Description
The Apache HTTP Server 2.4.17 and 2.4.18, when mod_http2 is enabled, does not limit the number of simultaneous stream workers for a single HTTP/2 connection, which allows remote attackers to cause a denial of service (stream-processing outage) via modified flow-control windows.
Remediation
References
Related Vulnerabilities
qdPM Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2022-26180)
WebLogic CVE-2020-2550 Vulnerability (CVE-2020-2550)
WordPress Plugin Print, PDF, Email by PrintFriendly Multiple Unspecified Vulnerabilities (3.5.2)
WordPress Plugin WP-Stats-Dashboard Multiple Cross-Site Scripting Vulnerabilities (2.6.5.1)
WordPress Plugin WP Keyword Link Multiple Cross-Site Scripting Vulnerabilities (1.7)