In Apache HTTP Server 2.4.17 to 2.4.34, by sending continuous, large SETTINGS frames a client can occupy a connection, server thread and CPU time without any connection timeout coming to effect. This affects only HTTP/2 connections. A possible mitigation is to not enable the h2 protocol.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Http_server | Apache | 2.4.17 (including) | 2.4.34 (including) |
| JBoss Core Services on RHEL 6 | RedHat | jbcs-httpd24-0:1-6.jbcs.el6 | * |
| JBoss Core Services on RHEL 6 | RedHat | jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el6 | * |
| JBoss Core Services on RHEL 6 | RedHat | jbcs-httpd24-apr-0:1.6.3-31.jbcs.el6 | * |
| JBoss Core Services on RHEL 6 | RedHat | jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el6 | * |
| JBoss Core Services on RHEL 6 | RedHat | jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el6 | * |
| JBoss Core Services on RHEL 6 | RedHat | jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el6 | * |
| JBoss Core Services on RHEL 6 | RedHat | jbcs-httpd24-mod_jk-0:1.2.46-1.redhat_1.jbcs.el6 | * |
| JBoss Core Services on RHEL 6 | RedHat | jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el6 | * |
| JBoss Core Services on RHEL 6 | RedHat | jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el6 | * |
| JBoss Core Services on RHEL 7 | RedHat | jbcs-httpd24-0:1-6.jbcs.el7 | * |
| JBoss Core Services on RHEL 7 | RedHat | jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el7 | * |
| JBoss Core Services on RHEL 7 | RedHat | jbcs-httpd24-apr-0:1.6.3-31.jbcs.el7 | * |
| JBoss Core Services on RHEL 7 | RedHat | jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el7 | * |
| JBoss Core Services on RHEL 7 | RedHat | jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el7 | * |
| JBoss Core Services on RHEL 7 | RedHat | jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el7 | * |
| JBoss Core Services on RHEL 7 | RedHat | jbcs-httpd24-mod_jk-0:1.2.46-1.redhat_1.jbcs.el7 | * |
| JBoss Core Services on RHEL 7 | RedHat | jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el7 | * |
| JBoss Core Services on RHEL 7 | RedHat | jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el7 | * |
| Red Hat JBoss Core Services 1 | RedHat | httpd | * |
| Red Hat Software Collections for Red Hat Enterprise Linux 6 | RedHat | httpd24-curl-0:7.61.1-1.el6 | * |
| Red Hat Software Collections for Red Hat Enterprise Linux 6 | RedHat | httpd24-httpd-0:2.4.34-7.el6 | * |
| Red Hat Software Collections for Red Hat Enterprise Linux 6 | RedHat | httpd24-nghttp2-0:1.7.1-7.el6 | * |
| Red Hat Software Collections for Red Hat Enterprise Linux 7 | RedHat | httpd24-curl-0:7.61.1-1.el7 | * |
| Red Hat Software Collections for Red Hat Enterprise Linux 7 | RedHat | httpd24-httpd-0:2.4.34-7.el7 | * |
| Red Hat Software Collections for Red Hat Enterprise Linux 7 | RedHat | httpd24-nghttp2-0:1.7.1-7.el7 | * |
| Red Hat Software Collections for Red Hat Enterprise Linux 7.4 EUS | RedHat | httpd24-curl-0:7.61.1-1.el7 | * |
| Red Hat Software Collections for Red Hat Enterprise Linux 7.4 EUS | RedHat | httpd24-httpd-0:2.4.34-7.el7 | * |
| Red Hat Software Collections for Red Hat Enterprise Linux 7.4 EUS | RedHat | httpd24-nghttp2-0:1.7.1-7.el7 | * |
| Red Hat Software Collections for Red Hat Enterprise Linux 7.5 EUS | RedHat | httpd24-curl-0:7.61.1-1.el7 | * |
| Red Hat Software Collections for Red Hat Enterprise Linux 7.5 EUS | RedHat | httpd24-httpd-0:2.4.34-7.el7 | * |
| Red Hat Software Collections for Red Hat Enterprise Linux 7.5 EUS | RedHat | httpd24-nghttp2-0:1.7.1-7.el7 | * |
| Red Hat Software Collections for Red Hat Enterprise Linux 7.6 EUS | RedHat | httpd24-curl-0:7.61.1-1.el7 | * |
| Red Hat Software Collections for Red Hat Enterprise Linux 7.6 EUS | RedHat | httpd24-httpd-0:2.4.34-7.el7 | * |
| Red Hat Software Collections for Red Hat Enterprise Linux 7.6 EUS | RedHat | httpd24-nghttp2-0:1.7.1-7.el7 | * |
| Apache2 | Ubuntu | bionic | * |
| Apache2 | Ubuntu | devel | * |
| Apache2 | Ubuntu | upstream | * |