Lucene search
K

656 matches found

RedHat Linux
RedHat Linux
added 2023/12/07 2:26 p.m.6 views

golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)

A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RSTSTREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any...

7.5CVSS6.7AI score0.99999EPSS
Exploits19References9
Positive Technologies
Positive Technologies
added 2023/12/07 12:0 a.m.8 views

PT-2023-9319 · Oracle · Oracle Applications Framework

Name of the Vulnerable Software and Affected Versions: Oracle Applications Framework versions 12.2.3 through 12.2.13 Description: The issue is related to improper authorization in the Personalization component of Oracle Applications Framework, part of the Oracle E-Business Suite. This can allow a...

5.5CVSS7.3AI score0.00313EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2023/12/07 12:0 a.m.4 views

PT-2023-9557 · Oracle · Oracle Weblogic Server

Name of the Vulnerable Software and Affected Versions: Oracle WebLogic Server versions 12.2.1.4.0 through 14.1.1.0.0 Description: The issue is related to the Console component of Oracle WebLogic Server, allowing an unauthenticated attacker with network access via HTTP to compromise the server...

7.8CVSS8.3AI score0.00657EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2023/12/07 12:0 a.m.4 views

PT-2023-9591 · Oracle · Oracle E-Business Suite +1

Name of the Vulnerable Software and Affected Versions: Oracle E-Business Suite versions 12.2.7 through 12.2.13 Description: The issue is related to a component of the Oracle Quoting product in Oracle E-Business Suite, specifically the User Interface, and is associated with weaknesses in the...

8.5CVSS8.1AI score0.00422EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2023/12/07 12:0 a.m.5 views

PT-2023-9538 · Oracle · Oracle E-Business Suite +1

Name of the Vulnerable Software and Affected Versions: Oracle Process Manufacturing Product Development versions 12.2.13 through 12.2.14 Description: The issue is related to weaknesses in the authorization procedure of the Quality Manager Specification component in Oracle Process Manufacturing...

8.5CVSS8.2AI score0.00422EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2023/12/04 6:2 p.m.6 views

HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)

A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RSTSTREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any...

7.5CVSS6.7AI score0.99999EPSS
Exploits19References10
RedHat Linux
RedHat Linux
added 2023/12/04 6:1 p.m.3 views

HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)

A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RSTSTREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any...

7.5CVSS6.7AI score0.99999EPSS
Exploits19References10
SUSE CVE
SUSE CVE
added 2023/12/01 2:19 a.m.6 views

SUSE CVE-2023-49081

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Improper validation made it possible for an attacker to modify the HTTP request e.g. to insert a new header or create a new HTTP request if the attacker controls the HTTP version. The vulnerability only occurs if the...

4CVSS8AI score0.00874EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2023/11/16 5:56 a.m.10 views

HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)

A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RSTSTREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any...

7.5CVSS6.7AI score0.99999EPSS
Exploits19References10
RedHat Linux
RedHat Linux
added 2023/11/08 2:26 p.m.4 views

HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)

A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RSTSTREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any...

7.5CVSS6.7AI score0.99999EPSS
Exploits19References10
RedHat Linux
RedHat Linux
added 2023/11/08 1:10 a.m.4 views

golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)

A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RSTSTREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any...

7.5CVSS6.7AI score0.99999EPSS
Exploits19References9
BDU FSTEC
BDU FSTEC
added 2023/11/01 12:0 a.m.7 views

Vulnerability of the client HTTP/1.1 and the Node.js software platform, allowing attackers to expose protected information

The vulnerability of the HTTP/1.1 client and the Node.js software platform is related to insufficient protection of sensitive data. Exploiting this vulnerability can allow a remote attacker to disclose sensitive information...

4CVSS6.4AI score0.01223EPSS
Exploits0References11Affected Software5
OSV
OSV
added 2023/10/23 7:15 a.m.1 views

ALPINE-CVE-2023-43622

An attacker, opening a HTTP/2 connection with an initial window size of 0, was able to block handling of that connection indefinitely in Apache HTTP Server. This could be used to exhaust worker resources in the server, similar to the well known "slow loris" attack pattern. This has been fixed in...

7.5CVSS6.8AI score0.70595EPSS
Exploits0References1
OSV
OSV
added 2023/10/20 3:59 p.m.11 views

CLSA-2023-1697817547 nginx: Fix of CVE-2023-44487

CVE-2023-44487: HTTP/2 - per-iteration stream handling limit...

7.5CVSS6.9AI score0.99999EPSS
Exploits19References1
RedHat Linux
RedHat Linux
added 2023/10/20 2:54 p.m.5 views

golang: net/http: insufficient sanitization of Host header

A flaw was found in Golang, where it is vulnerable to HTTP header injection caused by improper content validation of the Host header by the HTTP/1 client. A remote attacker can inject arbitrary HTTP headers by persuading a victim to visit a specially crafted Web page. This flaw allows the attacke...

6.5CVSS6.9AI score0.0125EPSS
Exploits0References5
BDU FSTEC
BDU FSTEC
added 2023/10/20 12:0 a.m.5 views

The vulnerability of UI components in the Oracle Enterprise Command Center Framework allows a perpetrator to gain access to read, modify, or delete data.

The vulnerability of the UI components in the Oracle Enterprise Command Center Framework is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to gain access to read, modify, or delete data using the HTTP network protocol...

6.4CVSS6.3AI score0.00347EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2023/10/19 3:57 p.m.5 views

USN-6427-2 dotnet8 vulnerability

USN-6427-1 fixed a vulnerability in .NET. This update provides the corresponding update for .NET 8. Original advisory details: It was discovered that the .NET Kestrel web server did not properly handle HTTP/2 requests. A remote attacker could possibly use this issue to cause a denial of service...

7.5CVSS6.8AI score0.99999EPSS
Exploits19References2
RedHat Linux
RedHat Linux
added 2023/10/18 10:16 a.m.3 views

HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)

A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RSTSTREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any...

7.5CVSS6.7AI score0.99999EPSS
Exploits19References10
RedHat Linux
RedHat Linux
added 2023/10/18 3:19 a.m.3 views

golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)

A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RSTSTREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any...

7.5CVSS6.7AI score0.99999EPSS
Exploits19References9
RedHat Linux
RedHat Linux
added 2023/10/17 9:23 a.m.4 views

HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)

A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RSTSTREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any...

7.5CVSS6.7AI score0.99999EPSS
Exploits19References10
Rows per page
Query Builder