CVE-2025-61752

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware component: Core. Supported versions that are affected are 14.1.1.0.0 and 14.1.2.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP/2 to compromise Oracle WebLogic Server...

undertow: client side invocation timeout raised when calling over HTTP2

A flaw was found in Undertow that tripped the client-side invocation timeout with certain calls made over HTTP2. This flaw allows an attacker to carry out denial of service attacks...

tomcat: Improper Handling of Exceptional Conditions

A vulnerability was found in Apache Tomcat. When processing an HTTP/2 stream, Tomcat did not handle some cases of excessive HTTP headers correctly. This issue led to a miscounting of active HTTP/2 streams, which in turn led to using an incorrect infinite timeout that allowed connections to remain...

curl: HTTP/2 push headers memory-leak

A flaw was found in curl. When an application configures libcurl to use HTTP/2 server push and the amount of received headers for the push surpasses the maximum allowed limit, libcurl aborts the server push. When aborting, libcurl does not free all the previously allocated headers, resulting in a...

jetty: stop accepting new connections from valid clients

A flaw was found in Jetty, a Java based web server and servlet engine. If an HTTP/2 connection gets TCP congested, it remains open and idle, and connections may be leaked when it times out. An attacker can cause many connections to end up in this state, and the server may run out of file...

Mozilla: Denial of Service using HTTP/2 CONTINUATION frames

The Mozilla Foundation Security Advisory describes this flaw as: There was no limit to the number of HTTP/2 CONTINUATION frames that would be processed. A server could abuse this to create an Out of Memory condition in the browser...

SUSE CVE-2024-3302

There was no limit to the number of HTTP/2 CONTINUATION frames that would be processed. A server could abuse this to create an Out of Memory condition in the browser. This vulnerability affects Firefox 125, Firefox ESR 115.10, and Thunderbird 115.10...

OESA-2024-1380 cri-tools security update

CLI and validation tools for Container Runtime Interface Security Fixes: A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.CVE-2022-41723 A malicious HTTP/2 client which...

PT-2024-19803 · F5 · Big-Ip Next Spk +1

Name of the Vulnerable Software and Affected Versions: BIG-IP versions affected versions not specified BIG-IP Next SPK versions affected versions not specified Description: When HTTP/2 is configured on BIG-IP or BIG-IP Next SPK systems, undisclosed responses can cause the Traffic Management...

H2O Denial of Service Vulnerability (CNVD-2018-01620)

H2O is a set of open source Web server software . A denial of service vulnerability exists in H2O 2.2.3 and earlier versions. A remote attacker can exploit this vulnerability to cause a denial of service with a specially crafted HTTP/2 packet header...