23 matches found
CVE-2021-31922
An HTTP Request Smuggling vulnerability in Pulse Secure Virtual Traffic Manager before 21.1 could allow an attacker to smuggle an HTTP request through an HTTP/2 Header. This vulnerability is resolved in 21.1, 20.3R1, 20.2R1, 20.1R2, 19.2R4, and 18.2R3...
ALPINE-CVE-2019-9516
Some HTTP/2 implementations are vulnerable to a header leak, potentially leading to a denial of service. The attacker sends a stream of headers with a 0-length header name and 0-length header value, optionally Huffman encoded into 1-byte or greater headers. Some implementations allocate memory fo...
Apache Tomcat Denial of Service Vulnerability (CNVD-2016-11592)
Apache Tomcat is a popular open source JSP application server program. A denial of service vulnerability exists in Apache Tomcat, which can be exploited by an attacker to cause the HTTP/2 header parser to enter an infinite loop, resulting in a denial of service...