Lucene search
K

1355 matches found

Positive Technologies
Positive Technologies
added 2022/08/10 12:0 a.m.2 views

PT-2022-17498 · Apache · Apache Traffic Server

Name of the Vulnerable Software and Affected Versions: Apache Traffic Server versions 8.0.0 through 9.1.2 Description: The issue is related to an Improper Input Validation vulnerability in the HTTP/2 request validation of Apache Traffic Server. This allows an attacker to create smuggle or cache...

7.5CVSS7.2AI score0.01886EPSS
Exploits0References26
Positive Technologies
Positive Technologies
added 2022/08/10 12:0 a.m.3 views

PT-2022-20925 · Apache · Apache Traffic Server

Name of the Vulnerable Software and Affected Versions: Apache Traffic Server versions 8.0.0 through 9.1.2 Description: The issue is related to improper input validation in HTTP/2 header parsing, allowing an attacker to smuggle requests. Recommendations: For Apache Traffic Server versions 8.0.0...

7.5CVSS6.1AI score0.01886EPSS
Exploits0References28
OSV
OSV
added 2022/08/04 6:15 p.m.5 views

CVE-2022-35236

In BIG-IP Versions 16.1.x before 16.1.2.2, 15.1.x before 15.1.6.1, and 14.1.x before 14.1.5, when an HTTP2 profile is configured on a virtual server, undisclosed traffic can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support EoTS...

7.5CVSS5.8AI score0.00668EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2022/08/03 2:0 p.m.2 views

CVE-2022-35236

In BIG-IP Versions 16.1.x before 16.1.2.2, 15.1.x before 15.1.6.1, and 14.1.x before 14.1.5, when an HTTP2 profile is configured on a virtual server, undisclosed traffic can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support EoTS...

7.5CVSS5.8AI score0.00668EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2022/08/03 12:0 a.m.4 views

F5 BIG-IP 资源管理错误漏洞

F5 BIG-IP is an application delivery platform from F5 that integrates network traffic orchestration, load balancing, intelligent DNS, remote access policy management, etc. A denial of service vulnerability exists in the F5 BIG-IP HTTP2 profile, which stems from the fact that when configuring the...

7.5CVSS5.8AI score0.00668EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2022/07/15 12:0 a.m.2 views

PT-2022-10741 · Undertow · Undertow

Name of the Vulnerable Software and Affected Versions: Undertow versions prior to 2.2.15 Final Description: A flaw was found in Undertow that tripped the client-side invocation timeout with certain calls made over HTTP2. This flaw allows an attacker to carry out denial of service attacks...

7.5CVSS7.2AI score0.01287EPSS
Exploits0References19
RedHat Linux
RedHat Linux
added 2022/07/07 2:19 p.m.1 views

undertow: client side invocation timeout raised when calling over HTTP2

A flaw was found in Undertow that tripped the client-side invocation timeout with certain calls made over HTTP2. This flaw allows an attacker to carry out denial of service attacks...

7.5CVSS5.7AI score0.01287EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2022/07/07 2:19 p.m.3 views

tomcat: Request mix-up with h2c

A flaw was found in Apache Tomcat. When responding to new h2c connection requests, Apache Tomcat could duplicate request headers and a limited amount of request body from one request to another meaning user A and user B could both see the results of user A's request. The highest threat from this...

7.5CVSS6.8AI score0.18114EPSS
Exploits1References8
RedHat Linux
RedHat Linux
added 2022/07/05 2:41 p.m.3 views

netty: Request smuggling via content-length header

A flaw was found in Netty. There is an issue where the content-length header is not validated correctly if the request uses a single Http2HeaderFrame with the endstream set to true. This flaw leads to request smuggling if the request is proxied to a remote peer and translated to HTTP/1.1. The...

5.9CVSS7.1AI score0.04935EPSS
Exploits0References5
OSV
OSV
added 2022/06/01 6:0 p.m.4 views

CLSA-2022-1654106434 Fixed CVEs in httpd-39.module_el8.4.0+2047+54659116.1.tuxcare.els5: CVE-2020-35452, CVE-2021-33193

CVE-2020-35452: modauthdigest: fix a single zero byte stack overflow 1968278 - CVE-2021-33193: fix request splitting via HTTP/2 method injection and modproxy 1972491...

