cpe:/a:h2o_project:h2o:1.6.1 cpe:/a:h2o_project:h2o:1.7.0:beta2 cpe:/a:h2o_project:h2o:1.7.2 cpe:/a:h2o_project:h2o:2.0.0:beta4 cpe:/a:h2o_project:h2o:2.0.3 cpe:/a:h2o_project:h2o:2.1.0:beta2 CVE-2017-10868 2017-12-22T09:29:12.487-05:00 2018-01-04T15:10:26.923-05:00 5.0 NETWORK LOW NONE NONE NONE PARTIAL http://nvd.nist.gov 2018-01-03T14:32:03.970-05:00 JVN JVN#84182676 CONFIRM https://github.com/h2o/h2o/issues/1459 H2O version 2.2.2 and earlier allows remote attackers to cause a denial of service in the server via specially crafted HTTP/1 header.