Description

In Apache HTTP Server 2.4.18-2.4.39, using fuzzed network input, the http/2 session handling could be made to read memory after being freed, during connection shutdown.

Remediation

References

CVE-2019-10082

Related Vulnerabilities

WordPress Plugin Sell Media Cross-Site Scripting (2.4.1)

WordPress Plugin Woocommerce Payment Gateway per Category Cross-Site Scripting (2.0.10)

WordPress Plugin WP Maintenance Mode & Site Under Construction Cross-Site Request Forgery (1.8.2)

Werkzeug WSGI Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2024-49767)

Liferay Portal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-29046)

Severity

Critical

Classification

CVE-2019-10082 CWE-416 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

Tags

Missing Update Known Vulnerabilities