Lucene search
K

1355 matches found

OSV
OSV
added 2021/06/30 8:15 a.m.0 views

UBUNTU-CVE-2021-32567

Improper Input Validation vulnerability in HTTP/2 of Apache Traffic Server allows an attacker to DOS the server. This issue affects Apache Traffic Server 7.0.0 to 7.1.12, 8.0.0 to 8.1.1, 9.0.0 to 9.0.1...

7.5CVSS5.8AI score0.02447EPSS
Exploits0References6
CNNVD
CNNVD
added 2021/06/30 12:0 a.m.4 views

Apache Traffic Server 输入验证错误漏洞

Apache Traffic Server or ATS or TS for short , is a high-performance , modular HTTP proxy and caching server . An improper input validation vulnerability exists in HTTP/2 in Apache Traffic Server versions 7.0.0 - 7.1.12, 8.0.0 - 8.1.1, 9.0.0 - 9.0.1. An attacker could exploit this vulnerability t...

7.5CVSS5.7AI score0.02515EPSS
Exploits0References6
CNNVD
CNNVD
added 2021/06/30 12:0 a.m.12 views

Apache Traffic Server 输入验证错误漏洞

Apache Traffic Server or ATS or TS for short , is a high-performance , modular HTTP proxy and caching server . An improper input validation vulnerability exists in HTTP/2 in Apache Traffic Server versions 7.0.0 - 7.1.12, 8.0.0 - 8.1.1, 9.0.0 - 9.0.1. An attacker could exploit this vulnerability t...

7.5CVSS5.7AI score0.02447EPSS
Exploits0References6
OSV
OSV
added 2021/06/29 7:18 p.m.5 views

USN-4866-1 netty vulnerabilities

It was discovered that Netty incorrectly implements HTTP/2. An attacker could possibly use this issue to cause a denial of service. CVE-2019-9512, CVE-2019-9514, CVE-2019-9515, CVE-2019-9518...

7.8CVSS7.1AI score0.87806EPSS
Exploits1References5
Microsoft CVE
Microsoft CVE
added 2021/06/06 12:0 a.m.5 views

All versions of Node.js 8.x 9.x and 10.x are vulnerable and the severity is HIGH. An attacker can cause a denial of service (DoS) by causing a node server providing an http2 server to crash. This can be accomplished by interacting with the http2 server in a manner that triggers a cleanup bug where objects are used in native code after they are no longer available. This has been addressed by updating the http2 implementation.

...

7.8CVSS9.3AI score0.07855EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2021/05/26 9:49 p.m.8 views

netty: possible request smuggling in HTTP/2 due missing validation

In Netty io.netty:netty-codec-http2 before version 4.1.60.Final there is a vulnerability that enables request smuggling. If a Content-Length header is present in the original HTTP/2 request, the field is not validated by Http2MultiplexHandler as it is propagated up. This is fine as long as the...

5.9CVSS7.4AI score0.18891EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2021/05/20 12:0 a.m.4 views

PT-2021-18151 · Envoy · Envoy

Name of the Vulnerable Software and Affected Versions: Envoy version 1.14.0 Description: An issue was discovered that allows for a remotely exploitable crash for HTTP2 Metadata. This occurs because an empty METADATA map triggers a Reachable Assertion. Recommendations: For Envoy version 1.14.0, at...

7.5CVSS7.3AI score0.01738EPSS
Exploits0References14
OSV
OSV
added 2021/05/14 1:15 a.m.6 views

CVE-2021-31922

An HTTP Request Smuggling vulnerability in Pulse Secure Virtual Traffic Manager before 21.1 could allow an attacker to smuggle an HTTP request through an HTTP/2 Header. This vulnerability is resolved in 21.1, 20.3R1, 20.2R1, 20.1R2, 19.2R4, and 18.2R3...

7.5CVSS5.8AI score0.00973EPSS
Exploits1References1
RedHat Linux
RedHat Linux
added 2021/04/22 9:3 a.m.2 views

envoyproxy/envoy: crash with empty HTTP/2 metadata map

A flaw was found in envoyproxy. An attacker, able to craft an HTTP2 request that specifies an empty metadata map, can crash envoy resulting in a denial of service due to the null reference. The highest threat from this vulnerability is to system availability...

7.5CVSS5.7AI score0.01738EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2021/04/22 12:0 a.m.14 views

PT-2021-3712 · Apache +3 · Apache Http Server +4

Name of the Vulnerable Software and Affected Versions: Apache HTTP Server versions 2.4.47 mod http2 version 1.15.17 Description: The issue is related to the HTTP/2 protocol handler in the Apache HTTP Server, which checks received request headers against size limitations. If these restrictions are...

