/

CVE-2023-45802 Report - Details, Severity, & Advisorie...

CVE-2023-45802 Report - Details, Severity, & Advisories

Twingate Team

Jun 13, 2024

What is CVE-2023-45802?

CVE-2023-45802 is a moderate-severity vulnerability affecting certain versions of the Apache HTTP Server and Fedora 38. This issue occurs when a client resets an HTTP/2 stream, causing memory resources to not be reclaimed immediately, potentially leading to memory exhaustion. Systems using HTTP/2 with vulnerable versions of Apache HTTP Server and Fedora 38 systems with the mod_http2 package are at risk. It is important to update your systems to mitigate this vulnerability and protect your resources.

Who is impacted by CVE-2023-45802?

Users of the Apache HTTP Server (versions up to 2.4.58) and Fedora 38 systems with the mod_http2 package are affected by CVE-2023-45802. This vulnerability can cause memory issues when a client sends new requests and resets, keeping the connection busy and open, which leads to a growing memory footprint. Users should be aware of this issue and consider updating their systems to mitigate the vulnerability.

What to do if CVE-2023-45802 affected you

If you're affected by the CVE-2023-45802 vulnerability, it's crucial to take action to protect your system. Follow these steps:

  1. Upgrade to the latest version of Apache HTTP Server or mod_http2 for Fedora 38.

  2. Regularly check for updates and security advisories from Apache and Fedora.

  3. Consider additional security measures if an immediate upgrade isn't possible.

Is this in CISA’s Known Exploited Vulnerabilities Catalog?

The CVE-2023-45802 vulnerability is not listed in CISA's Known Exploited Vulnerabilities Catalog. This issue affects certain versions of the Apache HTTP Server and Fedora 37 systems with the mod\_http2 package installed. To address this vulnerability, users should upgrade to Apache HTTP Server version 2.4.58 or mod\_http2 version 2.0.25 for Fedora 37.

Weakness Enumeration

The weakness enumeration for this vulnerability is categorized as CWE-400, which involves uncontrolled resource consumption issues.

Learn More

CVE-2023-45802 is a notable vulnerability affecting Apache HTTP Server and Fedora 37 systems with mod\_http2. To better understand its impact and mitigation strategies, refer to the NVD page and the sources listed below.

Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.

/

CVE-2023-45802 Report - Details, Severity, & Advisorie...

CVE-2023-45802 Report - Details, Severity, & Advisories

Twingate Team

Jun 13, 2024

What is CVE-2023-45802?

CVE-2023-45802 is a moderate-severity vulnerability affecting certain versions of the Apache HTTP Server and Fedora 38. This issue occurs when a client resets an HTTP/2 stream, causing memory resources to not be reclaimed immediately, potentially leading to memory exhaustion. Systems using HTTP/2 with vulnerable versions of Apache HTTP Server and Fedora 38 systems with the mod_http2 package are at risk. It is important to update your systems to mitigate this vulnerability and protect your resources.

Who is impacted by CVE-2023-45802?

Users of the Apache HTTP Server (versions up to 2.4.58) and Fedora 38 systems with the mod_http2 package are affected by CVE-2023-45802. This vulnerability can cause memory issues when a client sends new requests and resets, keeping the connection busy and open, which leads to a growing memory footprint. Users should be aware of this issue and consider updating their systems to mitigate the vulnerability.

What to do if CVE-2023-45802 affected you

If you're affected by the CVE-2023-45802 vulnerability, it's crucial to take action to protect your system. Follow these steps:

  1. Upgrade to the latest version of Apache HTTP Server or mod_http2 for Fedora 38.

  2. Regularly check for updates and security advisories from Apache and Fedora.

  3. Consider additional security measures if an immediate upgrade isn't possible.

Is this in CISA’s Known Exploited Vulnerabilities Catalog?

The CVE-2023-45802 vulnerability is not listed in CISA's Known Exploited Vulnerabilities Catalog. This issue affects certain versions of the Apache HTTP Server and Fedora 37 systems with the mod\_http2 package installed. To address this vulnerability, users should upgrade to Apache HTTP Server version 2.4.58 or mod\_http2 version 2.0.25 for Fedora 37.

Weakness Enumeration

The weakness enumeration for this vulnerability is categorized as CWE-400, which involves uncontrolled resource consumption issues.

Learn More

CVE-2023-45802 is a notable vulnerability affecting Apache HTTP Server and Fedora 37 systems with mod\_http2. To better understand its impact and mitigation strategies, refer to the NVD page and the sources listed below.

Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.

CVE-2023-45802 Report - Details, Severity, & Advisories

Twingate Team

Jun 13, 2024

What is CVE-2023-45802?

CVE-2023-45802 is a moderate-severity vulnerability affecting certain versions of the Apache HTTP Server and Fedora 38. This issue occurs when a client resets an HTTP/2 stream, causing memory resources to not be reclaimed immediately, potentially leading to memory exhaustion. Systems using HTTP/2 with vulnerable versions of Apache HTTP Server and Fedora 38 systems with the mod_http2 package are at risk. It is important to update your systems to mitigate this vulnerability and protect your resources.

Who is impacted by CVE-2023-45802?

Users of the Apache HTTP Server (versions up to 2.4.58) and Fedora 38 systems with the mod_http2 package are affected by CVE-2023-45802. This vulnerability can cause memory issues when a client sends new requests and resets, keeping the connection busy and open, which leads to a growing memory footprint. Users should be aware of this issue and consider updating their systems to mitigate the vulnerability.

What to do if CVE-2023-45802 affected you

If you're affected by the CVE-2023-45802 vulnerability, it's crucial to take action to protect your system. Follow these steps:

  1. Upgrade to the latest version of Apache HTTP Server or mod_http2 for Fedora 38.

  2. Regularly check for updates and security advisories from Apache and Fedora.

  3. Consider additional security measures if an immediate upgrade isn't possible.

Is this in CISA’s Known Exploited Vulnerabilities Catalog?

The CVE-2023-45802 vulnerability is not listed in CISA's Known Exploited Vulnerabilities Catalog. This issue affects certain versions of the Apache HTTP Server and Fedora 37 systems with the mod\_http2 package installed. To address this vulnerability, users should upgrade to Apache HTTP Server version 2.4.58 or mod\_http2 version 2.0.25 for Fedora 37.

Weakness Enumeration

The weakness enumeration for this vulnerability is categorized as CWE-400, which involves uncontrolled resource consumption issues.

Learn More

CVE-2023-45802 is a notable vulnerability affecting Apache HTTP Server and Fedora 37 systems with mod\_http2. To better understand its impact and mitigation strategies, refer to the NVD page and the sources listed below.