HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)

A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RSTSTREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any...

Denial Of Service (DoS)

directus is vulnerable to Denial Of Service DoS. The vulnerability exists because invalid websocket frames are not properly handled which allows an attacker to crash the application...

HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)

A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RSTSTREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any...

An issue was discovered in drivers/net/ethernet/intel/igb/igb_main.c in the IGB driver in the Linux kernel before 6.5.3. A buffer size may not be adequate for frames larger than the MTU.

...

HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)

A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RSTSTREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any...

Directus Security Vulnerabilities

Directus is a real-time Api and application dashboard. It is used to manage Sql database content. A security vulnerability exists in Directus that stems from the fact that any Websocket-enabled Directus installation may crash if the Websocket server receives invalid frames...

HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)

A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RSTSTREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any...

HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)

A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RSTSTREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any...

DEBIAN-CVE-2023-39456

Improper Input Validation vulnerability in Apache Traffic Server with malformed HTTP/2 frames.This issue affects Apache Traffic Server: from 9.0.0 through 9.2.2. Users are recommended to upgrade to version 9.2.3, which fixes the issue...

Input validation

Improper Input Validation vulnerability in Apache Traffic Server with malformed HTTP/2 frames.This issue affects Apache Traffic Server: from 9.0.0 through 9.2.2. Users are recommended to upgrade to version 9.2.3, which fixes the issue...

UBUNTU-CVE-2023-39456

Improper Input Validation vulnerability in Apache Traffic Server with malformed HTTP/2 frames.This issue affects Apache Traffic Server: from 9.0.0 through 9.2.2. Users are recommended to upgrade to version 9.2.3, which fixes the issue...

CVE-2023-39456 Apache Traffic Server: Malformed http/2 frames can cause an abort

Improper Input Validation vulnerability in Apache Traffic Server with malformed HTTP/2 frames.This issue affects Apache Traffic Server: from 9.0.0 through 9.2.2. Users are recommended to upgrade to version 9.2.3, which fixes the issue...

CVE-2023-39456 Apache Traffic Server: Malformed http/2 frames can cause an abort

Improper Input Validation vulnerability in Apache Traffic Server with malformed HTTP/2 frames.This issue affects Apache Traffic Server: from 9.0.0 through 9.2.2. Users are recommended to upgrade to version 9.2.3, which fixes the issue...

CVE-2023-39456

Improper Input Validation vulnerability in Apache Traffic Server with malformed HTTP/2 frames.This issue affects Apache Traffic Server: from 9.0.0 through 9.2.2. Users are recommended to upgrade to version 9.2.3, which fixes the issue...

PT-2023-26958 · Apache · Apache Traffic Server

Name of the Vulnerable Software and Affected Versions: Apache Traffic Server versions 9.0.0 through 9.2.2 Description: The issue is related to an Improper Input Validation vulnerability in Apache Traffic Server, specifically with malformed HTTP/2 frames. Users are recommended to upgrade to a fixe...

HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)

A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RSTSTREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any...

Ubuntu 18.04 ESM : Netty vulnerabilities (USN-4866-1)

The remote Ubuntu 18.04 ESM host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-4866-1 advisory. It was discovered that Netty incorrectly implements HTTP/2. An attacker could possibly use this issue to cause a denial of service. CVE-2019-9512,...

AZL-31567 CVE-2023-45871 affecting package kernel for versions less than 5.15.135.1-2

An issue was discovered in drivers/net/ethernet/intel/igb/igbmain.c in the IGB driver in the Linux kernel before 6.5.3. A buffer size may not be adequate for frames larger than the MTU...

Linux kernel security vulnerabilities

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in versions of Linux kernel prior to 6.5.3, which stems from a buffer size that may be insufficient for frames larger than the MTU...

PT-2023-6292

Name of the Vulnerable Software and Affected Versions Apache HTTP Server versions prior to 2.4.58 Description The issue is related to the handling of HTTP/2 streams in the Apache HTTP Server. When a client resets an HTTP/2 stream using an RST frame, there is a time window where the request's memo...