Lucene search
K

1354 matches found

RedHat Linux
RedHat Linux
added 2019/12/02 5:4 p.m.3 views

HTTP/2: flood using PING frames results in unbounded memory growth

A flaw was found in HTTP/2. Using PING frames and queuing of response PING ACK frames, a flood attack could occur resulting in unbounded memory growth. The highest threat from this vulnerability is to system availability...

7.8CVSS7.1AI score0.83433EPSS
Exploits1References9
OSV
OSV
added 2019/11/27 10:15 p.m.3 views

CVE-2019-6673

On versions 15.0.0-15.0.1 and 14.0.0-14.1.2, when the BIG-IP is configured in HTTP/2 Full Proxy mode, specifically crafted requests may cause a disruption of service provided by the Traffic Management Microkernel TMM...

7.5CVSS7.1AI score0.01014EPSS
Exploits0References1
OSV
OSV
added 2019/11/27 4:15 p.m.1 views

DEBIAN-CVE-2019-19330

The HTTP/2 implementation in HAProxy before 2.0.10 mishandles headers, as demonstrated by carriage return CR, ASCII 0xd, line feed LF, ASCII 0xa, and the zero character NUL, ASCII 0x0, aka Intermediary Encapsulation Attacks...

9.8CVSS8.1AI score0.03955EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2019/11/20 4:22 p.m.7 views

httpd: mod_http2: DoS via slow, unneeded request bodies

In Apache HTTP server versions 2.4.37 and prior, by sending request bodies in a slow loris way to plain resources, the h2 stream for that request unnecessarily occupied a server thread cleaning up that incoming data. This affects only HTTP/2 modhttp2 connections...

5.3CVSS7.1AI score0.19404EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2019/11/20 4:14 p.m.0 views

httpd: mod_http2: DoS via slow, unneeded request bodies

In Apache HTTP server versions 2.4.37 and prior, by sending request bodies in a slow loris way to plain resources, the h2 stream for that request unnecessarily occupied a server thread cleaning up that incoming data. This affects only HTTP/2 modhttp2 connections...

5.3CVSS7.1AI score0.19404EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2019/11/20 4:14 p.m.3 views

httpd: mod_http2: read-after-free on a string compare

A vulnerability was found in Apache HTTP Server 2.4.17 to 2.4.38. Using fuzzed network input, the http/2 request handling could be made to access freed memory in string comparison when determining the method of a request and thus process the request incorrectly...

5.3CVSS7AI score0.193EPSS
Exploits0References6
BDU FSTEC
BDU FSTEC
added 2019/10/16 12:0 a.m.4 views

The vulnerability of the HTTP/2 web server protocol of the Apache Traffic Server, a Node.js-based software platform, stems from a lack of resource consumption control mechanisms. This allows attackers to trigger service interruptions.

The vulnerability of the HTTP/2 web server protocol of the Apache Traffic Server, a Node.js-based software platform, is related to errors in the resource consumption control mechanism. Exploiting this vulnerability can allow an attacker to cause service interruptions through a specially crafted...

7.8CVSS5.5AI score0.27004EPSS
Exploits0References16Affected Software6
RedHat Linux
RedHat Linux
added 2019/10/02 2:29 p.m.2 views

HTTP/2: flood using SETTINGS frames results in unbounded memory growth

A flaw was found in HTTP/2. Using SETTINGS frames and queuing of SETTINGS ACK frames, a flood could occur resulting in unbounded memory growth. The highest threat from this vulnerability is to system availability...

7.8CVSS7.1AI score0.87806EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2019/10/02 2:29 p.m.2 views

HTTP/2: flood using PRIORITY frames results in excessive resource consumption

A flaw was found in HTTP/2. An attacker, using PRIORITY frames to flood the system, could cause excessive CPU usage and starvation of other clients. The largest threat from this vulnerability is to system availability...

7.8CVSS7.1AI score0.82017EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2019/10/02 2:29 p.m.2 views

HTTP/2: flood using PING frames results in unbounded memory growth

A flaw was found in HTTP/2. Using PING frames and queuing of response PING ACK frames, a flood attack could occur resulting in unbounded memory growth. The highest threat from this vulnerability is to system availability...

