Lucene search
K

363 matches found

Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.13 views

MiracleLinux 9 : tomcat-9.0.62-11.el9.3 (AXSA:2023-6536:04)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2023-6536:04 advisory. HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack Rapid Reset Attack CVE-2023-44487 Tenable has extracted the preceding description...

7.5CVSS7.5AI score0.99999EPSS
Exploits19References2
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.14 views

MiracleLinux 9 : nginx-1.20.1-14.el9.1.ML.1 (AXSA:2023-6549:04)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2023-6549:04 advisory. HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack Rapid Reset Attack CVE-2023-44487 Tenable has extracted the preceding description...

7.5CVSS7.5AI score0.99999EPSS
Exploits19References2
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.16 views

MiracleLinux 9 : nghttp2-1.43.0-5.el9.1 (AXSA:2023-6518:02)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2023-6518:02 advisory. HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack Rapid Reset Attack CVE-2023-44487 Tenable has extracted the preceding description...

7.5CVSS7.5AI score0.99999EPSS
Exploits19References2
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.12 views

MiracleLinux 9 : golang-1.19.13-1.el9, go-toolset-1.19.13-1.el9 (AXSA:2023-6512:05)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-6512:05 advisory. golang: net/http, x/net/http2: rapid stream resets can cause excessive work CVE-2023-44487 CVE-2023-39325 HTTP/2: Multiple HTTP/2 enabled web server...

7.5CVSS7.4AI score0.99999EPSS
Exploits19References4
RedhatCVE
RedhatCVE
added 2026/01/09 9:58 a.m.15 views

CVE-2020-7962

An issue was discovered in One Identity Password Manager 5.8. An attacker could enumerate valid answers for a user. It is possible for an attacker to detect a valid answer based on the HTTP response content, and reuse this answer later for a password reset on a chosen password. The enumeration is...

5.3CVSS7AI score0.00861EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/12/08 12:0 a.m.8 views

RockyLinux 8 : nghttp2 (RLSA-2023:5837)

The remote RockyLinux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2023:5837 advisory. HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack Rapid Reset Attack CVE-2023-44487 Tenable has extracted the preceding description bloc...

7.5CVSS7.3AI score0.99999EPSS
Exploits19References3
OSV
OSV
added 2025/12/05 9:2 a.m.16 views

RLSA-2023:5837 Important: nghttp2 security update

nghttp2 contains the Hypertext Transfer Protocol version 2 HTTP/2 client, server, and proxy programs as well as a library implementing the HTTP/2 protocol in C. Security Fixes: HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack Rapid Reset Attack CVE-2023-44487 For more...

7.5CVSS6.9AI score0.99999EPSS
Exploits19References2
IBM Security Bulletins
IBM Security Bulletins
added 2025/12/05 5:22 a.m.6 views

Security Bulletin: Apache Tomcat Improper Resource Shutdown Enables Made You Reset Attack, affects watsonx.data

Summary Improper Resource Shutdown or Release vulnerability in Apache Tomcat made Tomcat vulnerable to the made you reset attack. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.9, from 10.1.0-M1 through 10.1.43 and from 9.0.0.M1 through 9.0.107. Older, EOL versions may also be...

7.5CVSS6.8AI score0.03389EPSS
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/12/04 12:0 a.m.7 views

RockyLinux 9 : nodejs:18 (RLSA-2023:5849)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2023:5849 advisory. HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack Rapid Reset Attack CVE-2023-44487 nodejs: integrity checks according to...

7.5CVSS7.3AI score0.99999EPSS
Exploits19References9
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2018-10931

Malware in sbrugna...

9.8CVSS9.5AI score0.01422EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.31 views

EUVD-2020-0493

Malware in sbrugna...

9.8CVSS9.3AI score0.03673EPSS
Exploits1References19
EUVD
EUVD
added 2025/10/07 12:30 a.m.8 views

EUVD-2018-18634

Malware in sbrugna...

8.8CVSS8.8AI score0.06818EPSS
Exploits3References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-6805

Malicious code in bioql PyPI...

8.8CVSS7.5AI score0.00542EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2024-54603

Malicious code in bioql PyPI...

5.3CVSS6.3AI score0.00267EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2025/09/25 12:9 a.m.6 views

HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)

A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RSTSTREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any...

7.5CVSS6.7AI score0.99999EPSS
Exploits19References10
OSV
OSV
added 2025/09/04 6:44 p.m.4 views

CLSA-2025-1757011448 tomcat: Fix of CVE-2025-48989

CVE-2025-48989: fix improper resource shutdown vulnerability to prevent reset attack...

7.5CVSS7AI score0.03389EPSS
Exploits0References1
Veracode
Veracode
added 2025/09/02 6:9 a.m.5 views

Improper Resource Shutdown Or Release

org.apache.tomcat.embed, tomcat-embed-core is vulnerable to Improper Resource Shutdown or Release. The vulnerability is due to improper handling of resource shutdown, which allows an attacker to perform the "made you reset" attack...

7.5CVSS6.8AI score0.03389EPSS
Exploits0References12Affected Software2
CNVD
CNVD
added 2025/08/20 12:0 a.m.2 views

Apache Tomcat Denial of Service Vulnerability (CNVD-2025-19106)

Apache Tomcat is the United States Apache Apache Foundation of a lightweight Web application server for the implementation of Servlet and JavaServer Page JSP support. Apache Tomcat suffers from a denial of service vulnerability due to a forced reset attack in the HTTP/2 implementation. An attacke...

7.5CVSS6.5AI score0.03389EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/08/14 12:0 a.m.3 views

Apache Tomcat 9.0.0.M1 < 9.0.108

The version of Tomcat installed on the remote host is prior to 9.0.108. It is, therefore, affected by a vulnerability as referenced in the fixedinapachetomcat9.0.108security-9 advisory. - Tomcat's HTTP/2 implementation was vulnerable to the made you reset attack. The denial of service typically...

7.5CVSS7AI score0.03389EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/08/14 12:0 a.m.5 views

FreeBSD : www/varnish7 -- Denial of Service in HTTP/2 (e2d49973-785a-11f0-a1c0-0050569f0b83)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the e2d49973-785a-11f0-a1c0-0050569f0b83 advisory. Varnish Development Team reports: A denial of service attack can be performed on Varnish Cache servers...

7.5CVSS6.2AI score0.04604EPSS
Exploits3References3
Rows per page
Query Builder