Back to search
CVE-2017-9789
Published: Jul 13, 2017
Modified: Sep 16, 2024
PUBLISHED
Description
When under stress, closing many connections, the HTTP/2 handling code in Apache httpd 2.4.26 would sometimes access memory after it has been freed, resulting in potentially erratic behaviour.
| Vendor | Product | Versions |
|---|---|---|
Apache Software Foundation | Apache HTTP Server | affected 2.4.26 |
References
[announce] 20170713 CVE-2017-9789: Apache httpd 2.4 Read after free in mod_http2
mailing-list
x_refsource_MLIST
https://support.apple.com/HT208221
x_refsource_CONFIRM
99568
vdb-entry
x_refsource_BID
https://security.netapp.com/advisory/ntap-20170911-0002/
x_refsource_CONFIRM
https://httpd.apache.org/security/vulnerabilities_24.html
x_refsource_CONFIRM
GLSA-201710-32
vendor-advisory
x_refsource_GENTOO
1038907
vdb-entry
x_refsource_SECTRACK
[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/
mailing-list
x_refsource_MLIST
[httpd-cvs] 20210330 svn commit: r1073139 [11/13] - in /websites/staging/httpd/trunk/content: ./ security/json/
mailing-list
x_refsource_MLIST
[httpd-cvs] 20210330 svn commit: r1888194 [11/13] - /httpd/site/trunk/content/security/json/
mailing-list
x_refsource_MLIST
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now