K000159034: BIG-IP HTTP/2 vulnerability CVE-2026-42409

Security Advisory Description When an HTTP/2 profile and an iRule containing the HTTP::redirect or HTTP::respond command are configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel TMM process to terminate. CVE-2026-42409 Impact Traffic is disrupted while...

ROS-20260319-73-0002

A vulnerability in the HTTP/2 protocol implementation is related to the ability to generate a stream of requests within an already established network connection, without opening new network connections and without acknowledging the receipt of packets. Exploitation of the vulnerability could allo...

Exploit for CVE-2025-8671

CVE-2025-8671-vulnerability-POC- CVE-2025-8671 vulnerability P...

MiracleLinux 7 : rh-nginx120-nginx-1.20.1-1.0.2.el7.AXS7 (AXSA:2023-6580:01)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2023-6580:01 advisory. HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack Rapid Reset Attack CVE-2023-44487 Tenable has extracted the preceding description...

MiracleLinux 8 : nodejs:18 (AXSA:2023-6526:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-6526:01 advisory. HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack Rapid Reset Attack CVE-2023-44487 A Asianux Security Bulletin which...

Security Bulletin: IBM Storage Ceph is vulnerable to CWE in Golang (CVE-2023-39325)

Summary Golang is used by IBM Storage Ceph in Grafana. CVE-2023-39325 Vulnerability Details CVEID:CVE-2023-39325 DESCRIPTION: A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is...

RockyLinux 8 : nodejs:18 (RLSA-2023:5869)

The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2023:5869 advisory. HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack Rapid Reset Attack CVE-2023-44487 A Rocky Enterprise Software Foundation...

RockyLinux 9 : nodejs:18 (RLSA-2023:5849)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2023:5849 advisory. HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack Rapid Reset Attack CVE-2023-44487 nodejs: integrity checks according to...

tomcat security update

An update is available for tomcat. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages...

Debian dsa-6005 : jetty9 - security update

The remote Debian 12 / 13 host has packages installed that are affected by a vulnerability as referenced in the dsa-6005 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6005-1 [email protected] https://www.debian.org/security/...

Debian dsa-6006 : jetty12 - security update

The remote Debian 13 host has packages installed that are affected by a vulnerability as referenced in the dsa-6006 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6006-1 [email protected] https://www.debian.org/security/ Moritz...

Debian dla-4290 : python3-h2 - security update

The remote Debian 11 host has a package installed that is affected by a vulnerability as referenced in the dla-4290 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-4290-1 [email protected] https://www.debian.org/lts/security/...

Linux Distros Unpatched Vulnerability : CVE-2025-55163

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Netty is an asynchronous, event-driven network application framework. Prior to versions 4.1.124.Final and 4.2.4.Final, Netty is vulnerable to MadeYouReset DDoS...

Improper Resource Shutdown or Release

Overview org.apache.tomcat.embed:tomcat-embed-core is a Core Tomcat implementation. Affected versions of this package are vulnerable to Improper Resource Shutdown or Release via the HTTP/2 Handler. An attacker can cause a denial of service by sending specially crafted requests that exploit improp...

jetty-http2-common: Jetty HTTP/2 Header List Size Vulnerability

A flaw was found in Eclipse Jetty. This vulnerability allows denial of service attack via an HTTP/2 client specifying a very large value for the SETTINGSMAXHEADERLISTSIZE parameter...

ROS-20240708-21

Vulnerability in cURL command line utility is due to bugs in protocol removal logic. Exploitation The exploitation of the vulnerability may allow a remote intruder to gain access to protected information Vulnerability in the HTTP/2 network protocol implementation of the cURL command line utility ...

httpd: CONTINUATION frames DoS

A vulnerability was found in how Apache httpd implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated remote attacker to send packets to vulnerable servers,...

Important: nodejs20

Issue Overview: NOTE: https://nodejs.org/en/blog/vulnerability/april-2024-security-releases/ CVE-2024-27982 An attacker can make the Node.js HTTP/2 server completely unavailable by sending a small amount of HTTP/2 frames packets with a few HTTP/2 frames inside. It is possible to leave some data i...

Important: tomcat9

Issue Overview: Denial of Service via incomplete cleanup vulnerability in Apache Tomcat. It was possible for WebSocket clients to keep WebSocket connections open leading to increased resource consumption.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M16, from 10.1.0-M1 through...

Apache Tomcat Directory Traversal Vulnerability (CNVD-2017-28315)

Apache Tomcat is a popular open source JSP application server program. Apache Tomcat suffers from a security restriction bypass vulnerability in the HTTP/2 implementation, which allows remote attackers to submit specially crafted requests to bypass security restrictions and conduct unauthorized...