Description

In Apache HTTP server versions 2.4.37 and prior, by sending request bodies in a slow loris way to plain resources, the h2 stream for that request unnecessarily occupied a server thread cleaning up that incoming data. This affects only HTTP/2 (mod_http2) connections.

Remediation

References

CVE-2018-17189

Related Vulnerabilities

Liferay Portal CVE-2020-13444 Vulnerability (CVE-2020-13444)

Oracle Database Server CVE-2009-1995 Vulnerability (CVE-2009-1995)

WordPress Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-5487)

WordPress Plugin MyThemeShop Theme/Plugin Updater Cross-Site Scripting (1.2.3)

Atlassian Jira Improper Authentication Vulnerability (CVE-2022-0540)

Severity

Medium

Classification

CVE-2018-17189 CWE-400 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

Tags

Missing Update Known Vulnerabilities