Lucene search
K

64 matches found

CVE
CVE
added 6 days ago6 views

CVE-2026-59803

The CVE-2026-59803 entry concerns rpcx (up to version 1.9.3) with a denial-of-service flaw in protocol.Message.Decode. When a message carries the compression flag, payloads are gzip-decompressed via util.Unzip without a decompressed-size limit; MaxMessageLength is checked only against the compres...

8.7CVSS6AI score0.00408EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 6 days ago4 views

httpd: httpd: HTTP/2 Remote Denial of Service via compression bomb and Slowloris-style attack

A flaw was found in HTTP/2, affecting various web servers. A remote attacker can exploit this vulnerability by combining an HPACK compression bomb with a zero-byte flow-control window. This technique allows a small amount of data to expand into large memory allocations on the server, which are th...

7.5CVSS7.1AI score0.11471EPSS
Exploits8References6
RedHat Linux
RedHat Linux
added last week7 views

httpd: httpd: HTTP/2 Remote Denial of Service via compression bomb and Slowloris-style attack

A flaw was found in HTTP/2, affecting various web servers. A remote attacker can exploit this vulnerability by combining an HPACK compression bomb with a zero-byte flow-control window. This technique allows a small amount of data to expand into large memory allocations on the server, which are th...

7.5CVSS7.1AI score0.11471EPSS
Exploits8References6
Tenable Nessus
Tenable Nessus
added 2026/06/26 12:0 a.m.11 views

Oracle Linux 9 : mod_http2 (ELSA-2026-22551)

The remote Oracle Linux 9 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2026-22551 advisory. - Resolves: RHEL-182417 - modhttp2: HTTP/2: Remote Denial of Service via compression bomb and Slowloris-style attack CVE-2026-49975 Tenable has extracted the...

7.5CVSS5.9AI score0.11471EPSS
Exploits9References2
Tenable Nessus
Tenable Nessus
added 2026/06/24 12:0 a.m.6 views

Oracle Linux 9 : mod_http2 (ELSA-2026-25057)

The remote Oracle Linux 9 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2026-25057 advisory. - Resolves: RHEL-182417 - modhttp2: HTTP/2: Remote Denial of Service via compression bomb and Slowloris-style attack CVE-2026-49975 Tenable has extracted the...

7.5CVSS5.9AI score0.11471EPSS
Exploits8References2
RedHat Linux
RedHat Linux
added 2026/06/22 3:18 p.m.9 views

httpd: httpd: HTTP/2 Remote Denial of Service via compression bomb and Slowloris-style attack

A flaw was found in HTTP/2, affecting various web servers. A remote attacker can exploit this vulnerability by combining an HPACK compression bomb with a zero-byte flow-control window. This technique allows a small amount of data to expand into large memory allocations on the server, which are th...

7.5CVSS7.1AI score0.11471EPSS
Exploits8References6
RedHat Linux
RedHat Linux
added 2026/06/22 3:13 p.m.6 views

httpd: httpd: HTTP/2 Remote Denial of Service via compression bomb and Slowloris-style attack

A flaw was found in HTTP/2, affecting various web servers. A remote attacker can exploit this vulnerability by combining an HPACK compression bomb with a zero-byte flow-control window. This technique allows a small amount of data to expand into large memory allocations on the server, which are th...

7.5CVSS7.1AI score0.11471EPSS
Exploits8References6
Rockylinux
Rockylinux
added 2026/06/13 12:5 a.m.17 views

mod_http2 security update

An update is available for modhttp2. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The modh2 Apache httpd module implements the HTTP2 protocol h2+h2c on top o...

7.5CVSS5.5AI score0.11471EPSS
Exploits8
OSV
OSV
added 2026/06/13 12:5 a.m.13 views

RLSA-2026:25225 Important: mod_http2 security update

The modh2 Apache httpd module implements the HTTP2 protocol h2+h2c on top of libnghttp2 for httpd 2.4 servers. Security Fixes: httpd: HTTP/2: Remote Denial of Service via compression bomb and Slowloris-style attack CVE-2026-49975 For more details about the security issues, including the impact, a...

7.5CVSS5.3AI score0.11471EPSS
Exploits8References2
Rockylinux
Rockylinux
added 2026/06/13 12:3 a.m.18 views

mod_http2 security update

An update is available for modhttp2. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The modh2 Apache httpd module implements the HTTP2 protocol h2+h2c on top of...

