Description
A crafted method sent through HTTP/2 will bypass validation and be forwarded by mod_proxy, which can lead to request splitting or cache poisoning. This issue affects Apache HTTP Server 2.4.17 to 2.4.48.
Remediation
References
Related Vulnerabilities
WordPress Plugin Advance Menu Manager Security Bypass (3.0)
ReviveAdserver Session Fixation Vulnerability (CVE-2016-9125)
WordPress 6.2.x Cross-Site Scripting (6.2 - 6.2.4)
WordPress 5.9.x Multiple Vulnerabilities (5.9 - 5.9.8)
Jboss EAP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2014-3481)