|Title:||Apache HTTPD HTTP/2 'SETTINGS' Data Processing DoS Vulnerability (Windows)|
|Summary:||This host is running Apache HTTP Server; and is prone to denial-of-service vulnerability|
This host is running Apache HTTP Server
and is prone to denial-of-service vulnerability
The flaw is due to an improper processing of
specially crafted and continuous SETTINGS data for an ongoing HTTP/2 connection
to cause the target service to fail to timeout.
Successful exploitation will allow remote
attackers to cause a denial of service (DoS) condition on a targeted system.
Apache HTTP Server versions 2.4.34, 2.4.33,
2.4.30, 2.4.29, 2.4.28, 2.4.27, 2.4.26, 2.4.25, 2.4.23, 2.4.20, 2.4.18.
Upgrade to Apache HTTP Server 2.4.35 or
later. For updates refer to Reference links.
Common Vulnerability Exposure (CVE) ID: CVE-2018-11763|
|Copyright||Copyright (C) 2018 Greenbone Networks GmbH|
|This is only one of 71225 vulnerability tests in our test suite. Find out more about running a complete security audit.|
To run a free test of this vulnerability against your system, register below.