116 matches found
EUVD-2024-31892
Malicious code in bioql PyPI...
EUVD-2022-30414
Malicious code in bioql PyPI...
EUVD-2024-29205
Malicious code in bioql PyPI...
EUVD-2022-6718
Malicious code in bioql PyPI...
BIT-TOMCAT-2025-53506 Apache Tomcat: DoS via excessive h2 streams at connection start
Uncontrolled Resource Consumption vulnerability in Apache Tomcat if an HTTP/2 client did not acknowledge the initial settings frame that reduces the maximum permitted concurrent streams. This issue affects Apache Tomcat: from 11.0.0 through 11.0.8, from 10.1.0 through 10.1.42, from 9.0.0 through...
tomcat security update
1:9.0.87-1.el810.4 - Resolves: RHEL-91761 tomcat: DoS via malformed HTTP/2 PRIORITYUPDATE frame CVE-2025-31650 - Resolves: RHEL-71971 tomcat: Incomplete fix for CVE-2024-50379 - RCE due to TOCTOU issue in JSP compilation CVE-2024-56337...
Denial Of Service (DoS)
org.apache.tomcat:tomcat-coyote is vulnerable to Denial Of Service DoS. The vulnerability is due to failure to handle cases where an HTTP/2 client does not acknowledge the initial settings frame, allowing excessive concurrent streams and leading to resource exhaustion...
K000152389: golang: net/http, x/net/http2 vulnerability CVE-2023-39325
Security Advisory Description A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allo...
Exploit for Incomplete Cleanup in Apache Tomcat
CVE-2025-31650 🚨 Proof of Concept PoC for Apache Tomcat HTT...
CVE-2020-9481
Apache ATS 6.0.0 to 6.2.3, 7.0.0 to 7.1.9, and 8.0.0 to 8.0.6 is vulnerable to a HTTP/2 slow read attack...
CVE-2020-9494
Apache Traffic Server 6.0.0 to 6.2.3, 7.0.0 to 7.1.10, and 8.0.0 to 8.0.7 is vulnerable to certain types of HTTP/2 HEADERS frames that can cause the server to allocate a large amount of memory and spin the thread...
CVE-2019-10079
Apache Traffic Server is vulnerable to HTTP/2 setting flood attacks. Earlier versions of Apache Traffic Server didn't limit the number of setting frames sent from the client using the HTTP/2 protocol. Users should upgrade to Apache Traffic Server 7.1.7, 8.0.4, or later versions...
PT-2025-20402
Name of the Vulnerable Software and Affected Versions Eclipse Jetty versions 12.0.0 through 12.0.16 Description The issue arises when an HTTP/2 client specifies a very large value for the HTTP/2 settings parameter SETTINGS MAX HEADER LIST SIZE. The Jetty HTTP/2 server fails to validate this setti...
CVE-2025-41414
When HTTP/2 client and server profile is configured on a virtual server, undisclosed requests can cause TMM to terminate. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...
RLSA-2024:5654 Moderate: curl security update
The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Security Fixes: curl: HTTP/2 push headers memory-leak CVE-2024-2398 For more details about the security issues, including the impact, a CVS...
K000140919: BIG-IP HTTP/2 vulnerability CVE-2025-36504
Security Advisory Description When a BIG-IP HTTP/2 httprouter profile is configured on a virtual server, undisclosed responses can cause an increase in memory resource utilization. CVE-2025-36504 Impact System performance can degrade until the Traffic Management Microkernel TMM process is either...
K000140968: BIG-IP HTTP/2 vulnerability CVE-2025-41414
Security Advisory Description When HTTP/2 client and server profiles are simultaneously configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel TMM to terminate. CVE-2025-41414 Impact Traffic is disrupted while the TMM process restarts. This vulnerability...
PT-2025-20307 · F5 · Big-Ip +2
Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. Description: When HTTP/2 client and server profile is configured on a virtual server, undisclosed requests can cause TMM to terminate. Recommendations: At the moment, there is no information about a newe...
F5 Networks BIG-IP : BIG-IP HTTP/2 vulnerability (K000140968)
The version of F5 Networks BIG-IP installed on the remote host is prior to 16.1.5 / 17.1.2 / Hotfix- BIGIP-15.1.10.7.0.4.5-ENG.iso. It is, therefore, affected by a vulnerability as referenced in the K000140968 advisory. When HTTP/2 client and server profiles are simultaneously configured on a...
curl: HTTP/2 CONTINUATION Flood Vulnerability
0x00 Vulnerability Overview: Fatal Flaw in HTTP/2 Protocol Stack 1. HTTP/2 Header Block Fragmentation Mechanism RFC 7540 Specification: Header blocks are transmitted using a HEADERS frame followed by one or more CONTINUATION frames. All frames must belong to the same stream and be sent...