Lucene search
K

1354 matches found

OSV
OSV
added 2019/04/04 3:8 p.m.3 views

USN-3937-1 apache2 vulnerabilities

Charles Fol discovered that the Apache HTTP Server incorrectly handled the scoreboard shared memory area. A remote attacker able to upload and run scripts could possibly use this issue to execute arbitrary code with root privileges. CVE-2019-0211 It was discovered that the Apache HTTP Server HTTP...

7.8CVSS7.1AI score0.65005EPSS
Exploits8References7
OSV
OSV
added 2019/03/21 4:0 p.m.1 views

DEBIAN-CVE-2018-20615

An out-of-bounds read issue was discovered in the HTTP/2 protocol decoder in HAProxy 1.8.x and 1.9.x through 1.9.0 which can result in a crash. The processing of the PRIORITY flag in a HEADERS frame requires 5 extra bytes, and while these bytes are skipped, the total frame length was not re-check...

7.5CVSS6.2AI score0.04459EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2019/03/20 12:0 a.m.8 views

PT-2019-3015

Name of the Vulnerable Software and Affected Versions HTTP/2 implementations affected versions not specified nginx affected versions not specified Node.js affected versions not specified Apache HTTP Server affected versions not specified Windows affected versions not specified Description The iss...

9.8CVSS9AI score0.99999EPSS
Exploits90References433
Positive Technologies
Positive Technologies
added 2019/03/20 12:0 a.m.9 views

PT-2019-3473 · Apache +8 · Apache Traffic Server +9

Name of the Vulnerable Software and Affected Versions: Apache Traffic Server versions affected versions not specified Apache HTTP Server versions affected versions not specified Node.js versions affected versions not specified Description: The issue is related to errors in the mechanism controlli...

9.8CVSS6.5AI score0.96436EPSS
Exploits106References722
RedHat Linux
RedHat Linux
added 2019/03/14 7:58 a.m.5 views

haproxy: Mishandling of priority flag in short HEADERS frame by HTTP/2 decoder allows for crash

A flaw was found in HAProxy, versions before 1.8.17 and 1.9.1. Mishandling occurs when a priority flag is set on too short HEADERS frame in the HTTP/2 decoder, allowing an out-of-bounds read and a subsequent crash to occur. A remote attacker can exploit this flaw to cause a denial of service. Tho...

7.5CVSS6.7AI score0.04459EPSS
Exploits0References4
BDU FSTEC
BDU FSTEC
added 2019/03/12 12:0 a.m.3 views

The vulnerability of the HTTP/2 server implementation in nginx allows a attacker to trigger a service failure.

The vulnerability of the HTTP/2 server implementation based on nginx is related to an uncontrolled resource consumption. Exploiting this vulnerability could allow a malicious actor to cause service failures remotely...

7.8CVSS6.6AI score0.124EPSS
Exploits0References3Affected Software2
RedHat Linux
RedHat Linux
added 2019/02/20 2:11 p.m.7 views

haproxy: Mishandling of priority flag in short HEADERS frame by HTTP/2 decoder allows for crash

A flaw was found in HAProxy, versions before 1.8.17 and 1.9.1. Mishandling occurs when a priority flag is set on too short HEADERS frame in the HTTP/2 decoder, allowing an out-of-bounds read and a subsequent crash to occur. A remote attacker can exploit this flaw to cause a denial of service. Tho...

7.5CVSS6.7AI score0.04459EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2019/02/18 4:58 p.m.7 views

httpd: mod_http2: Too much time allocated to workers, possibly leading to DoS

By specially crafting HTTP/2 requests, workers would be allocated 60 seconds longer than necessary, leading to worker exhaustion and a denial of service. Fixed in Apache HTTP Server 2.4.34 Affected 2.4.18-2.4.30,2.4.33...

7.5CVSS7.3AI score0.17103EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2019/02/18 4:55 p.m.11 views

httpd: Use-after-free on HTTP/2 stream shutdown

When an HTTP/2 stream was destroyed after being handled, the Apache HTTP Server prior to version 2.4.30 could have written a NULL pointer potentially to an already freed memory. The memory pools maintained by the server make this vulnerability hard to trigger in usual configurations, the reporter...

5.9CVSS7.2AI score0.13436EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2019/02/05 8:26 a.m.3 views

haproxy: Mishandling of priority flag in short HEADERS frame by HTTP/2 decoder allows for crash

A flaw was found in HAProxy, versions before 1.8.17 and 1.9.1. Mishandling occurs when a priority flag is set on too short HEADERS frame in the HTTP/2 decoder, allowing an out-of-bounds read and a subsequent crash to occur. A remote attacker can exploit this flaw to cause a denial of service. Tho...

