Apache 2.4.x < 2.4.35 DoS
Medium Nessus Plugin ID 117807
SynopsisThe remote web server is affected by a denial of service vulnerability.
DescriptionAccording to its banner, the version of Apache running on the remote host is 2.4.x prior to 2.4.35. It is, therefore, affected by the following vulnerability:
- By sending continuous SETTINGS frames of maximum size an ongoing HTTP/2 connection could be kept busy and would never time out. This can be abused for a DoS on the server. This only affect a server that has enabled the h2 protocol.
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
SolutionUpgrade to Apache version 2.4.35 or later.