CVE-2025-21549

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware component: Core. The supported version that is affected is 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP/2 to compromise Oracle WebLogic Server. Successful...

Security Bulletin: Vulnerabilities in Node.js, Golang Go, HTTP/2, NGINX, OpenSSH, Linux kernel might affect IBM Spectrum Protect Plus

Summary IBM Spectrum Protect Plus can be affected by vulnerabilities in Node.js, Golang Go, HTTP/2, NGINX, OpenSSH and Linux. Vulnerabilities include, causing a denial-of-service condition, the elevation of privileges, remote execution of arbitrary code, HTTP header injection, HTML injection,...

Security Bulletin: IBM Watson CP4D Data Stores is vulnerable to Envoy Proxy Envoy denial of service vulnerabilitiy(CVE-2024-30255)

Summary Potential Envoy Proxy Envoy denial of service vulnerabilitiyCVE-2024-30255 has been identified that may affect IBM Watson CP4D Data Stores. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2024-30255 DESCRIPTION: Envoy Pro...

RHEL 8 : Red Hat JBoss Enterprise Application Platform 7.4.20 Security update (Moderate) (RHSA-2024:10928)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:10928 advisory. Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Ha...

Exploit for Uncontrolled Resource Consumption in Ietf Http

CVE-2023-44487 - HTTP/2 Rapid Reset Exploit PoC --- Desc...

K000148694: nghttp2 vulnerabilities CVE-2023-35945 and CVE-2020-11080

Security Advisory Description CVE-2023-35945 Envoy is a cloud-native high-performance edge/middle/service proxy. Envoy’s HTTP/2 codec may leak a header map and bookkeeping structures upon receiving RSTSTREAM immediately followed by the GOAWAY frames from an upstream server. In nghttp2, cleanup of...

CVE-2024-52317

A flaw was found in Apache Tomcat HTTP/2 handling. This vulnerability allows a request or response mix-up between users via incorrect recycling of request and response objects...

Exploit for Inadequate Encryption Strength in Apache Tomcat

🚨🚨CVE-2024-52317🚨🚨 CVE-2024-52317 - Apache Tomcat HTTP/2 Data...

K000148640: golang: net/http, x/net/http2 vulnerability CVE-2023-45288

Security Advisory Description An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's...

BIT-TOMCAT-2024-52317 Apache Tomcat: Request/response mix-up with HTTP/2

Incorrect object re-cycling and re-use vulnerability in Apache Tomcat. Incorrect recycling of the request and response used by HTTP/2 requests could lead to request and/or response mix-up between users. This issue affects Apache Tomcat: from 11.0.0 through 11.0.0, from 10.1.27 through 10.1.30, fr...

Apache Tomcat Request and/or response mix-up

Incorrect object re-cycling and re-use vulnerability in Apache Tomcat. Incorrect recycling of the request and response used by HTTP/2 requests could lead to request and/or response mix-up between users. This issue affects Apache Tomcat: from 11.0.0-M23 through 11.0.0-M26, from 10.1.27 through...

CVE-2024-52317

Incorrect object re-cycling and re-use vulnerability in Apache Tomcat. Incorrect recycling of the request and response used by HTTP/2 requests could lead to request and/or response mix-up between users. This issue affects Apache Tomcat: from 11.0.0-M23 through 11.0.0-M26, from 10.1.27 through...

CVE-2024-52317

Incorrect object re-cycling and re-use vulnerability in Apache Tomcat. Incorrect recycling of the request and response used by HTTP/2 requests could lead to request and/or response mix-up between users. This issue affects Apache Tomcat: from 11.0.0-M23 through 11.0.0-M26, from 10.1.27 through...

CVE-2024-52317 Apache Tomcat: Request/response mix-up with HTTP/2

Incorrect object re-cycling and re-use vulnerability in Apache Tomcat. Incorrect recycling of the request and response used by HTTP/2 requests could lead to request and/or response mix-up between users. This issue affects Apache Tomcat: from 11.0.0-M23 through 11.0.0-M26, from 10.1.27 through...

CVE-2024-52317 Apache Tomcat: Request/response mix-up with HTTP/2

Incorrect object re-cycling and re-use vulnerability in Apache Tomcat. Incorrect recycling of the request and response used by HTTP/2 requests could lead to request and/or response mix-up between users. This issue affects Apache Tomcat: from 11.0.0-M23 through 11.0.0-M26, from 10.1.27 through...

Apache Tomcat HTTP/2 Vulnerability (Nov 2024) - Windows

Apache Tomcat is prone to vulnerability in HTTP/2. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apache:tomcat"; if description...

Apache Tomcat HTTP/2 Vulnerability (Nov 2024) - Linux

Apache Tomcat is prone to vulnerability in HTTP/2. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apache:tomcat"; if description...

Ubuntu: Security Advisory (USN-7109-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu: Security Advisory (USN-7111-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

openSUSE Security Advisory (SUSE-SU-2024:3961-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...