9.8CVSS6.4AI score0.81466EPSS
Exploits4References97
RedHat Linux
RedHat Linux
added 2021/03/31 9:38 a.m.2 views

netty: possible request smuggling in HTTP/2 due missing validation

In Netty io.netty:netty-codec-http2 before version 4.1.60.Final there is a vulnerability that enables request smuggling. If a Content-Length header is present in the original HTTP/2 request, the field is not validated by Http2MultiplexHandler as it is propagated up. This is fine as long as the...

5.9CVSS7.4AI score0.18891EPSS
Exploits0References5
BDU FSTEC
BDU FSTEC
added 2021/03/21 12:0 a.m.6 views

The vulnerability of the mod_http2 module in the Apache HTTP Server, related to the assignment of the zero pointer, allows a hacker to trigger a denial-of-service attack.

The vulnerability of the modhttp2 module in the Apache HTTP Server is related to incorrect handling of HTTP/2 requests. Exploiting this vulnerability can allow a remote attacker to cause service interruptions...

7.5CVSS6.8AI score0.53939EPSS
Exploits0References5Affected Software2
BDU FSTEC
BDU FSTEC
added 2021/03/21 12:0 a.m.3 views

The vulnerability of the HTTP/2 stream in the Apache HTTP Server, related to pointer dereferencing errors, allows attackers to cause a service failure.

The vulnerability of the HTTP/2 stream in the Apache HTTP Server is related to incorrect writing of the zero pointer. Exploiting this vulnerability allows a remote attacker to cause service interruptions...

5.3CVSS6.8AI score0.13436EPSS
Exploits0References10Affected Software4
RedHat Linux
RedHat Linux
added 2021/03/15 2:59 p.m.1 views

nodejs: HTTP2 'unknownProtocol' cause DoS by resource exhaustion

A flaw was found in nodejs. When too many connection attempts with an 'unknownProtocol' are established a leak of file descriptors can occur leading to a potential denial of service. If a file descriptor limit is configured on the system, then the server is unable to accept new connections and...

7.8CVSS7.3AI score0.77385EPSS
Exploits0References4
CNNVD
CNNVD
added 2021/03/09 12:0 a.m.4 views

Netty 环境问题漏洞

Netty is a non-blocking I/O client-server framework from the Netty community that is primarily used to develop Java web applications such as protocol servers and clients. Netty suffers from an environmental issue vulnerability that stems from requests being converted to HTTP 1.1 objects when pass...

5.9CVSS6.5AI score0.18891EPSS
Exploits0References128
RedHat Linux
RedHat Linux
added 2021/03/08 10:36 a.m.2 views

nodejs: HTTP2 'unknownProtocol' cause DoS by resource exhaustion

A flaw was found in nodejs. When too many connection attempts with an 'unknownProtocol' are established a leak of file descriptors can occur leading to a potential denial of service. If a file descriptor limit is configured on the system, then the server is unable to accept new connections and...

7.8CVSS7.3AI score0.77385EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2021/03/08 10:31 a.m.7 views

nodejs: HTTP2 'unknownProtocol' cause DoS by resource exhaustion

A flaw was found in nodejs. When too many connection attempts with an 'unknownProtocol' are established a leak of file descriptors can occur leading to a potential denial of service. If a file descriptor limit is configured on the system, then the server is unable to accept new connections and...

7.8CVSS7.3AI score0.77385EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2021/03/08 10:27 a.m.2 views

nodejs: HTTP2 'unknownProtocol' cause DoS by resource exhaustion

A flaw was found in nodejs. When too many connection attempts with an 'unknownProtocol' are established a leak of file descriptors can occur leading to a potential denial of service. If a file descriptor limit is configured on the system, then the server is unable to accept new connections and...

7.8CVSS7.3AI score0.77385EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2021/03/08 10:23 a.m.3 views

nodejs: HTTP2 'unknownProtocol' cause DoS by resource exhaustion

A flaw was found in nodejs. When too many connection attempts with an 'unknownProtocol' are established a leak of file descriptors can occur leading to a potential denial of service. If a file descriptor limit is configured on the system, then the server is unable to accept new connections and...

7.8CVSS7.3AI score0.77385EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2021/03/04 4:3 p.m.3 views

nodejs: HTTP2 'unknownProtocol' cause DoS by resource exhaustion

A flaw was found in nodejs. When too many connection attempts with an 'unknownProtocol' are established a leak of file descriptors can occur leading to a potential denial of service. If a file descriptor limit is configured on the system, then the server is unable to accept new connections and...

7.8CVSS7.3AI score0.77385EPSS
Exploits0References4
Rows per page
Query Builder