Lucene search
K

4433 matches found

Broadcom
Broadcom
added 2023/10/17 12:0 a.m.69 views

HTTP2 Rapid Reset Vulnerability (CVE-2023-44487)

The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. More information at: https://vulners.com/cve/CVE-2023-44487...

7.5CVSS8AI score0.99999EPSS
Exploits19
Amazon
Amazon
added 2023/10/17 12:0 a.m.59 views

Important: tomcat8

Issue Overview: Incomplete Cleanup vulnerability in Apache Tomcat. When recycling various internal objects in Apache Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.80 and from 8.5.0 through 8.5.93, an error could cause Tomcat to skip some parts...

7.5CVSS7.6AI score0.99999EPSS
Exploits21
Tenable Nessus
Tenable Nessus
added 2023/10/17 12:0 a.m.48 views

Oracle Linux 8 : nginx:1.22 (ELSA-2023-5713)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2023-5713 advisory. 1:1.22.1-1.0.1.1 - Resolves: RHEL-12728 - nginx:1.22/nginx: HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack Rapid Reset...

7.5CVSS7.3AI score0.99999EPSS
Exploits19References2
Tenable Nessus
Tenable Nessus
added 2023/10/17 12:0 a.m.47 views

RHEL 8 : nghttp2 (RHSA-2023:5768)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2023:5768 advisory. nghttp2 contains the Hypertext Transfer Protocol version 2 HTTP/2 client, server, and proxy programs as well as a library implementing the HTTP/2...

7.5CVSS7.3AI score0.99999EPSS
Exploits19References5
Tenable Nessus
Tenable Nessus
added 2023/10/17 12:0 a.m.61 views

RHEL 9 : nodejs (RHSA-2023:5765)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:5765 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes...

7.5CVSS7.3AI score0.99999EPSS
Exploits19References5
Oracle linux
Oracle linux
added 2023/10/17 12:0 a.m.61 views

nginx:1.22 security update

1:1.22.1-1.0.1.1 - Resolves: RHEL-12728 - nginx:1.22/nginx: HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack Rapid Reset AttackCVE-2023-44487...

5CVSS8.1AI score0.99999EPSS
Exploits19
Tenable Nessus
Tenable Nessus
added 2023/10/17 12:0 a.m.46 views

RHEL 9 : nghttp2 (RHSA-2023:5770)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:5770 advisory. nghttp2 contains the Hypertext Transfer Protocol version 2 HTTP/2 client, server, and proxy programs as well as a library implementing the HTTP/2...

7.5CVSS7.4AI score0.99999EPSS
Exploits19References5
Amazon
Amazon
added 2023/10/17 12:0 a.m.62 views

Important: nginx

Issue Overview: The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. CVE-2023-44487 Affected Packages: nginx Issue Correction: Run yum update nginx or yum...

7.5CVSS7.6AI score0.99999EPSS
Exploits19
Tenable Nessus
Tenable Nessus
added 2023/10/17 12:0 a.m.50 views

AlmaLinux 9 : go-toolset and golang (ALSA-2023:5738)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2023:5738 advisory. - Extremely large RSA keys in certificate chains can cause a client/server to expend significant CPU time verifying signatures. With fix, the size of RSA...

7.5CVSS7.3AI score0.99999EPSS
Exploits19References4
Tenable Nessus
Tenable Nessus
added 2023/10/17 12:0 a.m.72 views

Amazon Linux 2 : golang (ALAS-2023-2313)

The version of golang installed on the remote host is prior to 1.20.10-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2023-2313 advisory. 2024-01-03: CVE-2023-39319 was added to this advisory. 2023-10-30: CVE-2023-39318 was added to this advisory. The...

8.1CVSS7.6AI score0.99999EPSS
Exploits19References12
Amazon
Amazon
added 2023/10/17 12:0 a.m.72 views

Important: nghttp2

Issue Overview: The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. CVE-2023-44487 Affected Packages: nghttp2 Issue Correction: Run yum update nghttp2 or yu...

7.5CVSS7.6AI score0.99999EPSS
Exploits19
Tenable Nessus
Tenable Nessus
added 2023/10/17 12:0 a.m.56 views

AlmaLinux 8 : go-toolset:rhel8 (ALSA-2023:5721)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2023:5721 advisory. golang: net/http, x/net/http2: rapid stream resets can cause excessive work CVE-2023-44487 CVE-2023-39325 HTTP/2: Multiple HTTP/2 enabled web servers are...

7.5CVSS7.4AI score0.99999EPSS
Exploits19References3
Tenable Nessus
Tenable Nessus
added 2023/10/17 12:0 a.m.50 views

RHEL 9 : nodejs (RHSA-2023:5764)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:5764 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes...

7.5CVSS7.3AI score0.99999EPSS
Exploits19References5
Tenable Nessus
Tenable Nessus
added 2023/10/17 12:0 a.m.48 views

RHEL 8 : nodejs:16 (RHSA-2023:5803)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:5803 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes...

7.5CVSS7.4AI score0.99999EPSS
Exploits19References5
Tenable Nessus
Tenable Nessus
added 2023/10/17 12:0 a.m.113 views

Amazon Linux 2 : nghttp2 (ALAS-2023-2312)

The version of nghttp2 installed on the remote host is prior to 1.41.0-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2023-2312 advisory. - The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams...

7.5CVSS7.2AI score0.99999EPSS
Exploits19References4
AlmaLinux
AlmaLinux
added 2023/10/17 12:0 a.m.62 views

Important: nodejs security update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: nodejs: HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack Rapid Reset Attack CVE-2023-44487 A AlmaLinux Security Bulleti...

7.5CVSS6.9AI score0.99999EPSS
Exploits19References4
Amazon
Amazon
added 2023/10/17 12:0 a.m.28 views

Important: tomcat9

Issue Overview: The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. CVE-2023-44487 Affected Packages: tomcat9 Issue Correction: Run dnf update tomcat9...

7.5CVSS7.5AI score0.99999EPSS
Exploits19
Oracle linux
Oracle linux
added 2023/10/17 12:0 a.m.154 views

nginx:1.20 security update

1:1.20.1-1.0.1.1 - Resolves: RHEL-12732 - nginx:1.20/nginx: HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack Rapid Reset Attack CVE-2023-44487...

5CVSS8.1AI score0.99999EPSS
Exploits19
Tenable Nessus
Tenable Nessus
added 2023/10/17 12:0 a.m.55 views

AlmaLinux 9 : nodejs (ALSA-2023:5765)

The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2023:5765 advisory. - The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild ...

7.5CVSS7.2AI score0.99999EPSS
Exploits19References2
Tenable Nessus
Tenable Nessus
added 2023/10/17 12:0 a.m.55 views

AlmaLinux 9 : nginx (ALSA-2023:5711)

The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2023:5711 advisory. - The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild ...

7.5CVSS7.2AI score0.99999EPSS
Exploits19References2
Rows per page
Query Builder