Back to bug 1401528

Who When What Removed Added
Norman Sardella 2016-12-05 14:07:19 UTC CC sardella
Adam Mariš 2016-12-05 14:09:08 UTC Fixed In Version httpd 2.4.23 httpd 2.4.24
Whiteboard impact=moderate,public=20161204,reported=20161205,source=internet,cvss2=5.0/AV:N/AC:L/Au:N/C:N/I:N/A:P,cvss3=7.5/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H,cwe=CWE-20,rhel-5/httpd=notaffected,rhel-6/httpd=notaffected,rhel-7/httpd=notaffected,rhscl-2/httpd24-httpd=new,eap-5/httpd=notaffected,eap-6/httpd=notaffected,eap-6/httpd22=notaffected,jbews-1/httpd=notaffected,jbews-2/httpd22=notaffected,jbews-2/httpd=notaffected,jws-3/httpd24=notaffected,jws-3/httpd=notaffected,jbcs-1/jbcs-httpd24-httpd=notaffected,directory_server_8/httpd=notaffected,fedora-all/httpd=affected impact=moderate,public=20161204,reported=20161205,source=internet,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:N/A:P,cvss3=5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H,cwe=CWE-20,rhel-5/httpd=notaffected,rhel-6/httpd=notaffected,rhel-7/httpd=notaffected,rhscl-2/httpd24-httpd=new,eap-5/httpd=notaffected,eap-6/httpd=notaffected,eap-6/httpd22=notaffected,jbews-1/httpd=notaffected,jbews-2/httpd22=notaffected,jbews-2/httpd=notaffected,jws-3/httpd24=notaffected,jws-3/httpd=notaffected,jbcs-1/jbcs-httpd24-httpd=notaffected,directory_server_8/httpd=notaffected,fedora-all/httpd=affected
Adam Mariš 2016-12-05 14:10:28 UTC Depends On 1401530
Adam Mariš 2016-12-05 14:12:14 UTC Blocks 1401531
Doran Moppert 2016-12-15 07:09:58 UTC Whiteboard impact=moderate,public=20161204,reported=20161205,source=internet,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:N/A:P,cvss3=5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H,cwe=CWE-20,rhel-5/httpd=notaffected,rhel-6/httpd=notaffected,rhel-7/httpd=notaffected,rhscl-2/httpd24-httpd=new,eap-5/httpd=notaffected,eap-6/httpd=notaffected,eap-6/httpd22=notaffected,jbews-1/httpd=notaffected,jbews-2/httpd22=notaffected,jbews-2/httpd=notaffected,jws-3/httpd24=notaffected,jws-3/httpd=notaffected,jbcs-1/jbcs-httpd24-httpd=notaffected,directory_server_8/httpd=notaffected,fedora-all/httpd=affected impact=moderate,public=20161204,reported=20161205,source=internet,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:N/A:P,cvss3=5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H,cwe=CWE-20,rhel-5/httpd=notaffected,rhel-6/httpd=notaffected,rhel-7/httpd=notaffected,rhscl-2/httpd24-httpd=affected,eap-5/httpd=notaffected,eap-6/httpd=notaffected,eap-6/httpd22=notaffected,jbews-1/httpd=notaffected,jbews-2/httpd22=notaffected,jbews-2/httpd=notaffected,jws-3/httpd24=notaffected,jws-3/httpd=notaffected,jbcs-1/jbcs-httpd24-httpd=notaffected,directory_server_8/httpd=notaffected,fedora-all/httpd=affected
Doran Moppert 2016-12-16 04:04:34 UTC Whiteboard impact=moderate,public=20161204,reported=20161205,source=internet,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:N/A:P,cvss3=5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H,cwe=CWE-20,rhel-5/httpd=notaffected,rhel-6/httpd=notaffected,rhel-7/httpd=notaffected,rhscl-2/httpd24-httpd=affected,eap-5/httpd=notaffected,eap-6/httpd=notaffected,eap-6/httpd22=notaffected,jbews-1/httpd=notaffected,jbews-2/httpd22=notaffected,jbews-2/httpd=notaffected,jws-3/httpd24=notaffected,jws-3/httpd=notaffected,jbcs-1/jbcs-httpd24-httpd=notaffected,directory_server_8/httpd=notaffected,fedora-all/httpd=affected impact=low,public=20161204,reported=20161205,source=internet,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:N/A:P,cvss3=5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H,cwe=CWE-20->CWE-789,rhel-5/httpd=notaffected,rhel-6/httpd=notaffected,rhel-7/httpd=notaffected,rhscl-2/httpd24-httpd=affected,eap-5/httpd=notaffected,eap-6/httpd=notaffected,eap-6/httpd22=notaffected,jbews-1/httpd=notaffected,jbews-2/httpd22=notaffected,jbews-2/httpd=notaffected,jws-3/httpd24=notaffected,jws-3/httpd=notaffected,jbcs-1/jbcs-httpd24-httpd=notaffected,directory_server_8/httpd=notaffected,fedora-all/httpd=affected
Doran Moppert 2016-12-16 04:04:48 UTC Severity medium low
Doran Moppert 2016-12-16 04:05:02 UTC Priority medium low
Doran Moppert 2016-12-16 04:11:22 UTC Doc Text A vulnerability was found in httpd's handling of the LimitRequestFields directive in mod_http2, affecting servers with HTTP/2 enabled. An attacker could send crafted requests with headers larger than the server's available memory, causing httpd to crash.
