Uncontrolled Resource Consumption vulnerability in the HTTP/1.1 message parser in Apache HttpComponents Core (5.4.2 and earlier, 5.5-beta1 and earlier) allows an remote attacker to cause a denial of service through memory exhaustion by sending messages with excessive number of headers / excessive header length
References
| Link | Resource |
|---|---|
| https://lists.apache.org/thread/zmxh1pl2zohov5ntdh4lt85gfrlchgpy | Mailing List Vendor Advisory |
| http://www.openwall.com/lists/oss-security/2026/07/01/4 | Mailing List Third Party Advisory |
Configurations
Configuration 1 (hide)
|
History
06 Jul 2026, 12:53
| Type | Values Removed | Values Added |
|---|---|---|
| CWE | NVD-CWE-noinfo | |
| CPE | cpe:2.3:a:apache:httpcomponents_core:*:*:*:*:*:*:*:* cpe:2.3:a:apache:httpcomponents_core:5.5:beta1:*:*:*:*:*:* cpe:2.3:a:apache:httpcomponents_core:5.5:alpha1:*:*:*:*:*:* |
|
| First Time |
Apache httpcomponents Core
Apache |
|
| References | () https://lists.apache.org/thread/zmxh1pl2zohov5ntdh4lt85gfrlchgpy - Mailing List, Vendor Advisory | |
| References | () http://www.openwall.com/lists/oss-security/2026/07/01/4 - Mailing List, Third Party Advisory |
01 Jul 2026, 18:16
| Type | Values Removed | Values Added |
|---|---|---|
| References |
|
|
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.5 |
01 Jul 2026, 17:16
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2026-07-01 17:16
Updated : 2026-07-06 12:53
NVD link : CVE-2026-54399
Mitre link : CVE-2026-54399
CVE.ORG link : CVE-2026-54399
JSON object : View
Products Affected
apache
- httpcomponents_core
CWE
