Important: Red Hat Security Advisory: Migration Toolkit for Containers (MTC) 1.7.16 security and bug fix update

The Migration Toolkit for Containers MTC 1.7.16 is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CV...

USN-6885-2: Apache HTTP Server regression

USN-6885-1 fixed vulnerabilities in Apache HTTP Server. One of the security fixes introduced a regression when proxying requests to a HTTP/2 server. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Marc Stern discovered that the Apache HTTP Server...

CVE-2024-38535

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Suricata can run out of memory when parsing crafted HTTP/2 traffic. Upgrade to 6.0.20 or 7.0.6...

CVE-2024-38535

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Suricata can run out of memory when parsing crafted HTTP/2 traffic. Upgrade to 6.0.20 or 7.0.6...

CVE-2024-38535

CVE-2024-38535 affects Suricata: memory exhaustion can occur when parsing crafted HTTP/2 traffic. The vulnerability is mitigated by upgrading to Suricata 6.0.20 or 7.0.6 (per the provided description).

CVE-2024-38535 Suricata http2: oom from duplicate headers

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Suricata can run out of memory when parsing crafted HTTP/2 traffic. Upgrade to 6.0.20 or 7.0.6...

CVE-2024-38535

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Suricata can run out of memory when parsing crafted HTTP/2 traffic. Upgrade to 6.0.20 or 7.0.6...

CVE-2024-38535

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Suricata can run out of memory when parsing crafted HTTP/2 traffic. Upgrade to 6.0.20 or 7.0.6...

CVE-2024-38535 Suricata http2: oom from duplicate headers

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Suricata can run out of memory when parsing crafted HTTP/2 traffic. Upgrade to 6.0.20 or 7.0.6...

K000140303: Apache Tomcat vulnerability CVE-2024-34750

Security Advisory Description Improper Handling of Exceptional Conditions, Uncontrolled Resource Consumption vulnerability in Apache Tomcat. When processing an HTTP/2 stream, Tomcat did not handle some cases of excessive HTTP headers correctly. This led to a miscounting of active HTTP/2 streams...

Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS : Apache HTTP Server regression (USN-6885-2)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-6885-2 advisory. USN-6885-1 fixed vulnerabilities in Apache HTTP Server. One of the security fixes introduced a regression when proxying requests to a HTTP...

Security Bulletin: IBM Observability with Instana (OnPrem) is affected by multiple security vulnerabilities

Summary Multiple vulnerabilities were remediated in IBM Observability with Instana OnPrem build 275. Vulnerability Details CVEID:CVE-2024-29025 DESCRIPTION: Netty is vulnerable to a denial of service, caused by a flaw when using the HttpPostRequestDecoder to decode a form. By sending a specially...

Security Bulletin: IBM DataPower Gateway vulnerable to DoS due to use of nghttp2 (CVE-2024-28182)

Summary nghttp2 is used by IBM DataPower Gateway in its HTTP/2 implementation in the front-side handler and for outgoing connections Vulnerability Details CVEID:CVE-2024-28182 DESCRIPTION: nghttp2 is vulnerable to a denial of service, caused by a memory exhaustion flaw due to flood of CONTINUATIO...

Important: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 8.0.2 Security update

A security update is now available for Red Hat JBoss Enterprise Application Platform 8.0. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Moderate: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 8.0 security update

A security update is now available for Red Hat JBoss Enterprise Application Platform 8.0. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Security Bulletin: Vulnerabilities in IBM WebSphere Application Server Liberty affect BM Spectrum Control

Summary IBM WebSphere Application Server Liberty is vulnerable to allow a remote authenticated attacker, denial of service, server-side request forgery SSRF, cross-site scripting, improper resource expiration handling, weaker than expected security for outbound TLS connections. These...

ROS-20240708-01

Vulnerability in the HTTP/2 network protocol implementation of the cURL command line utility is related to memory release errors. memory freeing errors. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service Vulnerability in the cURL command line...

Apache Tomcat 9.0.0-M1 < 9.0.90 Denial Of Service

The version of Apache Tomcat installed on the remote host is 9.0.0-M1 to 9.0.89, 10.1.0-M1 to 10.1.24 or 11.0.0-M1 to 11.0.0-M20. It is, therefore, affected by a denial of service. When processing an HTTP/2 stream, Tomcat did not handle some cases of excessive HTTP headers correctly. This led to ...

Apache Tomcat 10.1.0-M1 < 10.1.25 Denial Of Service

The version of Apache Tomcat installed on the remote host is 9.0.0-M1 to 9.0.89, 10.1.0-M1 to 10.1.24 or 11.0.0-M1 to 11.0.0-M20. It is, therefore, affected by a denial of service. When processing an HTTP/2 stream, Tomcat did not handle some cases of excessive HTTP headers correctly. This led to ...

CVE-2024-39936

An issue was discovered in HTTP2 in Qt before 5.15.18, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.7, and 6.6.x through 6.7.x before 6.7.3. Code to make security-relevant decisions about an established connection may execute too early, because the encrypted signal has not yet been emitted a...