7.8CVSS7.1AI score0.83433EPSS
Exploits1References9
RedHat Linux
RedHat Linux
added 2019/10/01 1:40 p.m.4 views

HTTP/2: 0-length headers lead to denial of service

A flaw was found in HTTP/2. An attacker, sending a stream of header with a 0-length header name and a 0-length header value, could cause some implementations to allocate memory for these headers and keep the allocations alive until the session dies. The can consume excess memory, potentially...

7.5CVSS7.1AI score0.56262EPSS
Exploits0References9
RedHat Linux
RedHat Linux
added 2019/10/01 10:3 a.m.7 views

HTTP/2: flood using SETTINGS frames results in unbounded memory growth

A flaw was found in HTTP/2. Using SETTINGS frames and queuing of SETTINGS ACK frames, a flood could occur resulting in unbounded memory growth. The highest threat from this vulnerability is to system availability...

7.8CVSS7.1AI score0.87806EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2019/09/30 3:15 p.m.4 views

HTTP/2: request for large response leads to denial of service

A vulnerability was found in HTTP/2. An attacker can open a HTTP/2 window so the peer can send without constraint. The TCP window remains closed so the peer cannot write the bytes on the wire. The attacker then sends a stream of requests for a large response object. Depending on how the server's...

7.8CVSS7.2AI score0.27004EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2019/09/19 7:37 a.m.2 views

HTTP/2: flood using PRIORITY frames results in excessive resource consumption

A flaw was found in HTTP/2. An attacker, using PRIORITY frames to flood the system, could cause excessive CPU usage and starvation of other clients. The largest threat from this vulnerability is to system availability...

7.8CVSS7.1AI score0.82017EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2019/09/19 2:32 a.m.2 views

HTTP/2: flood using PING frames results in unbounded memory growth

A flaw was found in HTTP/2. Using PING frames and queuing of response PING ACK frames, a flood attack could occur resulting in unbounded memory growth. The highest threat from this vulnerability is to system availability...

7.8CVSS7.1AI score0.83433EPSS
Exploits1References9
OSV
OSV
added 2019/09/18 2:8 p.m.4 views

USN-4128-2 tomcat9 vulnerabilities

It was discovered that the Tomcat 9 SSI printenv command echoed user provided data without escaping it. An attacker could possibly use this issue to perform an XSS attack. CVE-2019-0221 It was discovered that Tomcat 9 did not address HTTP/2 connection window exhaustion on write while addressing...

7.5CVSS6.8AI score0.72988EPSS
Exploits3References3
RedHat Linux
RedHat Linux
added 2019/09/12 6:37 a.m.3 views

HTTP/2: flood using HEADERS frames results in unbounded memory growth

A flaw was found in HTTP/2. Using HEADER frames with invalid HTTP headers and queuing of response RSTSTREAM frames, an attacker could cause a flood resulting in unbounded memory growth. The highest threat from this vulnerability is to system availability...

7.8CVSS7.1AI score0.82813EPSS
Exploits0References9
OSV
OSV
added 2019/09/10 6:22 p.m.5 views

USN-4128-1 tomcat8 vulnerabilities

It was discovered that the Tomcat 8 SSI printenv command echoed user provided data without escaping it. An attacker could possibly use this issue to perform an XSS attack. CVE-2019-0221 It was discovered that Tomcat 8 did not address HTTP/2 connection window exhaustion on write while addressing...

7.5CVSS6.8AI score0.72988EPSS
Exploits3References3
RedHat Linux
RedHat Linux
added 2019/09/09 8:13 p.m.1 views

HTTP/2: large amount of data requests leads to denial of service

A flaw was found in HTTP/2. An attacker can request a large amount of data by manipulating window size and stream priority to force the server to queue the data in 1-byte chunks. Depending on how efficiently this data is queued, this queue can consume excess CPU, memory, or both, leading to a...

7.8CVSS7.2AI score0.58373EPSS
Exploits0References8
OSV
OSV
added 2019/08/29 10:31 p.m.2 views

USN-4113-1 apache2 vulnerabilities

Stefan Eissing discovered that the HTTP/2 implementation in Apache did not properly handle upgrade requests from HTTP/1.1 to HTTP/2 in some situations. A remote attacker could use this to cause a denial of service daemon crash. This issue only affected Ubuntu 18.04 LTS and Ubuntu 19.04...

9.1CVSS7.1AI score0.81466EPSS
Exploits6References8
Rows per page
Query Builder