Description
Apache Traffic Server is vulnerable to HTTP/2 setting flood attacks. Earlier versions of Apache Traffic Server didn't limit the number of setting frames sent from the client using the HTTP/2 protocol. Users should upgrade to Apache Traffic Server 7.1.7, 8.0.4, or later versions.
Remediation
References
Related Vulnerabilities
WordPress Plugin HashBar-WordPress Notification Bar Cross-Site Scripting (1.3.5)
Vanilla Forums Authorization Bypass Through User-Controlled Key Vulnerability (CVE-2018-15833)
Oracle Database Server CVE-2014-6467 Vulnerability (CVE-2014-6467)
WordPress Plugin Stripe Payment for WooCommerce Security Bypass (3.7.7)
Oracle Application Server Other Vulnerability (CVE-2007-3862)