Lucene search
K

4433 matches found

NVD
NVD
added 2023/10/23 7:15 a.m.16 views

CVE-2023-43622

An attacker, opening a HTTP/2 connection with an initial window size of 0, was able to block handling of that connection indefinitely in Apache HTTP Server. This could be used to exhaust worker resources in the server, similar to the well known "slow loris" attack pattern. This has been fixed in...

7.5CVSS7.5AI score0.70595EPSS
Exploits0References2
OSV
OSV
added 2023/10/23 7:15 a.m.71 views

CVE-2023-43622

An attacker, opening a HTTP/2 connection with an initial window size of 0, was able to block handling of that connection indefinitely in Apache HTTP Server. This could be used to exhaust worker resources in the server, similar to the well known "slow loris" attack pattern. This has been fixed in...

7.5CVSS7.4AI score
Exploits0References2
OSV
OSV
added 2023/10/23 7:15 a.m.79 views

CVE-2023-45802

When a HTTP/2 stream was reset RST frame by a client, there was a time window were the request's memory resources were not reclaimed immediately. Instead, de-allocation was deferred to connection close. A client could send new requests and resets, keeping the connection busy and open and causing...

5.9CVSS7.9AI score
Exploits0References6
NVD
NVD
added 2023/10/23 7:15 a.m.42 views

CVE-2023-45802

When a HTTP/2 stream was reset RST frame by a client, there was a time window were the request's memory resources were not reclaimed immediately. Instead, de-allocation was deferred to connection close. A client could send new requests and resets, keeping the connection busy and open and causing...

5.9CVSS8AI score0.03024EPSS
Exploits1References6
Prion
Prion
added 2023/10/23 7:15 a.m.43 views

Code injection

An attacker, opening a HTTP/2 connection with an initial window size of 0, was able to block handling of that connection indefinitely in Apache HTTP Server. This could be used to exhaust worker resources in the server, similar to the well known "slow loris" attack pattern. This has been fixed in...

5CVSS7.3AI score0.70595EPSS
Exploits0References2Affected Software1
UbuntuCve
UbuntuCve
added 2023/10/23 7:15 a.m.262 views

CVE-2023-43622

An attacker, opening a HTTP/2 connection with an initial window size of 0, was able to block handling of that connection indefinitely in Apache HTTP Server. This could be used to exhaust worker resources in the server, similar to the well known "slow loris" attack pattern. This has been fixed in...

7.5CVSS6.9AI score0.70595EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2023/10/23 7:15 a.m.195 views

CVE-2023-45802

When a HTTP/2 stream was reset RST frame by a client, there was a time window were the request's memory resources were not reclaimed immediately. Instead, de-allocation was deferred to connection close. A client could send new requests and resets, keeping the connection busy and open and causing...

5.9CVSS6.8AI score0.03024EPSS
Exploits1References6
Prion
Prion
added 2023/10/23 7:15 a.m.40 views

Design/Logic Flaw

When a HTTP/2 stream was reset RST frame by a client, there was a time window were the request's memory resources were not reclaimed immediately. Instead, de-allocation was deferred to connection close. A client could send new requests and resets, keeping the connection busy and open and causing...

2.6CVSS7.3AI score0.99999EPSS
Exploits20References3Affected Software2
Vulnrichment
Vulnrichment
added 2023/10/23 6:50 a.m.22 views

CVE-2023-43622 Apache HTTP Server: DoS in HTTP/2 with initial windows size 0

An attacker, opening a HTTP/2 connection with an initial window size of 0, was able to block handling of that connection indefinitely in Apache HTTP Server. This could be used to exhaust worker resources in the server, similar to the well known "slow loris" attack pattern. This has been fixed in...

6.6AI score0.70595EPSS
Exploits0References2
CVE
CVE
added 2023/10/23 6:50 a.m.670 views

CVE-2023-43622

CVE-2023-43622 affects Apache HTTP Server via the mod_http2 implementation. An attacker opening an HTTP/2 connection with an initial window size of 0 could block handling of that connection indefinitely, potentially exhausting server worker resources in a pattern similar to the slow loris attack....

