NuytsTech Security

CVE-2018-17189

by ·

In Apache HTTP server versions 2.4.37 and prior, by sending request bodies in a slow loris way to plain resources, the h2 stream for that request unnecessarily occupied a server thread cleaning up that incoming data. This affects only HTTP/2 (mod_http2) connections.

Date published : 2019-01-30

http://www.securityfocus.com/bid/106685

https://seclists.org/bugtraq/2019/Apr/5

Tags: