Lucene search
K

4433 matches found

Github Security Blog
Github Security Blog
added 2023/10/10 10:22 p.m.161 views

io.netty:netty-codec-http2 vulnerable to HTTP/2 Rapid Reset Attack

A client might overload the server by issue frequent RST frames. This can cause a massive amount of load on the remote system and so cause a DDOS attack. Impact This is a DDOS attack, any http2 server is affected and so you should update as soon as possible. Patches This is patched in version...

7.5CVSS6.8AI score0.99999EPSS
Exploits19References6Affected Software1
OSV
OSV
added 2023/10/10 10:22 p.m.50 views

GHSA-XPW8-RCWV-8F8P io.netty:netty-codec-http2 vulnerable to HTTP/2 Rapid Reset Attack

A client might overload the server by issue frequent RST frames. This can cause a massive amount of load on the remote system and so cause a DDOS attack. Impact This is a DDOS attack, any http2 server is affected and so you should update as soon as possible. Patches This is patched in version...

7.5CVSS7.9AI score0.99999EPSS
Exploits19References6
Debian
Debian
added 2023/10/10 10:9 p.m.71 views

[SECURITY] [DSA 5521-1] tomcat10 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5521-1 [email protected] https://www.debian.org/security/ Markus Koschany October 10, 2023 https://www.debian.org/security/faq -...

7.5CVSS8.2AI score0.99999EPSS
Exploits22
Qualys Blog
Qualys Blog
added 2023/10/10 10:1 p.m.68 views

CVE-2023-44487 HTTP/2 Rapid Reset Attack

Today, Amazon Web Services, Cloudflare, and Google, in a coordinated announcement, reveal their experiences mitigating powerful HTTP/2-based DDoS attacks utilizing a zero-day technique referred to as Rapid Reset, documented under the vulnerability identifier CVE-2023-44487. The attack magnitudes...

5CVSS7.6AI score0.99999EPSS
Exploits21
Github Security Blog
Github Security Blog
added 2023/10/10 9:28 p.m.132 views

HTTP/2 Stream Cancellation Attack

HTTP/2 Rapid reset attack The HTTP/2 protocol allows clients to indicate to the server that a previous stream should be canceled by sending a RSTSTREAM frame. The protocol does not require the client and server to coordinate the cancellation in any way, the client may do it unilaterally. The clie...

7.5CVSS7.2AI score0.99999EPSS
Exploits19References190Affected Software12
Github Security Blog
Github Security Blog
added 2023/10/10 9:16 p.m.37 views

HTTP/2 HPACK integer overflow and buffer allocation

An integer overflow in MetaDataBuilder.checkSize allows for HTTP/2 HPACK header values to exceed their size limit. In MetaDataBuilder.java, the following code determines if a header name or value exceeds the size limit, and throws an exception if the limit is exceeded: java 291 public void...

7.5CVSS7.4AI score0.03754EPSS
Exploits1References13Affected Software2
RedhatCVE
RedhatCVE
added 2023/10/10 9:13 p.m.81 views

CVE-2023-44487

A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RSTSTREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any...

7.5CVSS8AI score0.99999EPSS
Exploits19References8
Qualys Blog
Qualys Blog
added 2023/10/10 7:44 p.m.103 views

Microsoft and Adobe Patch Tuesday, October 2023 Security Update Review

Microsoft released its October edition of Patch Tuesday! In this months updates, Microsoft has addressed 105 vulnerabilities in different products, features, and roles. Lets take a look at the updates in detail. Microsoft Patch Tuesday for October 2023 Microsoft has addressed three zero-day...

7.5CVSS9.6AI score0.99999EPSS
Exploits20
Github Security Blog
Github Security Blog
added 2023/10/10 6:23 p.m.92 views

github.com/nghttp2/nghttp2 has HTTP/2 Rapid Reset

Impact Rapidly creating and cancelling streams HEADERS frame immediately followed by RSTSTREAM without bound cause denial of service. See https://vulners.com/cve/CVE-2023-44487 for details. Patches nghttp2 v1.57.0 mitigates this vulnerability by default. Workarounds If upgrading to nghttp2 v1.57....

7.5CVSS6.8AI score0.99999EPSS
Exploits19References4Affected Software1
OSV
OSV
added 2023/10/10 6:23 p.m.51 views

GHSA-VX74-F528-FXQG github.com/nghttp2/nghttp2 has HTTP/2 Rapid Reset

Impact Rapidly creating and cancelling streams HEADERS frame immediately followed by RSTSTREAM without bound cause denial of service. See https://vulners.com/cve/CVE-2023-44487 for details. Patches nghttp2 v1.57.0 mitigates this vulnerability by default. Workarounds If upgrading to nghttp2 v1.57....

7.5CVSS7.9AI score0.99999EPSS
Exploits19References4
Ubuntu
Ubuntu
added 2023/10/10 6:18 p.m.83 views

USN-6427-1: .NET vulnerability

It was discovered that the .NET Kestrel web server did not properly handle HTTP/2 requests. A remote attacker could possibly use this issue to cause a denial of service...

