Description
In Apache HTTP server versions 2.4.37 and prior, by sending request bodies in a slow loris way to plain resources, the h2 stream for that request unnecessarily occupied a server thread cleaning up that incoming data. This affects only HTTP/2 (mod_http2) connections.
Remediation
References
Related Vulnerabilities
Apache HTTP Server Integer Overflow or Wraparound Vulnerability (CVE-2022-22721)
PHP Loop with Unreachable Exit Condition ('Infinite Loop') Vulnerability (CVE-2018-10546)
osCommerce Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2020-27975)
WordPress Plugin WordPress Custom Global Variable Unspecified Vulnerability (3.0.0)