4431 matches found
SUSE-SU-2018:3582-1 Security update for apache2
This update for apache2 fixes the following issues: Security issues fixed: - CVE-2018-11763: In Apache HTTP Server by sending continuous, large SETTINGS frames a client can occupy a connection, server thread and CPU time without any connection timeout coming to effect. This affects only HTTP/2...
SILENTTRINITY - A Post-Exploitation Agent Powered By Python, IronPython, C#/.NET
A post-exploitation agent powered by Python, IronPython, C/.NET. Requirements Server requires Python = 3.7 SILENTTRINITY C implant requires .NET = 4.5 How it works Notes .NET runtime support The implant needs .NET 4.5 or greater due to the IronPython DLLs being compiled against .NET 4.0, also the...
Security update for apache2 (important)
This update for apache2 fixes the following issues: Security issues fixed: - CVE-2018-11763: In Apache HTTP Server by sending continuous, large SETTINGS frames a client can occupy a connection, server thread and CPU time without any connection timeout coming to effect. This affects only HTTP/2...
openSUSE Security Update : apache2 (openSUSE-2018-1178)
This update for apache2 fixes the following issues : Security issues fixed : - CVE-2018-11763: In Apache HTTP Server by sending continuous, large SETTINGS frames a client can occupy a connection, server thread and CPU time without any connection timeout coming to effect. This affects only HTTP/2...
Apache Httpd < 2.4.38 : DoS for HTTP/2 connections via slow request bodies
By sending request bodies in a slow loris way to plain resources, the h2 stream for that request unnecessarily occupied a server thread cleaning up that incoming data. This affects only HTTP/2 connections. A possible mitigation is to not enable the h2 protocol...
Code injection
Under some circumstances on BIG-IP 12.0.0-12.1.0, 11.6.0-11.6.1, or 11.4.0-11.5.4 HF1, the Traffic Management Microkernel TMM may not properly clean-up pool member network connections when using SPDY or HTTP/2 virtual server profiles...
CVE-2016-7475
Under some circumstances on BIG-IP 12.0.0-12.1.0, 11.6.0-11.6.1, or 11.4.0-11.5.4 HF1, the Traffic Management Microkernel TMM may not properly clean-up pool member network connections when using SPDY or HTTP/2 virtual server profiles...
CVE-2016-7475
CVE-2016-7475 affects F5 BIG-IP SPDY and HTTP/2 profiles where the Traffic Management Microkernel (TMM) may fail to properly clean up pool member connections. Affected: BIG-IP LTM and related modules on versions including 12.0.0–12.1.0, 11.4.0–11.6.1 (and some later 11.x/12.x entries listed by th...
CVE-2016-7475
Under some circumstances on BIG-IP 12.0.0-12.1.0, 11.6.0-11.6.1, or 11.4.0-11.5.4 HF1, the Traffic Management Microkernel TMM may not properly clean-up pool member network connections when using SPDY or HTTP/2 virtual server profiles...
USN-3783-1: Apache HTTP Server vulnerabilities
Robert Swiecki discovered that the Apache HTTP Server HTTP/2 module incorrectly destroyed certain streams. A remote attacker could possibly use this issue to cause the server to crash, leading to a denial of service. CVE-2018-1302 Craig Young discovered that the Apache HTTP Server HTTP/2 module...
Apache HTTP Server HTTP/2 'SETTINGS' Data Processing DoS Vulnerability - Windows
Apache HTTP Server is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
Apache HTTP Server HTTP/2 'SETTINGS' Data Processing DoS Vulnerability - Linux
Apache HTTP Server is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
FreeBSD : Apache -- Denial of service vulnerability in HTTP/2 (e182c076-c189-11e8-a6d2-b499baebfeaf)
The Apache httpd project reports : low: DoS for HTTP/2 connections by continuous SETTINGS By sending continous SETTINGS frames of maximum size an ongoing HTTP/2 connection could be kept busy and would never time out. This can be abused for a DoS on the server. This only affect a server that has...
Apache 2.4.x < 2.4.35 DoS
According to its banner, the version of Apache running on the remote host is 2.4.x prior to 2.4.35. It is, therefore, affected by the following vulnerability: - By sending continuous SETTINGS frames of maximum size an ongoing HTTP/2 connection could be kept busy and would never time out. This can...
Design/Logic Flaw
In Apache HTTP Server 2.4.17 to 2.4.34, by sending continuous, large SETTINGS frames a client can occupy a connection, server thread and CPU time without any connection timeout coming to effect. This affects only HTTP/2 connections. A possible mitigation is to not enable the h2 protocol...
CVE-2018-11763
In Apache HTTP Server 2.4.17 to 2.4.34, by sending continuous, large SETTINGS frames a client can occupy a connection, server thread and CPU time without any connection timeout coming to effect. This affects only HTTP/2 connections. A possible mitigation is to not enable the h2 protocol...
CVE-2018-11763
In Apache HTTP Server 2.4.17 to 2.4.34, by sending continuous, large SETTINGS frames a client can occupy a connection, server thread and CPU time without any connection timeout coming to effect. This affects only HTTP/2 connections. A possible mitigation is to not enable the h2 protocol...
CVE-2018-11763
In Apache HTTP Server 2.4.17 to 2.4.34, by sending continuous, large SETTINGS frames a client can occupy a connection, server thread and CPU time without any connection timeout coming to effect. This affects only HTTP/2 connections. A possible mitigation is to not enable the h2 protocol...
CVE-2018-11763
In Apache HTTP Server 2.4.17 to 2.4.34, by sending continuous, large SETTINGS frames a client can occupy a connection, server thread and CPU time without any connection timeout coming to effect. This affects only HTTP/2 connections. A possible mitigation is to not enable the h2 protocol...
CVE-2018-11763
In Apache HTTP Server 2.4.17 to 2.4.34, by sending continuous, large SETTINGS frames a client can occupy a connection, server thread and CPU time without any connection timeout coming to effect. This affects only HTTP/2 connections. A possible mitigation is to not enable the h2 protocol...