7.5CVSS5.5AI score0.11471EPSS
Exploits8
Tenable Nessus
Tenable Nessus
added 2026/06/12 12:0 a.m.9 views

RockyLinux 10 : mod_http2 (RLSA-2026:25225)

The remote RockyLinux 10 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:25225 advisory. httpd: HTTP/2: Remote Denial of Service via compression bomb and Slowloris-style attack CVE-2026-49975 Tenable has extracted the preceding description block...

7.5CVSS5.9AI score0.11471EPSS
Exploits8References3
RedHat Linux
RedHat Linux
added 2026/06/11 10:46 a.m.20 views

httpd: httpd: HTTP/2 Remote Denial of Service via compression bomb and Slowloris-style attack

A flaw was found in HTTP/2, affecting various web servers. A remote attacker can exploit this vulnerability by combining an HPACK compression bomb with a zero-byte flow-control window. This technique allows a small amount of data to expand into large memory allocations on the server, which are th...

7.5CVSS7.1AI score0.11471EPSS
Exploits8References6
OSV
OSV
added 2026/06/11 12:1 a.m.11 views

RLSA-2026:25090 Important: httpd:2.4 security update

The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: HTTP/2: Remote Denial of Service via compression bomb and Slowloris-style attack CVE-2026-49975 For more details about the security issues, including the impact, a CVSS scor...

7.5CVSS5.4AI score0.11471EPSS
Exploits8References2
Rockylinux
Rockylinux
added 2026/06/11 12:1 a.m.46 views

httpd:2.4 security update

An update is available for modhttp2, module.modmd, module.modhttp2, modmd, module.httpd, httpd. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The httpd package...

7.5CVSS5.5AI score0.11471EPSS
Exploits8
OSV
OSV
added 2026/06/11 12:0 a.m.10 views

ALSA-2026:25225 Important: mod_http2 security update

The modh2 Apache httpd module implements the HTTP2 protocol h2+h2c on top of libnghttp2 for httpd 2.4 servers. Security Fixes: httpd: HTTP/2: Remote Denial of Service via compression bomb and Slowloris-style attack CVE-2026-49975 For more details about the security issues, including the impact, a...

7.5CVSS5.3AI score0.11471EPSS
Exploits8References4
Tenable Nessus
Tenable Nessus
added 2026/06/11 12:0 a.m.33 views

RockyLinux 8 : httpd:2.4 (RLSA-2026:25090)

The remote RockyLinux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:25090 advisory. httpd: HTTP/2: Remote Denial of Service via compression bomb and Slowloris-style attack CVE-2026-49975 Tenable has extracted the preceding description block...

7.5CVSS5.4AI score0.11471EPSS
Exploits8References3
Tenable Nessus
Tenable Nessus
added 2026/06/11 12:0 a.m.20 views

RHEL 10 : mod_http2 (RHSA-2026:25225)

The remote Redhat Enterprise Linux 10 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2026:25225 advisory. The modh2 Apache httpd module implements the HTTP2 protocol h2+h2c on top of libnghttp2 for httpd 2.4 servers. Security Fixes: httpd: HTTP/2: Remot...

7.5CVSS5.5AI score0.11471EPSS
Exploits8References4
RedHat Linux
RedHat Linux
added 2026/06/10 4:54 p.m.19 views

httpd: httpd: HTTP/2 Remote Denial of Service via compression bomb and Slowloris-style attack

A flaw was found in HTTP/2, affecting various web servers. A remote attacker can exploit this vulnerability by combining an HPACK compression bomb with a zero-byte flow-control window. This technique allows a small amount of data to expand into large memory allocations on the server, which are th...

7.5CVSS7.1AI score0.11471EPSS
Exploits8References6
RedHat Linux
RedHat Linux
added 2026/06/10 11:31 a.m.11 views

httpd: httpd: HTTP/2 Remote Denial of Service via compression bomb and Slowloris-style attack

A flaw was found in HTTP/2, affecting various web servers. A remote attacker can exploit this vulnerability by combining an HPACK compression bomb with a zero-byte flow-control window. This technique allows a small amount of data to expand into large memory allocations on the server, which are th...

7.5CVSS7.1AI score0.11471EPSS
Exploits8References6
RedHat Linux
RedHat Linux
added 2026/06/10 11:31 a.m.37 views

Important: Red Hat Security Advisory: mod_http2 security update

An update for modhttp2 is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

7.5CVSS5.5AI score0.11471EPSS
Exploits8References2
Rows per page
Query Builder