4433 matches found
Apache Tomcat 10.1.0.M1 < 10.1.14 multiple vulnerabilities
The version of Tomcat installed on the remote host is prior to 10.1.14. It is, therefore, affected by multiple vulnerabilities as referenced in the fixedinapachetomcat10.1.14security-10 advisory. - Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M11,...
Apache Tomcat 8.5.0 < 8.5.94 multiple vulnerabilities
The version of Tomcat installed on the remote host is prior to 8.5.94. It is, therefore, affected by multiple vulnerabilities as referenced in the fixedinapachetomcat8.5.94security-8 advisory. - Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M11, fro...
Apache Tomcat 9.0.0.M1 < 9.0.81 multiple vulnerabilities
The version of Tomcat installed on the remote host is prior to 9.0.81. It is, therefore, affected by multiple vulnerabilities as referenced in the fixedinapachetomcat9.0.81security-9 advisory. - Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M11, fro...
FreeBSD : h2o -- HTTP/2 Rapid Reset attack vulnerability (bf545001-b96d-42e4-9d2e-60fdee204a43)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the bf545001-b96d-42e4-9d2e-60fdee204a43 advisory. - The HTTP/2 protocol allows a denial of service server resource consumption because request cancellati...
CVE-2023-44487
The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023...
PT-2023-25586 · Eclipse +6 · Eclipse Jetty +8
Name of the Vulnerable Software and Affected Versions: Eclipse Jetty versions 9.0.0 through 9.4.52 Eclipse Jetty versions 10.0.0 through 10.0.15 Eclipse Jetty versions 11.0.0 through 11.0.15 Description: The issue is caused by an integer overflow in MetaDataBuilder.checkSize, allowing HTTP/2 HPAC...
CVE-2023-44487
The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023...
HTTP/2 Stream Cancellation Attack
HTTP/2 Rapid reset attack The HTTP/2 protocol allows clients to indicate to the server that a previous stream should be canceled by sending a RSTSTREAM frame. The protocol does not require the client and server to coordinate the cancellation in any way, the client may do it unilaterally. The clie...
Ubuntu 22.04 LTS / 23.04 : .NET vulnerability (USN-6427-1)
The remote Ubuntu 22.04 LTS / 23.04 host has packages installed that are affected by a vulnerability as referenced in the USN-6427-1 advisory. It was discovered that the .NET Kestrel web server did not properly handle HTTP/2 requests. A remote attacker could possibly use this issue to cause a...
KB5031364: Windows Server 2022 / Azure Stack HCI 22H2 Security Update (October 2023)
The remote Windows host is missing security update 5031364. It is, therefore, affected by multiple vulnerabilities - The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through...
Fixed in Apache Tomcat 10.1.14
Important: Request smuggling CVE-2023-45648 Tomcat did not correctly parse HTTP trailer headers. A specially crafted, invalid trailer header could cause Tomcat to treat a single request as multiple requests leading to the possibility of request smuggling when behind a reverse proxy. This was fixe...
CVE-2023-44487
The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023...
h2o -- HTTP/2 Rapid Reset attack vulnerability
Kazuo Okuhu reports: H2O is vulnerable to the HTTP/2 Rapid Reset attack. An attacker might be able to consume more than adequate amount of processing power of h2o and the backend servers by mounting the attack...
KB5031356: Windows 10 Version 21H2 / Windows 10 Version 22H2 Security Update (October 2023)
The remote Windows host is missing security update 5031356. It is, therefore, affected by multiple vulnerabilities - The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through...
KB5031354: Windows 11 version 22H2 Security Update (October 2023)
The remote Windows host is missing security update 5031354. It is, therefore, affected by multiple vulnerabilities - The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through...
KB5031362: Windows 10 Version 1607 and Windows Server 2016 Security Update (October 2023)
The remote Windows host is missing security update 5031362. It is, therefore, affected by multiple vulnerabilities - The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through...
KB5031361: Windows 10 version 1809 / Windows Server 2019 Security Update (October 2023)
The remote Windows host is missing security update 5031361. It is, therefore, affected by multiple vulnerabilities - The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through...
KB5031358: Windows 11 version 21H2 Security Update (October 2023)
The remote Windows host is missing security update 5031358. It is, therefore, affected by multiple vulnerabilities - The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through...
CVE-2023-44487
The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...
CVE-2023-44487
The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023...