Description
The HTTP/2 experimental feature in Apache Traffic Server 5.3.x before 5.3.1 allows remote attackers to cause a denial of service (out-of-bounds access and daemon crash) or possibly execute arbitrary code via vectors related to the (1) frame_handlers array or (2) set_dynamic_table_size function.
Remediation
References
Related Vulnerabilities
Grapefile File Sharing 'grapeupload.php' Arbitrary File Upload (1.1)
Python Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-1015)
CAC Featured Content TimThumb Arbitrary File Upload (0.8)
Spotlight Social Feeds [Block, Shortcode, and Widget] Security Bypass (0.10.1)