32 matches found
CVE-2026-54399
A flaw was found in Apache HttpComponents Core. This uncontrolled resource consumption vulnerability in the HTTP/1.1 message parser allows a remote attacker to cause a denial of service through memory exhaustion. This can be triggered by sending messages with an excessive number of headers or...
DEBIAN-CVE-2026-54399
Uncontrolled Resource Consumption vulnerability in the HTTP/1.1 message parser in Apache HttpComponents Core 5.4.2 and earlier, 5.5-beta1 and earlier allows an remote attacker to cause a denial of service through memory exhaustion by sending messages with excessive number of headers / excessive...
CVE-2026-54399
Uncontrolled Resource Consumption vulnerability in the HTTP/1.1 message parser in Apache HttpComponents Core 5.4.2 and earlier, 5.5-beta1 and earlier allows an remote attacker to cause a denial of service through memory exhaustion by sending messages with excessive number of headers / excessive...
CVE-2026-54399 Apache HttpComponents Core: Unbounded HTTP Header/Line Length in Default Configuration
Uncontrolled Resource Consumption vulnerability in the HTTP/1.1 message parser in Apache HttpComponents Core 5.4.2 and earlier, 5.5-beta1 and earlier allows an remote attacker to cause a denial of service through memory exhaustion by sending messages with excessive number of headers / excessive...
CVE-2026-34516
AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, a response with an excessive number of multipart headers may be allowed to use more memory than intended, potentially allowing a DoS vulnerability. This issue has been patched in version 3.13....
CVE-2025-71031
CVE-2025-71031 affects Water-Melon Melon prior to commit 9df9292. The HTTP component lacks a maximum header length, enabling a crafted header to exhaust RAM and cause a Denial of Service. CVSS v3.1 base score 7.5 (HIGH) with network access, low attack complexity, no privileges required, no user i...
SUSE CVE-2025-52887
cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. In version 0.21.0, when many http headers fields are passed in, the library does not limit the number of headers, and the memory associated with the headers will not be released when the connection is disconnected...
CVE-1999-0393
Remote attackers can cause a denial of service in Sendmail 8.8.x and 8.9.2 by sending messages with a large number of headers...
SUSE-SU-2025:0299-1 Security update for ignition
This update for ignition fixes the following issues: CVE-2023-45288: Fixed unclosed connections when receiving too many headers in golang.org/x/net/http2 bsc1236518...
Medium: dovecot
Issue Overview: Dovecot reports: A DoS is possible with a large number of address headers or abnormally large email headers. CVE-2024-23184 Dovecot reports: A DoS is possible with a large number of address headers or abnormally large email headers. CVE-2024-23185 Affected Packages: dovecot Issue...
tomcat: Improper Handling of Exceptional Conditions
A vulnerability was found in Apache Tomcat. When processing an HTTP/2 stream, Tomcat did not handle some cases of excessive HTTP headers correctly. This issue led to a miscounting of active HTTP/2 streams, which in turn led to using an incorrect infinite timeout that allowed connections to remain...
tomcat: Improper Handling of Exceptional Conditions
A vulnerability was found in Apache Tomcat. When processing an HTTP/2 stream, Tomcat did not handle some cases of excessive HTTP headers correctly. This issue led to a miscounting of active HTTP/2 streams, which in turn led to using an incorrect infinite timeout that allowed connections to remain...
tomcat: Improper Handling of Exceptional Conditions
A vulnerability was found in Apache Tomcat. When processing an HTTP/2 stream, Tomcat did not handle some cases of excessive HTTP headers correctly. This issue led to a miscounting of active HTTP/2 streams, which in turn led to using an incorrect infinite timeout that allowed connections to remain...
PT-2024-5814 · Dovecot +10 · Dovecot Imap Server +10
Name of the Vulnerable Software and Affected Versions: Dovecot IMAP Server versions 2.2 through 2.3.20 Description: The issue is related to the excessive CPU usage caused by a large number of address headers in emails, which can be exploited by external actors to consume system resources and caus...
Important: tomcat
Issue Overview: Improper Handling of Exceptional Conditions, Uncontrolled Resource Consumption vulnerability in Apache Tomcat. When processing an HTTP/2 stream, Tomcat did not handle some cases of excessive HTTP headers correctly. This led to a miscounting of active HTTP/2 streams which in turn l...
tomcat: Improper Handling of Exceptional Conditions
A vulnerability was found in Apache Tomcat. When processing an HTTP/2 stream, Tomcat did not handle some cases of excessive HTTP headers correctly. This issue led to a miscounting of active HTTP/2 streams, which in turn led to using an incorrect infinite timeout that allowed connections to remain...
tomcat: Improper Handling of Exceptional Conditions
A vulnerability was found in Apache Tomcat. When processing an HTTP/2 stream, Tomcat did not handle some cases of excessive HTTP headers correctly. This issue led to a miscounting of active HTTP/2 streams, which in turn led to using an incorrect infinite timeout that allowed connections to remain...
tomcat: Improper Handling of Exceptional Conditions
A vulnerability was found in Apache Tomcat. When processing an HTTP/2 stream, Tomcat did not handle some cases of excessive HTTP headers correctly. This issue led to a miscounting of active HTTP/2 streams, which in turn led to using an incorrect infinite timeout that allowed connections to remain...
Important: tomcat9
Issue Overview: Improper Handling of Exceptional Conditions, Uncontrolled Resource Consumption vulnerability in Apache Tomcat. When processing an HTTP/2 stream, Tomcat did not handle some cases of excessive HTTP headers correctly. This led to a miscounting of active HTTP/2 streams which in turn l...
CVE-2024-34750
CVE-2024-34750 affects Apache Tomcat across multiple lines of the 9.x, 10.x, and 11.x series, where improper handling of HTTP/2 streams leads to miscounting active streams and the use of an infinite timeout, allowing connections to remain open. Root cause: during HTTP/2 processing, Tomcat fails t...