CVE-2023-43622: Apache HTTP Server: DoS in HTTP/2 with initial windows size 0

CVE-2023-43622: Apache HTTP Server: DoS in HTTP/2 with initial windows size 0

Open Source Security 

Posted by Stefan Eissing on Oct 19

Severity: low

Affected versions:

– Apache HTTP Server 2.4.55 through 2.4.57

Description:

An attacker, opening a HTTP/2 connection with an initial window size of 0, was able to block handling of that
connection indefinitely in Apache HTTP Server. This could be used to exhaust worker resources in the server, similar to
the well known „slow loris“ attack pattern.
This has been fixed in version 2.4.58, so that such connection are…
 Read More 

Schreibe einen Kommentar

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert