Description

In Apache HTTP Server 2.4.17 to 2.4.34, by sending continuous, large SETTINGS frames a client can occupy a connection, server thread and CPU time without any connection timeout coming to effect. This affects only HTTP/2 connections. A possible mitigation is to not enable the h2 protocol.

Remediation

References

CVE-2018-11763

Related Vulnerabilities

Moodle Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2021-20187)

Oracle JRE CVE-2012-5083 Vulnerability (CVE-2012-5083)

Drupal Other Vulnerability (CVE-2006-2260)

MySQL CVE-2019-2798 Vulnerability (CVE-2019-2798)

Liferay DXP Improper Restriction of XML External Entity Reference Vulnerability (CVE-2024-25606)

Severity

Medium

Classification

CVE-2018-11763 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Tags

Missing Update Known Vulnerabilities