HTTP/2 Request Worker Exhaustion Vulnerability

HTTP/2 Request Worker Exhaustion Vulnerability

CVE-2018-1333 · MEDIUM Severity

AV:N/AC:L/AU:N/C:N/I:N/A:P

By specially crafting HTTP/2 requests, workers would be allocated 60 seconds longer than necessary, leading to worker exhaustion and a denial of service. Fixed in Apache HTTP Server 2.4.34 (Affected 2.4.18-2.4.30,2.4.33).

Learn more about our Cis Benchmark Audit For Apache Http Server.