Vulnerabilities

CVE-2018-11763

by Fred · 25/09/2018

In Apache HTTP Server 2.4.17 to 2.4.34, by sending continuous, large SETTINGS frames a client can occupy a connection, server thread and CPU time without any connection timeout coming to effect. This affects only HTTP/2 connections. A possible mitigation is to not enable the h2 protocol.

Date published : 2018-09-25

http://www.securityfocus.com/bid/105414

https://httpd.apache.org/security/vulnerabilities_24.html

Similar

Tags: Cybersecurity Alert