Debian Bug report logs -
#909591
apache2: CVE-2018-11763: mod_http2, DoS via continuous SETTINGS frames
Package:
src:apache2;
Maintainer for src:apache2 is Debian Apache Maintainers <debian-apache@listsdebianorg>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Tue, 25 Sep 2018 19:00:02 UTC
Severity: im ...
Several security issues were fixed in the Apache HTTP Server ...
Synopsis
Important: Red Hat JBoss Core Services Apache HTTP Server 2429 security update
Type/Severity
Security Advisory: Important
Topic
An update is now available for JBoss Core Services on RHEL 6 and RHEL 7Red Hat Product Security has rated this update as having a security impact of Important A Common ...
Synopsis
Important: Red Hat JBoss Core Services Apache HTTP Server 2429 SP1 security update
Type/Severity
Security Advisory: Important
Topic
Red Hat JBoss Core Services Pack Apache Server 2429 Service Pack 1 packages for Microsoft Windows and Oracle Solaris are now availableRed Hat Product Security has ...
Synopsis
Moderate: httpd24 security, bug fix, and enhancement update
Type/Severity
Security Advisory: Moderate
Topic
An update for httpd24-httpd, httpd24-nghttp2, and httpd24-curl is now available for Red Hat Software CollectionsRed Hat Product Security has rated this update as having a security impact of ...
In Apache HTTP Server 2417 to 2434, by sending continuous, large SETTINGS frames a client can occupy a connection, server thread and CPU time without any connection timeout coming to effect This affects only HTTP/2 connections A possible mitigation is to not enable the h2 protocol (CVE-2018-11763) ...
In Apache HTTP Server 2417 to 2434, by sending continuous, large SETTINGS frames a client can occupy a connection, server thread and CPU time without any connection timeout coming to effect This affects only HTTP/2 connections A possible mitigation is to not enable the h2 protocol(CVE-2018-11763) ...
In Apache HTTP Server, by sending continuous, large SETTINGS frames a client can occupy a connection, server thread and CPU time without any connection timeout coming to effect This affects only HTTP/2 connections A possible mitigation is to not enable the h2 protocol(CVE-2018-11763) ...
In Apache HTTP Server 2417 to 2434, by sending continuous, large SETTINGS frames a client can occupy a connection, server thread and CPU time without any connection timeout coming to effect This affects only HTTP/2 connections A possible mitigation is to not enable the h2 protocol ...
Tenablesc leverages third-party software to help provide underlying functionality Three separate third-party components (OpenSSL, Apache HTTP Server, SimpleSAMLphp) were found to contain vulnerabilities, and updated versions have been made available by the providers
Out of caution and in line with good practice, Tenable opted to upgrade the bun ...