Apache · Apache Http Server · CVE-2024-36387
Name of the Vulnerable Software and Affected Versions:
Apache HTTP Server (affected versions not specified)
Description:
The issue is related to serving WebSocket protocol upgrades over a HTTP/2 connection, which could result in a Null Pointer dereference. This can lead to a crash of the server process and degrade performance. The vulnerability can be exploited by a remote attacker to cause a denial of service.
Recommendations:
At the moment, there is no information about a newer version that contains a fix for this vulnerability.