Important: Red Hat Security Advisory: varnish security update

An update for varnish is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...

nghttp2 < 1.61.0 HTTP/2 Protocol DoS Vulnerability

nghttpd2 is prone to a denial of service DoS vulnerability in the HTTP/2 protocol. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Important: varnish security update

Varnish Cache is a high-performance HTTP accelerator. It stores web pages in memory so web servers don't have to create the same web page over and over again, giving the website a significant speed up. Security Fixes: varnish: HTTP/2 Broken Window Attack may result in denial of service...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : go1.22 (SUSE-SU-2024:1121-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:1121-1 advisory. - An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessi...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : go1.21 (SUSE-SU-2024:1122-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:1122-1 advisory. - An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessi...

RHEL 9 : varnish (RHSA-2024:1691)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:1691 advisory. Varnish Cache is a high-performance HTTP accelerator. It stores web pages in memory so web servers don't have to create the same web page over and ov...

ALSA-2024:1690 Important: varnish security update

Varnish Cache is a high-performance HTTP accelerator. It stores web pages in memory so web servers don't have to create the same web page over and over again, giving the website a significant speed up. Security Fixes: varnish: HTTP/2 Broken Window Attack may result in denial of service...

Important: varnish security update

Varnish Cache is a high-performance HTTP accelerator. It stores web pages in memory so web servers don't have to create the same web page over and over again, giving the website a significant speed up. Security Fixes: varnish: HTTP/2 Broken Window Attack may result in denial of service...

RHEL 8 : varnish (RHSA-2024:1690)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:1690 advisory. Varnish Cache is a high-performance HTTP accelerator. It stores web pages in memory so web servers don't have to create the same web page over and ov...

RHEL 7 : rh-varnish6-varnish (RHSA-2024:1689)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:1689 advisory. Varnish Cache is a high-performance HTTP accelerator. It stores web pages in memory so web servers don't have to create the same web page over and ov...

[SECURITY] [DLA 3780-1] jetty9 security update

Debian LTS Advisory DLA-3780-1 [email protected] https://www.debian.org/lts/security/ Markus Koschany April 06, 2024 https://wiki.debian.org/LTS Package : jetty9 Version : 9.4.50-4+deb10u2 CVE ID : CVE-2024-22201 Debian Bug : 1064923 Jetty 9 is a Java based web server and servlet engine...

BIT-GOLANG-2023-45288 HTTP/2 CONTINUATION flood in net/http

An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed MaxHeaderBytes, no...

BIT-ENVOY-2024-27919 HTTP/2: memory exhaustion due to CONTINUATION frame flood

Envoy is a cloud-native, open-source edge and service proxy. In versions 1.29.0 and 1.29.1, theEnvoy HTTP/2 protocol stack is vulnerable to the flood of CONTINUATION frames. Envoy's HTTP/2 codec does not reset a request when header map limits have been exceeded. This allows an attacker to send an...

BIT-ENVOY-2024-30255 HTTP/2: CPU exhaustion due to CONTINUATION frame flood

Envoy is a cloud-native, open source edge and service proxy. The HTTP/2 protocol stack in Envoy versions prior to 1.29.3, 1.28.2, 1.27.4, and 1.26.8 are vulnerable to CPU exhaustion due to flood of CONTINUATION frames. Envoy's HTTP/2 codec allows the client to send an unlimited number of...

BIT-APACHE-2024-27316 Apache HTTP Server: HTTP/2 DoS by memory exhaustion on endless continuation frames

HTTP/2 incoming headers exceeding the limit are temporarily buffered in nghttp2 in order to generate an informative HTTP 413 response. If a client does not stop sending headers, this leads to memory exhaustion...

[SECURITY] [DLA 3779-1] tomcat9 security update

Debian LTS Advisory DLA-3779-1 [email protected] https://www.debian.org/lts/security/ Markus Koschany April 06, 2024 https://wiki.debian.org/LTS Package : tomcat9 Version : 9.0.31-1deb10u12 CVE ID : CVE-2024-23672 CVE-2024-24549 Debian Bug : 1066877 1066878 Two security vulnerabilities...

Memory Leakage

libcurl is vulnerable to a Memory Leakage. The vulnerability is due to the improper handling of HTTP/2 server push requests, allows server push and the number of received headers exceeds the maximum limit...

Debian dla-3780 : jetty9 - security update

The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3780 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3780-1 [email protected] https://www.debian.org/lts/security/...

FreeBSD : Apache httpd -- multiple vulnerabilities (8e6f684b-f333-11ee-a573-84a93843eb75)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 8e6f684b-f333-11ee-a573-84a93843eb75 advisory. - HTTP Response splitting in multiple modules in Apache HTTP Server allows an attacker that ca...

Debian dla-3779 : libtomcat9-embed-java - security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3779 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3779-1 [email protected]...