024-36387

Serving WebSocket protocol upgrades over a HTTP/2 connection could result in a Null Pointer dereference, leading to a crash of the server process, degrading performance.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.012

EPSS Ranking 78.3%

CVSS Severity

CVSS v3 Score 5.4

References

https://httpd.apache.org/security/vulnerabilities_24.html
https://security.netapp.com/advisory/ntap-20240712-0001/
http://www.openwall.com/lists/oss-security/2024/07/01/4
https://httpd.apache.org/security/vulnerabilities_24.html
https://security.netapp.com/advisory/ntap-20240712-0001/

Products affected by CVE-2024-36387

Apache » Http Server » Version: 2.4.55

cpe:2.3:a:apache:http_server:2.4.55
Apache » Http Server » Version: 2.4.56

cpe:2.3:a:apache:http_server:2.4.56
Apache » Http Server » Version: 2.4.57

cpe:2.3:a:apache:http_server:2.4.57
Apache » Http Server » Version: 2.4.58

cpe:2.3:a:apache:http_server:2.4.58
Apache » Http Server » Version: 2.4.59

cpe:2.3:a:apache:http_server:2.4.59
Netapp » Ontap » Version: 9

cpe:2.3:a:netapp:ontap:9

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2024-36387

Products

Pricing

Contact Us