Description

In Apache HTTP Server 2.4.17 to 2.4.34, by sending continuous, large SETTINGS frames a client can occupy a connection, server thread and CPU time without any connection timeout coming to effect. This affects only HTTP/2 connections. A possible mitigation is to not enable the h2 protocol.

Remediation

References

CVE-2018-11763

Related Vulnerabilities

WordPress Plugin Elementor Website Builder Multiple Cross-Site Scripting Vulnerabilities (3.1.1)

Django Cleartext Transmission of Sensitive Information Vulnerability (CVE-2019-12781)

WordPress Plugin Custom Search by BestWebSoft Cross-Site Scripting (1.35)

Plone CMS Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2020-7939)

WordPress Plugin No Follow All External Links Spam Injection (2.3.0)

Severity

Medium

Classification

CVE-2018-11763 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Tags

Missing Update Known Vulnerabilities