13 matches found
Linux Distros Unpatched Vulnerability : CVE-2024-37890
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ws is an open source WebSocket client and server for Node.js. A request with a number of headers exceeding theserver.maxHeadersCount threshold could be used to...
CLSA-2024-1716915132 httpd: Fix of CVE-2024-27316
CVE-2024-27316: fix HTTP/2 DoS vulnerability caused by memory exhaustion from endless continuation frames: Incoming headers that exceed limits are buffered in nghttp2 to generate an HTTP 413 response...
AZL-38608 CVE-2023-45288 affecting package libcontainers-common for versions less than 20240213-2
An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed MaxHeaderBytes, no...
Allocation of Resources Without Limits or Throttling
Overview std/net/http is a Go standard library package std/net/http Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling. Go Vulnerability Report: An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an...
Curl 安全漏洞
Curl is a tool for transferring data from or to a server. A security vulnerability exists in Curl versions 7.44.0 through 8.6.0 that stems from allowing HTTP/2 pushes. libcurl aborts server pushes when the number of received push headers exceeds the maximum allowable limit 1000, which, when...
ALPINE-CVE-2023-38039
When curl retrieves an HTTP response, it stores the incoming headers so that they can be accessed later via the libcurl headers API. However, curl did not have a limit in how many or how large headers it would accept in a response, allowing a malicious server to stream an endless series of header...
Allocation of Resources Without Limits or Throttling
Overview std/mime/multipart is a Go standard library package std/mime/multipart Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling. Go Vulnerability Report: Multipart form parsing can consume large amounts of CPU and memory when processing for...
SUSE CVE-2018-7284
A Buffer Overflow issue was discovered in Asterisk through 13.19.1, 14.x through 14.7.5, and 15.x through 15.2.1, and Certified Asterisk through 13.18-cert2. When processing a SUBSCRIBE request, the respjsippubsub module stores the accepted formats present in the Accept headers of the request. Th...
CVE-2022-2879
Reader.Read does not set a limit on the maximum size of file headers. A maliciously crafted archive could cause Read to allocate unbounded amounts of memory, potentially causing resource exhaustion or panics. After fix, Reader.Read limits the maximum size of header blocks to 1 MiB...
UBUNTU-CVE-2018-7284
A Buffer Overflow issue was discovered in Asterisk through 13.19.1, 14.x through 14.7.5, and 15.x through 15.2.1, and Certified Asterisk through 13.18-cert2. When processing a SUBSCRIBE request, the respjsippubsub module stores the accepted formats present in the Accept headers of the request. Th...
Scientific Linux Security Update : tomcat6 on SL6.x (20120411)
Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages JSP technologies. It was found that the Java hashCode method implementation was susceptible to predictable hash collisions. A remote attacker could use this flaw to cause Tomcat to use an excessive amount of CPU time b...
Moderate: Red Hat Security Advisory: tomcat6 security update
Updated tomcat6 packages that fix two security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are...
IBM WebSphere DoS
There is no limit for HTTP headers...