- Description
- Memory Allocation with Excessive Size Value vulnerability in Apache HTTP Server's mod_http leads to denial of service via malicious HTTP requests. This issue affects Apache HTTP Server: from 2.4.17 through 2.4.67.
- Source
- security@apache.org
- NVD status
- Analyzed
- Products
- http_server, nginx, debian_linux
CVSS 3.1
- Type
- Secondary
- Base score
- 7.5
- Impact score
- 3.6
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
- Severity
- HIGH
- security@apache.org
- CWE-789
- Hype score
- Not currently trending
SIOSセキュリティブログを更新しました。 Apacheの脆弱性(Moderate: CVE-2026-34355, CVE-2026-42535, CVE-2026-43951, CVE-2026-44119, CVE-2026-44186, CVE-2026-49975, Low:複数)と2.4.68リリース #sios_tech #security #vulnerability #セキュリティ #脆弱
@omokazuki
9 Jun 2026
126 Impressions
0 Retweets
2 Likes
1 Bookmark
0 Replies
0 Quotes
#threatreport #LowCompleteness Codex Discovered a Hidden HTTP/2 Bomb | 03-06-2026 Source: https://t.co/iJtoMISHg7 Key details below ↓ 💀Threats: Slowloris_technique, 🎯Victims: Web servers, Apache httpd, Envoy, Nginx, Iis, Pingora 🏭Industry: Transport 🔓CVEs: CVE-2
@rst_cloud
8 Jun 2026
234 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Top 5 Trending CVEs: 1 - CVE-2018-17144 2 - CVE-2026-46243 3 - CVE-2026-49975 4 - CVE-2025-49113 5 - CVE-2026-28318 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W
@CVEShield
7 Jun 2026
95 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
SBが出たってことはアップデートはまだ時間かかりそうですかね... // RHSB-2026-007 HTTP/2 HPACK Denial of Service - httpd, nginx, Envoy (CVE-2026-49975, CVE-2026-47774) - "HTTP/2 Bomb" | Red Hat Customer Portal https://t.co/rTVi57F2Xq
@w4yh
7 Jun 2026
66 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
【主観的_最新のインシデント傾向】 レンタルサーバーのサービスも攻撃されています ログの種類やバックアップ手順は業者任せにせず確認しましょう ・NGINX/Apache HTTP/2 Bomb (CVE-2026-49975) ・cPanel/WHM (CVE-2026-4194
@shunyat1031
6 Jun 2026
109 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Slackware 15.0 released fixed net-tools and httpd packages addressing CVE-2026-154 stack-based buffer overflow and CVE-2026-49975 HTTP/2 DoS "HTTP/2 Bomb", Linuxsecurity reported. https://t.co/mKFtz5UhJr
@threatcluster
4 Jun 2026
89 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-53020 (Moderate: 5.3) でmod_http2のアップデートが来ていますがこれですかね? < CVE-2026-49975 // CVE-2025-53020 https://t.co/Mi7Jo3wIp8
@w4yh
4 Jun 2026
125 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DD819875-456D-45A6-90C9-4EDA544029A4",
"versionEndExcluding": "2.4.68",
"versionStartIncluding": "2.4.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E4C30BEE-3999-49BA-B96B-127E0BE9E954",
"versionEndExcluding": "1.29.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]