4431 matches found
Denial Of Service (DoS) Through CPU Exhaustion
nginx is vulnerable to denial of serviceDoS attacks. A remote user could issue a specially crafted HTTP/2 request to cause excessive CPU consumption...
Denial Of Service (DoS)
Apache HTTP Server is vulnerable to denial of service DoS attacks. A remote user can send specially crafted HTTP/2 requests to cause worker processes to be allocated for 60 seconds longer than required, consuming excessive worker resources casing a worker exhaustion and an application crash...
Denial Of Service (DoS)
Apache HTTPD is vulnerable to denial of serviceDoS attacks. A remote user could send specially crafted and continuous SETTINGS data for an ongoing HTTP/2 connection to cause the target service to fail to timeout...
Oracle Enterprise Manager Ops Center (Apr 2019 CPU)
The version of Oracle Enterprise Manager Cloud Control installed on the remote host is affected by multiple vulnerabilities in Enterprise Manager Base Platform component: - A deserialization vulnerability in Apache Commons FileUpload allows for remote code execution. CVE-2016-1000031 - An...
Apache Tomcat 8.5.x < 8.5.41 DoS Vulnerability
Binary data 700697.pasl...
Apache Tomcat 9.0.x < 9.0.16 DoS
Binary data 700710.pasl...
Fixed in Apache Tomcat 9.0.20
Important: Denial of Service CVE-2019-10072 The fix for CVE-2019-0199 was incomplete and did not address HTTP/2 connection window exhaustion on write. By not sending WINDOWUPDATE messages for the connection window stream 0 clients were able to cause server-side threads to block eventually leading...
Fixed in Apache Tomcat 8.5.41
Important: Denial of Service CVE-2019-10072 The fix for CVE-2019-0199 was incomplete and did not address HTTP/2 connection window exhaustion on write. By not sending WINDOWUPDATE messages for the connection window stream 0 clients were able to cause server-side threads to block eventually leading...
Apache Tomcat 9.0.x < 9.0.0.M22 Multiple Vulnerabilities
Binary data 700702.pasl...
Apache Tomcat 8.5.x < 8.5.16 Multiple Vulnerabilities
Binary data 700691.pasl...
CVE-2019-6619
On BIG-IP 14.0.0-14.1.0.1, 13.0.0-13.1.1.4, and 12.1.0-12.1.4, the Traffic Management Microkernel TMM may restart when a virtual server has an HTTP/2 profile with Application Layer Protocol Negotiation ALPN enabled and it processes traffic where the ALPN extension size is zero...
Code injection
On BIG-IP 14.0.0-14.1.0.1, 13.0.0-13.1.1.4, and 12.1.0-12.1.4, the Traffic Management Microkernel TMM may restart when a virtual server has an HTTP/2 profile with Application Layer Protocol Negotiation ALPN enabled and it processes traffic where the ALPN extension size is zero...
CVE-2019-6619
The CVE-2019-6619 issue affects BIG-IP TMM where an HTTP/2 profile with ALPN enabled can trigger a TMM restart when processing traffic with a zero-length ALPN extension. Affected versions include BIG-IP 12.1.0–12.1.4, 13.0.0–13.1.1.4, and 14.0.0–14.1.0.1. The impact is a core dump and TMM restart...
CVE-2019-6619
On BIG-IP 14.0.0-14.1.0.1, 13.0.0-13.1.1.4, and 12.1.0-12.1.4, the Traffic Management Microkernel TMM may restart when a virtual server has an HTTP/2 profile with Application Layer Protocol Negotiation ALPN enabled and it processes traffic where the ALPN extension size is zero...
Denial Of Service (DoS)
Apache HTTP Server is vulnerable to denial of serviceDoS attacks. A remote user could send a specially crafted HTTP/2 request to trigger a null pointer dereference in the modhttp2 component and cause the server process to crash...
Denial Of Service (DoS)
Apache HTTP Server is vulnerable to denial of serviceDoS attacks. This occurs in httpd's handling of the LimitRequestFields directive in modhttp2, affecting servers with HTTP/2 enabled. An attacker could send crafted CONTINUATION frames in an HTTP/2 requests with headers larger than the server's...
Out-of-bounds Read
Thunderbird, Firefox ESR, and Firefox are vulnerable to out-of-bounds read. When an HTTP/2 connection sends "DATA" frames with incorrect data content out-of-bounds memory read may occur resulting in denial of service conditions...
F5 Networks BIG-IP : HTTP/2 ALPN vulnerability (K94563344)
The Traffic Management Microkernel TMMmay restart when a virtual server has an HTTP/2 profile with Application Layer Protocol Negotiation ALPNenabled and it processes traffic where the ALPN extension size is zero.CVE-2019-6619 Impact BIG-IP The Traffic Management Microkernel TMM generates a core...
www/varnish7 -- Denial of Service
The Varnish Development Team reports: A denial of service attack can be performed on Varnish Cacher servers that have the HTTP/2 protocol turned on. An attacker can let the servers HTTP/2 connection control flow window run out of credits indefinitely and prevent progress in the processing of...
Apache Tomcat DoS Vulnerability (Mar 2019) - Linux
Apache Tomcat is prone to a denial of service vulnerability in the HTTP/2 implementation. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...