apache2: DoS for HTTP/2 connections by continuous SETTINGS (CVE-2018-11763)| ID: oval:org.secpod.oval:def:1801927 | Date: (C)2021-08-02 (M)2024-04-03 |
| Class: PATCH | Family: unix |
In Apache HTTP Server 2.4.17 to 2.4.34, by sending continuous, large SETTINGS frames a client can occupy a connection, server thread and CPU time without any connection timeout coming to effect. This affects only HTTP/2 connections. A possible mitigation is to not enable the h2 protocol.
| Platform: |
| Alpine Linux 3.10 |
| Alpine Linux 3.11 |
| Alpine Linux 3.12 |
| Alpine Linux 3.9 |
