AZL-35123 CVE-2021-44716 affecting package prometheus-process-exporter for versions less than 0.8.2-1

net/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontrolled memory consumption in the header canonicalization cache via HTTP/2 requests...

AZL-33581 CVE-2021-44716 affecting package flannel for versions less than 0.14.0-21

net/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontrolled memory consumption in the header canonicalization cache via HTTP/2 requests...

AZL-33612 CVE-2021-44716 affecting package local-path-provisioner for versions less than 0.0.21-16

net/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontrolled memory consumption in the header canonicalization cache via HTTP/2 requests...

AZL-35037 CVE-2021-44716 affecting package node-problem-detector for versions less than 0.8.15-1

net/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontrolled memory consumption in the header canonicalization cache via HTTP/2 requests...

UBUNTU-CVE-2021-44716

net/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontrolled memory consumption in the header canonicalization cache via HTTP/2 requests...

OPENSUSE-SU-2021:1626-1 Security update for go1.16

This update for go1.16 fixes the following issues: Updated to upstream version 1.16.12 to include security fixes to the compiler, syscall, runtime, the net/http, net/http/httptest, and time packages bsc1182345 - CVE-2021-44717: syscall: don't close fd 0 on ForkExec error bsc1193598. -...

MGASA-2021-0587 Updated golang packages fix security vulnerability

net/http: limit growth of header canonicalization cache CVE-2021-44716 syscall: don't close fd 0 on ForkExec error CVE-2021-44717...

SUSE-SU-2021:4186-1 Security update for go1.17

This update for go1.17 fixes the following issues: Updated to upstream version 1.17.5 to include fixes to the compiler, linker, syscall, runtime, the net/http, go/types, and time packages bsc1190649 - CVE-2021-44717: syscall: don't close fd 0 on ForkExec error bsc1193598. - CVE-2021-44716:...

OPENSUSE-SU-2021:4186-1 Security update for go1.17

This update for go1.17 fixes the following issues: Updated to upstream version 1.17.5 to include fixes to the compiler, linker, syscall, runtime, the net/http, go/types, and time packages bsc1190649 - CVE-2021-44717: syscall: don't close fd 0 on ForkExec error bsc1193598. - CVE-2021-44716:...

golang: net/http: limit growth of header canonicalization cache

There's an uncontrolled resource consumption flaw in golang's net/http library in the canonicalHeader function. An attacker who submits specially crafted requests to applications linked with net/http's http2 functionality could cause excessive resource consumption that could lead to a denial of...

CVE-2016-9589

It was found that JBoss EAP 7 Header Cache was inefficient. An attacker could use this flaw to cause a denial of service attack...

Design/Logic Flaw

Undertow in Red Hat wildfly before version 11.0.0.Beta1 is vulnerable to a resource exhaustion resulting in a denial of service. Undertow keeps a cache of seen HTTP headers in persistent connections. It was found that this cache can easily exploited to fill memory with garbage, up to "max-headers...

wildfly: ParseState headerValuesCache can be exploited to fill heap with garbage

It was found that JBoss EAP 7 Header Cache was inefficient. An attacker could use this flaw to cause a denial of service attack...

wildfly: ParseState headerValuesCache can be exploited to fill heap with garbage

It was found that JBoss EAP 7 Header Cache was inefficient. An attacker could use this flaw to cause a denial of service attack...

wildfly: ParseState headerValuesCache can be exploited to fill heap with garbage

It was found that JBoss EAP 7 Header Cache was inefficient. An attacker could use this flaw to cause a denial of service attack...

wildfly: ParseState headerValuesCache can be exploited to fill heap with garbage

It was found that JBoss EAP 7 Header Cache was inefficient. An attacker could use this flaw to cause a denial of service attack...

CVE-2014-1418

Django 1.4 before 1.4.13, 1.5 before 1.5.8, 1.6 before 1.6.5, and 1.7 before 1.7b4 does not properly include the 1 Vary: Cookie or 2 Cache-Control header in responses, which allows remote attackers to obtain sensitive information or poison the cache via a request from certain browsers...