Apache HTTP Server: mod_http2 denial of service
Summary
Memory Allocation with Excessive Size Value vulnerability in Apache HTTP Server's mod_http leads to denial of service via malicious HTTP requests. This issue affects Apache HTTP Server: from 2.4.17 through 2.4.67. Affected products named by the advisory: JBoss Core Services for RHEL 8; JBoss Core Services on RHEL 7; Red Hat Enterprise Linux 8; Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support; and 6 more. Affected products named by the advisory: Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On; Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support; Red Hat Enterprise Linux 8.6 Extended Update Support Long-Life Add-On; Red Hat Enterprise Linux 8.8 Telecommunications Update Service; and 2 more.
What this means
In plain English
Memory Allocation with Excessive Size Value vulnerability in Apache HTTP Server's mod_http leads to denial of service via malicious HTTP requests. This issue affects Apache HTTP Server: from 2.4.17 through 2.4.67. Affected products named by the advisory: JBoss Core Services for RHEL 8; JBoss Core Services on RHEL 7; Red Hat Enterprise Linux 8; Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support; and 6 more. Successful exploitation can interrupt the affected service or exhaust resources, reducing availability until the component recovers.
Vulnerable items
- Apache HTTP Server — Apache HTTP Server is a widely deployed web server for serving and proxying HTTP traffic.
- JBoss Core Services for RHEL 8
- JBoss Core Services on RHEL 7
- Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
- Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On
- Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support
- Red Hat Enterprise Linux 8.6 Extended Update Support Long-Life Add-On
- Red Hat Enterprise Linux 8.8 Telecommunications Update Service
- Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions
- Red Hat Hardened Images
Recommended action
The parsed official advisory does not currently specify a fixed release, mitigation, or workaround. Review the linked vendor advisory for the latest guidance before making changes.
Rewritten locally from the scraped official advisory data above; no generative API is used. The vendor advisory is authoritative.
- Apache HTTP Server 2.4.17 through 2.4.67
Official advisory · medium-confidence parse· fetched 2 hours ago·verify at source
Fixed versions
No fixed release is recorded yet. That does not prove no patch exists — confirm against the vendor advisory.
Official advisory · medium-confidence parse· fetched 2 hours ago·verify at source
Mitigation
The source record does not include mitigation steps. That is not a statement that no fix exists — read the vendor advisory below for the authoritative guidance.
Official advisory · medium-confidence parse· fetched 2 hours ago·verify at source
Discussion(0)
No comments yet. Share field notes, upgrade gotchas, or questions — verify against the vendor advisory before acting on community advice.
Sign in to join the discussion.