mod_http2
by Apache
CVEs (3)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-8740 | Hig | 0.58 | 7.5 | 0.79 | Dec 5, 2016 | The mod_http2 module in the Apache HTTP Server 2.4.17 through 2.4.23, when the Protocols configuration includes h2 or h2c, does not restrict request-header length, which allows remote attackers to cause a denial of service (memory consumption) via crafted CONTINUATION frames in… | ||
| CVE-2026-48913 | Hig | 0.40 | 7.3 | 0.00 | Jun 8, 2026 | Use After Free vulnerability in Apache HTTP Server module mod_http2 when file handles are already exhausted. This issue affects Apache HTTP Server: from 2.4.55 through 2.4.67. | ||
| CVE-2021-31618 | 0.01 | — | 0.51 | Jun 15, 2021 | Apache HTTP Server protocol handler for the HTTP/2 protocol checks received request headers against the size limitations as configured for the server and used for the HTTP/1 protocol as well. On violation of these restrictions and HTTP response is sent to the client with a… |
- risk 0.58cvss 7.5epss 0.79
The mod_http2 module in the Apache HTTP Server 2.4.17 through 2.4.23, when the Protocols configuration includes h2 or h2c, does not restrict request-header length, which allows remote attackers to cause a denial of service (memory consumption) via crafted CONTINUATION frames in…
- risk 0.40cvss 7.3epss 0.00
Use After Free vulnerability in Apache HTTP Server module mod_http2 when file handles are already exhausted. This issue affects Apache HTTP Server: from 2.4.55 through 2.4.67.
- CVE-2021-31618Jun 15, 2021risk 0.01cvss —epss 0.51
Apache HTTP Server protocol handler for the HTTP/2 protocol checks received request headers against the size limitations as configured for the server and used for the HTTP/1 protocol as well. On violation of these restrictions and HTTP response is sent to the client with a…