Search Results (Refine Search)
- Keyword (text search): cpe:2.3:a:apache:http_server:2.4.17:*:*:*:*:*:*:*
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2016-5387 |
The Apache HTTP Server through 2.4.23 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue. NOTE: the vendor states "This mitigation has been assigned the identifier CVE-2016-5387"; in other words, this is not a CVE ID for a vulnerability. Published: July 18, 2016; 10:00:19 PM -0400 |
V3.1: 8.1 HIGH V2.0: 6.8 MEDIUM |
CVE-2016-1546 |
The Apache HTTP Server 2.4.17 and 2.4.18, when mod_http2 is enabled, does not limit the number of simultaneous stream workers for a single HTTP/2 connection, which allows remote attackers to cause a denial of service (stream-processing outage) via modified flow-control windows. Published: July 06, 2016; 10:59:01 AM -0400 |
V3.0: 5.9 MEDIUM V2.0: 4.3 MEDIUM |