VDB
CVE-2016-1546
CVE-2016-1546
PUBLISHED
Reported by certcc · Published July 6, 2016
The Apache HTTP Server 2.4.17 and 2.4.18, when mod_http2 is enabled, does not limit the number of simultaneous stream workers for a single HTTP/2 connection, which allows remote attackers to cause a denial of service (stream-processing outage) via modified flow-control windows.
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | n/a | n/a |
| n/a | n/a | *, n/a |
Timeline
- Jul 6, 2016 CVE Published
- Feb 4, 2022 EPSS Score
- Jul 19, 2023 EPSS Score
- Oct 7, 2023 EPSS Score
- Jan 29, 2025 EPSS Score
- Mar 17, 2025 EPSS Score
- Apr 12, 2025 CVE Updated
- May 1, 2025 EPSS Score
- May 15, 2025 EPSS Score
- May 30, 2025 EPSS Score
- Jun 1, 2025 EPSS Score
- Jul 1, 2025 EPSS Score
References
- 92331 vdb-entryx_refsource_BID
- x_refsource_CONFIRM
- GLSA-201610-02 vendor-advisoryx_refsource_GENTOO
- RHSA-2017:1161 vendor-advisoryx_refsource_REDHAT
- x_refsource_CONFIRM
- x_refsource_CONFIRM
- x_refsource_CONFIRM
- x_refsource_CONFIRM
- x_refsource_CONFIRM
- [httpd-cvs] 20190815 svn commit: r1048743 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html mailing-listx_refsource_MLIST
- [httpd-cvs] 20190815 svn commit: r1048742 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html mailing-listx_refsource_MLIST
- [httpd-cvs] 20200401 svn commit: r1058586 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html mailing-listx_refsource_MLIST
- [httpd-cvs] 20200401 svn commit: r1058587 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html mailing-listx_refsource_MLIST
- [httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/ mailing-listx_refsource_MLIST
- [httpd-cvs] 20210330 svn commit: r1073140 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html mailing-listx_refsource_MLIST
- [httpd-cvs] 20210330 svn commit: r1888194 [10/13] - /httpd/site/trunk/content/security/json/ mailing-listx_refsource_MLIST
- [httpd-cvs] 20210330 svn commit: r1073139 [10/13] - in /websites/staging/httpd/trunk/content: ./ security/json/ mailing-listx_refsource_MLIST
- [httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/ mailing-listx_refsource_MLIST
- [httpd-cvs] 20210330 svn commit: r1073146 [3/3] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities-httpd.xml security/vulnerabilities_22.html security/vulnerabilities_24.html mailing-listx_refsource_MLIST
- [httpd-cvs] 20210330 svn commit: r1073149 [10/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/ mailing-listx_refsource_MLIST
…and 1 more