The version of httpd installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-27316 advisory.

  - HTTP/2 incoming headers exceeding the limit are temporarily buffered in nghttp2 in order to generate an     informative HTTP 413 response. If a client does not stop sending headers, this leads to memory exhaustion.
    (CVE-2024-27316)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Detections

Analytics

Azure Linux 3.0 Security Update: httpd (CVE-2024-27316)

high Nessus Plugin ID 215249

No changelogs found