View at Official suse advisory, NVD, CVE.org · CVE detail
Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.
CVE-2018-17189 severity moderate: SUSE including 47 source package names (apache2, apache2-2.4.23-29.34.4, …), 110 product×package rows across 25 product lines (SLES for SAP Applications 11 SP3, SUSE Liberty Linux 8, … (25 product lines)): Fixed 84, Known Not Affected 26.
In Apache HTTP server versions 2.4.37 and prior, by sending request bodies in a slow loris way to plain resources, the h2 stream for that request unnecessarily occupied a server thread cleaning up that incoming data. This affects only HTTP/2 (mod_http2) connections.