Home CVE Database CVE-2018-11763

CVE-2018-11763

Description

In Apache HTTP Server 2.4.17 to 2.4.34, by sending continuous, large SETTINGS frames a client can occupy a connection, server thread and CPU time without any connection timeout coming to effect. This affects only HTTP/2 connections. A possible mitigation is to not enable the h2 protocol.

Priority: MEDIUM
CVSS v3: 5.9
Publish Date: Sep 25, 2018
Related ID: --
CVSS v2: MEDIUM
Modified Date: Oct 4, 2018

Find out more about CVE-2018-11763 from the MITRE-CVE dictionary and NIST NVD


Products Affected

Login may be required to access defects or downloads.

Product Name Status Defect Fixed Downloads
Linux
Wind River Linux LTS 17 Fixed LIN10-4789
10.17.41.13 Wind River Linux LTS 10.17.41.13
Wind River Linux LTS 10.17.41.14
Wind River Linux LTS 10.17.41.15
Wind River Linux LTS 10.17.41.16
Wind River Linux LTS 10.17.41.17
Wind River Linux LTS 10.17.41.18
Wind River Linux LTS 10.17.41.20
Wind River Linux LTS 10.17.41.21
Wind River Linux LTS 10.17.41.22
Wind River Linux 9 Investigate LIN9-7553
-- --
Wind River Linux 8 Not Vulnerable -- -- --
Wind River Linux LTS 18 Vulnerable LIN1018-2616
-- --
Wind River Linux LTS 19 Not Vulnerable -- -- --
Wind River Linux CD release Vulnerable -- -- --
VxWorks
VxWorks 7 Not Vulnerable -- -- --
VxWorks 6.9 Not Vulnerable -- -- --

Related Products

Product Name Status Defect Fixed Downloads
Linux 7 SCP Not Vulnerable -- -- --
Linux 7 CGP Not Vulnerable -- -- --

Comments

apache

Live chat
Online