[3.7] apache2: Multiple vulnerabilities (CVE-2018-17189, CVE-2018-17199)ID: oval:org.secpod.oval:def:1801294 | Date: (C)2019-01-29 (M)2024-05-06 |
Class: PATCH | Family: unix |
CVE-2018-17189: DoS for HTTP/2 connections via slow request bodies¶ By sending request bodies in a slow loris way to plain resources, the h2 stream for that request unnecessarily occupied a server thread cleaning up that incoming data. This affects only HTTP/2 connections. A possible mitigation is to not enable the h2 protocol. Fixed In Version:¶ Apache 2.4.38
Platform: |
Alpine Linux 3.7 |