Doran Moppert 2016-12-16 04:16:01 UTC CC dmoppert
Doran Moppert 2016-12-16 04:17:25 UTC Whiteboard impact=low,public=20161204,reported=20161205,source=internet,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:N/A:P,cvss3=5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H,cwe=CWE-20->CWE-789,rhel-5/httpd=notaffected,rhel-6/httpd=notaffected,rhel-7/httpd=notaffected,rhscl-2/httpd24-httpd=affected,eap-5/httpd=notaffected,eap-6/httpd=notaffected,eap-6/httpd22=notaffected,jbews-1/httpd=notaffected,jbews-2/httpd22=notaffected,jbews-2/httpd=notaffected,jws-3/httpd24=notaffected,jws-3/httpd=notaffected,jbcs-1/jbcs-httpd24-httpd=notaffected,directory_server_8/httpd=notaffected,fedora-all/httpd=affected impact=low,public=20161204,reported=20161205,source=internet,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:N/A:P,cvss3=5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H,cwe=CWE-20->CWE-789,rhel-5/httpd=notaffected,rhel-6/httpd=notaffected,rhel-7/httpd=notaffected,rhscl-2/httpd24-httpd=wontfix,eap-5/httpd=notaffected,eap-6/httpd=notaffected,eap-6/httpd22=notaffected,jbews-1/httpd=notaffected,jbews-2/httpd22=notaffected,jbews-2/httpd=notaffected,jws-3/httpd24=notaffected,jws-3/httpd=notaffected,jbcs-1/jbcs-httpd24-httpd=notaffected,directory_server_8/httpd=notaffected,fedora-all/httpd=affected
Doran Moppert 2016-12-16 04:20:59 UTC Status NEW CLOSED
Resolution --- WONTFIX
Last Closed 2016-12-15 23:20:59 UTC
Andrej Nemec 2016-12-19 07:30:40 UTC Whiteboard impact=low,public=20161204,reported=20161205,source=internet,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:N/A:P,cvss3=5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H,cwe=CWE-20->CWE-789,rhel-5/httpd=notaffected,rhel-6/httpd=notaffected,rhel-7/httpd=notaffected,rhscl-2/httpd24-httpd=wontfix,eap-5/httpd=notaffected,eap-6/httpd=notaffected,eap-6/httpd22=notaffected,jbews-1/httpd=notaffected,jbews-2/httpd22=notaffected,jbews-2/httpd=notaffected,jws-3/httpd24=notaffected,jws-3/httpd=notaffected,jbcs-1/jbcs-httpd24-httpd=notaffected,directory_server_8/httpd=notaffected,fedora-all/httpd=affected impact=low,public=20161204,reported=20161205,source=internet,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:N/A:P,cvss3=5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H,cwe=CWE-20,rhel-5/httpd=notaffected,rhel-6/httpd=notaffected,rhel-7/httpd=notaffected,rhscl-2/httpd24-httpd=wontfix,eap-5/httpd=notaffected,eap-6/httpd=notaffected,eap-6/httpd22=notaffected,jbews-1/httpd=notaffected,jbews-2/httpd22=notaffected,jbews-2/httpd=notaffected,jws-3/httpd24=notaffected,jws-3/httpd=notaffected,jbcs-1/jbcs-httpd24-httpd=notaffected,directory_server_8/httpd=notaffected,fedora-all/httpd=affected
Doran Moppert 2016-12-20 00:23:48 UTC Whiteboard impact=low,public=20161204,reported=20161205,source=internet,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:N/A:P,cvss3=5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H,cwe=CWE-20,rhel-5/httpd=notaffected,rhel-6/httpd=notaffected,rhel-7/httpd=notaffected,rhscl-2/httpd24-httpd=wontfix,eap-5/httpd=notaffected,eap-6/httpd=notaffected,eap-6/httpd22=notaffected,jbews-1/httpd=notaffected,jbews-2/httpd22=notaffected,jbews-2/httpd=notaffected,jws-3/httpd24=notaffected,jws-3/httpd=notaffected,jbcs-1/jbcs-httpd24-httpd=notaffected,directory_server_8/httpd=notaffected,fedora-all/httpd=affected impact=low,public=20161204,reported=20161205,source=internet,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:N/A:P,cvss3=5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H,cwe=CWE-20->CWE-770,rhel-5/httpd=notaffected,rhel-6/httpd=notaffected,rhel-7/httpd=notaffected,rhscl-2/httpd24-httpd=wontfix,eap-5/httpd=notaffected,eap-6/httpd=notaffected,eap-6/httpd22=notaffected,jbews-1/httpd=notaffected,jbews-2/httpd22=notaffected,jbews-2/httpd=notaffected,jws-3/httpd24=notaffected,jws-3/httpd=notaffected,jbcs-1/jbcs-httpd24-httpd=notaffected,directory_server_8/httpd=notaffected,fedora-all/httpd=affected
