Lucene search
K

1354 matches found

RedHat Linux
RedHat Linux
added 2020/06/22 12:28 p.m.4 views

httpd: mod_http2: read-after-free on a string compare

A vulnerability was found in Apache HTTP Server 2.4.17 to 2.4.38. Using fuzzed network input, the http/2 request handling could be made to access freed memory in string comparison when determining the method of a request and thus process the request incorrectly...

5.3CVSS7AI score0.193EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2020/06/11 6:50 a.m.0 views

nghttp2: overly large SETTINGS frames can lead to DoS

A resource consumption vulnerability was found in nghttp2. This flaw allows an attacker to repeatedly construct an overly large HTTP/2 SETTINGS frame with a length of 14,400 bytes that causes excessive CPU usage, leading to a denial of service...

7.5CVSS7.2AI score0.05316EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2020/05/18 10:24 a.m.5 views

HTTP/2: flood using SETTINGS frames results in unbounded memory growth

A flaw was found in HTTP/2. Using SETTINGS frames and queuing of SETTINGS ACK frames, a flood could occur resulting in unbounded memory growth. The highest threat from this vulnerability is to system availability...

7.8CVSS7.1AI score0.87806EPSS
Exploits0References7
BDU FSTEC
BDU FSTEC
added 2020/05/13 12:0 a.m.3 views

The vulnerability of the hpack_dht_insert function in the HAProxy networking software library, located in the hpack-tbl.c file, allows for unauthorized access to confidential data by exceeding the allowed buffer size. This vulnerability enables attackers to cause service failures or compromise data integrity.

The vulnerability of the hpackdhtinsert function in the HAProxy networking software library is related to the execution of operations within acceptable buffer data limits. Exploiting this vulnerability could allow an attacker to gain unauthorized access to confidential data, cause service failure...

9CVSS7.7AI score0.60727EPSS
Exploits0References9Affected Software7
CNVD
CNVD
added 2020/05/07 12:0 a.m.2 views

F5 BIG-IP Input Validation Error Vulnerability (CNVD-2020-36273)

F5 BIG-IP is an application delivery platform from F5 USA that integrates network traffic management, application security management, load balancing and other functions. An input validation error vulnerability exists in F5 BIG-IP versions 15.1.0 through 15.1.0.1, 15.0.0 through 15.0.1.2, and...

7.5CVSS6.7AI score0.0124EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2020/05/04 10:18 a.m.3 views

haproxy: HTTP/2 implementation vulnerable to intermediary encapsulation attacks

The HTTP/2 implementation in HAProxy before 2.0.10 mishandles headers, as demonstrated by carriage return CR, ASCII 0xd, line feed LF, ASCII 0xa, and the zero character NUL, ASCII 0x0, aka Intermediary Encapsulation Attacks...

9.8CVSS5.8AI score0.03955EPSS
Exploits0References4
OSV
OSV
added 2020/04/30 8:15 p.m.2 views

CVE-2020-5871

On BIG-IP 14.1.0-14.1.2.3, undisclosed requests can lead to a denial of service DoS when sent to BIG-IP HTTP/2 virtual servers. The problem can occur when ciphers, which have been blacklisted by the HTTP/2 RFC, are used on backend servers. This is a data-plane issue. There is no control-plane...

7.5CVSS5.8AI score0.01044EPSS
Exploits0References1
OSV
OSV
added 2020/04/27 10:15 p.m.2 views

UBUNTU-CVE-2020-9481

Apache ATS 6.0.0 to 6.2.3, 7.0.0 to 7.1.9, and 8.0.0 to 8.0.6 is vulnerable to a HTTP/2 slow read attack...

7.5CVSS7.1AI score0.02387EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2020/04/10 12:0 a.m.4 views

The vulnerability of the HTTP/2 module of the Apache Traffic Server allows attackers to compromise the confidentiality, integrity, and accessibility of data.

The vulnerability of the HTTP/2 module in the Apache Traffic Server exists due to improper handling of HTTP/2 requests. Exploiting this vulnerability allows a remote attacker to compromise the confidentiality, integrity, and accessibility of data...

7.8CVSS7.3AI score0.04561EPSS
Exploits0References5Affected Software1
RedHat Linux
RedHat Linux
added 2020/04/07 7:44 p.m.3 views

haproxy: HTTP/2 implementation vulnerable to intermediary encapsulation attacks

The HTTP/2 implementation in HAProxy before 2.0.10 mishandles headers, as demonstrated by carriage return CR, ASCII 0xd, line feed LF, ASCII 0xa, and the zero character NUL, ASCII 0x0, aka Intermediary Encapsulation Attacks...

