1366 matches found
PT-2021-3712 · Apache +3 · Apache Http Server +4
Name of the Vulnerable Software and Affected Versions: Apache HTTP Server versions 2.4.47 mod http2 version 1.15.17 Description: The issue is related to the HTTP/2 protocol handler in the Apache HTTP Server, which checks received request headers against size limitations. If these restrictions are...
netty: possible request smuggling in HTTP/2 due missing validation
In Netty io.netty:netty-codec-http2 before version 4.1.60.Final there is a vulnerability that enables request smuggling. If a Content-Length header is present in the original HTTP/2 request, the field is not validated by Http2MultiplexHandler as it is propagated up. This is fine as long as the...
The vulnerability of the HTTP/2 stream in the Apache HTTP Server, related to pointer dereferencing errors, allows attackers to cause a service failure.
The vulnerability of the HTTP/2 stream in the Apache HTTP Server is related to incorrect writing of the zero pointer. Exploiting this vulnerability allows a remote attacker to cause service interruptions...
The vulnerability of the mod_http2 module in the Apache HTTP Server, related to the assignment of the zero pointer, allows a hacker to trigger a denial-of-service attack.
The vulnerability of the modhttp2 module in the Apache HTTP Server is related to incorrect handling of HTTP/2 requests. Exploiting this vulnerability can allow a remote attacker to cause service interruptions...
nodejs: HTTP2 'unknownProtocol' cause DoS by resource exhaustion
A flaw was found in nodejs. When too many connection attempts with an 'unknownProtocol' are established a leak of file descriptors can occur leading to a potential denial of service. If a file descriptor limit is configured on the system, then the server is unable to accept new connections and...
Netty 环境问题漏洞
Netty is a non-blocking I/O client-server framework from the Netty community that is primarily used to develop Java web applications such as protocol servers and clients. Netty suffers from an environmental issue vulnerability that stems from requests being converted to HTTP 1.1 objects when pass...
nodejs: HTTP2 'unknownProtocol' cause DoS by resource exhaustion
A flaw was found in nodejs. When too many connection attempts with an 'unknownProtocol' are established a leak of file descriptors can occur leading to a potential denial of service. If a file descriptor limit is configured on the system, then the server is unable to accept new connections and...
nodejs: HTTP2 'unknownProtocol' cause DoS by resource exhaustion
A flaw was found in nodejs. When too many connection attempts with an 'unknownProtocol' are established a leak of file descriptors can occur leading to a potential denial of service. If a file descriptor limit is configured on the system, then the server is unable to accept new connections and...
nodejs: HTTP2 'unknownProtocol' cause DoS by resource exhaustion
A flaw was found in nodejs. When too many connection attempts with an 'unknownProtocol' are established a leak of file descriptors can occur leading to a potential denial of service. If a file descriptor limit is configured on the system, then the server is unable to accept new connections and...
nodejs: HTTP2 'unknownProtocol' cause DoS by resource exhaustion
A flaw was found in nodejs. When too many connection attempts with an 'unknownProtocol' are established a leak of file descriptors can occur leading to a potential denial of service. If a file descriptor limit is configured on the system, then the server is unable to accept new connections and...
nodejs: HTTP2 'unknownProtocol' cause DoS by resource exhaustion
A flaw was found in nodejs. When too many connection attempts with an 'unknownProtocol' are established a leak of file descriptors can occur leading to a potential denial of service. If a file descriptor limit is configured on the system, then the server is unable to accept new connections and...
tomcat: Apache Tomcat HTTP/2 Request mix-up
A flaw was found in Apache Tomcat. If an HTTP/2 client exceeded the agreed maximum number of concurrent streams for a connection in violation of the HTTP/2 protocol, it is possible that a subsequent request made on that connection could contain HTTP headers - including HTTP/2 pseudo headers - fro...
tomcat: HTTP/2 request header mix-up
While investigating bug 64830 it was discovered that Apache Tomcat 10.0.0-M1 to 10.0.0-M9, 9.0.0-M1 to 9.0.39 and 8.5.0 to 8.5.59 could re-use an HTTP request header value from the previous stream received on an HTTP/2 connection for the request associated with the subsequent stream. While this...
tomcat: specially crafted sequence of HTTP/2 requests can lead to DoS
A specially crafted sequence of HTTP/2 requests sent to Apache Tomcat 10.0.0-M1 to 10.0.0-M5, 9.0.0.M1 to 9.0.35 and 8.5.0 to 8.5.55 could trigger high CPU usage for several seconds. If a sufficient number of such requests were made on concurrent HTTP/2 connections, the server could become...
dotnet: ASP.NET Core Callbacks outside of locks cause Krestel deadlock when using HTTP2
A flaw was found in dotnet. Running callbacks outside of locks results in Krestel deadlock using HTTP2. The highest threat from this vulnerability is to system availability...
dotnet: ASP.NET Core Callbacks outside of locks cause Krestel deadlock when using HTTP2
A flaw was found in dotnet. Running callbacks outside of locks results in Krestel deadlock using HTTP2. The highest threat from this vulnerability is to system availability...
dotnet: ASP.NET Core Callbacks outside of locks cause Krestel deadlock when using HTTP2
A flaw was found in dotnet. Running callbacks outside of locks results in Krestel deadlock using HTTP2. The highest threat from this vulnerability is to system availability...
SUSE-SU-2021:0041-1 Security update for tomcat
This update for tomcat fixes the following issue: - CVE-2020-17527: Fixed a HTTP/2 request header mix-up bsc1179602...
AZL-6909 CVE-2020-17527 affecting package tomcat 9.0.39-5
While investigating bug 64830 it was discovered that Apache Tomcat 10.0.0-M1 to 10.0.0-M9, 9.0.0-M1 to 9.0.39 and 8.5.0 to 8.5.59 could re-use an HTTP request header value from the previous stream received on an HTTP/2 connection for the request associated with the subsequent stream. While this...
DEBIAN-CVE-2020-17527
While investigating bug 64830 it was discovered that Apache Tomcat 10.0.0-M1 to 10.0.0-M9, 9.0.0-M1 to 9.0.39 and 8.5.0 to 8.5.59 could re-use an HTTP request header value from the previous stream received on an HTTP/2 connection for the request associated with the subsequent stream. While this...