Lucene search

K
redosRedosROS-20231107-01
HistoryNov 07, 2023 - 12:00 a.m.

ROS-20231107-01

2023-11-0700:00:00
redos.red-soft.ru
17
http/2
vulnerability
request stream
established connection
denial of service
remote attacker
network protocol

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

7.3

Confidence

High

EPSS

0.708

Percentile

98.1%

Vulnerability of HTTP/2 protocol implementation is related to the possibility of forming a stream of requests within an already established network connection without opening new network connections and without confirming receipt of requests.
The vulnerability of the HTTP/2 protocol implementation is related to the possibility of generating a stream of requests within an already established network connection, without opening new network connections and without acknowledging the receipt of packets.
packets. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of
denial of service

OSVersionArchitecturePackageVersionFilename
redos7.3x86_64lighttpd< 1.4.73-1UNKNOWN

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

7.3

Confidence

High

EPSS

0.708

Percentile

98.1%