7.5CVSS6.7AI score0.04459EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2019/01/29 12:0 a.m.9 views

PT-2019-3932 · Apache +7 · Apache Http Server +7

Name of the Vulnerable Software and Affected Versions: Apache HTTP Server versions 2.4.34 through 2.4.38 Description: A vulnerability was found in the implementation of the HTTP/2 protocol in the Apache HTTP Server. The issue is related to the handling of HTTP requests. When HTTP/2 was enabled fo...

9.1CVSS6.8AI score0.81466EPSS
Exploits14References160
CNVD
CNVD
added 2019/01/02 12:0 a.m.2 views

Proxygen Denial of Service Vulnerability (CNVD-2019-00956)

Facebook Proxygen is a set of open source C++ HTTP class libraries from the U.S. company Facebook . A security vulnerability exists in the handling of invalid HTTP2 priority settings in Facebook Proxygen versions prior to 2018.12.31.00. An attacker can exploit this vulnerability to cause a denial...

7.5CVSS6.6AI score0.0137EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2018/12/31 12:0 a.m.4 views

PT-2018-17493 · Facebook · Proxygen

Name of the Vulnerable Software and Affected Versions: Proxygen versions prior to 2018.12.31.00 Description: A potential denial-of-service issue exists due to the handling of invalid HTTP2 priority settings, specifically a circular dependency, in Proxygen. Recommendations: For versions prior to...

7.5CVSS7.4AI score0.0137EPSS
Exploits0References4
OSV
OSV
added 2018/12/03 2:29 p.m.1 views

UBUNTU-CVE-2018-6332

A potential denial-of-service issue in the Proxygen handling of invalid HTTP2 settings which can cause the server to spend disproportionate resources. This affects all supported versions of HHVM 3.24.3 and 3.21.7 and below when using the proxygen server to handle HTTP2 requests...

5.9CVSS6.2AI score0.01086EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2018/11/27 9:4 a.m.4 views

nginx: Excessive CPU usage via flaw in HTTP/2 implementation

nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the implementation of HTTP/2 that can allow for excessive CPU usage. This issue affects nginx compiled with the ngxhttpv2module not compiled by default if the 'http2' option of the 'listen' directive is used in a configuration file...

7.8CVSS7.4AI score0.124EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2018/11/27 9:4 a.m.8 views

nginx: Excessive memory consumption via flaw in HTTP/2 implementation

nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the implementation of HTTP/2 that can allow for excessive memory consumption. This issue affects nginx compiled with the ngxhttpv2module not compiled by default if the 'http2' option of the 'listen' directive is used in a configuratio...

7.8CVSS7.4AI score0.47057EPSS
Exploits0References5
CNVD
CNVD
added 2018/11/27 12:0 a.m.17 views

Apache HTTP Server Denial of Service Vulnerability (CNVD-2018-25796)

Apache HTTP Server is the United States Apache Apache Software Foundation, an open source web server. The server is fast, reliable and can be expanded through a simple API. A denial of service vulnerability exists in Apache HTTP Server. A remote attacker can exploit this vulnerability by sending ...

7.5CVSS7.5AI score0.17103EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2018/11/26 12:27 p.m.3 views

nginx: Excessive memory consumption via flaw in HTTP/2 implementation

nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the implementation of HTTP/2 that can allow for excessive memory consumption. This issue affects nginx compiled with the ngxhttpv2module not compiled by default if the 'http2' option of the 'listen' directive is used in a configuratio...

7.8CVSS7.4AI score0.47057EPSS
Exploits0References5
OSV
OSV
added 2018/11/07 3:1 p.m.2 views

USN-3812-1 nginx vulnerabilities

It was discovered that nginx incorrectly handled the HTTP/2 implementation. A remote attacker could possibly use this issue to cause excessive memory consumption, leading to a denial of service. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 18.10. CVE-2018-16843 Gal...

8.2CVSS6.8AI score0.47057EPSS
Exploits1References4
OSV
OSV
added 2018/11/07 2:29 p.m.3 views

ALPINE-CVE-2018-16843

nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the implementation of HTTP/2 that can allow for excessive memory consumption. This issue affects nginx compiled with the ngxhttpv2module not compiled by default if the 'http2' option of the 'listen' directive is used in a configuratio...

7.5CVSS6.9AI score0.47057EPSS
Exploits0References1
Rows per page
Query Builder