7.5CVSS6.8AI score0.53191EPSS
Exploits1References1
OSV
OSV
added 2022/05/24 7:15 p.m.1 views

DEBIAN-CVE-2021-3597

A flaw was found in undertow. The HTTP2SourceChannel fails to write the final frame under some circumstances, resulting in a denial of service. The highest threat from this vulnerability is availability. This flaw affects Undertow versions prior to 2.0.35.SP1, prior to 2.2.6.SP1, prior to...

5.9CVSS6.5AI score0.01061EPSS
Exploits0References1
OSV
OSV
added 2022/05/24 7:15 p.m.1 views

DEBIAN-CVE-2021-3629

A flaw was found in Undertow. A potential security issue in flow control handling by the browser over http/2 may potentially cause overhead or a denial of service in the server. The highest threat from this vulnerability is availability. This flaw affects Undertow versions prior to 2.0.40.Final a...

5.9CVSS6.2AI score0.01175EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2022/05/24 7:15 p.m.2 views

CVE-2021-3597

A flaw was found in undertow. The HTTP2SourceChannel fails to write the final frame under some circumstances, resulting in a denial of service. The highest threat from this vulnerability is availability. This flaw affects Undertow versions prior to 2.0.35.SP1, prior to 2.2.6.SP1, prior to...

5.9CVSS5.4AI score0.01061EPSS
Exploits0References3
OSV
OSV
added 2022/05/24 7:15 p.m.1 views

UBUNTU-CVE-2021-3629

A flaw was found in Undertow. A potential security issue in flow control handling by the browser over http/2 may potentially cause overhead or a denial of service in the server. The highest threat from this vulnerability is availability. This flaw affects Undertow versions prior to 2.0.40.Final a...

5.9CVSS6.6AI score0.01175EPSS
Exploits0References3
Snyk
Snyk
added 2022/05/24 5:38 p.m.1 views

Denial of Service (DoS)

Overview Microsoft.AspNetCore.App.Runtime.win-arm64 is a package providing a default set of APIs for building an ASP.NET Core application. Contains assets used for self-contained deployments. Affected versions of this package are vulnerable to Denial of Service DoS due to the way the Kestrel web...

7.5CVSS7AI score0.04908EPSS
Exploits0References2
Snyk
Snyk
added 2022/05/24 5:38 p.m.4 views

Denial of Service (DoS)

Overview Microsoft.AspNetCore.App.Runtime.win-arm is a package providing a default set of APIs for building an ASP.NET Core application. Contains assets used for self-contained deployments. Affected versions of this package are vulnerable to Denial of Service DoS due to the way the Kestrel web...

7.5CVSS7.7AI score0.04908EPSS
Exploits0References2
Snyk
Snyk
added 2022/05/24 5:38 p.m.2 views

Denial of Service (DoS)

Overview Microsoft.AspNetCore.App.Runtime.linux-x64 is a package providing a default set of APIs for building an ASP.NET Core application. Contains assets used for self-contained deployments. Affected versions of this package are vulnerable to Denial of Service DoS due to the way the Kestrel web...

7.5CVSS7AI score0.04908EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2022/04/13 3:33 p.m.2 views

golang: net/http: limit growth of header canonicalization cache

There's an uncontrolled resource consumption flaw in golang's net/http library in the canonicalHeader function. An attacker who submits specially crafted requests to applications linked with net/http's http2 functionality could cause excessive resource consumption that could lead to a denial of...

7.5CVSS7.2AI score0.03958EPSS
Exploits0References5
CNNVD
CNNVD
added 2022/04/06 12:0 a.m.4 views

Red Hat Undertow 资源管理错误漏洞

Red Hat Undertow is a Java-based embedded web server from Red Hat and is the default web server for Wildfly Java Application Server. Red Hat Undertow suffers from a security vulnerability that stems from a potential security issue in HTTP/2 flow control could lead to DOS...

7.5CVSS7AI score0.01033EPSS
Exploits0References9
RedHat Linux
RedHat Linux
added 2022/03/24 3:21 p.m.1 views

golang: net/http: limit growth of header canonicalization cache

There's an uncontrolled resource consumption flaw in golang's net/http library in the canonicalHeader function. An attacker who submits specially crafted requests to applications linked with net/http's http2 functionality could cause excessive resource consumption that could lead to a denial of...

7.5CVSS7.2AI score0.03958EPSS
Exploits0References5
Rows per page
Query Builder