Noam Mazor

**Name of the Vulnerable Software and Affected Versions** Apache HTTP Server versions 2.4.17 through 2.4.18 **Description** The issue is related to resource management errors in the Apache HTTP Server. It allows a remote attacker to cause a denial of service by modifying flow-control windows, leading to a stream-processing outage. This is achieved by manipulating the flow control windows on streams, which can block server threads for extended periods, causing starvation of worker threads. Although new connections can still be opened, no streams are processed for these connections. **Recommendations** For Apache HTTP Server versions 2.4.17 and 2.4.18, consider disabling the mod http2 module as a temporary workaround to prevent exploitation until a patch is available. Restrict access to HTTP/2 connections to minimize the risk of denial of service attacks.

**Nome do software vulnerável e versões afetadas: Versões do nghttp2 anteriores à 1.7.1 Descrição: A vulnerabilidade permite que invasores remotos provoquem uma negação de serviço, resultando em esgotamento de memória. Recomendações: Para versões anteriores à 1.7.1, atualize para a versão 1.7.1 ou posterior para resolver o problema.