11-26-2018 09:06 AM - edited 02-21-2020 08:30 AM
Hello!
During a vulnerability scan on my FTD 4120, I was provided with the below vulnerability to resolve. Can you tell me if 4120 has enabled the H2 protocol?
Vulnerability description:
Apache HTTPD: DoS for HTTP/2 connections by continuous SETTINGS (CVE-2018-11763)
By sending continous SETTINGS frames of maximum size an ongoing HTTP/2 connection could be kept busy and would never time out. This can be abused for a DoS on the server. This only affect a server that has enabled the h2 protocol.
Solved! Go to Solution.
11-26-2018 12:49 PM
11-26-2018 10:24 AM
Hi,
Apache Remote Web Server is affected by multiple vulnerabilities on the FXOS Version 2.3(1.73)
CSCvj48872 it is fixed on the version 2.3(1.88) & 2.3(1.82)
Multiple Common Vulnerability and Exposures ID's CVE-2017-15710, CVE-2017-15715, CVE-2018-1283, CVE-2018-1301, CVE-2018-1302, CVE-2018-1303,
CVE-2018-1312
HTH
Abheesh
11-26-2018 11:40 AM
Thanks for the quick response Abheesh,
The FXOS version installed is 2.3(1.88) and I plan to upgrade to 2.3(1.56) soon.
The Vulnerability has Exposures ID of CVE-2018-11763 listed which i didn't see listed below. If I am running FXOS 2.3(1.88) and the scan still is reporting the vulnerability, what should i do to resolve this, or should it be marked as a false positive?
Thanks for your help!
Chris
11-26-2018 12:49 PM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide