4431 matches found
Denial Of Service (DoS)
org.eclipse.jetty.http2, jetty-http2-common is vulnerable to Denial Of Service DoS. The vulnerability is due to missing validation of the SETTINGSMAXHEADERLISTSIZE parameter in HTTP/2 settings frames. Specifically, Jetty fails to enforce reasonable limits on this value, allowing an attacker to...
Alibaba Cloud Linux 3 : 0131: grafana (ALINUX3-SA-2023:0131)
The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2023:0131 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2023-39325: A malicious HTTP/2 client...
Alibaba Cloud Linux 3 : 0091: git-lfs (ALINUX3-SA-2024:0091)
The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2024:0091 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2023-45288: An attacker may cause an...
Alibaba Cloud Linux 3 : 0101: nghttp2 (ALINUX3-SA-2022:0101)
The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2022:0101 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2019-9513: Some HTTP/2 implementations...
Alibaba Cloud Linux 3 : 0033: go-toolset:rhel8 (ALINUX3-SA-2024:0033)
The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2024:0033 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2023-39325: A malicious HTTP/2 client...
CVE-2025-41414
When HTTP/2 client and server profile is configured on a virtual server, undisclosed requests can cause TMM to terminate. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...
CVE-2025-36504
When a BIG-IP HTTP/2 httprouter profile is configured on a virtual server, undisclosed responses can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...
Eclipse Jetty HTTP/2 client can force the server to allocate a humongous byte buffer that may lead to OoM and subsequently the JVM to exit
Original Report In Eclipse Jetty versions 12.0.0 to 12.0.16 included, an HTTP/2 client can specify a very large value for the HTTP/2 settings parameter SETTINGSMAXHEADERLISTSIZE. The Jetty HTTP/2 server does not perform validation on this setting, and tries to allocate a ByteBuffer of the specifi...
CVE-2025-1948
In Eclipse Jetty versions 12.0.0 to 12.0.16 included, an HTTP/2 client can specify a very large value for the HTTP/2 settings parameter SETTINGSMAXHEADERLISTSIZE. The Jetty HTTP/2 server does not perform validation on this setting, and tries to allocate a ByteBuffer of the specified capacity to...
CVE-2025-1948
In Eclipse Jetty versions 12.0.0 to 12.0.16 included, an HTTP/2 client can specify a very large value for the HTTP/2 settings parameter SETTINGSMAXHEADERLISTSIZE. The Jetty HTTP/2 server does not perform validation on this setting, and tries to allocate a ByteBuffer of the specified capacity to...
DEBIAN-CVE-2025-1948
In Eclipse Jetty versions 12.0.0 to 12.0.16 included, an HTTP/2 client can specify a very large value for the HTTP/2 settings parameter SETTINGSMAXHEADERLISTSIZE. The Jetty HTTP/2 server does not perform validation on this setting, and tries to allocate a ByteBuffer of the specified capacity to...
UBUNTU-CVE-2025-1948
In Eclipse Jetty versions 12.0.0 to 12.0.16 included, an HTTP/2 client can specify a very large value for the HTTP/2 settings parameter SETTINGSMAXHEADERLISTSIZE. The Jetty HTTP/2 server does not perform validation on this setting, and tries to allocate a ByteBuffer of the specified capacity to...
CVE-2025-1948
In Eclipse Jetty versions 12.0.0 to 12.0.16 included, an HTTP/2 client can specify a very large value for the HTTP/2 settings parameter SETTINGSMAXHEADERLISTSIZE. The Jetty HTTP/2 server does not perform validation on this setting, and tries to allocate a ByteBuffer of the specified capacity to...
PT-2025-20402
Name of the Vulnerable Software and Affected Versions Eclipse Jetty versions 12.0.0 through 12.0.16 Description The issue arises when an HTTP/2 client specifies a very large value for the HTTP/2 settings parameter SETTINGS MAX HEADER LIST SIZE. The Jetty HTTP/2 server fails to validate this setti...
CVE-2025-41414
When HTTP/2 client and server profile is configured on a virtual server, undisclosed requests can cause TMM to terminate. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...
CVE-2025-36504
When a BIG-IP HTTP/2 httprouter profile is configured on a virtual server, undisclosed responses can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...
CVE-2025-36504 BIG-IP HTTP/2 vulnerability
When a BIG-IP HTTP/2 httprouter profile is configured on a virtual server, undisclosed responses can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...
CVE-2025-41414 BIG-IP HTTP/2 vulnerability
When HTTP/2 client and server profile is configured on a virtual server, undisclosed requests can cause TMM to terminate. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...
CVE-2025-36504 BIG-IP HTTP/2 vulnerability
When a BIG-IP HTTP/2 httprouter profile is configured on a virtual server, undisclosed responses can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...
CVE-2025-41414 BIG-IP HTTP/2 vulnerability
When HTTP/2 client and server profile is configured on a virtual server, undisclosed requests can cause TMM to terminate. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...