CVE-2018-17189

Priority
Description
In Apache HTTP server versions 2.4.37 and prior, by sending request bodies
in a slow loris way to plain resources, the h2 stream for that request
unnecessarily occupied a server thread cleaning up that incoming data. This
affects only HTTP/2 (mod_http2) connections.
Notes
 leosilva> issue was introduced in 2.4.17
 mdeslaur> http2 is disabled in xenial
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):not-affected (code not present)
Ubuntu 14.04 LTS (Trusty Tahr):not-affected (code not present)
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (code not built)
Ubuntu 18.04 LTS (Bionic Beaver):needed
Ubuntu 18.10 (Cosmic Cuttlefish):needed
Ubuntu 19.04 (Disco Dingo):needed
More Information

Updated: 2019-01-31 03:14:24 UTC (commit 0162f64f06d53914efdc5f3bcc18e914a0624fdb)