HTTP: Apache HTTP Server mod_http2 Module Denial of Service
This signature detects attempts to exploit a known vulnerability in the Apache HTTP server. Successful exploitation would use up all the available memory on the server, resulting in a denial of service condition on the target.
Extended Description
The mod_http2 module in the Apache HTTP Server 2.4.17 through 2.4.23, when the Protocols configuration includes h2 or h2c, does not restrict request-header length, which allows remote attackers to cause a denial of service (memory consumption) via crafted CONTINUATION frames in an HTTP/2 request.
Affected Products
Apache http_server
Short Name
HTTP:APACHE:MOD-HTTP2-DOS
Severity
Major
Recommended
True
Recommended Action
Drop
Category
HTTP
Keywords
Apache CVE-2016-8740 Denial HTTP Module Server Service bid:94650 mod_http2 of
Release Date
02/02/2017
Supported Platforms
srx-branch-19.3
vsrx3bsd-19.2
srx-19.4
vsrx3bsd-19.4
srx-branch-19.4
vsrx-19.4
vsrx-19.2
srx-19.3
srx-branch-12.3
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx-12.3
vmx-19.3
srx-12.3
Sigpack Version
3504
False Positive
Unknown
Vendors
Apache
CVSS Score
5.0