[SECURITY] Fedora 27 Update: mod_http2-1.10.16-1.fc27

The modh2 Apache httpd module implements the HTTP2 protocol h2+h2c on top of libnghttp2 for httpd 2.4 servers...

[SECURITY] Fedora 28 Update: mod_http2-1.10.16-1.fc28

The modh2 Apache httpd module implements the HTTP2 protocol h2+h2c on top of libnghttp2 for httpd 2.4 servers...

MGASA-2018-0110 Updated curl packages fix security vulnerability

It was reported that reading an HTTP/2 trailer could mess up future trailers since the stored size was one byte less than required. When accessed, the data is read out of bounds and causes either a crash or that the too large data gets passed to the libcurl callback. This might lead to a...

Fedora 27 : curl (2018-241a5a2409)

http2: fix incorrect trailer buffer size CVE-2018-1000005 - http: prevent custom Authorization headers in redirects CVE-2018-1000007 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to...

Fedora 26 : curl (2018-85655b12b6)

http2: fix incorrect trailer buffer size CVE-2018-1000005 - http: prevent custom Authorization headers in redirects CVE-2018-1000007 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to...

Haxx libcurl out-of-bounds read vulnerability

Haxx libcurl is a free , open source client-side URL transport library from the Swedish company Haxx. The library supports FTP, FTPS, TFTP, HTTP and so on. A security vulnerability exists in code handling HTTP/2 trailers in Haxx libcurl versions 7.49.0 through 7.57.0. An attacker can exploit this...

CURL-CVE-2018-1000005 HTTP/2 trailer out-of-bounds read

libcurl contains an out bounds read in code handling HTTP/2 trailers. It was reported that reading an HTTP/2 trailer could mess up future trailers since the stored size was one byte less than required. The problem is that the code that creates HTTP/1-like headers from the HTTP/2 trailer data once...

Authentication Bypass

Node is vulnerable to authentication bypasses. The library uses a vulnerable version of OpenSSL, allowing a malicious user to bypass authentication by passing data through the HTTP2 or TLS modules...

CVE-2017-15896

Node.js was affected by OpenSSL vulnerability CVE-2017-3737 in regards to the use of SSLread due to TLS handshake failure. The result was that an active network attacker could send application data to Node.js using the TLS or HTTP2 modules in a way that bypassed TLS authentication and encryption...

CVE-2017-15896

Node.js was affected by OpenSSL vulnerability CVE-2017-3737 in regards to the use of SSLread due to TLS handshake failure. The result was that an active network attacker could send application data to Node.js using the TLS or HTTP2 modules in a way that bypassed TLS authentication and encryption...

Design/Logic Flaw

Node.js was affected by OpenSSL vulnerability CVE-2017-3737 in regards to the use of SSLread due to TLS handshake failure. The result was that an active network attacker could send application data to Node.js using the TLS or HTTP2 modules in a way that bypassed TLS authentication and encryption...

UBUNTU-CVE-2017-15896

Node.js was affected by OpenSSL vulnerability CVE-2017-3737 in regards to the use of SSLread due to TLS handshake failure. The result was that an active network attacker could send application data to Node.js using the TLS or HTTP2 modules in a way that bypassed TLS authentication and encryption...

CVE-2017-15896

Node.js was affected by OpenSSL vulnerability CVE-2017-3737 in regards to the use of SSLread due to TLS handshake failure. The result was that an active network attacker could send application data to Node.js using the TLS or HTTP2 modules in a way that bypassed TLS authentication and encryption...

HTTP Load Generator: hey

hey is a tiny program that sends some load to a web application – ApacheBench ab replacement. hey was originally called boom and was influenced from Tarek Ziade’s tool at tarekziade/boom . Installation go get -u github.com/rakyll/hey Note: Requires go 1.7 or greater. Usage hey runs provided numbe...

Apache Tomcat 'HTTP2' Denial of Service Vulnerability - Linux

Apache Tomcat is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apache:tomcat";...

Apache Tomcat HTTP2 Security Bypass Vulnerability - Linux

Apache Tomcat is prone to a security bypass vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apache:tomcat";...

Apache Tomcat HTTP2 Security Bypass Vulnerability - Windows

Apache Tomcat is prone to a security bypass vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apache:tomcat";...

Apache Tomcat 'HTTP2' Denial of Service Vulnerability - Windows

Apache Tomcat is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apache:tomcat";...

SUSE SLES11 Security Update : apache2 (SUSE-SU-2017:1997-1)

This update provides apache2 2.2.34, which brings many fixes and enhancements: Security issues fixed : - CVE-2017-9788: Uninitialized memory reflection in modauthdigest. bsc1048576 Bug fixes : - Remove /usr/bin/http2 link only during package uninstall, not upgrade. bsc1041830 - Don't put the...

Apache httpd 'mod_http2' Denial of Service Vulnerability

Apache HTTP Server is an open source web server from the Apache Software Foundation. A security vulnerability in the Apache httpd HTTP/2 processing code allows remote attackers to conduct denial-of-service attacks by submitting special requests and in some cases closing multiple connections...