Lucene search
K

1369 matches found

Positive Technologies
Positive Technologies
added 2018/11/06 12:0 a.m.15 views

PT-2018-2561 · Nginx +4 · Nginx +4

Name of the Vulnerable Software and Affected Versions: nginx versions prior to 1.15.6 nginx versions prior to 1.14.1 Description: The issue is related to the implementation of the HTTP/2 protocol in the nginx server, which can lead to uncontrolled resource consumption. This can allow a remote...

8.2CVSS6.7AI score0.82017EPSS
Exploits20References86
Positive Technologies
Positive Technologies
added 2018/11/06 12:0 a.m.13 views

PT-2018-2562 · Nginx +4 · Nginx +4

Name of the Vulnerable Software and Affected Versions: nginx versions 1.14.0 through 1.14.1 nginx versions 1.15.0 through 1.15.6 Description: The issue is related to the implementation of HTTP/2 in nginx, which can lead to excessive CPU usage. This problem affects nginx compiled with the ngx http...

8.2CVSS6.6AI score0.82017EPSS
Exploits1References80
OSV
OSV
added 2018/10/11 3:10 p.m.10 views

SUSE-SU-2018:3101-1 Security update for apache2

This update for apache2 fixes the following issues: Security issues fixed: - CVE-2018-11763: In Apache HTTP Server by sending continuous, large SETTINGS frames a client can occupy a connection, server thread and CPU time without any connection timeout coming to effect. This affects only HTTP/2...

5.9CVSS6AI score0.51002EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2018/10/08 7:29 p.m.2 views

CVE-2016-7475

Under some circumstances on BIG-IP 12.0.0-12.1.0, 11.6.0-11.6.1, or 11.4.0-11.5.4 HF1, the Traffic Management Microkernel TMM may not properly clean-up pool member network connections when using SPDY or HTTP/2 virtual server profiles...

7.5CVSS5.4AI score0.01321EPSS
Exploits0References2
OSV
OSV
added 2018/10/03 6:39 p.m.3 views

USN-3783-1 apache2 vulnerabilities

Robert Swiecki discovered that the Apache HTTP Server HTTP/2 module incorrectly destroyed certain streams. A remote attacker could possibly use this issue to cause the server to crash, leading to a denial of service. CVE-2018-1302 Craig Young discovered that the Apache HTTP Server HTTP/2 module...

7.5CVSS6.8AI score0.51002EPSS
Exploits0References4
Broadcom
Broadcom
added 2018/10/02 12:0 a.m.7 views

BSA-2018-711

Security Advisory ID : BSA-2018-711 Component : Apache HTTPD Revision : 1.0: Final The Apache HTTP Server 2.4.17 and 2.4.18, when modhttp2 is enabled, does not limit the number of simultaneous stream workers for a single HTTP/2 connection, which allows remote attackers to cause a denial of servic...

5.9CVSS8.1AI score0.15327EPSS
Exploits0
OSV
OSV
added 2018/09/25 12:0 a.m.3 views

UBUNTU-CVE-2018-11763

In Apache HTTP Server 2.4.17 to 2.4.34, by sending continuous, large SETTINGS frames a client can occupy a connection, server thread and CPU time without any connection timeout coming to effect. This affects only HTTP/2 connections. A possible mitigation is to not enable the h2 protocol...

5.9CVSS6.5AI score0.51002EPSS
Exploits0References5
CNVD
CNVD
added 2018/07/27 12:0 a.m.4 views

F5 BIG-IP Virtual Server Denial of Service Vulnerability

F5 BIG-IP LTM, etc. are products of F5 Corporation, U.S.A. F5 BIG-IP LTM is a local traffic manager; BIG-IP AAM is an application acceleration manager. A security vulnerability exists in the F5 BIG-IP virtual server. An attacker can exploit this vulnerability to cause a denial of service abnormal...

7.5CVSS7.2AI score0.01782EPSS
Exploits0References1
CNVD
CNVD
added 2018/07/19 12:0 a.m.3 views

Wireshark Denial of Service Vulnerability (CNVD-2018-14106)

Wireshark formerly Ethereal is a suite of network packet analysis software developed by the Wireshark team. The function of the software is to intercept network packets and display detailed data for analysis.HTTP2 dissector is one of the hypertext transfer protocol parsers. A security vulnerabili...

7.5CVSS7.4AI score0.03352EPSS
Exploits0References1
OSV
OSV
added 2018/06/14 12:29 p.m.4 views

CVE-2018-8226

A denial of service vulnerability exists in the HTTP 2.0 protocol stack HTTP.sys when HTTP.sys improperly parses specially crafted HTTP 2.0 requests, aka "HTTP.sys Denial of Service Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers...

