4428 matches found
Important: tomcat9
Issue Overview: Improper Handling of Exceptional Conditions, Uncontrolled Resource Consumption vulnerability in Apache Tomcat. When processing an HTTP/2 stream, Tomcat did not handle some cases of excessive HTTP headers correctly. This led to a miscounting of active HTTP/2 streams which in turn l...
EulerOS 2.0 SP8 : mod_http2 (EulerOS-SA-2024-2042)
According to the versions of the modhttp2 package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : HTTP/2 incoming headers exceeding the limit are temporarily buffered in nghttp2 in order to generate an informative HTTP 413 response. If a clien...
Amazon Linux 2023 : ecs-init (ALAS2023-2024-672)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2024-672 advisory. An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADE...
Oracle Coherence (Jul 2024 CPU)
The 12.2.1.4.0 and 14.1.1.0.0 versions of Coherence installed on the remote host are affected by multiple vulnerabilities as referenced in the July 2024 CPU advisory. - Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware component: Third Party Eclipse Jetty. Supported versio...
ROS-20240422-11
Vulnerability of net/http and net/http2 libraries of Go programming language in terms of implementation of the HTTP/2 protocol is related to uncontrolled resource consumption as a result of incorrect determination of the end of the HTTP/2 is related to uncontrolled resource consumption as a resul...
Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2024-1902)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2024-1878)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Huawei EulerOS: Security Advisory for golang (EulerOS-SA-2024-1909)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
EulerOS 2.0 SP9 : curl (EulerOS-SA-2024-1926)
According to the versions of the curl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : When an application tells libcurl it wants to allow HTTP/2 server push, and the amount of received headers for the push surpasses the maximum allowe...
EulerOS 2.0 SP9 : nghttp2 (EulerOS-SA-2024-1968)
According to the versions of the nghttp2 package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. The nghttp2 library prior to version 1.61.0 keeps reading the...
EulerOS 2.0 SP9 : curl (EulerOS-SA-2024-1953)
According to the versions of the curl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : When an application tells libcurl it wants to allow HTTP/2 server push, and the amount of received headers for the push surpasses the maximum allowe...
Huawei EulerOS: Security Advisory for nghttp2 (EulerOS-SA-2024-1968)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Huawei EulerOS: Security Advisory for nghttp2 (EulerOS-SA-2024-1892)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2024-1926)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2024-1953)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2024-1963)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Huawei EulerOS: Security Advisory for mod_http2 (EulerOS-SA-2024-1915)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
EulerOS 2.0 SP9 : golang (EulerOS-SA-2024-1934)
According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : When following an HTTP redirect to a domain which is not a subdomain match or exact match of the initial domain, an http.Client does not forward...
EulerOS 2.0 SP9 : httpd (EulerOS-SA-2024-1963)
According to the versions of the httpd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Faulty input validation in the core of Apache allows malicious or exploitable backend/content generators to split HTTP responses.CVE-2023-38709...
EulerOS 2.0 SP9 : golang (EulerOS-SA-2024-1961)
According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : When following an HTTP redirect to a domain which is not a subdomain match or exact match of the initial domain, an http.Client does not forward...