UBUNTU-CVE-2018-6332

A potential denial-of-service issue in the Proxygen handling of invalid HTTP2 settings which can cause the server to spend disproportionate resources. This affects all supported versions of HHVM 3.24.3 and 3.21.7 and below when using the proxygen server to handle HTTP2 requests...

nginx: Excessive memory consumption via flaw in HTTP/2 implementation

nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the implementation of HTTP/2 that can allow for excessive memory consumption. This issue affects nginx compiled with the ngxhttpv2module not compiled by default if the 'http2' option of the 'listen' directive is used in a configuratio...

nginx: Excessive CPU usage via flaw in HTTP/2 implementation

nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the implementation of HTTP/2 that can allow for excessive CPU usage. This issue affects nginx compiled with the ngxhttpv2module not compiled by default if the 'http2' option of the 'listen' directive is used in a configuration file...

Apache HTTP Server Denial of Service Vulnerability (CNVD-2018-25796)

Apache HTTP Server is the United States Apache Apache Software Foundation, an open source web server. The server is fast, reliable and can be expanded through a simple API. A denial of service vulnerability exists in Apache HTTP Server. A remote attacker can exploit this vulnerability by sending ...

nginx: Excessive memory consumption via flaw in HTTP/2 implementation

nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the implementation of HTTP/2 that can allow for excessive memory consumption. This issue affects nginx compiled with the ngxhttpv2module not compiled by default if the 'http2' option of the 'listen' directive is used in a configuratio...

USN-3812-1 nginx vulnerabilities

It was discovered that nginx incorrectly handled the HTTP/2 implementation. A remote attacker could possibly use this issue to cause excessive memory consumption, leading to a denial of service. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 18.10. CVE-2018-16843 Gal...

ALPINE-CVE-2018-16843

nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the implementation of HTTP/2 that can allow for excessive memory consumption. This issue affects nginx compiled with the ngxhttpv2module not compiled by default if the 'http2' option of the 'listen' directive is used in a configuratio...

DEBIAN-CVE-2018-16844

nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the implementation of HTTP/2 that can allow for excessive CPU usage. This issue affects nginx compiled with the ngxhttpv2module not compiled by default if the 'http2' option of the 'listen' directive is used in a configuration file...

ALPINE-CVE-2018-16844

nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the implementation of HTTP/2 that can allow for excessive CPU usage. This issue affects nginx compiled with the ngxhttpv2module not compiled by default if the 'http2' option of the 'listen' directive is used in a configuration file...

nginx denial of service vulnerability (CNVD-2018-22806)

nginx is a lightweight web server/reverse proxy server and email IMAP/POP3 proxy server. A security vulnerability exists in the HTTP/2 implementation in Nginx versions prior to 1.15.5 and 1.14.1. A remote attacker can exploit this vulnerability by sending a malicious request to cause a denial of...

nginx denial of service vulnerability (CNVD-2018-22805)

nginx is a lightweight web server/reverse proxy server and email IMAP/POP3 proxy server. A security vulnerability exists in the HTTP/2 implementation of nginx versions prior to 1.15.6 and 1.14.1. An attacker can exploit the vulnerability to consume a large amount of memory space...

PT-2018-2562 · Nginx +4 · Nginx +4

Name of the Vulnerable Software and Affected Versions: nginx versions 1.14.0 through 1.14.1 nginx versions 1.15.0 through 1.15.6 Description: The issue is related to the implementation of HTTP/2 in nginx, which can lead to excessive CPU usage. This problem affects nginx compiled with the ngx http...

PT-2018-2561 · Nginx +4 · Nginx +4

Name of the Vulnerable Software and Affected Versions: nginx versions prior to 1.15.6 nginx versions prior to 1.14.1 Description: The issue is related to the implementation of the HTTP/2 protocol in the nginx server, which can lead to uncontrolled resource consumption. This can allow a remote...

UBUNTU-CVE-2018-16844

nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the implementation of HTTP/2 that can allow for excessive CPU usage. This issue affects nginx compiled with the ngxhttpv2module not compiled by default if the 'http2' option of the 'listen' directive is used in a configuration file...

SUSE-SU-2018:3101-1 Security update for apache2

This update for apache2 fixes the following issues: Security issues fixed: - CVE-2018-11763: In Apache HTTP Server by sending continuous, large SETTINGS frames a client can occupy a connection, server thread and CPU time without any connection timeout coming to effect. This affects only HTTP/2...

CVE-2016-7475

Under some circumstances on BIG-IP 12.0.0-12.1.0, 11.6.0-11.6.1, or 11.4.0-11.5.4 HF1, the Traffic Management Microkernel TMM may not properly clean-up pool member network connections when using SPDY or HTTP/2 virtual server profiles...

USN-3783-1 apache2 vulnerabilities

Robert Swiecki discovered that the Apache HTTP Server HTTP/2 module incorrectly destroyed certain streams. A remote attacker could possibly use this issue to cause the server to crash, leading to a denial of service. CVE-2018-1302 Craig Young discovered that the Apache HTTP Server HTTP/2 module...

BSA-2018-711

Security Advisory ID : BSA-2018-711 Component : Apache HTTPD Revision : 1.0: Final The Apache HTTP Server 2.4.17 and 2.4.18, when modhttp2 is enabled, does not limit the number of simultaneous stream workers for a single HTTP/2 connection, which allows remote attackers to cause a denial of servic...

UBUNTU-CVE-2018-11763

In Apache HTTP Server 2.4.17 to 2.4.34, by sending continuous, large SETTINGS frames a client can occupy a connection, server thread and CPU time without any connection timeout coming to effect. This affects only HTTP/2 connections. A possible mitigation is to not enable the h2 protocol...

F5 BIG-IP Virtual Server Denial of Service Vulnerability

F5 BIG-IP LTM, etc. are products of F5 Corporation, U.S.A. F5 BIG-IP LTM is a local traffic manager; BIG-IP AAM is an application acceleration manager. A security vulnerability exists in the F5 BIG-IP virtual server. An attacker can exploit this vulnerability to cause a denial of service abnormal...