Description
The Apache HTTP Server 2.4.17 and 2.4.18, when mod_http2 is enabled, does not limit the number of simultaneous stream workers for a single HTTP/2 connection, which allows remote attackers to cause a denial of service (stream-processing outage) via modified flow-control windows.
Remediation
References
Related Vulnerabilities
WordPress Plugin Caldera Forms-More Than Contact Forms Cross-Site Scripting (1.4.1)
WordPress Plugin WooCommerce Dynamic Pricing & Discounts Multiple Vulnerabilities (2.4.1)
WordPress Plugin WP Whois Domain Cross-Site Scripting (1.0.0)
WordPress Plugin Admin Bar User Switching Cross-Site Scripting (1.0.4)