4428 matches found
Apache Tomcat DoS Vulnerability (Jul 2024) - Windows
Apache Tomcat is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apache:tomcat"; ...
CVE-2024-34750
A vulnerability was found in Apache Tomcat. When processing an HTTP/2 stream, Tomcat did not handle some cases of excessive HTTP headers correctly. This issue led to a miscounting of active HTTP/2 streams, which in turn led to using an incorrect infinite timeout that allowed connections to remain...
CVE-2024-34750
Improper Handling of Exceptional Conditions, Uncontrolled Resource Consumption vulnerability in Apache Tomcat. When processing an HTTP/2 stream, Tomcat did not handle some cases of excessive HTTP headers correctly. This led to a miscounting of active HTTP/2 streams which in turn led to the use of...
CVE-2024-34750
Improper Handling of Exceptional Conditions, Uncontrolled Resource Consumption vulnerability in Apache Tomcat. When processing an HTTP/2 stream, Tomcat did not handle some cases of excessive HTTP headers correctly. This led to a miscounting of active HTTP/2 streams which in turn led to the use of...
CVE-2024-34750
Improper Handling of Exceptional Conditions, Uncontrolled Resource Consumption vulnerability in Apache Tomcat. When processing an HTTP/2 stream, Tomcat did not handle some cases of excessive HTTP headers correctly. This led to a miscounting of active HTTP/2 streams which in turn led to the use of...
CVE-2024-34750
CVE-2024-34750 affects Apache Tomcat across multiple lines of the 9.x, 10.x, and 11.x series, where improper handling of HTTP/2 streams leads to miscounting active streams and the use of an infinite timeout, allowing connections to remain open. Root cause: during HTTP/2 processing, Tomcat fails t...
CVE-2024-34750 Apache Tomcat: HTTP/2 excess header handling DoS
Improper Handling of Exceptional Conditions, Uncontrolled Resource Consumption vulnerability in Apache Tomcat. When processing an HTTP/2 stream, Tomcat did not handle some cases of excessive HTTP headers correctly. This led to a miscounting of active HTTP/2 streams which in turn led to the use of...
CVE-2024-34750 Apache Tomcat: HTTP/2 excess header handling DoS
Improper Handling of Exceptional Conditions, Uncontrolled Resource Consumption vulnerability in Apache Tomcat. When processing an HTTP/2 stream, Tomcat did not handle some cases of excessive HTTP headers correctly. This led to a miscounting of active HTTP/2 streams which in turn led to the use of...
CVE-2024-34750
Improper Handling of Exceptional Conditions, Uncontrolled Resource Consumption vulnerability in Apache Tomcat. When processing an HTTP/2 stream, Tomcat did not handle some cases of excessive HTTP headers correctly. This led to a miscounting of active HTTP/2 streams which in turn led to the use of...
BIT-APACHE-2024-36387 Apache HTTP Server: DoS by Null pointer in websocket over HTTP/2
Serving WebSocket protocol upgrades over a HTTP/2 connection could result in a Null Pointer dereference, leading to a crash of the server process, degrading performance...
CBL Mariner 2.0 Security Update: blobfuse2 / cert-manager / cf-cli / coredns / cri-tools / etcd (CVE-2023-39325)
The version of blobfuse2 / cert-manager / cf-cli / coredns / cri-tools / etcd installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-39325 advisory. - A malicious HTTP/2 client which rapidly creates...
ROS-20240703-12
An Apache Tomcat application server vulnerability is related to insufficient input validation. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service using specially crafted HTTP/2 requests...
Apache Tomcat 10.1.0.M1 < 10.1.25
The version of Tomcat installed on the remote host is prior to 10.1.25. It is, therefore, affected by multiple vulnerabilities as referenced in the fixedinapachetomcat10.1.25security-10 advisory. - Improper Handling of Exceptional Conditions, Uncontrolled Resource Consumption vulnerability in...
CBL Mariner 2.0 Security Update: application-gateway-kubernetes-ingress / azcopy / blobfuse2 / cert-manager / coredns (CVE-2023-45288)
The version of application-gateway-kubernetes-ingress / azcopy / blobfuse2 / cert-manager / coredns installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-45288 advisory. - An attacker May cause an HTTP/...
CBL Mariner 2.0 Security Update: nodejs18 / nodejs (CVE-2024-27983)
The version of nodejs18 / nodejs installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-27983 advisory. - An attacker can make the Node.js HTTP/2 server completely unavailable by sending a small amount o...
Apache Tomcat 11.0.0.M1 < 11.0.0.M21
The version of Tomcat installed on the remote host is prior to 11.0.0.M21. It is, therefore, affected by a vulnerability as referenced in the fixedinapachetomcat11.0.0-m21security-11 advisory. - Improper Handling of Exceptional Conditions, Uncontrolled Resource Consumption vulnerability in Apache...
Apache Tomcat 9.0.0.M1 < 9.0.90
The version of Tomcat installed on the remote host is prior to 9.0.90. It is, therefore, affected by a vulnerability as referenced in the fixedinapachetomcat9.0.90security-9 advisory. - Improper Handling of Exceptional Conditions, Uncontrolled Resource Consumption vulnerability in Apache Tomcat...
Moderate: Red Hat Security Advisory: nghttp2 security update
An update for nghttp2 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...
FreeBSD : Apache httpd -- Multiple vulnerabilities (d7efc2ad-37af-11ef-b611-84a93843eb75)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the d7efc2ad-37af-11ef-b611-84a93843eb75 advisory. The Apache httpd project reports: DoS by Null pointer in websocket over HTTP/2 CVE-2024-36387...
RHEL 8 : nghttp2 (RHSA-2024:4252)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:4252 advisory. libnghttp2 is a library implementing the Hypertext Transfer Protocol version 2 HTTP/2 protocol in C. Security Fixes: nghttp2: CONTINUATION frames DoS...