Lucene search
K

7 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 4:46 a.m.12 views

CVE-2023-41337

h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. In version 2.3.0-beta2 and prior, when h2o is configured to listen to multiple addresses or ports with each of them using different backend servers managed by multiple entities, a malicious backend entity that also has the...

6.7CVSS6.6AI score0.00181EPSS
Exploits0References1
Circl
Circl
added 2024/01/04 8:41 a.m.7 views

CVE-2023-41337

creationtimestamp| type| source ---|---|--- 2024-01-04 08:41:37+00:00| seen| https://t.me/ctinow/162839...

6.7CVSS6.3AI score0.00181EPSS
Exploits0References1
AlpineLinux
AlpineLinux
added 2023/12/12 8:15 p.m.28 views

CVE-2023-41337

h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. In version 2.3.0-beta2 and prior, when h2o is configured to listen to multiple addresses or ports with each of them using different backend servers managed by multiple entities, a malicious backend entity that also has the...

3.8CVSS6.9AI score0.00181EPSS
Exploits0
UbuntuCve
UbuntuCve
added 2023/12/12 8:15 p.m.28 views

CVE-2023-41337

h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. In version 2.3.0-beta2 and prior, when h2o is configured to listen to multiple addresses or ports with each of them using different backend servers managed by multiple entities, a malicious backend entity that also has the...

6.7CVSS6.6AI score0.00181EPSS
Exploits0References2
Cvelist
Cvelist
added 2023/12/12 7:42 p.m.37 views

CVE-2023-41337 h2o vulnerable to TLS session resumption misdirection

h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. In version 2.3.0-beta2 and prior, when h2o is configured to listen to multiple addresses or ports with each of them using different backend servers managed by multiple entities, a malicious backend entity that also has the...

6.1CVSS6.7AI score0.00181EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2023/12/12 7:42 p.m.34 views

CVE-2023-41337

h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. In version 2.3.0-beta2 and prior, when h2o is configured to listen to multiple addresses or ports with each of them using different backend servers managed by multiple entities, a malicious backend entity that also has the...

6.7CVSS6.5AI score0.00181EPSS
Exploits0
CVE
CVE
added 2023/12/12 7:42 p.m.85 views

CVE-2023-41337

Summary: CVE-2023-41337 affects the H2O HTTP server prior to 2.3.0-beta2 when configured to listen on multiple addresses/ports with backend servers from multiple entities. A malicious backend that can observe/inject client–server packets may misdirect TLS session resumption, causing HTTPS request...

6.7CVSS6.3AI score0.00181EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder