Severity: low Affected versions:
- Apache HTTP Server 2.4.55 through 2.4.59 Description: Serving WebSocket protocol upgrades over a HTTP/2 connection could result in a Null Pointer dereference, leading to a crash of the server process, degrading performance. Credit: Marc Stern (<marc.stern approach.be>) (finder) References: https://httpd.apache.org/security/vulnerabilities_24.html https://httpd.apache.org/ https://www.cve.org/CVERecord?id=CVE-2024-36387 Timeline: 2024-05-27: fixed in r1918003 in trunk
