Author Topic: HTTP/2 Bomb — Remote DoS Exploit Hits nginx, Apache, IIS, Envoy, and Cloudflare (Read 48 times)

Starburst · « **on:** June 03, 2026, 02:33:34 PM »

https://cybersecuritynews.com/http-2-bomb-remote-dos-exploit/

If you are running Apache <2.4.67 or Nginx <1.29.7, Please update ASAP.

overseer · « **Reply #1 on:** **Today** at 03:42:10 AM »

Maybe that's what hit our datacenter last Sunday afternoon/evening. Knocked everything out for hours with a major DDoS.

kandalf · « **Reply #2 on:** **Today** at 08:19:37 AM »

F*ck CWP use all major services with outdated versions. It's incredible.

ghoste · « **Reply #3 on:** **Today** at 11:43:49 AM »

Hello admins, only if someone screams and threatens, one step forward and of course 2 back, it seems that cwp advances like this, 1 forward 2 back. Even now the cwp installation script has not been corrected, still with the outdated packages and services to install. So that after installation you have to update Apache, Roundcube, Nginx, MariaDB, PhP ... so on ... Who is the admin of this forum and if he is from the CWP team, can he tell here what is the status of the new version (which comes with a never-before-seen interface) and the changelog of the latest versions?

"If you are running Apache <2.4.67 or Nginx <1.29.7, Please update ASAP."
Starburst - and what are the correct steps to update Apache - without breaking anything in cwp?
Same for NGINX, same for Roundcube! MariaDB?

I've been watching the HestiaCP forum these days, incredible, a problem appeared, you automatically have a solution .... here even when I open a ticket, for paid servers with a license, you get a response like "I'm sick of you".

Too bad, if the team was more serious, cwp would be an incredible control panel!

overseer · « **Reply #4 on:** **Today** at 11:57:05 AM »

Here's Starburst's guide for updating Apache:
https://starburst.help/control-web-panel-cwp/control-web-panel-cwp-admin-tutorials/update-apache-to-2-4-67-in-cwp-on-almalinux-8-9/

Roundcube:
https://starburst.help/control-web-panel-cwp/control-web-panel-cwp-admin-tutorials/update-roundcube-webmail-to-version-1-5-15-in-cwp-on-almalinux-8-9/

MariaDB:
https://starburst.help/control-web-panel-cwp/control-web-panel-cwp-admin-tutorials/upgrade-mariadb-10-x-to-10-11-with-cwp-on-almalinux-9/

Nginx:

Quote from: overseer on May 17, 2026, 03:18:24 AM

Successfully updated to nginx 1.31.0 by following Sandeep's guide (choose the mainline version, not stable):
https://www.alphagnu.com/topic/55-how-to-install-latest-stablemainline-nginx-in-cwp-centos-89-stream-almalinux-89-rockylinux-89/
but for the actual install line you have to ignore system excludes:
Code: [Select]
dnf install --disableexcludes=all --disableplugin="*" nginx -y

Control Web Panel

Author Topic: HTTP/2 Bomb — Remote DoS Exploit Hits nginx, Apache, IIS, Envoy, and Cloudflare (Read 48 times)

HTTP/2 Bomb — Remote DoS Exploit Hits nginx, Apache, IIS, Envoy, and Cloudflare

Re: HTTP/2 Bomb — Remote DoS Exploit Hits nginx, Apache, IIS, Envoy, and Cloudflare

Re: HTTP/2 Bomb — Remote DoS Exploit Hits nginx, Apache, IIS, Envoy, and Cloudflare

Re: HTTP/2 Bomb — Remote DoS Exploit Hits nginx, Apache, IIS, Envoy, and Cloudflare

Re: update software