Description
In Apache HTTP server versions 2.4.37 and prior, by sending request bodies in a slow loris way to plain resources, the h2 stream for that request unnecessarily occupied a server thread cleaning up that incoming data. This affects only HTTP/2 (mod_http2) connections.
Remediation
References
Related Vulnerabilities
WordPress Plugin SpiderCatalog SQL Injection (1.7.3)
WordPress Plugin Relocate Upload 'abspath' Parameter Remote File Include (0.14)
WordPress 3.9.x Multiple Vulnerabilities (3.9 - 3.9.14)
WordPress Plugin Connections Business Directory Cross-Site Scripting (8.5.8)
WordPress Plugin HTML5 Maps Cross-Site Request Forgery (1.6.5.6)