CVE-2017-10908

H2O version 2.2.3 and earlier allows remote attackers to cause a denial of service in the server via specially crafted HTTP/2 header...

UBUNTU-CVE-2017-10908

H2O version 2.2.3 and earlier allows remote attackers to cause a denial of service in the server via specially crafted HTTP/2 header...

CVE-2017-10908

H2O version 2.2.3 and earlier allows remote attackers to cause a denial of service in the server via specially crafted HTTP/2 header...

Design/Logic Flaw

H2O version 2.2.3 and earlier allows remote attackers to cause a denial of service in the server via specially crafted HTTP/2 header...

CVE-2017-10908

CVE-2017-10908 affects the H2O HTTP Server (versions

CVE-2017-10908

H2O version 2.2.3 and earlier allows remote attackers to cause a denial of service in the server via specially crafted HTTP/2 header...

CVE-2017-10908

H2O version 2.2.3 and earlier allows remote attackers to cause a denial of service in the server via specially crafted HTTP/2 header...

CVE-2017-6151

In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator and WebSafe software version 13.0.0, undisclosed requests made to BIG-IP virtual servers which make use of the "HTTP/2 profile" may result in a disruption of service to TMM...

Design/Logic Flaw

In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator and WebSafe software version 13.0.0, undisclosed requests made to BIG-IP virtual servers which make use of the "HTTP/2 profile" may result in a disruption of service to TMM...

CVE-2017-6151

In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator and WebSafe software version 13.0.0, undisclosed requests made to BIG-IP virtual servers which make use of the "HTTP/2 profile" may result in a disruption of service to TMM...

CVE-2017-6151

CVE-2017-6151 affects F5 BIG-IP software (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator, WebSafe) version 13.0.0 where virtual servers using the HTTP/2 profile may cause disruption of TMM. Root cause: undisclosed requests to HTTP/2-enabled virtua...

Cross-Platform Post-Exploitation HTTP/2 Command & Control Server: Merlin

Merlin is a cross-platform post-exploitation framework that leverages HTTP/2 communications to evade inspection. HTTP/2 is a relatively new protocol that requests Perfect Forward Secrecy PFS encryption cipher suites are used. The use of these cipher suites makes it incredibly difficult to capture...

CVE-2015-3249

The HTTP/2 experimental feature in Apache Traffic Server 5.3.x before 5.3.1 allows remote attackers to cause a denial of service out-of-bounds access and daemon crash or possibly execute arbitrary code via vectors related to the 1 framehandlers array or 2 setdynamictablesize function...

CVE-2015-3249

The HTTP/2 experimental feature in Apache Traffic Server 5.3.x before 5.3.1 allows remote attackers to cause a denial of service out-of-bounds access and daemon crash or possibly execute arbitrary code via vectors related to the 1 framehandlers array or 2 setdynamictablesize function...

CVE-2015-3249

The HTTP/2 experimental feature in Apache Traffic Server 5.3.x before 5.3.1 allows remote attackers to cause a denial of service out-of-bounds access and daemon crash or possibly execute arbitrary code via vectors related to the 1 framehandlers array or 2 setdynamictablesize function...

Out-of-bounds

The HTTP/2 experimental feature in Apache Traffic Server 5.3.x before 5.3.1 allows remote attackers to cause a denial of service out-of-bounds access and daemon crash or possibly execute arbitrary code via vectors related to the 1 framehandlers array or 2 setdynamictablesize function...

CVE-2015-3249

The CVE-2015-3249 entry concerns Apache Traffic Server (ATS) 5.3.x prior to 5.3.1, where the HTTP/2 experimental feature is vulnerable. The underlying issue affects the frame_handlers array and the set_dynamic_table_size function, enabling remote attackers to cause a denial of service (out-of-bou...

CVE-2015-3249

The HTTP/2 experimental feature in Apache Traffic Server 5.3.x before 5.3.1 allows remote attackers to cause a denial of service out-of-bounds access and daemon crash or possibly execute arbitrary code via vectors related to the 1 framehandlers array or 2 setdynamictablesize function...

Code injection

In F5 BIG-IP LTM, AAM, AFM, APM, ASM, Link Controller, PEM, PSM software version 12.0.0 to 12.1.2, 11.6.0 to 11.6.1, 11.4.0 to 11.5.4, when a virtual server uses the standard configuration of HTTP/2 or SPDY profile with Client SSL profile, and the client initiates a number of concurrent streams...

CVE-2017-6163

In F5 BIG-IP LTM, AAM, AFM, APM, ASM, Link Controller, PEM, PSM software version 12.0.0 to 12.1.2, 11.6.0 to 11.6.1, 11.4.0 to 11.5.4, when a virtual server uses the standard configuration of HTTP/2 or SPDY profile with Client SSL profile, and the client initiates a number of concurrent streams...