7.5
CVE-2026-49975
- EPSS 11.47%
- Veröffentlicht 08.06.2026 15:26:04
- Zuletzt bearbeitet 09.07.2026 13:17:24
- Quelle security@apache.org
- CVE-Watchlists
- Unerledigt
Apache HTTP Server: mod_http2 denial of service
Memory Allocation with Excessive Size Value vulnerability in Apache HTTP Server's mod_http leads to denial of service via malicious HTTP requests. This issue affects Apache HTTP Server: from 2.4.17 through 2.4.67.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Apache ≫ HTTP Server Version >= 2.4.17 < 2.4.68
Debian ≫ Debian Linux Version11.0
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 11.47% | 0.955 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
| 0b0ca135-0b70-47e7-9f44-1890c2a1c46c | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
CWE-409 Improper Handling of Highly Compressed Data (Data Amplification)
The product does not handle or incorrectly handles a compressed input with a very high compression ratio that produces a large output.
CWE-789 Memory Allocation with Excessive Size Value
The product allocates memory based on an untrusted, large size value, but it does not ensure that the size is within expected limits, allowing arbitrary amounts of memory to be allocated.
Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.
https://httpd.apache.org/security/vulnerabilities_24.html
http://www.openwall.com/lists/oss-security/2026/06/03/3
http://www.openwall.com/lists/oss-security/2026/06/08/16
https://lists.debian.org/debian-lts-announce/2026/06/msg00009.html
https://bugzilla.redhat.com/show_bug.cgi?id=2485371
https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-49975.json
https://access.redhat.com/errata/RHSA-2026:27200
https://access.redhat.com/errata/RHSA-2026:27201
https://access.redhat.com/errata/RHSA-2026:36373
https://access.redhat.com/errata/RHSA-2026:25042
https://access.redhat.com/errata/RHSA-2026:25057
https://access.redhat.com/errata/RHSA-2026:25090
https://access.redhat.com/errata/RHSA-2026:25225
https://access.redhat.com/errata/RHSA-2026:27114
https://access.redhat.com/security/cve/CVE-2026-49975
https://github.com/EQSTLab/CVE-2026-49975
https://access.redhat.com/errata/RHSA-2026:36831
https://access.redhat.com/errata/RHSA-2026:36846