Lucene search
K

107 matches found

OSV
OSV
added 2020/04/02 12:0 a.m.2 views

UBUNTU-CVE-2020-11100

In hpackdhtinsert in hpack-tbl.c in the HPACK decoder in HAProxy 1.8 through 2.x before 2.1.4, a remote attacker can write arbitrary bytes around a certain location on the heap via a crafted HTTP/2 request, possibly causing remote code execution...

8.8CVSS7.3AI score0.60727EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2018/10/08 10:5 a.m.4 views

haproxy: Out-of-bounds read in HPACK decoder

A flaw was discovered in the HPACK decoder of haproxy, before 1.8.14, that is used for HTTP/2. An out-of-bounds read access in hpackvalididx resulted in a remote crash and denial of service...

7.5CVSS7.2AI score0.03009EPSS
Exploits0References5
CNVD
CNVD
added 2017/04/20 12:0 a.m.4 views

Apache Traffic Server Denial of Service Vulnerability (CNVD-2017-06029)

Apache Traffic Server is an efficient and scalable HTTP proxy and caching server . Apache Traffic Server has a security vulnerability that allows remote attackers to exploit the vulnerability to submit a special request and perform HPACK Bomb attacks...

7.8CVSS7.6AI score0.02881EPSS
Exploits0References1
OSV
OSV
added 2017/01/10 3:59 p.m.4 views

UBUNTU-CVE-2016-6581

A HTTP/2 implementation built using any version of the Python HPACK library between v1.0.0 and v2.2.0 could be targeted for a denial of service attack, specifically a so-called "HPACK Bomb" attack. This attack occurs when an attacker inserts a header field that is exactly the size of the HPACK...

7.5CVSS7.1AI score0.01757EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2017/01/10 12:0 a.m.4 views

PT-2017-8994

Name of the Vulnerable Software and Affected Versions Python HPACK library versions 1.0.0 through 2.2.0 Description A denial of service attack, known as an "HPACK Bomb" attack, can be launched against the HTTP/2 implementation built using the Python HPACK library. This occurs when an attacker...

8.7CVSS7.2AI score0.01757EPSS
Exploits0References23
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2016/07/25 2:15 a.m.3 views

Android OS issue where it is affected by the CRIME attack

Overview The implementation of the TLS protocol in Android OS contains a vulnerability where plaintext HTTP headers may be obtained. The TLS protocol contains a function that compresses data for communications between the client and server. This function does not properly obfuscate the length of...

3.7CVSS9.1AI score0.04266EPSS
Exploits2References12
Tenable Nessus
Tenable Nessus
added 2012/08/29 12:0 a.m.36 views

SeaMonkey < 2.12.0 Multiple Vulnerabilities

The installed version of SeaMonkey is earlier than 2.12.0. Such versions are potentially affected by the following security issues : - An error exists related to 'Object.defineProperty' and the location object that could allow cross-site scripting attacks. CVE-2012-1956 - Unspecified memory safet...

10CVSS7AI score0.07762EPSS
Exploits2References40
Rows per page
Query Builder