: Using fuzzed network input, the HTTP/2 session handling can be forced to read memory after it has been freed during connection shutdown. This can lead to crashes or potential information disclosure. Summary of Vulnerability Impact Module Affected CVE-2016-1546 Server crash / Unresponsiveness mod_http2 CVE-2016-0736 Cryptographic Session decryption/modification mod_session_crypto CVE-2019-0211 Privilege Escalation Local code execution as root mod_status CVE-2019-10082 Use-after-free Potential memory corruption/crash mod_http2 How to Secure Your Server
In Apache versions 2.4.17 through 2.4.18, the mod_cgid module failed to properly handle the termination of CGI scripts. The vulnerability allowed a remote attacker to cause a Denial of Service (DoS). Specifically, if a CGI script was killed or terminated abruptly, the module might fail to correctly close the pipe or socket connection to that script. This resulted in a "zombie" process or a resource leak that could eventually exhaust the server’s available process slots or file descriptors. apache httpd 2.4.18 vulnerability
The only recommended permanent fix is to (currently in the 2.4.6x range). If you cannot upgrade immediately, consider these temporary mitigations: CVE-2016-1546 Detail - NVD : Using fuzzed network input, the HTTP/2 session
Apache HTTP Server version 2.4.18, released in late 2015, contains several documented vulnerabilities, the most notable being those related to the and resource exhaustion . Key Vulnerabilities in Apache 2.4.18 The vulnerability allowed a remote attacker to cause