CVE-2018-17189: mod_http2, DoS via slow, unneeded request bodies
Severity: Low Vendor: The Apache Software Foundation Versions Affected: httpd 2.4.17 to 2.4.37 Description: By sending request bodies in a slow loris way to plain resources, the h2 stream for that request unnecessarily occupied a server thread cleaning up that incoming data. This affects only HTTP/2 (mod_http2) connections in Apache HTTP Server versions 2.4.37 and prior. Mitigation: All httpd users deploying mod_http2 should upgrade to 2.4.38 or later. Credit: The issue was discovered by Gal Goldshtein of F5 Networks. References: https://httpd.apache.org/security/vulnerabilities_24.html