Description
A vulnerability was found in Apache HTTP Server 2.4.34 to 2.4.38. When HTTP/2 was enabled for a http: host or H2Upgrade was enabled for h2 on a https: host, an Upgrade request from http/1.1 to http/2 that was not the first request on a connection could lead to a misconfiguration and crash. Server that never enabled the h2 protocol or that only enabled it for https: and did not set "H2Upgrade on" are unaffected by this issue.
Remediation
References
Related Vulnerabilities
WordPress Plugin Print-O-Matic Cross-Site Scripting (2.0.2)
WordPress Plugin Testimonial Slider Multiple Cross-Site Scripting Vulnerabilities (1.2.5)
WordPress Plugin All-In-One Security (AIOS)-Security and Firewall Information Disclosure (5.1.2)
Perl Integer Overflow or Wraparound Vulnerability (CVE-2020-10878)
Twisted Web HTTP Server Improper Certificate Validation Vulnerability (CVE-2014-7143)