CVE-2024-38535

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Suricata can run out of memory when parsing crafted HTTP/2 traffic. Upgrade to 6.0.20 or 7.0.6...

CVE-2024-38535 Suricata http2: oom from duplicate headers

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Suricata can run out of memory when parsing crafted HTTP/2 traffic. Upgrade to 6.0.20 or 7.0.6...

CVE-2024-38535

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Suricata can run out of memory when parsing crafted HTTP/2 traffic. Upgrade to 6.0.20 or 7.0.6...

CVE-2024-38535 Suricata http2: oom from duplicate headers

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Suricata can run out of memory when parsing crafted HTTP/2 traffic. Upgrade to 6.0.20 or 7.0.6...

CVE-2024-38535

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Suricata can run out of memory when parsing crafted HTTP/2 traffic. Upgrade to 6.0.20 or 7.0.6...

CVE-2024-38535

CVE-2024-38535 affects Suricata: memory exhaustion can occur when parsing crafted HTTP/2 traffic. The vulnerability is mitigated by upgrading to Suricata 6.0.20 or 7.0.6 (per the provided description).

K000140303: Apache Tomcat vulnerability CVE-2024-34750

Security Advisory Description Improper Handling of Exceptional Conditions, Uncontrolled Resource Consumption vulnerability in Apache Tomcat. When processing an HTTP/2 stream, Tomcat did not handle some cases of excessive HTTP headers correctly. This led to a miscounting of active HTTP/2 streams...

Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS : Apache HTTP Server regression (USN-6885-2)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-6885-2 advisory. USN-6885-1 fixed vulnerabilities in Apache HTTP Server. One of the security fixes introduced a regression when proxying requests to a HTTP...

Security Bulletin: IBM Observability with Instana (OnPrem) is affected by multiple security vulnerabilities

Summary Multiple vulnerabilities were remediated in IBM Observability with Instana OnPrem build 275. Vulnerability Details CVEID:CVE-2024-29025 DESCRIPTION: Netty is vulnerable to a denial of service, caused by a flaw when using the HttpPostRequestDecoder to decode a form. By sending a specially...

Security Bulletin: IBM DataPower Gateway vulnerable to DoS due to use of nghttp2 (CVE-2024-28182)

Summary nghttp2 is used by IBM DataPower Gateway in its HTTP/2 implementation in the front-side handler and for outgoing connections Vulnerability Details CVEID:CVE-2024-28182 DESCRIPTION: nghttp2 is vulnerable to a denial of service, caused by a memory exhaustion flaw due to flood of CONTINUATIO...

Important: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 8.0.2 Security update

A security update is now available for Red Hat JBoss Enterprise Application Platform 8.0. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Moderate: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 8.0 security update

A security update is now available for Red Hat JBoss Enterprise Application Platform 8.0. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Security Bulletin: Vulnerabilities in IBM WebSphere Application Server Liberty affect BM Spectrum Control

Summary IBM WebSphere Application Server Liberty is vulnerable to allow a remote authenticated attacker, denial of service, server-side request forgery SSRF, cross-site scripting, improper resource expiration handling, weaker than expected security for outbound TLS connections. These...

ROS-20240708-01

Vulnerability in the HTTP/2 network protocol implementation of the cURL command line utility is related to memory release errors. memory freeing errors. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service Vulnerability in the cURL command line...

Apache Tomcat 9.0.0-M1 < 9.0.90 Denial Of Service

The version of Apache Tomcat installed on the remote host is 9.0.0-M1 to 9.0.89, 10.1.0-M1 to 10.1.24 or 11.0.0-M1 to 11.0.0-M20. It is, therefore, affected by a denial of service. When processing an HTTP/2 stream, Tomcat did not handle some cases of excessive HTTP headers correctly. This led to ...

Apache Tomcat 10.1.0-M1 < 10.1.25 Denial Of Service

The version of Apache Tomcat installed on the remote host is 9.0.0-M1 to 9.0.89, 10.1.0-M1 to 10.1.24 or 11.0.0-M1 to 11.0.0-M20. It is, therefore, affected by a denial of service. When processing an HTTP/2 stream, Tomcat did not handle some cases of excessive HTTP headers correctly. This led to ...

CVE-2024-39936

An issue was discovered in HTTP2 in Qt before 5.15.18, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.7, and 6.6.x through 6.7.x before 6.7.3. Code to make security-relevant decisions about an established connection may execute too early, because the encrypted signal has not yet been emitted a...

Denial Of Service (DoS)

org.apache.tomcat: tomcat-coyote is vulnerable to Denial of Service DoS. The vulnerability is due to improper handling of excessive HTTP headers in HTTP/2 streams, which leads to the miscounting of active streams resulting in an infinite connection timeout. This allows connections to remain open...

Internet Bug Bounty: CVE-2024-34750 Apache Tomcat DoS vulnerability in HTTP/2 connector

CVE-2024-34750: Apache Tomcat Denial of Service Vulnerability A vulnerability was discovered in Apache Tomcat versions between 11.0.0-M1 and 11.0.0-M20, 10.1.0-M1 and 10.1.24, and 9.0.0-M1 and 9.0.89. When processing an HTTP/2 stream, Tomcat did not handle some cases of excessive HTTP headers...

Apache Tomcat DoS Vulnerability (Jul 2024) - Linux

Apache Tomcat is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apache:tomcat"; ...