The worker process of H2O may crash (and automatically respawned depending on the configuration) while the reverse proxy module tries to forward a huge HTTP request body to the upstream server using HTTPS.
The crash disrupts other requests in-flight, and therefore is being classified as a DoS vulnerability.
Affected systems: H2O up to version 2.2.2, used as a reverse proxy that connects to the origin server using HTTPS.
Resolution: upgrade to 2.2.3.
The text was updated successfully, but these errors were encountered: