CVE-2024-53270 HTTP/1: sending overload crashes when the request is reset beforehand in envoy

Envoy is a cloud-native high-performance edge/middle/service proxy. In affected versions sendOverloadError is going to assume the active request exists when envoy.loadshedpoints.http1serverabortdispatch is configured. If activerequest is nullptr, only onMessageBeginImpl is called. However, the...

K97045220: BIG-IP LTM HTTP/2 desync attacks: malicious CRLF placement security exposure

Security Advisory Description Multiple desync attacks have been discovered. For more information refer to the following related articles: K27144609: Overview of HTTP/2 desync attacks K30341203: BIG-IP LTM and NGINX are not exposed to certain desync attacks K63312282: BIG-IP LTM HTTP/2 desync...

Cross-Site Request Forgery (CSRF)

github.com/mittwald/kube-httpcache is vulnerable to cross-site request forgery. The vulnerability exists when the HTTP/2 protocol is turned on, allowing an attacker to introduce characters through the HTTP/2 pseudo-headers that are invalid in the context of an HTTP/1 request line, causing the...

varnish -- HTTP/2 Request Forgery Vulnerability

Varnish Cache Project reports: A request forgery attack can be performed on Varnish Cache servers that have the HTTP/2 protocol turned on. An attacker may introduce characters through the HTTP/2 pseudo-headers that are invalid in the context of an HTTP/1 request line, causing the Varnish server t...

Denial Of Service (DoS)

varnish cache is vulnerable to denial of service. A remote attacker is able to crash the application by sending malicious HTTP/1 requests processed on the same HTTP/1 keep-alive connection. This causes Varnish to restart with a clean cache, resulting in a denial of service condition...

Moderate: varnish:6 security, bug fix, and enhancement update

Varnish Cache is a high-performance HTTP accelerator. It stores web pages in memory so web servers don't have to create the same web page over and over again, giving the website a significant speed up. The following packages have been upgraded to a later upstream version: varnish 6.0.6. BZ1795673...

Security update for varnish (moderate)

openSUSE Security Update: Security update for varnish Announcement ID: openSUSE-SU-2019:2221-1 Rating: moderate References: 1149382 Cross-References: CVE-2019-15892 Affected Products: openSUSE Backports SLE-15-SP1 openSUSE Backports SLE-15 An update that fixes one vulnerability is now available...

openSUSE: Security Advisory for varnish (openSUSE-SU-2019:2184-1)

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

openSUSE Security Update : varnish (openSUSE-2019-2184)

This update for varnish fixes the following issues : Security issue fixed : - CVE-2019-15892: Fixed a potential denial of service by sending crafted HTTP/1 requests boo1149382. Non-security issues fixed : - Updated the package to release 6.2.1. - Added a thread pool watchdog which will restart th...