CVE-2016-1546

Name of the Vulnerable Software and Affected Versions Apache HTTP Server versions 2.4.17 through 2.4.18

Description The issue is related to resource management errors in the Apache HTTP Server. It allows a remote attacker to cause a denial of service by modifying flow-control windows, leading to a stream-processing outage. This is achieved by manipulating the flow control windows on streams, which can block server threads for extended periods, causing starvation of worker threads. Although new connections can still be opened, no streams are processed for these connections.

Recommendations For Apache HTTP Server versions 2.4.17 and 2.4.18, consider disabling the mod http2 module as a temporary workaround to prevent exploitation until a patch is available. Restrict access to HTTP/2 connections to minimize the risk of denial of service attacks.