[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244625

 
 

909

 
 

193379

 
 

277

Paid content will be excluded from the download.


Download | Alert*
OVAL

[3.5] apache2: DoS for HTTP/2 connections by continuous SETTINGS (CVE-2018-11763)

ID: oval:org.secpod.oval:def:1801219Date: (C)2018-10-30   (M)2024-01-29
Class: PATCHFamily: unix




In Apache HTTP Server 2.4.17 to 2.4.34, by sending continuous, large SETTINGS frames a client can occupy a connection, server thread and CPU time without any connection timeout coming to effect. This affects only HTTP/2 connections. A possible mitigation is to not enable the h2 protocol. Fixed in Version:¶ Apache 2.4.35

Platform:
Alpine Linux 3.5
Product:
apache2
Reference:
9581
CVE-2018-11763
CVE    1
CVE-2018-11763
CPE    2
cpe:/a:apache:apache2
cpe:/o:alpinelinux:alpine_linux:3.5

© SecPod Technologies