2 matches found
Denial Of Service
Eclipse Jetty is vulnerable to Denial of Service. The vulnerability is due to improper handling of malformed or illegal HTTP/2 frames such as invalid WINDOWUPDATE frames, which allows an attacker to repeatedly trigger RSTSTREAM responses and exhaust server CPU and memory resources...
HTTP/2: flood using HEADERS frames results in unbounded memory growth
A flaw was found in HTTP/2. Using HEADER frames with invalid HTTP headers and queuing of response RSTSTREAM frames, an attacker could cause a flood resulting in unbounded memory growth. The highest threat from this vulnerability is to system availability...