Description
The Apache HTTP Server 2.4.17 and 2.4.18, when mod_http2 is enabled, does not limit the number of simultaneous stream workers for a single HTTP/2 connection, which allows remote attackers to cause a denial of service (stream-processing outage) via modified flow-control windows.
Remediation
References
Related Vulnerabilities
WordPress Plugin Embedded Video 'lembedded-video.php' Cross-Site Scripting (4.1)
WordPress Plugin mklasen's Photobox Cross-Site Scripting (1.0)
MediaWiki Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-4360)
WordPress Plugin Side Menu Lite-add sticky fixed buttons SQL Injection (2.2.5)