BSA-2018-710
21671
26 September 2018
26 September 2018
Closed
High
7.5
N/A
CVE-2018-11763
Summary
Security Advisory ID : BSA-2018-710
Component : Apache HTTPD
Revision : 1.0: Final
In Apache HTTP Server 2.4.17 to 2.4.34, by sending continuous, large SETTINGS frames a client can occupy a connection, server thread and CPU time without any connection timeout coming to effect. This affects only HTTP/2 connections. A possible mitigation is to not enable the h2 protocol.Affected Products
No Brocade Fibre Channel technology products from Broadcom are currently known to be affected by this vulnerability.
Revision History
Version | Change | Date |
---|---|---|
1.0 | Initial Publication | Semptember 25, 2018 |