7.5CVSS7.2AI score0.99999EPSS
Exploits19
NVD
NVD
added 2023/10/10 5:15 p.m.28 views

CVE-2023-36478

Eclipse Jetty provides a web server and servlet container. In versions 11.0.0 through 11.0.15, 10.0.0 through 10.0.15, and 9.0.0 through 9.4.52, an integer overflow in MetaDataBuilder.checkSize allows for HTTP/2 HPACK header values to exceed their size limit. MetaDataBuilder.java determines if a...

7.5CVSS7.7AI score0.03754EPSS
Exploits1References10
Prion
Prion
added 2023/10/10 5:15 p.m.44 views

Integer overflow

Eclipse Jetty provides a web server and servlet container. In versions 11.0.0 through 11.0.15, 10.0.0 through 10.0.15, and 9.0.0 through 9.4.52, an integer overflow in MetaDataBuilder.checkSize allows for HTTP/2 HPACK header values to exceed their size limit. MetaDataBuilder.java determines if a...

5CVSS7.5AI score0.03754EPSS
Exploits1References9Affected Software3
UbuntuCve
UbuntuCve
added 2023/10/10 5:15 p.m.32 views

CVE-2023-36478

Eclipse Jetty provides a web server and servlet container. In versions 11.0.0 through 11.0.15, 10.0.0 through 10.0.15, and 9.0.0 through 9.4.52, an integer overflow in MetaDataBuilder.checkSize allows for HTTP/2 HPACK header values to exceed their size limit. MetaDataBuilder.java determines if a...

7.5CVSS7AI score0.03754EPSS
Exploits1References6
AlpineLinux
AlpineLinux
added 2023/10/10 4:53 p.m.45 views

CVE-2023-36478

Eclipse Jetty provides a web server and servlet container. In versions 11.0.0 through 11.0.15, 10.0.0 through 10.0.15, and 9.0.0 through 9.4.52, an integer overflow in MetaDataBuilder.checkSize allows for HTTP/2 HPACK header values to exceed their size limit. MetaDataBuilder.java determines if a...

7.5CVSS7.8AI score0.03754EPSS
Exploits1
Cvelist
Cvelist
added 2023/10/10 4:53 p.m.32 views

CVE-2023-36478 HTTP/2 HPACK integer overflow and buffer allocation

Eclipse Jetty provides a web server and servlet container. In versions 11.0.0 through 11.0.15, 10.0.0 through 10.0.15, and 9.0.0 through 9.4.52, an integer overflow in MetaDataBuilder.checkSize allows for HTTP/2 HPACK header values to exceed their size limit. MetaDataBuilder.java determines if a...

7.5CVSS7.9AI score0.03754EPSS
Exploits1References10
CVE
CVE
added 2023/10/10 4:53 p.m.605 views

CVE-2023-36478

CVE-2023-36478 (Jetty) affects Jetty 9.x/10.x/11.x: an integer overflow in MetaDataBuilder.checkSize can cause HPACK header lengths to overflow, potentially enabling a remote denial-of-service via malformed HTTP/2 header values. The flaw occurs when length is large and Huffman encoding is used, c...

7.5CVSS7.7AI score0.03754EPSS
Exploits1References10Affected Software1
OSV
OSV
added 2023/10/10 4:53 p.m.55 views

CVE-2023-36478 HTTP/2 HPACK integer overflow and buffer allocation

Eclipse Jetty provides a web server and servlet container. In versions 11.0.0 through 11.0.15, 10.0.0 through 10.0.15, and 9.0.0 through 9.4.52, an integer overflow in MetaDataBuilder.checkSize allows for HTTP/2 HPACK header values to exceed their size limit. MetaDataBuilder.java determines if a...

7.5CVSS6.7AI score0.03754EPSS
Exploits1References12
Debian CVE
Debian CVE
added 2023/10/10 4:53 p.m.31 views

CVE-2023-36478

Eclipse Jetty provides a web server and servlet container. In versions 11.0.0 through 11.0.15, 10.0.0 through 10.0.15, and 9.0.0 through 9.4.52, an integer overflow in MetaDataBuilder.checkSize allows for HTTP/2 HPACK header values to exceed their size limit. MetaDataBuilder.java determines if a...

7.5CVSS7.2AI score0.03754EPSS
Exploits1
The Hacker News
The Hacker News
added 2023/10/10 3:24 p.m.76 views

HTTP/2 Rapid Reset Zero-Day Vulnerability Exploited to Launch Record DDoS Attacks

Amazon Web Services AWS, Cloudflare, and Google on Tuesday said they took steps to mitigate record-breaking distributed denial-of-service DDoS attacks that relied on a novel technique called HTTP/2 Rapid Reset. The layer 7 attacks were detected in late August 2023, the companies said in a...

7.5CVSS7.2AI score0.99999EPSS
Exploits19
Rows per page
Query Builder