httpd: NULL pointer dereference via crafted request during HTTP/2 request processing

While fuzzing the 2.4.49 httpd, a new null pointer dereference was detected during HTTP/2 request processing, allowing an external source to DoS the server. This requires a specially crafted request. The vulnerability was recently introduced in version 2.4.49. No exploit is known to the project...

PT-2022-24859 · Traefik +1 · Traefik +1

Name of the Vulnerable Software and Affected Versions: Traefik versions prior to 2.8.8 Traefik versions prior to 2.9.0-rc5 Description: There is a potential issue in Traefik managing HTTP/2 connections. A closing HTTP/2 server connection could hang forever because of a subsequent fatal error. Thi...

In net/http in Go before 1.18.6 and 1.19.x before 1.19.1 attackers can cause a denial of service because an HTTP/2 connection can hang during closing if shutdown were preempted by a fatal error.

...

PT-2022-4659

Name of the Vulnerable Software and Affected Versions Go versions prior to 1.18.6 Go versions 1.19.x prior to 1.19.1 Description The issue is related to the net/http package in Go, where an HTTP/2 connection can hang during closing if shutdown were preempted by a fatal error, leading to a denial ...

PT-2022-13755 · Undertow · Undertow

Name of the Vulnerable Software and Affected Versions: Undertow affected versions not specified Description: A flaw was found in Undertow, related to flow control handling by the browser over HTTP/2, which may cause overhead or a denial of service in the server. This issue is due to an incomplete...

DEBIAN-CVE-2022-25763

Improper Input Validation vulnerability in HTTP/2 request validation of Apache Traffic Server allows an attacker to create smuggle or cache poison attacks. This issue affects Apache Traffic Server 8.0.0 to 9.1.2...

netty: possible request smuggling in HTTP/2 due missing validation

In Netty io.netty:netty-codec-http2 before version 4.1.60.Final there is a vulnerability that enables request smuggling. If a Content-Length header is present in the original HTTP/2 request, the field is not validated by Http2MultiplexHandler as it is propagated up. This is fine as long as the...

CVE-2022-29631

Removed by vendor...

Denial of Service (DoS)

Overview Microsoft.AspNetCore.App.Runtime.win-x86 is a package providing a default set of APIs for building an ASP.NET Core application. Contains assets used for self-contained deployments. Affected versions of this package are vulnerable to Denial of Service DoS due to the way the Kestrel web...

Denial of Service (DoS)

Overview Microsoft.AspNetCore.App.Runtime.linux-musl-x64 is a package providing a default set of APIs for building an ASP.NET Core application. Contains assets used for self-contained deployments. Affected versions of this package are vulnerable to Denial of Service DoS due to the way the Kestrel...

GHSA-68G5-8Q7F-M384 Improper Limitation of a Pathname to a Restricted Directory in Apache Tomcat

The HTTP/2 implementation in Apache Tomcat 9.0.0.M1 to 9.0.0.M21 and 8.5.0 to 8.5.15 bypassed a number of security checks that prevented directory traversal attacks. It was therefore possible to bypass security constraints using a specially crafted URL...

PT-2022-13302 · Apple · Swift-Nio-Http2

Name of the Vulnerable Software and Affected Versions: swift-nio-http2 versions 1.0.0 through 1.19.2 Description: A program using swift-nio-http2 is vulnerable to a denial of service attack, caused by a network peer sending a specially crafted HTTP/2 frame. This vulnerability is caused by a logic...

golang: net/http: limit growth of header canonicalization cache

There's an uncontrolled resource consumption flaw in golang's net/http library in the canonicalHeader function. An attacker who submits specially crafted requests to applications linked with net/http's http2 functionality could cause excessive resource consumption that could lead to a denial of...

PT-2022-1791 · Microsoft +5 · Net 5.0 +7

Name of the Vulnerable Software and Affected Versions: .NET 6.0 versions 6.0.0 through 6.0.1 .NET 5.0 versions 5.0.0 through 5.0.13 Description: A Denial of Service issue exists in .NET 6.0 and .NET 5.0 when the Kestrel web server processes certain HTTP/2 and HTTP/3 requests. This is due to...

varnish: HTTP/1 request smuggling vulnerability

A flaw was found in Varnish. This flaw allows an attacker to carry out a request smuggling attack on HTTP/1 connections on Varnish cache servers. This smuggled request goes through the usual Varnish Configuration Language VCL processing since the Varnish server treats it as an additional request...

CVE-2022-23959

In Varnish Cache before 6.6.2 and 7.x before 7.0.2, Varnish Cache 6.0 LTS before 6.0.10, and and Varnish Enterprise Cache Plus 4.1.x before 4.1.11r6 and 6.0.x before 6.0.9r4, request smuggling can occur for HTTP/1 connections...

Exploit for CVE-2022-21907

CVE-2022-21907 This package will detect exploits of CVE-202...

haproxy: does not ensure that the scheme and path portions of a URI have the expected characters

A flaw was found in haproxy. An input validation flaw when processing HTTP/2 requests causes haproxy to not ensure that the scheme and path portions of a URI have the expected characters. This may cause specially crafted input to bypass implemented security restrictions. The highest threat from...

AZL-33641 CVE-2021-44716 affecting package rook for versions less than 1.6.2-19

net/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontrolled memory consumption in the header canonicalization cache via HTTP/2 requests...

UBUNTU-CVE-2021-44716

net/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontrolled memory consumption in the header canonicalization cache via HTTP/2 requests...