Description
Some HTTP/2 implementations are vulnerable to a flood of empty frames, potentially leading to a denial of service. The attacker sends a stream of frames with an empty payload and without the end-of-stream flag. These frames can be DATA, HEADERS, CONTINUATION and/or PUSH_PROMISE. The peer spends time processing each frame disproportionate to attack bandwidth. This can consume excess CPU.
Remediation
References
Related Vulnerabilities
WordPress Plugin BizLibrary Cross-Site Scripting (1.1)
WordPress Plugin Simple 301 Redirects by BetterLinks Unspecified Vulnerability (1.06)
Internet Information Services Other Vulnerability (CVE-2003-0718)
MySQL CVE-2018-3063 Vulnerability (CVE-2018-3063)
WordPress Plugin Flexible Checkout Fields for WooCommerce Security Bypass (2.3.1)