7.5CVSS5.8AI score0.12701EPSS
Exploits0References3
OSV
OSV
added 2018/06/13 4:29 p.m.3 views

ALPINE-CVE-2018-7161

All versions of Node.js 8.x, 9.x, and 10.x are vulnerable and the severity is HIGH. An attacker can cause a denial of service DoS by causing a node server providing an http2 server to crash. This can be accomplished by interacting with the http2 server in a manner that triggers a cleanup bug wher...

7.5CVSS8.7AI score0.07855EPSS
Exploits0References1
OSV
OSV
added 2018/06/11 9:29 p.m.2 views

DEBIAN-CVE-2017-5446

An out-of-bounds read when an HTTP/2 connection to a servers sends "DATA" frames with incorrect data content. This leads to a potentially exploitable crash. This vulnerability affects Thunderbird 52.1, Firefox ESR 45.9, Firefox ESR 52.1, and Firefox 53...

9.8CVSS8.9AI score0.03123EPSS
Exploits1References1
RedHat Linux
RedHat Linux
added 2018/05/17 6:43 a.m.3 views

haproxy: Heap buffer overflow in mux_h2.c:h2_process_demux() can allow attackers to cause a denial of service

An issue was discovered in HAProxy before 1.8.8. The incoming H2 frame length was checked against the maxframesize setting instead of being checked against the bufsize. The maxframesize only applies to outgoing traffic and not to incoming, so if a large enough frame size is advertised in the...

7.5CVSS6.3AI score0.0843EPSS
Exploits0References4
OSV
OSV
added 2018/05/09 7:29 a.m.1 views

DEBIAN-CVE-2018-10184

An issue was discovered in HAProxy before 1.8.8. The incoming H2 frame length was checked against the maxframesize setting instead of being checked against the bufsize. The maxframesize only applies to outgoing traffic and not to incoming, so if a large enough frame size is advertised in the...

7.5CVSS8.3AI score0.0843EPSS
Exploits0References1
OSV
OSV
added 2018/05/09 7:29 a.m.8 views

UBUNTU-CVE-2018-10184

An issue was discovered in HAProxy before 1.8.8. The incoming H2 frame length was checked against the maxframesize setting instead of being checked against the bufsize. The maxframesize only applies to outgoing traffic and not to incoming, so if a large enough frame size is advertised in the...

7.5CVSS7.7AI score0.0843EPSS
Exploits0References4
CNVD
CNVD
added 2018/04/17 12:0 a.m.3 views

Denial of Service Vulnerability in Multiple F5 Products (CNVD-2018-09412)

F5 BIG-IP LTM, etc. are products of F5 Corporation, U.S.A. F5 BIG-IP LTM is a local traffic manager; BIG-IP AAM is an application acceleration manager. Security vulnerabilities exist in several F5 products. An attacker can exploit this vulnerability by sending malformed SPDY or HTTP/2 requests to...

7.5CVSS6.6AI score0.01321EPSS
Exploits0References1
OSV
OSV
added 2018/03/26 3:29 p.m.7 views

ALPINE-CVE-2018-1302

When an HTTP/2 stream was destroyed after being handled, the Apache HTTP Server prior to version 2.4.30 could have written a NULL pointer potentially to an already freed memory. The memory pools maintained by the server make this vulnerability hard to trigger in usual configurations, the reporter...

5.9CVSS6.9AI score0.13436EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2018/02/02 12:0 a.m.10 views

The vulnerability of the experimental implementation of the HTTP/2 protocol in the Apache Traffic Server allows a attacker to execute arbitrary code or cause a service failure.

The vulnerability of the experimental implementation of the HTTP/2 protocol in the Apache Traffic Server web server arises from an operation that goes beyond the buffer boundaries in memory. Exploiting this vulnerability allows a malicious actor to execute arbitrary code or cause a service failur...

9.8CVSS6.2AI score0.05438EPSS
Exploits0References4Affected Software1
curl security advisories
curl security advisories
added 2018/01/24 8:0 a.m.8 views

HTTP/2 trailer out-of-bounds read

libcurl contains an out bounds read in code handling HTTP/2 trailers. It was reported that reading an HTTP/2 trailer could mess up future trailers since the stored size was one byte less than required. The problem is that the code that creates HTTP/1-like headers from the HTTP/2 trailer data once...

9.1CVSS8.2AI score0.04642EPSS
Exploits0Affected Software2
OSV
OSV
added 2018/01/24 12:0 a.m.1 views

UBUNTU-CVE-2018-1000005

libcurl 7.49.0 to and including 7.57.0 contains an out bounds read in code handling HTTP/2 trailers. It was reported https://github.com/curl/curl/pull/2231 that reading an HTTP/2 trailer could mess up future trailers since the stored size was one byte less than required. The problem is that the...

9.1CVSS7.3AI score0.04642EPSS
Exploits0References5
Rows per page
Query Builder