FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Apache -- Denial of service vulnerability in HTTP/2

Affected packages
apache24 < 2.4.35

Details

VuXML ID e182c076-c189-11e8-a6d2-b499baebfeaf
Discovery 2018-09-25
Entry 2018-09-26

The Apache httpd project reports:

low: DoS for HTTP/2 connections by continuous SETTINGS

By sending continous SETTINGS frames of maximum size an ongoing HTTP/2 connection could be kept busy and would never time out. This can be abused for a DoS on the server. This only affect a server that has enabled the h2 protocol.

References

CVE Name CVE-2018-11763
URL http://httpd.apache.org/security/vulnerabilities_24.html