4433 matches found
RHEL 9 : grafana (RHSA-2023:5866)
The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:5866 advisory. Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Security Fixes: HTTP/2: Multip...
RHEL 8 : grafana (RHSA-2023:5864)
The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:5864 advisory. Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Security Fixes: grafana: golan...
AlmaLinux 9 : grafana (ALSA-2023:5867)
The remote AlmaLinux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2023:5867 advisory. - A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total...
CentOS 8 : nodejs:18 (CESA-2023:5869)
The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2023:5869 advisory. - When the Node.js policy feature checks the integrity of a resource against a trusted manifest, the application can intercept the operation and return...
Amazon Linux 2023 : golang, golang-bin, golang-misc (ALAS2023-2023-394)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-394 advisory. Line directives //line can be used to bypass the restrictions on //go:cgo directives, allowing blocked linker and compiler flags to be passed during compilation. This can result in unexpected...
PT-2023-6452 · Apache +7 · Apache Http Server +7
Name of the Vulnerable Software and Affected Versions: Apache HTTP Server versions 2.4.55 through 2.4.57 Description: The issue is related to a HTTP/2 connection with an initial window size of 0, which can block handling of that connection indefinitely in Apache HTTP Server. This could be used to...
nghttp2 security update
1.33.0-5 - fix HTTP/2 Rapid Reset CVE-2023-44487 1.33.0-4 - prevent DoS caused by overly large SETTINGS frames CVE-2020-11080...
Amazon Linux AMI : nghttp2 (ALAS-2023-1869)
The version of nghttp2 installed on the remote host is prior to 1.33.0-1.1.8. It is, therefore, affected by a vulnerability as referenced in the ALAS-2023-1869 advisory. The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams...
RHEL 9 : tomcat (RHSA-2023:5929)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:5929 advisory. Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages JSP technologies. Security Fixes: HTTP/2: Multiple HTTP/2 enabled web...
Amazon Linux 2023 : nginx, nginx-all-modules, nginx-core (ALAS2023-2023-393)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2023-393 advisory. The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023...
AlmaLinux 9 : nghttp2 (ALSA-2023:5838)
The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2023:5838 advisory. - The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild ...
Oracle Linux 8 : nghttp2 (ELSA-2023-5837)
The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2023-5837 advisory. - fix HTTP/2 Rapid Reset CVE-2023-44487 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that Nessus...
RHEL 9 : varnish (RHSA-2023:5930)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:5930 advisory. Varnish Cache is a high-performance HTTP accelerator. It stores web pages in memory so web servers don't have to create the same web page over and ov...
Amazon Linux 2023 : libnghttp2, libnghttp2-devel, nghttp2 (ALAS2023-2023-392)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2023-392 advisory. The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023...
nghttp2 security update
1.43.0-5.1 - fix HTTP/2 Rapid Reset CVE-2023-44487...
Amazon Linux AMI : golang (ALAS-2023-1871)
The version of golang installed on the remote host is prior to 1.20.10-1.48. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2023-1871 advisory. Line directives //line can be used to bypass the restrictions on //go:cgo directives, allowing blocked linker and...
Important: tomcat security update
Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages JSP technologies. Security Fixes: HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack Rapid Reset Attack CVE-2023-44487 For more details about the security issues, including the impact, a CVSS...
Important: tomcat security update
Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages JSP technologies. Security Fixes: HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack Rapid Reset Attack CVE-2023-44487 For more details about the security issues, including the impact, a CVSS...
Important: varnish security update
Varnish Cache is a high-performance HTTP accelerator. It stores web pages in memory so web servers don't have to create the same web page over and over again, giving the website a significant speed up. Security Fixes: HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack Rap...
Apache 2.4.x < 2.4.58 Multiple Vulnerabilities
The version of Apache httpd installed on the remote host is prior to 2.4.58. It is, therefore, affected by multiple vulnerabilities as referenced in the 2.4.58 advisory. - Apache HTTP Server: DoS in HTTP/2 with initial windows size 0: An attacker, opening a HTTP/2 connection with an initial windo...