1354 matches found
USN-3937-1 apache2 vulnerabilities
Charles Fol discovered that the Apache HTTP Server incorrectly handled the scoreboard shared memory area. A remote attacker able to upload and run scripts could possibly use this issue to execute arbitrary code with root privileges. CVE-2019-0211 It was discovered that the Apache HTTP Server HTTP...
DEBIAN-CVE-2018-20615
An out-of-bounds read issue was discovered in the HTTP/2 protocol decoder in HAProxy 1.8.x and 1.9.x through 1.9.0 which can result in a crash. The processing of the PRIORITY flag in a HEADERS frame requires 5 extra bytes, and while these bytes are skipped, the total frame length was not re-check...
PT-2019-3015
Name of the Vulnerable Software and Affected Versions HTTP/2 implementations affected versions not specified nginx affected versions not specified Node.js affected versions not specified Apache HTTP Server affected versions not specified Windows affected versions not specified Description The iss...
PT-2019-3473 · Apache +8 · Apache Traffic Server +9
Name of the Vulnerable Software and Affected Versions: Apache Traffic Server versions affected versions not specified Apache HTTP Server versions affected versions not specified Node.js versions affected versions not specified Description: The issue is related to errors in the mechanism controlli...
haproxy: Mishandling of priority flag in short HEADERS frame by HTTP/2 decoder allows for crash
A flaw was found in HAProxy, versions before 1.8.17 and 1.9.1. Mishandling occurs when a priority flag is set on too short HEADERS frame in the HTTP/2 decoder, allowing an out-of-bounds read and a subsequent crash to occur. A remote attacker can exploit this flaw to cause a denial of service. Tho...
The vulnerability of the HTTP/2 server implementation in nginx allows a attacker to trigger a service failure.
The vulnerability of the HTTP/2 server implementation based on nginx is related to an uncontrolled resource consumption. Exploiting this vulnerability could allow a malicious actor to cause service failures remotely...
haproxy: Mishandling of priority flag in short HEADERS frame by HTTP/2 decoder allows for crash
A flaw was found in HAProxy, versions before 1.8.17 and 1.9.1. Mishandling occurs when a priority flag is set on too short HEADERS frame in the HTTP/2 decoder, allowing an out-of-bounds read and a subsequent crash to occur. A remote attacker can exploit this flaw to cause a denial of service. Tho...
httpd: mod_http2: Too much time allocated to workers, possibly leading to DoS
By specially crafting HTTP/2 requests, workers would be allocated 60 seconds longer than necessary, leading to worker exhaustion and a denial of service. Fixed in Apache HTTP Server 2.4.34 Affected 2.4.18-2.4.30,2.4.33...
httpd: Use-after-free on HTTP/2 stream shutdown
When an HTTP/2 stream was destroyed after being handled, the Apache HTTP Server prior to version 2.4.30 could have written a NULL pointer potentially to an already freed memory. The memory pools maintained by the server make this vulnerability hard to trigger in usual configurations, the reporter...
haproxy: Mishandling of priority flag in short HEADERS frame by HTTP/2 decoder allows for crash
A flaw was found in HAProxy, versions before 1.8.17 and 1.9.1. Mishandling occurs when a priority flag is set on too short HEADERS frame in the HTTP/2 decoder, allowing an out-of-bounds read and a subsequent crash to occur. A remote attacker can exploit this flaw to cause a denial of service. Tho...
PT-2019-3932 · Apache +7 · Apache Http Server +7
Name of the Vulnerable Software and Affected Versions: Apache HTTP Server versions 2.4.34 through 2.4.38 Description: A vulnerability was found in the implementation of the HTTP/2 protocol in the Apache HTTP Server. The issue is related to the handling of HTTP requests. When HTTP/2 was enabled fo...
Proxygen Denial of Service Vulnerability (CNVD-2019-00956)
Facebook Proxygen is a set of open source C++ HTTP class libraries from the U.S. company Facebook . A security vulnerability exists in the handling of invalid HTTP2 priority settings in Facebook Proxygen versions prior to 2018.12.31.00. An attacker can exploit this vulnerability to cause a denial...
PT-2018-17493 · Facebook · Proxygen
Name of the Vulnerable Software and Affected Versions: Proxygen versions prior to 2018.12.31.00 Description: A potential denial-of-service issue exists due to the handling of invalid HTTP2 priority settings, specifically a circular dependency, in Proxygen. Recommendations: For versions prior to...
UBUNTU-CVE-2018-6332
A potential denial-of-service issue in the Proxygen handling of invalid HTTP2 settings which can cause the server to spend disproportionate resources. This affects all supported versions of HHVM 3.24.3 and 3.21.7 and below when using the proxygen server to handle HTTP2 requests...
nginx: Excessive CPU usage via flaw in HTTP/2 implementation
nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the implementation of HTTP/2 that can allow for excessive CPU usage. This issue affects nginx compiled with the ngxhttpv2module not compiled by default if the 'http2' option of the 'listen' directive is used in a configuration file...
nginx: Excessive memory consumption via flaw in HTTP/2 implementation
nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the implementation of HTTP/2 that can allow for excessive memory consumption. This issue affects nginx compiled with the ngxhttpv2module not compiled by default if the 'http2' option of the 'listen' directive is used in a configuratio...
Apache HTTP Server Denial of Service Vulnerability (CNVD-2018-25796)
Apache HTTP Server is the United States Apache Apache Software Foundation, an open source web server. The server is fast, reliable and can be expanded through a simple API. A denial of service vulnerability exists in Apache HTTP Server. A remote attacker can exploit this vulnerability by sending ...
nginx: Excessive memory consumption via flaw in HTTP/2 implementation
nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the implementation of HTTP/2 that can allow for excessive memory consumption. This issue affects nginx compiled with the ngxhttpv2module not compiled by default if the 'http2' option of the 'listen' directive is used in a configuratio...
USN-3812-1 nginx vulnerabilities
It was discovered that nginx incorrectly handled the HTTP/2 implementation. A remote attacker could possibly use this issue to cause excessive memory consumption, leading to a denial of service. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 18.10. CVE-2018-16843 Gal...
ALPINE-CVE-2018-16843
nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the implementation of HTTP/2 that can allow for excessive memory consumption. This issue affects nginx compiled with the ngxhttpv2module not compiled by default if the 'http2' option of the 'listen' directive is used in a configuratio...