FreeBSD : Apache -- Denial of service vulnerability in HTTP/2 (e182c076-c189-11e8-a6d2-b499baebfeaf)
Medium Nessus Plugin ID 117724
SynopsisThe remote FreeBSD host is missing a security-related update.
DescriptionThe Apache httpd project reports :
low: DoS for HTTP/2 connections by continuous SETTINGS
By sending continous SETTINGS frames of maximum size an ongoing HTTP/2 connection could be kept busy and would never time out. This can be abused for a DoS on the server. This only affect a server that has enabled the h2 protocol.
SolutionUpdate the affected package.