11 matches found
K000152389: golang: net/http, x/net/http2 vulnerability CVE-2023-39325
Security Advisory Description A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allo...
Fedora 40 : doctl (2023-72ab10f1de)
The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-72ab10f1de advisory. Automatic update for doctl-1.101.0-2.fc40. Changelog Sat Dec 9 2023 Mikel Olasagasti Uranga - Update to 1.101.0 - Closes rhbz2253730 rhbz2248265 Tenable has...
RHCOS 4 : OpenShift Container Platform 4.12.39 (RHSA-2023:5679)
The remote Red Hat Enterprise Linux CoreOS 4 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:5679 advisory. - golang: net/http, x/net/http2: rapid stream resets can cause excessive work CVE-2023-44487 CVE-2023-39325 - HTTP/2: Multiple HTTP/...
Fedora 38 : golang-github-facebook-time (2024-f99ecead66)
The remote Fedora 38 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-f99ecead66 advisory. Security fix for CVE-2023-39325 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not...
Fedora 39 : golang-x-net (2024-5d8e87ec66)
The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-5d8e87ec66 advisory. update to v0.20.0 for CVE-2023-39325 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that...
Fedora 38 : golang-x-net (2024-0ac454dafc)
The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-0ac454dafc advisory. update to v0.20.0 for CVE-2023-39325 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that...
CentOS 7 : rhc-worker-script enhancement and (RHSA-2023:5835)
The remote CentOS Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:5835 advisory. - A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total...
Fedora 39 : prometheus-podman-exporter (2023-b75ee820ce)
The remote Fedora 39 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-b75ee820ce advisory. release v1.5.0 + security fix for CVE-2023-39325 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that...
Amazon Linux 2 : cni-plugins (ALAS-2023-2325)
The version of cni-plugins installed on the remote host is prior to 1.2.0-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2023-2325 advisory. The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams...
AlmaLinux 9 : grafana (ALSA-2023:5867)
The remote AlmaLinux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2023:5867 advisory. - A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total...
AlmaLinux 8 : grafana (ALSA-2023:5863)
The remote AlmaLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2023:5863 advisory. - A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total...