Description
Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service. The attacker requests a large amount of data from a specified resource over multiple streams. They manipulate window size and stream priority to force the server to queue the data in 1-byte chunks. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both.
Remediation
References
Related Vulnerabilities
WordPress Plugin Social Photo Gallery Remote Code Execution (1.0)
WordPress Plugin WP DoNotTrack Cross-Site Scripting (0.8.8)
Oracle Database Server CVE-2009-1021 Vulnerability (CVE-2009-1021)
Magento Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2019-7874)
Apache HTTP Server Improper Input Validation Vulnerability (CVE-2011-4415)