Lucene search
K

456 matches found

RedHat Linux
RedHat Linux
added 2019/11/20 4:22 p.m.2 views

HTTP/2: large amount of data requests leads to denial of service

A flaw was found in HTTP/2. An attacker can request a large amount of data by manipulating window size and stream priority to force the server to queue the data in 1-byte chunks. Depending on how efficiently this data is queued, this queue can consume excess CPU, memory, or both, leading to a...

7.8CVSS7.2AI score0.58373EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2019/11/20 4:14 p.m.2 views

HTTP/2: 0-length headers lead to denial of service

A flaw was found in HTTP/2. An attacker, sending a stream of header with a 0-length header name and a 0-length header value, could cause some implementations to allocate memory for these headers and keep the allocations alive until the session dies. The can consume excess memory, potentially...

7.5CVSS7.1AI score0.56262EPSS
Exploits0References9
RedHat Linux
RedHat Linux
added 2019/11/20 4:8 p.m.4 views

tomcat: HTTP/2 connection window exhaustion on write, incomplete fix of CVE-2019-0199

The fix for CVE-2019-0199 was incomplete and did not address HTTP/2 connection window exhaustion on write in Apache Tomcat versions 9.0.0.M1 to 9.0.19 and 8.5.0 to 8.5.40 . By not sending WINDOWUPDATE messages for the connection window stream 0 clients were able to cause server-side threads to...

7.5CVSS7.2AI score0.72988EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2019/11/20 4:8 p.m.1 views

HTTP/2: 0-length headers lead to denial of service

A flaw was found in HTTP/2. An attacker, sending a stream of header with a 0-length header name and a 0-length header value, could cause some implementations to allocate memory for these headers and keep the allocations alive until the session dies. The can consume excess memory, potentially...

7.5CVSS7.1AI score0.56262EPSS
Exploits0References9
RedHat Linux
RedHat Linux
added 2019/11/20 4:4 p.m.4 views

tomcat: Apache Tomcat HTTP/2 DoS

A flaw was found in Apache Tomcat, where the HTTP/2 implementation accepted streams with excessive numbers of SETTINGS frames and also permitted clients to keep streams open, which enables them to cause server-side threads to block. This flaw eventually leads to a denial of service attack...

7.5CVSS7AI score0.72855EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2019/10/30 6:20 p.m.6 views

HTTP/2: flood using HEADERS frames results in unbounded memory growth

A flaw was found in HTTP/2. Using HEADER frames with invalid HTTP headers and queuing of response RSTSTREAM frames, an attacker could cause a flood resulting in unbounded memory growth. The highest threat from this vulnerability is to system availability...

7.8CVSS7.1AI score0.82813EPSS
Exploits0References9
RedHat Linux
RedHat Linux
added 2019/10/29 5:43 p.m.2 views

HTTP/2: flood using HEADERS frames results in unbounded memory growth

A flaw was found in HTTP/2. Using HEADER frames with invalid HTTP headers and queuing of response RSTSTREAM frames, an attacker could cause a flood resulting in unbounded memory growth. The highest threat from this vulnerability is to system availability...

7.8CVSS7.1AI score0.82813EPSS
Exploits0References9
CNVD
CNVD
added 2019/10/23 12:0 a.m.3 views

Apache Traffic Server HTTP/2 Input Validation Error Vulnerability

Apache Traffic Server ATS is the United States Apache Apache Software Foundation's set of scalable HTTP proxy and caching server. A security vulnerability exists in Apache Traffic Server versions prior to 7.1.7 and 8.0.4. The vulnerability stems from Apache Traffic Server not limiting the number ...

7.5CVSS6.7AI score0.04561EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2019/10/02 2:29 p.m.3 views

HTTP/2: flood using HEADERS frames results in unbounded memory growth

A flaw was found in HTTP/2. Using HEADER frames with invalid HTTP headers and queuing of response RSTSTREAM frames, an attacker could cause a flood resulting in unbounded memory growth. The highest threat from this vulnerability is to system availability...

7.8CVSS7.1AI score0.82813EPSS
Exploits0References9
RedHat Linux
RedHat Linux
added 2019/10/01 4:14 p.m.2 views

HTTP/2: flood using PRIORITY frames results in excessive resource consumption

A flaw was found in HTTP/2. An attacker, using PRIORITY frames to flood the system, could cause excessive CPU usage and starvation of other clients. The largest threat from this vulnerability is to system availability...

