The vulnerability of the Apache HTTP Server web server, related to blocking HTTP/2 connection processing, allows a attacker to cause a service failure.

The vulnerability of the Apache HTTP Server is related to the blocking of HTTP/2 connection processing, if the initial window size is set to 0. Exploiting this vulnerability can allow a remote attacker to cause a service failure...

AZL-43639 CVE-2023-43622 affecting package mod_http2 1.15.14-2

An attacker, opening a HTTP/2 connection with an initial window size of 0, was able to block handling of that connection indefinitely in Apache HTTP Server. This could be used to exhaust worker resources in the server, similar to the well known "slow loris" attack pattern. This has been fixed in...

AZL-44955 CVE-2023-43622 affecting package mod_http2 for versions less than 2.0.29-3

An attacker, opening a HTTP/2 connection with an initial window size of 0, was able to block handling of that connection indefinitely in Apache HTTP Server. This could be used to exhaust worker resources in the server, similar to the well known "slow loris" attack pattern. This has been fixed in...