HTTP/2 WebSocket Protocol Vulnerability Could Lead to Server Crash and Degraded Performance
CVE-2024-36387
Currently unrated 🤨
Summary
Serving WebSocket protocol upgrades over a HTTP/2 connection could result in a Null Pointer dereference, leading to a crash of the server process, degrading performance.
Affected Version(s)
Apache HTTP Server <= 2.4.59
Timeline
Vulnerability published.
fixed in r1918003 in trunk
Vulnerability Reserved.
Collectors
NVD DatabaseMitre Database
Credit
Marc Stern (<[email protected]>)