9.8CVSS5.8AI score0.03955EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2020/04/06 7:9 p.m.4 views

httpd: read-after-free in h2 connection shutdown

A read-after-free vulnerability was discovered in Apache httpd, in modhttp2. A specially crafted http/2 client session could cause the server to read memory that was previously freed during connection shutdown, potentially leading to a crash...

9.1CVSS6.7AI score0.16549EPSS
Exploits0References5
OSV
OSV
added 2020/04/02 3:15 p.m.1 views

DEBIAN-CVE-2020-11100

In hpackdhtinsert in hpack-tbl.c in the HPACK decoder in HAProxy 1.8 through 2.x before 2.1.4, a remote attacker can write arbitrary bytes around a certain location on the heap via a crafted HTTP/2 request, possibly causing remote code execution...

8.8CVSS8.5AI score0.60727EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2020/03/26 3:46 p.m.7 views

HTTP/2: flood using SETTINGS frames results in unbounded memory growth

A flaw was found in HTTP/2. Using SETTINGS frames and queuing of SETTINGS ACK frames, a flood could occur resulting in unbounded memory growth. The highest threat from this vulnerability is to system availability...

7.8CVSS7.1AI score0.87806EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2020/03/23 8:21 a.m.2 views

HTTP/2: flood using empty frames results in excessive resource consumption

A flaw was found in HTTP/2. Using frames with an empty payload, a flood could occur that results in excessive CPU usage and starvation of other clients. The highest threat from this vulnerability is to system availability...

7.8CVSS7.1AI score0.25448EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2020/03/23 8:21 a.m.1 views

HTTP/2: flood using HEADERS frames results in unbounded memory growth

A flaw was found in HTTP/2. Using HEADER frames with invalid HTTP headers and queuing of response RSTSTREAM frames, an attacker could cause a flood resulting in unbounded memory growth. The highest threat from this vulnerability is to system availability...

7.8CVSS7.1AI score0.82813EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2020/02/25 12:0 a.m.14 views

PT-2020-6587

Name of the Vulnerable Software and Affected Versions: io.netty:netty-codec-http2 versions prior to 4.1.61.Final Description: The issue is related to a lack of proper validation of the content-length header in HTTP/2 requests. If a request only uses a single Http2HeaderFrame with the endStream se...

9.1CVSS8.2AI score0.99999EPSS
Exploits28References832
RedHat Linux
RedHat Linux
added 2019/12/17 12:56 p.m.4 views

HTTP/2: flood using PING frames results in unbounded memory growth

A flaw was found in HTTP/2. Using PING frames and queuing of response PING ACK frames, a flood attack could occur resulting in unbounded memory growth. The highest threat from this vulnerability is to system availability...

7.8CVSS7.1AI score0.83433EPSS
Exploits1References9
RedHat Linux
RedHat Linux
added 2019/12/11 9:29 p.m.31 views

envoy: an untrusted remote client may send HTTP/2 requests that write to the heap outside of the request buffers when the upstream is HTTP/1

An issue was discovered in Envoy 1.12.0. An untrusted remote client may send HTTP/2 requests that write to the heap outside of the request buffers when the upstream is HTTP/1. This may be used to corrupt nearby heap contents leading to a query-of-death scenario or may be used to bypass Envoy's...

9.8CVSS5.8AI score0.02502EPSS
Exploits1References6
RedHat Linux
RedHat Linux
added 2019/12/02 5:21 p.m.2 views

HTTP/2: flood using HEADERS frames results in unbounded memory growth

A flaw was found in HTTP/2. Using HEADER frames with invalid HTTP headers and queuing of response RSTSTREAM frames, an attacker could cause a flood resulting in unbounded memory growth. The highest threat from this vulnerability is to system availability...

7.8CVSS7.1AI score0.82813EPSS
Exploits0References9
RedHat Linux
RedHat Linux
added 2019/12/02 5:4 p.m.2 views

HTTP/2: flood using SETTINGS frames results in unbounded memory growth

A flaw was found in HTTP/2. Using SETTINGS frames and queuing of SETTINGS ACK frames, a flood could occur resulting in unbounded memory growth. The highest threat from this vulnerability is to system availability...

7.8CVSS7.1AI score0.87806EPSS
Exploits0References7
Rows per page
Query Builder