Description
A crafted method sent through HTTP/2 will bypass validation and be forwarded by mod_proxy, which can lead to request splitting or cache poisoning. This issue affects Apache HTTP Server 2.4.17 to 2.4.48.
Remediation
References
Related Vulnerabilities
Drupal Core 4.7.x HTTP Response Splitting (4.7.0 - 4.7.7)
WordPress Plugin Download from files Arbitrary File Upload (1.48)
WordPress Plugin Order Export & Order Import for WooCommerce Information Disclosure (1.0.8)
WordPress Plugin WP Accurate Form Data Multiple Vulnerabilities (1.2)
WordPress Plugin WP Fastest Cache Arbitrary File Deletion (0.8.9.0)