New vulnerability discovered in the IBM i HTTP Server (powered by Apache)!
It turns out that this server is vulnerable to a denial-of-service attack due to poor management of multiplexed streams in the HTTP/2 protocol.
The protocol allows developers to customize the hierarchy or order in which Web resources are loaded.
And the sending of numerous HTTP/2 requests and/or RST_STREAM frames over several streams could enable a remote attacker to provoke a DoS attack due to the server’s excessive resource consumption.
It should also be noted that several providers are vulnerable to this denial of service and that this flaw is rated CVSS 7.5.
To prevent the exploitation of this flaw, you can correct the problem once again by applying the following PTFs (which you can also find on the official support site for more details: https: //lnkd.in/ed58amn4 )
