VYPR

mod_http2

by Apache

CVEs (3)

  • CVE-2016-8740HigDec 5, 2016
    risk 0.58cvss 7.5epss 0.79

    The mod_http2 module in the Apache HTTP Server 2.4.17 through 2.4.23, when the Protocols configuration includes h2 or h2c, does not restrict request-header length, which allows remote attackers to cause a denial of service (memory consumption) via crafted CONTINUATION frames in…

  • CVE-2026-48913HigJun 8, 2026
    risk 0.40cvss 7.3epss 0.00

    Use After Free vulnerability in Apache HTTP Server module mod_http2 when file handles are already exhausted. This issue affects Apache HTTP Server: from 2.4.55 through 2.4.67.

  • CVE-2021-31618Jun 15, 2021
    risk 0.01cvss epss 0.51

    Apache HTTP Server protocol handler for the HTTP/2 protocol checks received request headers against the size limitations as configured for the server and used for the HTTP/1 protocol as well. On violation of these restrictions and HTTP response is sent to the client with a…