[3.7] apache2: Multiple vulnerabilities (CVE-2018-17189, CVE-2018-17199)| ID: oval:org.secpod.oval:def:1801294 | Date: (C)2019-01-29 (M)2024-01-29 |
| Class: PATCH | Family: unix |
CVE-2018-17189: DoS for HTTP/2 connections via slow request bodies¶ By sending request bodies in a slow loris way to plain resources, the h2 stream for that request unnecessarily occupied a server thread cleaning up that incoming data. This affects only HTTP/2 connections. A possible mitigation is to not enable the h2 protocol. Fixed In Version:¶ Apache 2.4.38
| Platform: |
| Alpine Linux 3.7 |
