Lucene search
K

4433 matches found

Veracode
Veracode
added 2023/10/12 2:37 p.m.104 views

Denial Of Service (DoS)

Libraries that implement HTTP/2 are vulnerable to Denial Of Service DoS. The vulnerability could be exploited by attackers via sending a large number of HTTP/2 requests to a vulnerable server, then canceling them, causing the server to consume excessive resources and become unavailable to...

7.5CVSS6.7AI score0.99999EPSS
Exploits19References166Affected Software37
hivepro
hivepro
added 2023/10/12 8:9 a.m.75 views

HTTP2 Zero-Day Exploited for the Most Explosive DDoS Attacks

Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary A zero-day vulnerability in HTTP/2 has been actively exploited in August, introducing a novel DDoS technique referred as "Rapid Reset". The attack, utilizing CVE-2023-44487, exploits a vulnerabili...

6.7AI score0.99999EPSS
Exploits19
OpenVAS
OpenVAS
added 2023/10/12 12:0 a.m.26 views

Eclipse Jetty HTTP/2 HPACK DoS Vulnerability (GHSA-wgh7-54f2-x98r) - Windows

Eclipse Jetty is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:eclipse:jetty";...

7.5CVSS7.5AI score0.03754EPSS
Exploits1References2
OpenVAS
OpenVAS
added 2023/10/12 12:0 a.m.35 views

Eclipse Jetty HTTP/2 HPACK DoS Vulnerability (GHSA-wgh7-54f2-x98r) - Linux

Eclipse Jetty is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:eclipse:jetty";...

7.5CVSS7.5AI score0.03754EPSS
Exploits1References2
OpenVAS
OpenVAS
added 2023/10/12 12:0 a.m.38 views

Node.js 18.x < 18.18.2, 20.x < 20.8.1 Multiple Vulnerabilities - Windows

Node.js is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:nodejs:node.js"; ifdescription...

9.8CVSS8.6AI score0.99999EPSS
Exploits19References9
Tenable Nessus
Tenable Nessus
added 2023/10/12 12:0 a.m.295 views

Security Updates for Microsoft ASP.NET Core (October 2023)

The version of ASP.NET core installed on the remote host is affected by a denial of service DoS vulnerability. The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October...

7.5CVSS7.2AI score0.99999EPSS
Exploits19References7
OpenVAS
OpenVAS
added 2023/10/12 12:0 a.m.36 views

Debian: Security Advisory (DSA-5522-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS8.6AI score0.99999EPSS
Exploits22References6
OpenVAS
OpenVAS
added 2023/10/12 12:0 a.m.33 views

Eclipse Jetty HTTP/2 Protocol DoS Vulnerability (CVE-2023-44487) - Windows

Eclipse Jetty is prone to a denial of service DoS vulnerability in the HTTP/2 protocol. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

7.5CVSS8.4AI score0.99999EPSS
Exploits19References8
Tenable Nessus
Tenable Nessus
added 2023/10/12 12:0 a.m.149 views

Apache Tomcat 9.0.70 < 9.0.81 Multiple Vulnerabilities

The version of Apache Tomcat installed on the remote host is 8.5.85 to 8.5.93, 9.0.70 to 9.0.80, 10.1.0-M1 to 10.1.13 or 11.0.0-M1 to 11.0.0-M11. It is, therefore, affected by multiple vulnerabilities : - Tomcat did not correctly parse HTTP trailer headers. A specially crafted, invalid trailer...

7.5CVSS8.6AI score0.99999EPSS
Exploits21References5
OpenVAS
OpenVAS
added 2023/10/12 12:0 a.m.35 views

Eclipse Jetty HTTP/2 Protocol DoS Vulnerability (CVE-2023-44487) - Linux

Eclipse Jetty is prone to a denial of service DoS vulnerability in the HTTP/2 protocol. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

7.5CVSS8.4AI score0.99999EPSS
Exploits19References8
OpenVAS
OpenVAS
added 2023/10/12 12:0 a.m.39 views

Node.js 18.x < 18.18.2, 20.x < 20.8.1 Multiple Vulnerabilities - Mac OS X

Node.js is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:nodejs:node.js"; ifdescription...

9.8CVSS8.1AI score0.99999EPSS
Exploits19References9
OpenVAS
OpenVAS
added 2023/10/12 12:0 a.m.35 views

nghttp2 < 1.57.0 HTTP/2 Protocol DoS Vulnerability

nghttpd2 is prone to a denial of service DoS vulnerability in the HTTP/2 protocol. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

7.5CVSS8.3AI score0.99999EPSS
Exploits19References10
OpenVAS
OpenVAS
added 2023/10/12 12:0 a.m.31 views

H2O HTTP Server HTTP/2 Protocol DoS Vulnerability (GHSA-2m7v-gc89-fjqf)

H2O is prone to a denial of service DoS vulnerability in the HTTP/2 protocol. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

7.5CVSS8.5AI score0.99999EPSS
Exploits19References9
Talos Blog
Talos Blog
added 2023/10/11 11:6 p.m.59 views

What to know about the HTTP/2 Rapid Reset DDoS attacks

Cisco Talos is actively tracking the novel distributed denial-of-service DDoS attacks cloud services provider Cloudflare disclosed earlier this week. The techniques described in Cloudflares blog post resulted in a record-breaking DDoS attack and could facilitate much larger attacks in the future...

5CVSS7.2AI score0.99999EPSS
Exploits19
NVD
NVD
added 2023/10/11 10:15 p.m.13 views

CVE-2023-39325

A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attacker to create a ne...

7.5CVSS7.7AI score0.03796EPSS
Exploits0References43
OSV
OSV
added 2023/10/11 10:15 p.m.7 views

AZL-34544 CVE-2023-39325 affecting package application-gateway-kubernetes-ingress for versions less than 1.7.7-1

A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attacker to create a ne...

7.5CVSS6.6AI score0.03796EPSS
Exploits0References1
OSV
OSV
added 2023/10/11 10:15 p.m.48 views

CVE-2023-39325

A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attacker to create a ne...

7.5CVSS6.9AI score
Exploits0References43
Prion
Prion
added 2023/10/11 10:15 p.m.41 views

Design/Logic Flaw

A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attacker to create a ne...

5CVSS7.5AI score0.03796EPSS
Exploits0References39Affected Software3
Cvelist
Cvelist
added 2023/10/11 9:15 p.m.25 views

CVE-2023-39325 HTTP/2 rapid reset can cause excessive work in net/http

A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attacker to create a ne...

7.8AI score0.03796EPSS
Exploits0References43
CVE
CVE
added 2023/10/11 9:15 p.m.3203 views

CVE-2023-39325

CVE-2023-39325 describes a DoS in HTTP/2 handling where a malicious client rapidly creates and resets requests, potentially exhausting server resources. The fix tightens per-connection concurrency handling: servers bound the number of executing handler goroutines to the stream-concurrency limit (...

7.5CVSS7.3AI score0.03796EPSS
Exploits0References43Affected Software2
Rows per page
Query Builder