4433 matches found
HTTP2 Rapid Reset Vulnerability (CVE-2023-44487)
The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. More information at: https://vulners.com/cve/CVE-2023-44487...
Important: tomcat8
Issue Overview: Incomplete Cleanup vulnerability in Apache Tomcat. When recycling various internal objects in Apache Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.80 and from 8.5.0 through 8.5.93, an error could cause Tomcat to skip some parts...
Oracle Linux 8 : nginx:1.22 (ELSA-2023-5713)
The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2023-5713 advisory. 1:1.22.1-1.0.1.1 - Resolves: RHEL-12728 - nginx:1.22/nginx: HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack Rapid Reset...
RHEL 8 : nghttp2 (RHSA-2023:5768)
The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2023:5768 advisory. nghttp2 contains the Hypertext Transfer Protocol version 2 HTTP/2 client, server, and proxy programs as well as a library implementing the HTTP/2...
RHEL 9 : nodejs (RHSA-2023:5765)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:5765 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes...
nginx:1.22 security update
1:1.22.1-1.0.1.1 - Resolves: RHEL-12728 - nginx:1.22/nginx: HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack Rapid Reset AttackCVE-2023-44487...
RHEL 9 : nghttp2 (RHSA-2023:5770)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:5770 advisory. nghttp2 contains the Hypertext Transfer Protocol version 2 HTTP/2 client, server, and proxy programs as well as a library implementing the HTTP/2...
Important: nginx
Issue Overview: The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. CVE-2023-44487 Affected Packages: nginx Issue Correction: Run yum update nginx or yum...
AlmaLinux 9 : go-toolset and golang (ALSA-2023:5738)
The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2023:5738 advisory. - Extremely large RSA keys in certificate chains can cause a client/server to expend significant CPU time verifying signatures. With fix, the size of RSA...
Amazon Linux 2 : golang (ALAS-2023-2313)
The version of golang installed on the remote host is prior to 1.20.10-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2023-2313 advisory. 2024-01-03: CVE-2023-39319 was added to this advisory. 2023-10-30: CVE-2023-39318 was added to this advisory. The...
Important: nghttp2
Issue Overview: The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. CVE-2023-44487 Affected Packages: nghttp2 Issue Correction: Run yum update nghttp2 or yu...
AlmaLinux 8 : go-toolset:rhel8 (ALSA-2023:5721)
The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2023:5721 advisory. golang: net/http, x/net/http2: rapid stream resets can cause excessive work CVE-2023-44487 CVE-2023-39325 HTTP/2: Multiple HTTP/2 enabled web servers are...
RHEL 9 : nodejs (RHSA-2023:5764)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:5764 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes...
RHEL 8 : nodejs:16 (RHSA-2023:5803)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:5803 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes...
Amazon Linux 2 : nghttp2 (ALAS-2023-2312)
The version of nghttp2 installed on the remote host is prior to 1.41.0-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2023-2312 advisory. - The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams...
Important: nodejs security update
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: nodejs: HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack Rapid Reset Attack CVE-2023-44487 A AlmaLinux Security Bulleti...
Important: tomcat9
Issue Overview: The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. CVE-2023-44487 Affected Packages: tomcat9 Issue Correction: Run dnf update tomcat9...
nginx:1.20 security update
1:1.20.1-1.0.1.1 - Resolves: RHEL-12732 - nginx:1.20/nginx: HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack Rapid Reset Attack CVE-2023-44487...
AlmaLinux 9 : nodejs (ALSA-2023:5765)
The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2023:5765 advisory. - The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild ...
AlmaLinux 9 : nginx (ALSA-2023:5711)
The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2023:5711 advisory. - The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild ...