Moderate: java-17-openjdk security and bug fix update

The java-17-openjdk packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit. Security Fixes: OpenJDK: improper MultiByte conversion can lead to buffer overflow JGSS, 8286077 CVE-2022-21618 OpenJDK: excessive memory allocation in X.509 certificate...

Moderate: Red Hat Security Advisory: java-17-openjdk security and bug fix update

An update for java-17-openjdk is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

Moderate: Red Hat Security Advisory: java-11-openjdk security and bug fix update

An update for java-11-openjdk is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

Denial Of Service (DoS)

github.com/traefik/traefik is vulnerable to denial of service. The vulnerability exists during the closing of HTTP/2 connections which could hang forever because of a subsequent fatal error resulting in an application crash...

CVE-2022-39271

Traefik pronounced traffic is a modern HTTP reverse proxy and load balancer that assists in deploying microservices. There is a potential vulnerability in Traefik managing HTTP/2 connections. A closing HTTP/2 server connection could hang forever because of a subsequent fatal error. This failure...

Code injection

Traefik pronounced traffic is a modern HTTP reverse proxy and load balancer that assists in deploying microservices. There is a potential vulnerability in Traefik managing HTTP/2 connections. A closing HTTP/2 server connection could hang forever because of a subsequent fatal error. This failure...

CVE-2022-39271

Traefik pronounced traffic is a modern HTTP reverse proxy and load balancer that assists in deploying microservices. There is a potential vulnerability in Traefik managing HTTP/2 connections. A closing HTTP/2 server connection could hang forever because of a subsequent fatal error. This failure...

Security Bulletin: Multiple Vulnerabilities in Rational Synergy 7.2.2 Fix Pack 04 and earlier versions.

Summary Vulnerabilities in the Jetty 9.4.42 and earlier component shipped with Rational Synergy may affect the security of the product. Vulnerability Details CVEID:CVE-2022-2191 DESCRIPTION: Eclipse Jetty is vulnerable to a denial of service, caused by a flaw with SslConnection does not release...

Medium: golang

Issue Overview: In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if shutdown were preempted by a fatal error. CVE-2022-27664 Affected Packages: golang Note: This advisory is applicable to Amazon...

Amazon Linux 2 : golang (ALAS-2022-1851)

The version of golang installed on the remote host is prior to 1.18.6-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2022-1851 advisory. In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers can cause a denial of service because an HTTP/2 connection can...

CVE-2022-39271 Traefik HTTP/2 connections management could cause a denial of service

Traefik pronounced traffic is a modern HTTP reverse proxy and load balancer that assists in deploying microservices. There is a potential vulnerability in Traefik managing HTTP/2 connections. A closing HTTP/2 server connection could hang forever because of a subsequent fatal error. This failure...

CVE-2022-39271 Traefik HTTP/2 connections management could cause a denial of service

Traefik pronounced traffic is a modern HTTP reverse proxy and load balancer that assists in deploying microservices. There is a potential vulnerability in Traefik managing HTTP/2 connections. A closing HTTP/2 server connection could hang forever because of a subsequent fatal error. This failure...

CVE-2022-39271 Traefik HTTP/2 connections management could cause a denial of service

Traefik pronounced traffic is a modern HTTP reverse proxy and load balancer that assists in deploying microservices. There is a potential vulnerability in Traefik managing HTTP/2 connections. A closing HTTP/2 server connection could hang forever because of a subsequent fatal error. This failure...

Traefik HTTP/2 connections management could cause a denial of service

Impact There is a potential vulnerability in Traefik managing HTTP/2 connections. A closing HTTP/2 server connection could hang forever because of a subsequent fatal error. This failure mode could be exploited to cause a denial of service. Patches Traefik v2.8.x:...

GHSA-C6HX-PJC3-7FQR Traefik HTTP/2 connections management could cause a denial of service

Impact There is a potential vulnerability in Traefik managing HTTP/2 connections. A closing HTTP/2 server connection could hang forever because of a subsequent fatal error. This failure mode could be exploited to cause a denial of service. Patches Traefik v2.8.x:...

RHEL 8 : Red Hat JBoss Enterprise Application Platform 7.4.7 Security update (Important) (RHSA-2022:6822)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:6822 advisory. Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release o...

Security Bulletin: Multiple vulnerabilities in HTTP/2 implementation used by Liberty for Java for IBM Cloud

Summary There are multiple vulnerabilities in the HTTP/2 implementation that is used by WebSphere Application Server Liberty. This affects the servlet-4.0 and servlet-3.1 features. These vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2019-9515 DESCRIPTION: Some HTTP/2...

Denial Of Service (DoS)

eap7 is vulnerable to denial of service. The vulnerability exists because the lack of handling by the browser over HTTP/2 may cause overhead or application crashes. This flaw exists because of an incomplete fix for CVE-2021-3629...

Important: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.7 Security update

A security update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

undertow: potential security issue in flow control over HTTP/2 may lead to DOS(incomplete fix for CVE-2021-3629)

A flaw was found in Undertow. A potential security issue in flow control handling by the browser over HTTP/2 may cause overhead or a denial of service in the server...