CVE编号
CVE-2016-1546利用情况
暂无补丁情况
N/A披露时间
2016-07-07漏洞描述
Apache HTTP Server是Apache软件基金会的一个开放源代码的网页服务器。Apache HTTP Server 2.4.17及2.4.18版本,启用mod_http2后,未限制单个HTTP/2连接的同步流工作数量,通过修改流控制窗口,远程攻击者可长时间阻止服务器线程,使工作线程互斥等待,造成拒绝服务。
解决建议
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:http://www.apache.org/dist/httpd/CHANGES_2.4
http://svn.apache.org/viewvc?view=revision&revision=1733727
http://httpd.apache.org/security/vulnerabilities_24.html
参考链接 |
|
|---|---|
| http://httpd.apache.org/security/vulnerabilities_24.html | |
| http://svn.apache.org/viewvc?view=revision&revision=1733727 | |
| http://www.apache.org/dist/httpd/CHANGES_2.4 | |
| http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | |
| http://www.oracle.com/technetwork/topics/security/bulletinoct2016-3090566.html | |
| http://www.securityfocus.com/bid/92331 | |
| https://access.redhat.com/errata/RHSA-2017:1161 | |
| https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e8029... | |
| https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277... | |
| https://lists.apache.org/thread.html/r04e89e873d54116a0635ef2f7061c15acc5ed27... | |
| https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedee... | |
| https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f... | |
| https://lists.apache.org/thread.html/rb14daf9cc4e28d18cdc15d6a6ca74e565672fab... | |
| https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444a... | |
| https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef56... | |
| https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b957... | |
| https://lists.apache.org/thread.html/re1e3a24664d35bcd0a0e793e0b5fc6ca6c107f9... | |
| https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326... | |
| https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f... | |
| https://security.gentoo.org/glsa/201610-02 | |
| https://security.netapp.com/advisory/ntap-20180601-0001/ |
受影响软件情况
| # | 类型 | 厂商 | 产品 | 版本 | 影响面 | ||||
| 1 | |||||||||
|---|---|---|---|---|---|---|---|---|---|
| 运行在以下环境 | |||||||||
| 应用 | apache | http_server | 2.4.17 | - | |||||
| 运行在以下环境 | |||||||||
| 应用 | apache | http_server | 2.4.18 | - | |||||
| 运行在以下环境 | |||||||||
| 系统 | debian | DPKG | * |
Up to (excluding) 2.4.20-1 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | suse_12 | apache2 | * |
Up to (excluding) 2.4.23-14 |
|||||
- 攻击路径 网络
- 攻击复杂度 高
- 权限要求 无
- 影响范围 未更改
- 用户交互 无
- 可用性 高
- 保密性 无
- 完整性 无
还没有评论,来说两句吧...