CVE-2024-45397 H2O alllows bypassing address-based access control with 0-RTT

h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. When an HTTP request using TLS/1.3 early data on top of TCP Fast Open or QUIC 0-RTT packets is received and the IP-address-based access control is used, the access control does not detect and prohibit HTTP requests conveyed by...

CVE-2024-25622 H2O ignores headers configuration directives

h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. The configuration directives provided by the headers handler allows users to modify the response headers being sent by h2o. The configuration file of h2o has scopes, and the inner scopes e.g., path level are expected to inherit t...

CVE-2024-25622 H2O ignores headers configuration directives

h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. The configuration directives provided by the headers handler allows users to modify the response headers being sent by h2o. The configuration file of h2o has scopes, and the inner scopes e.g., path level are expected to inherit t...

CentOS 7 : firefox (RHSA-2024:1910)

The remote CentOS Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:1910 advisory. - The permission prompt input delay could expire while the window is not in focus. This makes it vulnerable to clickjacking by malicious websites. This...

Fixed in Apache Tomcat 9.0.96

Important: Request and/or response mix-up CVE-2024-52317 Incorrect recycling of the request and response used by HTTP/2 requests could lead to request and/or response mix-up between users. This was fixed with commit 47307ee2. This issue was identified by the Tomcat Security Team on 1 October 2024...

Fixed in Apache Tomcat 11.0.0

Important: Request and/or response mix-up CVE-2024-52317 Incorrect recycling of the request and response used by HTTP/2 requests could lead to request and/or response mix-up between users. This was fixed with commit 9e840cca. This issue was identified by the Tomcat Security Team on 1 October 2024...

CentOS 7 : containernetworking-plugins (RHSA-2020:0406)

The remote CentOS Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:0406 advisory. - Some HTTP/2 implementations are vulnerable to ping floods, potentially leading to a denial of service. The attacker sends continual pings to an HTTP/...

Security Bulletin: Multiple Vulnerabilities in Rational Synergy

Summary Vulnerabilities in Eclipse Jetty shipped with Rational Synergy may affect the security of the product. Vulnerability Details CVEID:CVE-2024-22201 DESCRIPTION: Eclipse Jetty is vulnerable to a denial of service, caused by a flaw when an HTTP/2 connection gets TCP congested. By sending a...

Amazon Linux AMI : amazon-ssm-agent (ALAS-2024-1948)

The version of amazon-ssm-agent installed on the remote host is prior to 3.3.859.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2024-1948 advisory. An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive numb...

Medium: amazon-ssm-agent

Issue Overview: An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed...

Amazon Linux 2 : amazon-ssm-agent (ALAS-2024-2645)

The version of amazon-ssm-agent installed on the remote host is prior to 3.3.859.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2024-2645 advisory. An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive...

Medium: amazon-ssm-agent

Issue Overview: An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed...

Synology DSM HTTP/2 Implementations Allocation of Resources Without Limits or Throttling (CVE-2019-9516)

Some HTTP/2 implementations are vulnerable to a header leak, potentially leading to a denial of service. The attacker sends a stream of headers with a 0-length header name and 0-length header value, optionally Huffman encoded into 1-byte or greater headers. Some implementations allocate memory fo...

Synology DSM HTTP/2 Implementations Allocation of Resources Without Limits or Throttling (CVE-2019-9517)

Some HTTP/2 implementations are vulnerable to unconstrained interal data buffering, potentially leading to a denial of service. The attacker opens the HTTP/2 window so the peer can send without constraint; however, they leave the TCP window closed so the peer cannot actually write many of the byt...

Synology DSM HTTP/2 Implementations Allocation of Resources Without Limits or Throttling (CVE-2019-9515)

Some HTTP/2 implementations are vulnerable to a settings flood, potentially leading to a denial of service. The attacker sends a stream of SETTINGS frames to the peer. Since the RFC requires that the peer reply with one acknowledgement per SETTINGS frame, an empty SETTINGS frame is almost...

Synology DSM HTTP/2 Implementations Allocation of Resources Without Limits or Throttling (CVE-2019-9518)

Some HTTP/2 implementations are vulnerable to a flood of empty frames, potentially leading to a denial of service. The attacker sends a stream of frames with an empty payload and without the end-of-stream flag. These frames can be DATA, HEADERS, CONTINUATION and/or PUSHPROMISE. The peer spends ti...

Synology DSM HTTP/2 Implementations Allocation of Resources Without Limits or Throttling (CVE-2019-9514)

Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service. The attacker opens a number of streams and sends an invalid request over each stream that should solicit a stream of RSTSTREAM frames from the peer. Depending on how the peer queues the...

Synology DSM HTTP/2 Implementations Window Size and Stream Prioritization Manipulation (CVE-2019-9511)

Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service. The attacker requests a large amount of data from a specified resource over multiple streams. They manipulate window size and stream priority ...

Synology DSM HTTP/2 Implementations Uncontrolled Resource Consumption (CVE-2019-9513)

Some HTTP/2 implementations are vulnerable to resource loops, potentially leading to a denial of service. The attacker creates multiple request streams and continually shuffles the priority of the streams in a way that causes substantial churn to the priority tree. This can consume excess CPU. Th...

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in Apache Tomcat [CVE-2024-34750]

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in Apache Tomcat, caused by a flaw when processing an HTTP/2 stream CVE-2024-34750. Apache Tomcat is used by our Speech microservices. This vulnerabilitiy has been addressed. Please read t...