104 matches found
jetty: request containing multiple Accept headers with a large number of "quality" parameters may lead to DoS
In Eclipse Jetty 9.4.6.v20170531 to 9.4.36.v20210114 inclusive, 10.0.0, and 11.0.0 when Jetty handles a request containing multiple Accept headers with a large number of “quality” i.e. q parameters, the server may enter a denial of service DoS state due to high CPU usage processing those quality...
OTRS AG OTRS 输入验证错误漏洞
OTRS is an application from the German company OTRS. A service management software. OTRS AG An input validation error vulnerability exists in OTRS that arises from the system not properly validating incoming data. An attacker placing a specially crafted URL in the body of an email message could...
jetty: Resource exhaustion when receiving an invalid large TLS frame
When using SSL/TLS with Jetty, either with HTTP/1.1, HTTP/2, or WebSocket, the server may receive an invalid large greater than 17408 TLS frame that is incorrectly handled, causing high CPU resources utilization. The highest threat from this vulnerability is to service availability...
CVE-2021-22976
On BIG-IP Advanced WAF and ASM version 16.0.x before 16.0.1.1, 15.1.x before 15.1.2, 14.1.x before 14.1.3.1, 13.1.x before 13.1.3.6, and all 12.1.x versions, when the BIG-IP ASM system processes WebSocket requests with JSON payloads, an unusually large number of parameters can cause excessive CPU...
nghttp2: overly large SETTINGS frames can lead to DoS
A resource consumption vulnerability was found in nghttp2. This flaw allows an attacker to repeatedly construct an overly large HTTP/2 SETTINGS frame with a length of 14,400 bytes that causes excessive CPU usage, leading to a denial of service...
nghttp2: overly large SETTINGS frames can lead to DoS
A resource consumption vulnerability was found in nghttp2. This flaw allows an attacker to repeatedly construct an overly large HTTP/2 SETTINGS frame with a length of 14,400 bytes that causes excessive CPU usage, leading to a denial of service...
HTTP/2: flood using PRIORITY frames results in excessive resource consumption
A flaw was found in HTTP/2. An attacker, using PRIORITY frames to flood the system, could cause excessive CPU usage and starvation of other clients. The largest threat from this vulnerability is to system availability...
UBUNTU-CVE-2019-9518
Some HTTP/2 implementations are vulnerable to a flood of empty frames, potentially leading to a denial of service. The attacker sends a stream of frames with an empty payload and without the end-of-stream flag. These frames can be DATA, HEADERS, CONTINUATION and/or PUSHPROMISE. The peer spends ti...
UBUNTU-CVE-2018-12545
In Eclipse Jetty version 9.3.x and 9.4.x, the server is vulnerable to Denial of Service conditions if a remote client sends either large SETTINGs frames container containing many settings, or many small SETTINGs frames. The vulnerability is due to the additional CPU and memory allocations require...
CVE-2019-0001
Receipt of a malformed packet on MX Series devices with dynamic vlan configuration can trigger an uncontrolled recursion loop in the Broadband Edge subscriber management daemon bbe-smgd, and lead to high CPU usage and a crash of the bbe-smgd service. Repeated receipt of the same packet can result...
Cisco Adaptive Security Appliance Software and Cisco Firepower Threat Defense Software Denial of Service Vulnerabilities
The Cisco Adaptive Security Appliance ASA, Adaptive Security Appliance is a set of firewall appliances from Cisco, U.S.A. Cisco Firepower Threat Defense is a set of software from Cisco, U.S.A., that runs in firewalls. A denial of service vulnerability exists in the Cisco Adaptive Security Applian...
CVE-2018-15454
A vulnerability in the Session Initiation Protocol SIP inspection engine of Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to cause an affected device to reload or trigger high CPU, resulting in a deni...
AudaCity 2.3 - High processor usage Denial of Service Exploit
Exploit for windows platform in category dos / poc Exploit Title: AudaCity 2.3 - High processor usage Denial of Service Author: Kağan Çapar Software Link: https://www.fosshub.com/Audacity.html Vendor Homepage : https://www.audacityteam.org Tested Version: 2.3 top version Tested on OS: Windows 10...
jboss-remoting: High CPU Denial of Service
A vulnerability was found in the way RemoteMessageChannel, introduced in jboss-remoting versions 3.3.10.Final-redhat-1, reads from an empty buffer. An attacker could use this flaw to cause denial of service via high CPU caused by an infinite loop...
rubygems: No size limit in summary length of gem spec
It was found that rubygems could use an excessive amount of CPU while parsing a sufficiently long gem summary. A specially crafted gem from a gem repository could freeze gem commands attempting to parse its summary...
zookeeper: Incorrect input validation with wchp/wchc four letter words
A denial of service vulnerability was discovered in ZooKeeper which allows an attacker to dramatically increase CPU utilization by abusing "wchp/wchc" commands, leading to the server being unable to serve legitimate requests...
zookeeper: Incorrect input validation with wchp/wchc four letter words
A denial of service vulnerability was discovered in ZooKeeper which allows an attacker to dramatically increase CPU utilization by abusing "wchp/wchc" commands, leading to the server being unable to serve legitimate requests...
OpenExif 'ExifImageFile::readImage' Function Denial of Service Vulnerability
OpenExif is an object-oriented library for accessing image files in Exif format. A security vulnerability exists in the 'ExifImageFile::readImage' function of the ExifImageFileRead.cpp file in OpenExif version 2.1.4. A remote attacker can exploit this vulnerability to cause a denial of service...
DEBIAN-CVE-2017-9122
The quicktimereadmoov function in moov.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service infinite loop and CPU consumption via a crafted mp4 file...
Remote Denial of Service Vulnerability in Multiple Zyxel Products
ZyXEL USG50 and so on are products of ZyXEL Technology Corporation.ZyXEL USG50 is a firewall product.ZyXEL NWA3560-N is a switch product. A remote denial of service vulnerability exists in multiple Zyxel products. An attacker could exploit this vulnerability to cause high CPU consumption, resulti...