Timothy Walsh 2016-12-20 13:51:08 UTC Whiteboard impact=low,public=20161204,reported=20161205,source=internet,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:N/A:P,cvss3=5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H,cwe=CWE-20->CWE-770,rhel-5/httpd=notaffected,rhel-6/httpd=notaffected,rhel-7/httpd=notaffected,rhscl-2/httpd24-httpd=wontfix,eap-5/httpd=notaffected,eap-6/httpd=notaffected,eap-6/httpd22=notaffected,jbews-1/httpd=notaffected,jbews-2/httpd22=notaffected,jbews-2/httpd=notaffected,jws-3/httpd24=notaffected,jws-3/httpd=notaffected,jbcs-1/jbcs-httpd24-httpd=notaffected,directory_server_8/httpd=notaffected,fedora-all/httpd=affected impact=low,public=20161204,reported=20161205,source=internet,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:N/A:P,cvss3=5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H,cwe=CWE-20->CWE-770,rhel-5/httpd=notaffected,rhel-6/httpd=notaffected,rhel-7/httpd=notaffected,rhscl-2/httpd24-httpd=wontfix,eap-5/httpd=notaffected,eap-6/httpd=notaffected,eap-6/httpd22=notaffected,jbews-1/httpd=notaffected,jbews-2/httpd22=notaffected,jbews-2/httpd=notaffected,jws-3/httpd24=notaffected,jws-3/httpd=notaffected,jbcs-1/httpd=affected,directory_server_8/httpd=notaffected,fedora-all/httpd=affected
Timothy Walsh 2016-12-20 13:55:22 UTC Status CLOSED MODIFIED
Resolution WONTFIX ---
Keywords Reopened
Huzaifa S. Sidhpurwala 2017-01-03 08:38:43 UTC Blocks 1406828
Tomas Hoger 2017-02-20 13:28:30 UTC Status MODIFIED NEW
Whiteboard impact=low,public=20161204,reported=20161205,source=internet,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:N/A:P,cvss3=5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H,cwe=CWE-20->CWE-770,rhel-5/httpd=notaffected,rhel-6/httpd=notaffected,rhel-7/httpd=notaffected,rhscl-2/httpd24-httpd=wontfix,eap-5/httpd=notaffected,eap-6/httpd=notaffected,eap-6/httpd22=notaffected,jbews-1/httpd=notaffected,jbews-2/httpd22=notaffected,jbews-2/httpd=notaffected,jws-3/httpd24=notaffected,jws-3/httpd=notaffected,jbcs-1/httpd=affected,directory_server_8/httpd=notaffected,fedora-all/httpd=affected impact=low,public=20161204,reported=20161205,source=internet,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:N/A:P,cvss3=5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H,cwe=CWE-20->CWE-770,rhel-5/httpd=notaffected,rhel-6/httpd=notaffected,rhel-7/httpd=notaffected,rhscl-2/httpd24-httpd=affected,eap-5/httpd=notaffected,eap-6/httpd=notaffected,eap-6/httpd22=notaffected,jbews-1/httpd=notaffected,jbews-2/httpd22=notaffected,jbews-2/httpd=notaffected,jws-3/httpd24=notaffected,jws-3/httpd=notaffected,jbcs-1/httpd=affected,directory_server_8/httpd=notaffected,fedora-all/httpd=affected
Tomas Hoger 2017-02-21 13:42:52 UTC Depends On 1425463
Tomas Hoger 2017-04-26 14:06:47 UTC Status NEW CLOSED
Resolution --- ERRATA
Last Closed 2016-12-15 23:20:59 UTC 2017-04-26 10:06:47 UTC
Timothy Walsh 2017-06-02 11:02:17 UTC Blocks 1457678
Product Security DevOps Team 2019-09-29 14:01:53 UTC Whiteboard impact=low,public=20161204,reported=20161205,source=internet,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:N/A:P,cvss3=5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H,cwe=CWE-20->CWE-770,rhel-5/httpd=notaffected,rhel-6/httpd=notaffected,rhel-7/httpd=notaffected,rhscl-2/httpd24-httpd=affected,eap-5/httpd=notaffected,eap-6/httpd=notaffected,eap-6/httpd22=notaffected,jbews-1/httpd=notaffected,jbews-2/httpd22=notaffected,jbews-2/httpd=notaffected,jws-3/httpd24=notaffected,jws-3/httpd=notaffected,jbcs-1/httpd=affected,directory_server_8/httpd=notaffected,fedora-all/httpd=affected

Back to bug 1401528