HTTP/2 CONTINUATION affects Apache 2.4.58 (and others) CVE-2024-27316
https://kb.cert.org/vuls/id/421644
https://downloads.apache.org/httpd/CHANGES_2.4.59
Hoping that 2.4.59 is coming shortly?
-
I confirmed the team is working on this right now as part of case EA-12069, so it should get released soon!
3 -
Hey there! I'm not finding much about 2.4.59 on my end at this point, but I've reached out to the team and I'll let you know what they have to say tomorrow.
1 -
We're releasing an update for this later today!
1 -
https://httpd.apache.org/security/vulnerabilities_24.html
and 2.4.59 is released: https://httpd.apache.org/download.cgi
0 -
Rex,
Apache 2.4.59 just dropped yesterday, coinciding with the timing of the detailed exploit release:
https://downloads.apache.org/httpd/Announcement2.4.html
(sadly a generic page/URL but dated April 4th 2024)
https://httpd.apache.org/security/vulnerabilities_24.html
Details:
https://nowotarski.info/http2-continuation-flood/
https://nowotarski.info/http2-continuation-flood-technical-details/
0 -
Thank you =)
0
Please sign in to leave a comment.
Comments
6 comments