363 matches found
MiracleLinux 9 : tomcat-9.0.62-11.el9.3 (AXSA:2023-6536:04)
The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2023-6536:04 advisory. HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack Rapid Reset Attack CVE-2023-44487 Tenable has extracted the preceding description...
MiracleLinux 9 : nginx-1.20.1-14.el9.1.ML.1 (AXSA:2023-6549:04)
The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2023-6549:04 advisory. HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack Rapid Reset Attack CVE-2023-44487 Tenable has extracted the preceding description...
MiracleLinux 9 : nghttp2-1.43.0-5.el9.1 (AXSA:2023-6518:02)
The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2023-6518:02 advisory. HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack Rapid Reset Attack CVE-2023-44487 Tenable has extracted the preceding description...
MiracleLinux 9 : golang-1.19.13-1.el9, go-toolset-1.19.13-1.el9 (AXSA:2023-6512:05)
The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-6512:05 advisory. golang: net/http, x/net/http2: rapid stream resets can cause excessive work CVE-2023-44487 CVE-2023-39325 HTTP/2: Multiple HTTP/2 enabled web server...
CVE-2020-7962
An issue was discovered in One Identity Password Manager 5.8. An attacker could enumerate valid answers for a user. It is possible for an attacker to detect a valid answer based on the HTTP response content, and reuse this answer later for a password reset on a chosen password. The enumeration is...
RockyLinux 8 : nghttp2 (RLSA-2023:5837)
The remote RockyLinux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2023:5837 advisory. HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack Rapid Reset Attack CVE-2023-44487 Tenable has extracted the preceding description bloc...
RLSA-2023:5837 Important: nghttp2 security update
nghttp2 contains the Hypertext Transfer Protocol version 2 HTTP/2 client, server, and proxy programs as well as a library implementing the HTTP/2 protocol in C. Security Fixes: HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack Rapid Reset Attack CVE-2023-44487 For more...
Security Bulletin: Apache Tomcat Improper Resource Shutdown Enables Made You Reset Attack, affects watsonx.data
Summary Improper Resource Shutdown or Release vulnerability in Apache Tomcat made Tomcat vulnerable to the made you reset attack. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.9, from 10.1.0-M1 through 10.1.43 and from 9.0.0.M1 through 9.0.107. Older, EOL versions may also be...
RockyLinux 9 : nodejs:18 (RLSA-2023:5849)
The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2023:5849 advisory. HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack Rapid Reset Attack CVE-2023-44487 nodejs: integrity checks according to...
EUVD-2018-10931
Malware in sbrugna...
EUVD-2020-0493
Malware in sbrugna...
EUVD-2018-18634
Malware in sbrugna...
EUVD-2025-6805
Malicious code in bioql PyPI...
EUVD-2024-54603
Malicious code in bioql PyPI...
HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)
A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RSTSTREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any...
CLSA-2025-1757011448 tomcat: Fix of CVE-2025-48989
CVE-2025-48989: fix improper resource shutdown vulnerability to prevent reset attack...
Improper Resource Shutdown Or Release
org.apache.tomcat.embed, tomcat-embed-core is vulnerable to Improper Resource Shutdown or Release. The vulnerability is due to improper handling of resource shutdown, which allows an attacker to perform the "made you reset" attack...
Apache Tomcat Denial of Service Vulnerability (CNVD-2025-19106)
Apache Tomcat is the United States Apache Apache Foundation of a lightweight Web application server for the implementation of Servlet and JavaServer Page JSP support. Apache Tomcat suffers from a denial of service vulnerability due to a forced reset attack in the HTTP/2 implementation. An attacke...
Apache Tomcat 9.0.0.M1 < 9.0.108
The version of Tomcat installed on the remote host is prior to 9.0.108. It is, therefore, affected by a vulnerability as referenced in the fixedinapachetomcat9.0.108security-9 advisory. - Tomcat's HTTP/2 implementation was vulnerable to the made you reset attack. The denial of service typically...
FreeBSD : www/varnish7 -- Denial of Service in HTTP/2 (e2d49973-785a-11f0-a1c0-0050569f0b83)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the e2d49973-785a-11f0-a1c0-0050569f0b83 advisory. Varnish Development Team reports: A denial of service attack can be performed on Varnish Cache servers...