Lucene search
K

4433 matches found

Tenable Nessus
Tenable Nessus
added 2023/10/10 12:0 a.m.55 views

Apache Tomcat 10.1.0.M1 < 10.1.14 multiple vulnerabilities

The version of Tomcat installed on the remote host is prior to 10.1.14. It is, therefore, affected by multiple vulnerabilities as referenced in the fixedinapachetomcat10.1.14security-10 advisory. - Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M11,...

7.5CVSS7.3AI score0.99999EPSS
Exploits21References7
Tenable Nessus
Tenable Nessus
added 2023/10/10 12:0 a.m.156 views

Apache Tomcat 8.5.0 < 8.5.94 multiple vulnerabilities

The version of Tomcat installed on the remote host is prior to 8.5.94. It is, therefore, affected by multiple vulnerabilities as referenced in the fixedinapachetomcat8.5.94security-8 advisory. - Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M11, fro...

7.5CVSS7.2AI score0.99999EPSS
Exploits21References9
Tenable Nessus
Tenable Nessus
added 2023/10/10 12:0 a.m.173 views

Apache Tomcat 9.0.0.M1 < 9.0.81 multiple vulnerabilities

The version of Tomcat installed on the remote host is prior to 9.0.81. It is, therefore, affected by multiple vulnerabilities as referenced in the fixedinapachetomcat9.0.81security-9 advisory. - Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M11, fro...

7.5CVSS7.2AI score0.99999EPSS
Exploits21References9
Tenable Nessus
Tenable Nessus
added 2023/10/10 12:0 a.m.52 views

FreeBSD : h2o -- HTTP/2 Rapid Reset attack vulnerability (bf545001-b96d-42e4-9d2e-60fdee204a43)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the bf545001-b96d-42e4-9d2e-60fdee204a43 advisory. - The HTTP/2 protocol allows a denial of service server resource consumption because request cancellati...

7.5CVSS7.2AI score0.99999EPSS
Exploits19References3
Debian CVE
Debian CVE
added 2023/10/10 12:0 a.m.103 views

CVE-2023-44487

The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023...

7.5CVSS8.2AI score0.99999EPSS
Exploits19
Positive Technologies
Positive Technologies
added 2023/10/10 12:0 a.m.16 views

PT-2023-25586 · Eclipse +6 · Eclipse Jetty +8

Name of the Vulnerable Software and Affected Versions: Eclipse Jetty versions 9.0.0 through 9.4.52 Eclipse Jetty versions 10.0.0 through 10.0.15 Eclipse Jetty versions 11.0.0 through 11.0.15 Description: The issue is caused by an integer overflow in MetaDataBuilder.checkSize, allowing HTTP/2 HPAC...

7.5CVSS6.8AI score0.99999EPSS
Exploits31References131
Vulnrichment
Vulnrichment
added 2023/10/10 12:0 a.m.41 views

CVE-2023-44487

The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023...

7.9AI score0.99999EPSS
Exploits19References144
GitLab Advisory Database
GitLab Advisory Database
added 2023/10/10 12:0 a.m.53 views

HTTP/2 Stream Cancellation Attack

HTTP/2 Rapid reset attack The HTTP/2 protocol allows clients to indicate to the server that a previous stream should be canceled by sending a RSTSTREAM frame. The protocol does not require the client and server to coordinate the cancellation in any way, the client may do it unilaterally. The clie...

7.5CVSS8.2AI score0.99999EPSS
Exploits19References181Affected Software1
Tenable Nessus
Tenable Nessus
added 2023/10/10 12:0 a.m.45 views

Ubuntu 22.04 LTS / 23.04 : .NET vulnerability (USN-6427-1)

The remote Ubuntu 22.04 LTS / 23.04 host has packages installed that are affected by a vulnerability as referenced in the USN-6427-1 advisory. It was discovered that the .NET Kestrel web server did not properly handle HTTP/2 requests. A remote attacker could possibly use this issue to cause a...

