A crafted method sent through HTTP/2 will bypass validation and be forwarded by mod_proxy, which can lead to request splitting or cache poisoning. This issue affects Apache HTTP Server 2.4.17 to 2.4.48.
{ "cpes": [ "cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*" ], "severity": "High" }