4431 matches found
CVE-2018-11763
In Apache HTTP Server 2.4.17 to 2.4.34, by sending continuous, large SETTINGS frames a client can occupy a connection, server thread and CPU time without any connection timeout coming to effect. This affects only HTTP/2 connections. A possible mitigation is to not enable the h2 protocol...
Apache -- Denial of service vulnerability in HTTP/2
The Apache httpd project reports: low: DoS for HTTP/2 connections by continuous SETTINGS By sending continous SETTINGS frames of maximum size an ongoing HTTP/2 connection could be kept busy and would never time out. This can be abused for a DoS on the server. This only affect a server that has...
Design/Logic Flaw
A flaw was discovered in the HPACK decoder of HAProxy, before 1.8.14, that is used for HTTP/2. An out-of-bounds read access in hpackvalididx resulted in a remote crash and denial of service...
CVE-2018-14645
A flaw was discovered in the HPACK decoder of HAProxy, before 1.8.14, that is used for HTTP/2. An out-of-bounds read access in hpackvalididx resulted in a remote crash and denial of service...
CVE-2018-14645
A flaw was discovered in the HPACK decoder of HAProxy, before 1.8.14, that is used for HTTP/2. An out-of-bounds read access in hpackvalididx resulted in a remote crash and denial of service...
CVE-2018-14645
A flaw was discovered in the HPACK decoder of HAProxy, before 1.8.14, that is used for HTTP/2. An out-of-bounds read access in hpackvalididx resulted in a remote crash and denial of service...
CVE-2018-14645
HAProxy HPACK decoder in versions before 1.8.14 contains an out-of-bounds read in hpack_valid_idx(), leading to remote crash and denial of service. Affected: HAProxy’s HTTP/2 HPACK handling. Impact: remote crash/DoS. Mitigation: upgrade to HAProxy 1.8.14 or newer (as indicated by multiple advisor...
CVE-2018-14645
A flaw was discovered in the HPACK decoder of HAProxy, before 1.8.14, that is used for HTTP/2. An out-of-bounds read access in hpackvalididx resulted in a remote crash and denial of service...
openSUSE Security Update : apache2 (openSUSE-2018-907)
This update for apache2 fixes the following issues : The following security vulnerabilities were fixed : - CVE-2018-1333: Fixed a worker exhaustion that could have lead to a denial of service via specially crafted HTTP/2 requests bsc1101689. - CVE-2018-8011: Fixed a NULL pointer dereference in...
Security update for apache2 (moderate)
This update for apache2 fixes the following issues: The following security vulnerabilities were fixed: - CVE-2018-1333: Fixed a worker exhaustion that could have lead to a denial of service via specially crafted HTTP/2 requests bsc1101689. - CVE-2018-8011: Fixed a null pointer dereference in modm...
Apache 2.4.x < 2.4.34 Multiple Vulnerabilities
According to its banner, the version of Apache running on the remote host is 2.4.x prior to 2.4.34. It is, therefore, affected by the following vulnerabilities: - By specially crafting HTTP/2 requests, workers would be allocated 60 seconds longer than necessary, leading to worker exhaustion and a...
SUSE SLES12 Security Update : apache2 (SUSE-SU-2018:2336-1)
This update for apache2 fixes the following issues: The following security vulnerability were fixed : - CVE-2018-1333: Fixed a worker exhaustion that could have lead to a denial of service via specially crafted HTTP/2 requests bsc1101689. Note that Tenable Network Security has extracted the...
Apache HTTP Server 'HTTP/2 connection' DoS Vulnerability
Apache HTTP Server is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
Security fix for the ALT Linux 9 package apache2 version 1:2.4.34-alt1
July 31, 2018 Anton Farygin 1:2.4.34-alt1 - 2.4.34 - fixes: CVE-2018-1333 DoS for HTTP/2 connections by crafted requests CVE-2018-8011 modmd, DoS via Coredumps on specially crafted requests...
Security fix for the ALT Linux 8 package apache2 version 1:2.4.34-alt1
July 31, 2018 Anton Farygin 1:2.4.34-alt1 - 2.4.34 - fixes: CVE-2018-1333 DoS for HTTP/2 connections by crafted requests CVE-2018-8011 modmd, DoS via Coredumps on specially crafted requests...
Security fix for the ALT Linux 10 package apache2 version 1:2.4.34-alt1
July 31, 2018 Anton Farygin 1:2.4.34-alt1 - 2.4.34 - fixes: CVE-2018-1333 DoS for HTTP/2 connections by crafted requests CVE-2018-8011 modmd, DoS via Coredumps on specially crafted requests...
Stack overflow
F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.3.5, or 11.6.0-11.6.3.1 virtual servers with HTTP/2 profiles enabled are vulnerable to "HPACK Bomb"...
CVE-2018-5530
F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.3.5, or 11.6.0-11.6.3.1 virtual servers with HTTP/2 profiles enabled are vulnerable to "HPACK Bomb"...
CVE-2018-5530
F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.3.5, or 11.6.0-11.6.3.1 virtual servers with HTTP/2 profiles enabled are vulnerable to "HPACK Bomb"...
CVE-2018-5530
CVE-2018-5530 affects F5 BIG-IP BIG-IP 11.6.x, 12.1.x, and 13.0–13.1.0.5 with HTTP/2 profiles enabled. The root cause is an HPACK Bomb in the data plane, causing abnormal memory consumption and potential DoS. Affected versions include 11.6.0–11.6.3.1, 12.1.0–12.1.3.5, and 13.0.0–13.1.0.5. Remedia...