Lucene search
Debian Security Bug TrackerDEBIANCVE:CVE-2024-31309HistoryApr 10, 2024 - 12:15 p.m.
CVE-2024-31309
2024-04-1012:15:09
Debian Security Bug Tracker
security-tracker.debian.org
22
apache traffic server
http/2
dos attack
fix
upgrade
limit
memory
unix
HTTP/2 CONTINUATION DoS attack can cause Apache Traffic Server to consume more resources on the server. Version from 8.0.0 through 8.1.9, from 9.0.0 through 9.2.3 are affected. Users can set a new setting (proxy.config.http2.max_continuation_frames_per_minute) to limit the number of CONTINUATION frames per minute. ATS does have a fixed amount of memory a request can use and ATS adheres to these limits in previous releases. Users are recommended to upgrade to versions 8.1.10 or 9.2.4 which fixes the issue.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 12 | all | trafficserver | < 9.2.4+ds-0+deb12u1 | trafficserver_9.2.4+ds-0+deb12u1_all.deb |
| Debian | 11 | all | trafficserver | < 8.1.10+ds-1~deb11u1 | trafficserver_8.1.10+ds-1~deb11u1_all.deb |
| Debian | 10 | all | trafficserver | < 8.1.7-0+deb10u4 | trafficserver_8.1.7-0+deb10u4_all.deb |
| Debian | 999 | all | trafficserver | < 9.2.4+ds-1 | trafficserver_9.2.4+ds-1_all.deb |
Related
debian
debian
[SECURITY] [DLA 3799-1] trafficserver security update
2024-04-28 20:55:45
[SECURITY] [DSA 5659-1] trafficserver security update
2024-04-14 18:01:59
nessus
nessus
Fedora 40 : trafficserver (2024-111a8a624b)
2024-04-29 00:00:00
Debian dsa-5659 : trafficserver - security update
2024-04-14 00:00:00
Fedora 38 : trafficserver (2024-d0acf8d109)
2024-04-12 00:00:00
veracode
veracode
Denial Of Service (DOS)
2024-04-17 08:29:08
ubuntucve
ubuntucve
CVE-2024-31309
2024-04-10 00:00:00
osv
osv
trafficserver - security update
2024-04-14 00:00:00
trafficserver - security update
2024-04-28 00:00:00
nvd
nvd
CVE-2024-31309
2024-04-10 12:15:09
openvas
openvas
Debian: Security Advisory (DLA-3799-1)
2024-04-29 00:00:00
Fedora: Security Advisory for trafficserver (FEDORA-2024-111a8a624b)
2024-05-27 00:00:00
Debian: Security Advisory (DSA-5659-1)
2024-04-15 00:00:00
f5
f5
cvelist
cvelist
fedora
fedora
[SECURITY] Fedora 38 Update: trafficserver-9.2.4-1.fc38
2024-04-12 01:15:55
[SECURITY] Fedora 40 Update: trafficserver-9.2.4-1.fc40
2024-04-19 21:41:37
[SECURITY] Fedora 39 Update: trafficserver-9.2.4-1.fc39
2024-04-12 01:21:59
redhatcve
redhatcve
CVE-2024-31309
2024-04-03 19:27:43
cve
cve
CVE-2024-31309
2024-04-10 12:15:09
arista
arista
Security Advisory 0094
2024-04-05 00:00:00
thn
thn
New HTTP/2 Vulnerability Exposes Web Servers to DoS Attacks
2024-04-04 11:15:00
cert
cert
HTTP/2 CONTINUATION frames can be utilized for DoS attacks
2024-04-03 00:00:00