Arch Linux
Home
Packages
Forums
Wiki
GitLab
Security
AUR
Download
issues
advisories
todo
stats
log
login
ASA-201901-14 - log
back
ASA-201901-14
created
at 25 Sep 2019 19:32:14
Workaround
+
- CVE-2018-17189
+
+
Disable the h2 protocol.
Impact
+
An attacker is able to crash the Apache server by sending maliciously- crafted h2 requests and SSL handshakes. In addition, an attacker is able to reuse an expired session.