HTTP/2 WebSocket Protocol Vulnerability Could Lead to Server Crash and Degraded Performance

CVE-2024-36387

Currently unrated 🤨

Key Information

Vendor: Apache
Status: Apache Http Server
Vendor: CVE Published:; 1 July 2024

Summary

Serving WebSocket protocol upgrades over a HTTP/2 connection could result in a Null Pointer dereference, leading to a crash of the server process, degrading performance.

Affected Version(s)

Apache HTTP Server <= 2.4.59

Timeline

Vulnerability published.
Jul 1, 2024
fixed in r1918003 in trunk
May 27, 2024
Vulnerability Reserved.
May 27, 2024

Collectors

NVD DatabaseMitre Database

Credit

Marc Stern (<[email protected]>)

.