CVE-2018-11763 vulnerability in Apache and Other Products
Published on September 25, 2018

In Apache HTTP Server 2.4.17 to 2.4.34, by sending continuous, large SETTINGS frames a client can occupy a connection, server thread and CPU time without any connection timeout coming to effect. This affects only HTTP/2 connections. A possible mitigation is to not enable the h2 protocol.

Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory NVD

Products Associated with CVE-2018-11763

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2018-11763 are published in these products:

Apache HTTP Server

NetApp Storage Automation Store

Oracle Enterprise Manager Ops Center

Oracle Hospitality Guest Access

Oracle Instantis Enterprisetrack

Oracle Retail Xstore Point Of Service

Oracle Secure Global Desktop

Canonical Ubuntu Linux

Red Hat Enterprise Linux (RHEL)

Affected Versions

Apache Software Foundation Apache HTTP Server Version 2.4.17 to 2.4.34 is affected by CVE-2018-11763

Exploit Probability

EPSS

17.40%

Percentile

94.92%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

CVE-2018-11763 vulnerability in Apache and Other ProductsPublished on September 25, 2018

Products Associated with CVE-2018-11763

Affected Versions

Exploit Probability

CVE-2018-11763 vulnerability in Apache and Other Products
Published on September 25, 2018