7.8CVSS7.1AI score0.82017EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2019/10/01 10:3 a.m.9 views

HTTP/2: 0-length headers lead to denial of service

A flaw was found in HTTP/2. An attacker, sending a stream of header with a 0-length header name and a 0-length header value, could cause some implementations to allocate memory for these headers and keep the allocations alive until the session dies. The can consume excess memory, potentially...

7.5CVSS7.1AI score0.56262EPSS
Exploits0References9
RedHat Linux
RedHat Linux
added 2019/10/01 10:3 a.m.4 views

HTTP/2: flood using HEADERS frames results in unbounded memory growth

A flaw was found in HTTP/2. Using HEADER frames with invalid HTTP headers and queuing of response RSTSTREAM frames, an attacker could cause a flood resulting in unbounded memory growth. The highest threat from this vulnerability is to system availability...

7.8CVSS7.1AI score0.82813EPSS
Exploits0References9
RedHat Linux
RedHat Linux
added 2019/09/30 3:15 p.m.3 views

HTTP/2: 0-length headers lead to denial of service

A flaw was found in HTTP/2. An attacker, sending a stream of header with a 0-length header name and a 0-length header value, could cause some implementations to allocate memory for these headers and keep the allocations alive until the session dies. The can consume excess memory, potentially...

7.5CVSS7.1AI score0.56262EPSS
Exploits0References9
RedHat Linux
RedHat Linux
added 2019/09/25 6:26 a.m.8 views

HTTP/2: flood using PING frames results in unbounded memory growth

A flaw was found in HTTP/2. Using PING frames and queuing of response PING ACK frames, a flood attack could occur resulting in unbounded memory growth. The highest threat from this vulnerability is to system availability...

7.8CVSS7.1AI score0.83433EPSS
Exploits1References9
RedHat Linux
RedHat Linux
added 2019/09/17 3:16 p.m.2 views

HTTP/2: 0-length headers lead to denial of service

A flaw was found in HTTP/2. An attacker, sending a stream of header with a 0-length header name and a 0-length header value, could cause some implementations to allocate memory for these headers and keep the allocations alive until the session dies. The can consume excess memory, potentially...

7.5CVSS7.1AI score0.56262EPSS
Exploits0References9
RedHat Linux
RedHat Linux
added 2019/09/13 8:46 a.m.1 views

HTTP/2: 0-length headers lead to denial of service

A flaw was found in HTTP/2. An attacker, sending a stream of header with a 0-length header name and a 0-length header value, could cause some implementations to allocate memory for these headers and keep the allocations alive until the session dies. The can consume excess memory, potentially...

7.5CVSS7.1AI score0.56262EPSS
Exploits0References9
RedHat Linux
RedHat Linux
added 2019/09/11 5:53 a.m.3 views

HTTP/2: flood using PING frames results in unbounded memory growth

A flaw was found in HTTP/2. Using PING frames and queuing of response PING ACK frames, a flood attack could occur resulting in unbounded memory growth. The highest threat from this vulnerability is to system availability...

7.8CVSS7.1AI score0.83433EPSS
Exploits1References9
OSV
OSV
added 2019/08/15 4:31 p.m.2 views

USN-4099-1 nginx vulnerabilities

Jonathan Looney discovered that nginx incorrectly handled the HTTP/2 implementation. A remote attacker could possibly use this issue to consume resources, leading to a denial of service...

7.8CVSS7AI score0.82017EPSS
Exploits0References4
OSV
OSV
added 2019/08/13 9:15 p.m.3 views

DEBIAN-CVE-2019-9512

Some HTTP/2 implementations are vulnerable to ping floods, potentially leading to a denial of service. The attacker sends continual pings to an HTTP/2 peer, causing the peer to build an internal queue of responses. Depending on how efficiently this data is queued, this can consume excess CPU,...

7.5CVSS7.9AI score0.83433EPSS
Exploits1References1
OSV
OSV
added 2019/08/13 9:15 p.m.4 views

ALPINE-CVE-2019-9517

Some HTTP/2 implementations are vulnerable to unconstrained interal data buffering, potentially leading to a denial of service. The attacker opens the HTTP/2 window so the peer can send without constraint; however, they leave the TCP window closed so the peer cannot actually write many of the byt...

7.5CVSS8.9AI score0.27004EPSS
Exploits0References1
Rows per page
Query Builder