Lucene search
K

4433 matches found

Debian CVE
Debian CVE
added 2023/10/11 9:15 p.m.43 views

CVE-2023-39325

A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attacker to create a ne...

7.5CVSS6.6AI score0.03796EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2023/10/11 9:15 p.m.70 views

CVE-2023-39325

A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attacker to create a ne...

7.5CVSS7.4AI score0.03796EPSS
Exploits0
OSV
OSV
added 2023/10/11 8:35 p.m.57 views

GHSA-4374-P667-P6C8 HTTP/2 rapid reset can cause excessive work in net/http

A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attacker to create a ne...

7.5CVSS7.3AI score0.03796EPSS
Exploits0References46
Github Security Blog
Github Security Blog
added 2023/10/11 8:35 p.m.57 views

HTTP/2 rapid reset can cause excessive work in net/http

A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attacker to create a ne...

7.5CVSS7.7AI score0.03796EPSS
Exploits0References46Affected Software1
RedhatCVE
RedhatCVE
added 2023/10/11 5:12 p.m.194 views

CVE-2023-39325

A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RSTSTREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any...

7.5CVSS8.2AI score0.99999EPSS
Exploits19References7
OSV
OSV
added 2023/10/11 4:49 p.m.68 views

GO-2023-2102 HTTP/2 rapid reset can cause excessive work in net/http

A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attacker to create a ne...

7.5CVSS7.7AI score0.99999EPSS
Exploits19References4
Palo Alto Networks
Palo Alto Networks
added 2023/10/11 4:0 p.m.59 views

Impact of Rapid Reset and HTTP/2 DoS Vulnerabilities (CVE-2023-44487, CVE-2023-35945)

The Palo Alto Networks Product Security Assurance team is evaluating the recently disclosed denial-of-service DoS vulnerabilities in the HTTP/2 protocol including Rapid Reset CVE-2023-44487 and CVE-2023-35945. If HTTP/2 inspection is enabled in PAN-OS, an ongoing distributed denial-of-service DDo...

7.5CVSS8.2AI score0.99999EPSS
Exploits19References1
HackRead
HackRead
added 2023/10/11 2:0 p.m.20 views

Google, Cloudflare, and AWS Disclose Largest DDoS Attack in History

By Deeba Ahmed Google, Cloudflare, and AWS Disclosed Digital History’s Largest Ever DDoS Attack- Courtesy HTTP/2 Zero-day. This is a post from HackRead.com Read the original post: Google, Cloudflare, and AWS Disclose Largest DDoS Attack in History...

6.9AI score
Exploits0
The Hacker News
The Hacker News
added 2023/10/11 7:0 a.m.117 views

Microsoft Releases October 2023 Patches for 103 Flaws, Including 2 Active Exploits

Microsoft has released its Patch Tuesday updates for October 2023, addressing a total of 103 flaws in its software, two of which have come under active exploitation in the wild. Of the 103 flaws, 13 are rated Critical and 90 are rated Important in severity. This is apart from 18 security...

9.8CVSS7.5AI score0.99999EPSS
Exploits19
Slackware Linux
Slackware Linux
added 2023/10/11 6:45 a.m.47 views

[slackware-security] nghttp2

New nghttp2 packages are available for Slackware 15.0 and -current to fix a security issue. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/nghttp2-1.57.0-i586-1slack15.0.txz: Upgraded. This release has a fix to mitigate the HTTP/2 Rapid Reset vulnerability. For more...

7.5CVSS9.2AI score0.99999EPSS
Exploits19
GithubExploit
GithubExploit
added 2023/10/11 1:59 a.m.1887 views

Exploit for Uncontrolled Resource Consumption in Ietf Http

This is a proof of concept for a Denial of Service DoS exploit...

7.5CVSS7.4AI score0.99999EPSS
Exploits19
CNVD
CNVD
added 2023/10/11 12:0 a.m.20 views

F5 BIG-IP HTTP/2 Denial of Service Vulnerability

F5 BIG-IP is an application delivery platform from F5 that integrates network traffic orchestration, load balancing, intelligent DNS, and remote access policy management. A denial of service vulnerability exists in F5 BIG-IP HTTP/2, which can be exploited by an attacker to cause TMM termination...

7.5CVSS6.8AI score0.00538EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2023/10/11 12:0 a.m.31 views

.NET Core HTTP2 Rapid Reset Attack DoS Vulnerability - Windows

.NET Core is prone to a denial of service vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:microsoft:asp.netcore";...

7.5CVSS8.4AI score0.99999EPSS
Exploits19References8
OpenVAS
OpenVAS
added 2023/10/11 12:0 a.m.49 views

Apache Tomcat Multiple Vulnerabilities (Oct 2023) - Linux

Apache Tomcat is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apache:tomcat"; if descriptio...

7.5CVSS8.3AI score0.99999EPSS
Exploits21References14
UbuntuCve
UbuntuCve
added 2023/10/11 12:0 a.m.35 views

CVE-2023-39325

A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attacker to create a ne...

7.5CVSS6.7AI score0.03796EPSS
Exploits0References7
OpenVAS
OpenVAS
added 2023/10/11 12:0 a.m.28 views

Ubuntu: Security Advisory (USN-6427-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS8.8AI score0.99999EPSS
Exploits19References4
Tenable Nessus
Tenable Nessus
added 2023/10/11 12:0 a.m.57 views

Slackware Linux 15.0 / current nghttp2 Vulnerability (SSA:2023-284-02)

The version of nghttp2 installed on the remote host is prior to 1.57.0. It is, therefore, affected by a vulnerability as referenced in the SSA:2023-284-02 advisory. - The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams...

7.5CVSS7.2AI score0.99999EPSS
Exploits19References2
Tenable Nessus
Tenable Nessus
added 2023/10/11 12:0 a.m.70 views

Debian DSA-5522-1 : tomcat9 - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5522 advisory. - Apache Commons FileUpload before 1.5 does not limit the number of request parts to be processed resulting in the possibility of an attacker triggering a DoS wit...

7.5CVSS7.2AI score0.99999EPSS
Exploits22References13
Tenable Nessus
Tenable Nessus
added 2023/10/11 12:0 a.m.71 views

Debian DSA-5521-1 : tomcat10 - security update

The remote Debian 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5521 advisory. - The fix for CVE-2023-24998 was incomplete for Apache Tomcat 11.0.0-M2 to 11.0.0-M4, 10.1.5 to 10.1.7, 9.0.71 to 9.0.73 and 8.5.85 to 8.5.87. If non-default HTTP...

7.5CVSS7.2AI score0.99999EPSS
Exploits22References13
Krebs on Security
Krebs on Security
added 2023/10/10 10:51 p.m.83 views

Patch Tuesday, October 2023 Edition

Microsoft today issued security updates for more than 100 newly-discovered vulnerabilities in its Windows operating system and related software, including four flaws that are already being exploited. In addition, Apple recently released emergency updates to quash a pair of zero-day bugs in iOS...

7.5CVSS8AI score0.99999EPSS
Exploits22
Rows per page
Query Builder