7.5CVSS7.5AI score0.70595EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2023/10/23 6:50 a.m.284 views

CVE-2023-43622 Apache HTTP Server: DoS in HTTP/2 with initial windows size 0

An attacker, opening a HTTP/2 connection with an initial window size of 0, was able to block handling of that connection indefinitely in Apache HTTP Server. This could be used to exhaust worker resources in the server, similar to the well known "slow loris" attack pattern. This has been fixed in...

7.7AI score0.70595EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2023/10/23 6:50 a.m.59 views

CVE-2023-43622

An attacker, opening a HTTP/2 connection with an initial window size of 0, was able to block handling of that connection indefinitely in Apache HTTP Server. This could be used to exhaust worker resources in the server, similar to the well known "slow loris" attack pattern. This has been fixed in...

7.5CVSS7.4AI score0.70595EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2023/10/23 6:50 a.m.40 views

CVE-2023-43622

An attacker, opening a HTTP/2 connection with an initial window size of 0, was able to block handling of that connection indefinitely in Apache HTTP Server. This could be used to exhaust worker resources in the server, similar to the well known "slow loris" attack pattern. This has been fixed in...

7.5CVSS7.6AI score0.70595EPSS
Exploits0
Debian CVE
Debian CVE
added 2023/10/23 6:50 a.m.79 views

CVE-2023-45802

When a HTTP/2 stream was reset RST frame by a client, there was a time window were the request's memory resources were not reclaimed immediately. Instead, de-allocation was deferred to connection close. A client could send new requests and resets, keeping the connection busy and open and causing...

5.9CVSS6.6AI score0.03024EPSS
Exploits1
CVE
CVE
added 2023/10/23 6:50 a.m.1493 views

CVE-2023-45802

CVE-2023-45802 describes a memory‑leak condition in HTTP/2 handling: when a client resets a stream, memory deallocation is deferred until connection close, allowing a connection to accumulate memory usage over time. Astra Linux security notes reproduce the issue description and cite a fix in Apac...

5.9CVSS8.3AI score0.03024EPSS
In wildExploits1References6Affected Software1
Cvelist
Cvelist
added 2023/10/23 6:50 a.m.81 views

CVE-2023-45802 Apache HTTP Server: HTTP/2 stream memory not reclaimed right away on RST

When a HTTP/2 stream was reset RST frame by a client, there was a time window were the request's memory resources were not reclaimed immediately. Instead, de-allocation was deferred to connection close. A client could send new requests and resets, keeping the connection busy and open and causing...

7.1AI score0.03024EPSS
Exploits1References1
AlpineLinux
AlpineLinux
added 2023/10/23 6:50 a.m.65 views

CVE-2023-45802

When a HTTP/2 stream was reset RST frame by a client, there was a time window were the request's memory resources were not reclaimed immediately. Instead, de-allocation was deferred to connection close. A client could send new requests and resets, keeping the connection busy and open and causing...

5.9CVSS8.6AI score0.03024EPSS
Exploits1
Vulnrichment
Vulnrichment
added 2023/10/23 6:50 a.m.34 views

CVE-2023-45802 Apache HTTP Server: HTTP/2 stream memory not reclaimed right away on RST

When a HTTP/2 stream was reset RST frame by a client, there was a time window were the request's memory resources were not reclaimed immediately. Instead, de-allocation was deferred to connection close. A client could send new requests and resets, keeping the connection busy and open and causing...

8AI score0.03024EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2023/10/23 12:0 a.m.58 views

Oracle Linux 9 : grafana (ELSA-2023-5867)

The remote Oracle Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2023-5867 advisory. - Resolve CVE-2023-44487 Rapid Reset Attack Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Not...

7.5CVSS7.4AI score0.99999EPSS
Exploits19References3
OSV
OSV
added 2023/10/23 12:0 a.m.49 views

ALSA-2023:5989 Important: varnish security update

Varnish Cache is a high-performance HTTP accelerator. It stores web pages in memory so web servers don't have to create the same web page over and over again, giving the website a significant speed up. Security Fixes: HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack Rap...

7.5CVSS8.3AI score0.99999EPSS
Exploits19References4
Rows per page
Query Builder