FreeBSD : Apache httpd -- multiple vulnerabilities (8b1a50ab-8a8e-11e8-add2-b499baebfeaf)
High Nessus Plugin ID 111177
SynopsisThe remote FreeBSD host is missing a security-related update.
DescriptionThe Apache project reports :
- DoS for HTTP/2 connections by crafted requests (CVE-2018-1333). By specially crafting HTTP/2 requests, workers would be allocated 60 seconds longer than necessary, leading to worker exhaustion and a denial of service. (low)
- mod_md, DoS via Coredumps on specially crafted requests (CVE-2018-8011). By specially crafting HTTP requests, the mod_md challenge handler would dereference a NULL pointer and cause the child process to segfault. This could be used to DoS the server. (moderate)
SolutionUpdate the affected package.