CVE-2018-11763 in Retail Xstore Point of Serviceinfo

Summary

In Apache HTTP Server 2.4.17 to 2.4.34, by sending continuous, large SETTINGS frames a client can occupy a connection, server thread and CPU time without any connection timeout coming to effect. This affects only HTTP/2 connections. A possible mitigation is to not enable the h2 protocol.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

Reservation

06/05/2018

Status

Confirmed

Entries

VulDB provides additional information and datapoints for this CVE:

IDVulnerabilityCWEExpCouCVE
133729Oracle Retail Xstore Point of Service Xstore Office denial of service404Not definedOfficial fixCVE-2018-11763
133728Oracle Retail Xstore Point of Service Apache HTTP Server denial of service404Not definedOfficial fixCVE-2018-11763
133643Oracle Hospitality Guest Access Apache HTTP Server denial of service404Not definedOfficial fixCVE-2018-11763
133563Oracle Enterprise Manager Ops Center Networking denial of service404Not definedOfficial fixCVE-2018-11763
133520Oracle Instantis EnterpriseTrack Apache HTTP Server denial of service404Not definedOfficial fixCVE-2018-11763
129717Oracle Secure Global Desktop Apache HTTP Server input validation20Not definedOfficial fixCVE-2018-11763
124447Apache HTTP Server SETTINGS Frame input validation20Not definedOfficial fixCVE-2018-11763

Description

CPE

CWE

CVSS

Exploits

History

Diff

Relate

Threat Intelligence

API JSON

API XML

API CSV

Sources

PreviousOverviewNext

Might our Artificial Intelligence support you?

Check our Alexa App!