Robert Swiecki discovered that the Apache HTTP Server HTTP/2 module incorrectly destroyed certain streams. A remote attacker could possibly use this issue to cause the server to crash, leading to a denial of service. (CVE-2018-1302)
Craig Young discovered that the Apache HTTP Server HTTP/2 module incorrectly handled certain requests. A remote attacker could possibly use this issue to cause the server to consume resources, leading to a denial of service. (CVE-2018-1333)
Gal Goldshtein discovered that the Apache HTTP Server HTTP/2 module incorrectly handled large SETTINGS frames. A remote attacker could possibly use this issue to cause the server to consume resources, leading to a denial of service. (CVE-2018-11763)
{ "availability": "No subscription required", "binaries": [ { "binary_version": "2.4.29-1ubuntu4.4", "binary_name": "apache2" }, { "binary_version": "2.4.29-1ubuntu4.4", "binary_name": "apache2-bin" }, { "binary_version": "2.4.29-1ubuntu4.4", "binary_name": "apache2-data" }, { "binary_version": "2.4.29-1ubuntu4.4", "binary_name": "apache2-dbg" }, { "binary_version": "2.4.29-1ubuntu4.4", "binary_name": "apache2-dev" }, { "binary_version": "2.4.29-1ubuntu4.4", "binary_name": "apache2-doc" }, { "binary_version": "2.4.29-1ubuntu4.4", "binary_name": "apache2-ssl-dev" }, { "binary_version": "2.4.29-1ubuntu4.4", "binary_name": "apache2-suexec-custom" }, { "binary_version": "2.4.29-1ubuntu4.4", "binary_name": "apache2-suexec-pristine" }, { "binary_version": "2.4.29-1ubuntu4.4", "binary_name": "apache2-utils" } ] }