7.5CVSS7.2AI score0.99999EPSS
Exploits19References2
Tenable Nessus
Tenable Nessus
added 2023/10/10 12:0 a.m.49 views

KB5031364: Windows Server 2022 / Azure Stack HCI 22H2 Security Update (October 2023)

The remote Windows host is missing security update 5031364. It is, therefore, affected by multiple vulnerabilities - The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through...

9.8CVSS7.6AI score0.99999EPSS
Exploits20References80
Apache Tomcat
Apache Tomcat
added 2023/10/10 12:0 a.m.75 views

Fixed in Apache Tomcat 10.1.14

Important: Request smuggling CVE-2023-45648 Tomcat did not correctly parse HTTP trailer headers. A specially crafted, invalid trailer header could cause Tomcat to treat a single request as multiple requests leading to the possibility of request smuggling when behind a reverse proxy. This was fixe...

7.5CVSS7.7AI score0.99999EPSS
Exploits21Affected Software1
UbuntuCve
UbuntuCve
added 2023/10/10 12:0 a.m.424 views

CVE-2023-44487

The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023...

7.5CVSS7AI score0.99999EPSS
Exploits19References31
FreeBSD
FreeBSD
added 2023/10/10 12:0 a.m.76 views

h2o -- HTTP/2 Rapid Reset attack vulnerability

Kazuo Okuhu reports: H2O is vulnerable to the HTTP/2 Rapid Reset attack. An attacker might be able to consume more than adequate amount of processing power of h2o and the backend servers by mounting the attack...

7.5CVSS7AI score0.99999EPSS
Exploits19References1
Tenable Nessus
Tenable Nessus
added 2023/10/10 12:0 a.m.453 views

KB5031356: Windows 10 Version 21H2 / Windows 10 Version 22H2 Security Update (October 2023)

The remote Windows host is missing security update 5031356. It is, therefore, affected by multiple vulnerabilities - The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through...

9.8CVSS7.6AI score0.99999EPSS
Exploits20References74
Tenable Nessus
Tenable Nessus
added 2023/10/10 12:0 a.m.294 views

KB5031354: Windows 11 version 22H2 Security Update (October 2023)

The remote Windows host is missing security update 5031354. It is, therefore, affected by multiple vulnerabilities - The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through...

9.8CVSS7.6AI score0.99999EPSS
Exploits20References76
Tenable Nessus
Tenable Nessus
added 2023/10/10 12:0 a.m.368 views

KB5031362: Windows 10 Version 1607 and Windows Server 2016 Security Update (October 2023)

The remote Windows host is missing security update 5031362. It is, therefore, affected by multiple vulnerabilities - The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through...

9.8CVSS7.6AI score0.99999EPSS
Exploits19References71
Tenable Nessus
Tenable Nessus
added 2023/10/10 12:0 a.m.209 views

KB5031361: Windows 10 version 1809 / Windows Server 2019 Security Update (October 2023)

The remote Windows host is missing security update 5031361. It is, therefore, affected by multiple vulnerabilities - The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through...

9.8CVSS7.6AI score0.99999EPSS
Exploits20References79
Tenable Nessus
Tenable Nessus
added 2023/10/10 12:0 a.m.328 views

KB5031358: Windows 11 version 21H2 Security Update (October 2023)

The remote Windows host is missing security update 5031358. It is, therefore, affected by multiple vulnerabilities - The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through...

9.8CVSS7.6AI score0.99999EPSS
Exploits20References76
ATTACKERKB
ATTACKERKB
added 2023/10/10 12:0 a.m.574 views

CVE-2023-44487

The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

7.5CVSS6.4AI score0.99999EPSS
In wildExploits20References147
AlpineLinux
AlpineLinux
added 2023/10/10 12:0 a.m.63 views

CVE-2023-44487

The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023...

7.5CVSS8.5AI score0.99999EPSS
Exploits19References175
Rows per page
Query Builder