Important: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.7 Security update

A security update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

Updated golang packages fix security vulnerability

In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if shutdown were preempted by a fatal error. CVE-2022-27664 JoinPath and URL.JoinPath do not remove ../ path elements appended to a relative path...

OPENSUSE-SU-2022:10132-1 Security update for lighttpd

This update for lighttpd fixes the following issues: lighttpd was updated to 1.4.66: a number of bug fixes Fix HTTP/2 downloads = 4GiB Fix SIGUSR1 graceful restart with TLS futher bug fixes CVE-2022-37797: null pointer dereference in modwstunnel, possibly a remotely triggerable crash boo1203358 I...

Security update for lighttpd (moderate)

openSUSE Security Update: Security update for lighttpd Announcement ID: openSUSE-SU-2022:10132-1 Rating: moderate References: 1203358 Cross-References: CVE-2022-37797 CVSS scores: CVE-2022-37797 NVD : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-37797 SUSE: 7.5...

GLSA-202209-26 : Go: Multiple Vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202209-26 Go: Multiple Vulnerabilities - In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if shutdown were preempted by a fatal...

RHEL 7 : httpd24-httpd (RHSA-2022:6753)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:6753 advisory. The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: modsed: Read/wri...

Record DDoS Attack with 25.3 Billion Requests Abused HTTP/2 Multiplexing

Cybersecurity company Imperva has disclosed that it mitigated a distributed denial-of-service DDoS attack with a total of over 25.3 billion requests on June 27, 2022. The "strong attack," which targeted an unnamed Chinese telecommunications company, is said to have lasted for four hours and peake...

GO-2022-0969 Denial of service in net/http and golang.org/x/net/http2

HTTP/2 server connections can hang forever waiting for a clean shutdown that was preempted by a fatal error. This condition can be exploited by a malicious client to cause a denial of service...

[SECURITY] Fedora 37 Update: nghttp2-1.49.0-1.fc37

This package contains the HTTP/2 client, server and proxy programs...

Jenkins HTTP/2 DoS Vulnerability (CVE-2022-2048) - Linux

Jenkins is prone to an HTTP/2 denial of service DoS vulnerability in Jetty. Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is...

Jenkins HTTP/2 DoS Vulnerability (CVE-2022-2048) - Windows

Jenkins is prone to an HTTP/2 denial of service DoS vulnerability in Jetty. Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is...

Jenkins LTS < 2.361.1 / Jenkins weekly < 2.363

According to its its self-reported version number, the version of Jenkins running on the remote web server is Jenkins LTS prior to 2.361.1 or Jenkins weekly prior to 2.363. It is, therefore, affected by a vulnerability: - In Eclipse Jetty HTTP/2 server implementation, when encountering an invalid...

CVE-2022-27664

A flaw was found in the golang package. In net/http in Go, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if a fatal error preempts the shutdown...

GHSA-69CG-P879-7622 golang.org/x/net/http2 Denial of Service vulnerability

In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if shutdown were preempted by a fatal error...

golang.org/x/net/http2 Denial of Service vulnerability

In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if shutdown were preempted by a fatal error...

golang.org/x/net/http2 Denial of Service vulnerability

In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if shutdown were preempted by a fatal error...

CVE-2022-27664

In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if shutdown were preempted by a fatal error...

AZL-52863 CVE-2022-27664 affecting package golang for versions less than 1.18.8-1

In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if shutdown were preempted by a fatal error...

Code injection

In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if shutdown were preempted by a fatal error...

CVE-2022-27664

In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if shutdown were preempted by a fatal error...