Lucene search
K

32 matches found

Veracode
Veracode
added 2024/06/19 6:39 a.m.43 views

Denial Of Service (DoS)

ws is vulnerable to Denial Of Service DoS. The vulnerability is due to improper handling of the Upgrade header when the number of received headers exceeds the server.maxHeadersCount or request.maxHeadersCount threshold, causing incomingMessage.headers.upgrade to not be set. Attackers can use this...

7.5CVSS7.5AI score0.01357EPSS
Exploits0References8Affected Software2
OSV
OSV
added 2024/06/17 8:15 p.m.3 views

DEBIAN-CVE-2024-37890

ws is an open source WebSocket client and server for Node.js. A request with a number of headers exceeding theserver.maxHeadersCount threshold could be used to crash a ws server. The vulnerability was fixed in [email protected] e55e510 and backported to [email protected] 22c2876, [email protected] eeb76d3, and [email protected]...

7.5CVSS6.7AI score0.01357EPSS
Exploits0References1
OSV
OSV
added 2024/06/17 8:15 p.m.8 views

AZL-42808 CVE-2024-37890 affecting package reaper for versions less than 3.1.1-10

ws is an open source WebSocket client and server for Node.js. A request with a number of headers exceeding theserver.maxHeadersCount threshold could be used to crash a ws server. The vulnerability was fixed in [email protected] e55e510 and backported to [email protected] 22c2876, [email protected] eeb76d3, and [email protected]...

7.5CVSS6.7AI score0.01357EPSS
Exploits0References1
OSV
OSV
added 2024/06/17 8:15 p.m.8 views

UBUNTU-CVE-2024-37890

ws is an open source WebSocket client and server for Node.js. A request with a number of headers exceeding theserver.maxHeadersCount threshold could be used to crash a ws server. The vulnerability was fixed in [email protected] e55e510 and backported to [email protected] 22c2876, [email protected] eeb76d3, and [email protected]...

7.5CVSS6.8AI score0.01357EPSS
Exploits0References14
Amazon
Amazon
added 2024/05/28 12:0 a.m.9 views

Medium: oci-add-hooks

Issue Overview: A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the network than are in the body. A malicious HTTP client can further exploit this to cause a server to automatically read a large amount of da...

7.5CVSS5.7AI score0.91969EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2024/04/15 12:0 a.m.26 views

FreeBSD : go -- http2: close connections when receiving too many headers (cdb5e0e3-fafc-11ee-9c21-901b0e9408dc)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the cdb5e0e3-fafc-11ee-9c21-901b0e9408dc advisory. - An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an...

7.5CVSS7.6AI score0.91969EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2024/04/04 9:30 p.m.57 views

net/http, x/net/http2: close connections when receiving too many headers

An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed MaxHeaderBytes, no...

7.5CVSS7.1AI score0.91969EPSS
Exploits1References12Affected Software3
OSV
OSV
added 2024/04/04 9:15 p.m.16 views

AZL-39235 CVE-2023-45288 affecting package kubernetes for versions less than 1.28.4-7

An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed MaxHeaderBytes, no...

7.5CVSS7AI score0.91969EPSS
Exploits1References1
OSV
OSV
added 2024/03/27 8:15 a.m.3 views

ALPINE-CVE-2024-2398

When an application tells libcurl it wants to allow HTTP/2 server push, and the amount of received headers for the push surpasses the maximum allowed limit 1000, libcurl aborts the server push. When aborting, libcurl inadvertently does not free all the previously allocated headers and instead lea...

8.6CVSS6.9AI score0.36081EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2022/07/07 12:0 a.m.4 views

CVE-2022-32205

A malicious server can serve excessive amounts of Set-Cookie: headers in a HTTP response to curl and curl 7.84.0 stores all of them. A sufficiently large amount of big cookies make subsequent HTTP requests to this, or other servers to which the cookies match, create requests that become larger th...

4.6AI score0.26915EPSS
Exploits1References9
UbuntuCve
UbuntuCve
added 2009/03/02 10:30 p.m.20 views

CVE-2009-0751

Yaws before 1.80 allows remote attackers to cause a denial of service memory consumption and crash via a request with a large number of headers...

5CVSS5.9AI score0.10397EPSS
Exploits6References1
NVD
NVD
added 1999/01/01 5:0 a.m.17 views

CVE-1999-0393

Remote attackers can cause a denial of service in Sendmail 8.8.x and 8.9.2 by sending messages with a large number of headers...

5CVSS6.6AI score0.02427EPSS
Exploits0References1
Rows per page
Query Builder