RHCOS 4 : OpenShift Container Platform 4.15.0 (RHSA-2023:7201)

The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:7201 advisory. - golang: net/http, x/net/http2: rapid stream resets can cause excessive work CVE-2023-44487 CVE-2023-39325 - golang:...

HTTP/2 Cleartext Upgrade Support Detected

The HTTP/2 protocol is usually negotiated over the TLS application layer protocol negotiation extension TLS-ALPN. A persistent HTTP/2 connection can also be made from a HTTP/1.1 request using the Upgrade header with the h2c value to specify a cleartext communication. The scanner detected that the...

RHEL 8 / 9 : OpenShift Container Platform 4.15.0 (RHSA-2023:7201)

The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:7201 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or...

RHEL 9 : OpenShift Container Platform 4.15.z (RHSA-2023:7200)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:7200 advisory. Red Hat build of MicroShift is Red Hat's light-weight Kubernetes orchestration solution designed for edge device deployments and is built fr...

Eclipse Jetty DoS Vulnerability (GHSA-rggv-cv7r-mw98) - Windows

Eclipse Jetty is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:eclipse:jetty";...

Eclipse Jetty DoS Vulnerability (GHSA-rggv-cv7r-mw98) - Linux

Eclipse Jetty is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:eclipse:jetty";...

CVE-2024-22201

A flaw was found in Jetty, a Java based web server and servlet engine. If an HTTP/2 connection gets TCP congested, it remains open and idle, and connections may be leaked when it times out. An attacker can cause many connections to end up in this state, and the server may run out of file...

CVE-2024-22201

Jetty is a Java based web server and servlet engine. An HTTP/2 SSL connection that is established and TCP congested will be leaked when it times out. An attacker can cause many connections to end up in this state, and the server may run out of file descriptors, eventually causing the server to st...

Design/Logic Flaw

Jetty is a Java based web server and servlet engine. An HTTP/2 SSL connection that is established and TCP congested will be leaked when it times out. An attacker can cause many connections to end up in this state, and the server may run out of file descriptors, eventually causing the server to st...

CVE-2024-22201

Jetty is a Java based web server and servlet engine. An HTTP/2 SSL connection that is established and TCP congested will be leaked when it times out. An attacker can cause many connections to end up in this state, and the server may run out of file descriptors, eventually causing the server to st...

CVE-2024-22201 Jetty connection leaking on idle timeout when TCP congested

Jetty is a Java based web server and servlet engine. An HTTP/2 SSL connection that is established and TCP congested will be leaked when it times out. An attacker can cause many connections to end up in this state, and the server may run out of file descriptors, eventually causing the server to st...

CVE-2024-22201 Jetty connection leaking on idle timeout when TCP congested

Jetty is a Java based web server and servlet engine. An HTTP/2 SSL connection that is established and TCP congested will be leaked when it times out. An attacker can cause many connections to end up in this state, and the server may run out of file descriptors, eventually causing the server to st...

CVE-2024-22201 Jetty connection leaking on idle timeout when TCP congested

Jetty is a Java based web server and servlet engine. An HTTP/2 SSL connection that is established and TCP congested will be leaked when it times out. An attacker can cause many connections to end up in this state, and the server may run out of file descriptors, eventually causing the server to st...

CVE-2024-22201

Technical details about CVE-2024-22201 are not provided in the Connected documents. The Initial entry mentions affected Jetty versions and a patch, but does not supply root-cause analysis, exact vulnerable components, exploit details, or comprehensive mitigations. Monitor for updates.

OESA-2024-1168 nodejs security update

Node.js is an open-source, cross-platform, JavaScript runtime environment, it executes JavaScript code outside of a browser. Security Fixes: A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509 certificate chains that include polic...

OESA-2024-1173 nodejs security update

Node.js is an open-source, cross-platform, JavaScript runtime environment, it executes JavaScript code outside of a browser. Security Fixes: The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : abseil-cpp, grpc, opencensus-proto, protobuf, python-abseil, python-grpcio, re2 (SUSE-SU-2024:0573-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:0573-1 advisory. - When gRPC HTTP2 stack raised a header size exceeded error, it skipped parsing the rest of the...

Security Bulletin: Rational Service Tester contains vulnerabilities which could affect Eclipse Jetty.

Summary Due to the use of Eclipse Jetty, Rational Service Tester contains vulnerabilities around request processing that could lead to a potential denial of service attack. Vulnerability Details CVEID:CVE-2023-36478 DESCRIPTION: Eclipse Jetty is vulnerable to a denial of service, caused by an...

Amazon Linux 2 : containerd (ALASDOCKER-2024-038)

The version of containerd installed on the remote host is prior to 1.6.28-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2DOCKER-2024-038 advisory. The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many...

Amazon Linux 2023 : amazon-ssm-agent (ALAS2023-2024-526)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2024-526 advisory. 2024-02-29: CVE-2023-39326 was added to this advisory. 2024-02-29: CVE-2023-39325 was added to this advisory. 2024-02-29: CVE-2023-49568 was added to this advisory. The HTTP/2 protocol allows a...