Описание
By specially crafting HTTP/2 requests, workers would be allocated 60 seconds longer than necessary, leading to worker exhaustion and a denial of service. Fixed in Apache HTTP Server 2.4.34 (Affected 2.4.18-2.4.30,2.4.33).
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| apache2 | fixed | 2.4.34-1 | package | |
| apache2 | fixed | 2.4.25-3+deb9u6 | stretch | package |
| apache2 | not-affected | jessie | package |
Примечания
Affects 2.4.18-2.4.33
HTTP/2 support introduced in 2.4.17
https://www.openwall.com/lists/oss-security/2018/07/18/1
https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2018-1333
EPSS
Связанные уязвимости
By specially crafting HTTP/2 requests, workers would be allocated 60 seconds longer than necessary, leading to worker exhaustion and a denial of service. Fixed in Apache HTTP Server 2.4.34 (Affected 2.4.18-2.4.30,2.4.33).
By specially crafting HTTP/2 requests, workers would be allocated 60 seconds longer than necessary, leading to worker exhaustion and a denial of service. Fixed in Apache HTTP Server 2.4.34 (Affected 2.4.18-2.4.30,2.4.33).
By specially crafting HTTP/2 requests, workers would be allocated 60 seconds longer than necessary, leading to worker exhaustion and a denial of service. Fixed in Apache HTTP Server 2.4.34 (Affected 2.4.18-2.4.30,2.4.33).
EPSS