CVE-2022-27664

CVE-2022-27664 affects Go’s net/http implementation: HTTP/2 connections can hang during closing when shutdown is preempted by a fatal error in Go versions prior to 1.18.6 and 1.19.x prior to 1.19.1, enabling denial of service. Affected component: net/http/HTTP2 handling. Impact described as a den...

CVE-2022-27664

In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if shutdown were preempted by a fatal error...

go -- multiple vulnerabilities

The Go project reports: net/http: handle server errors after sending GOAWAY A closing HTTP/2 server connection could hang forever waiting for a clean shutdown that was preempted by a subsequent fatal error. This failure mode could be exploited to cause a denial of service. net/url: JoinPath does...

Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-5.15.5)

The version of AOS installed on the remote host is prior to 5.15.5. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AOS-5.15.5 advisory. - In Network Security Services NSS before 3.46, several cryptographic primitives had missing length checks. In cases where the...

Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-5.16.1.3)

The version of AOS installed on the remote host is prior to 5.16.1.3. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AOS-5.16.1.3 advisory. - When using the Apache JServ Protocol AJP, care must be taken when trusting incoming connections to Apache Tomcat. Tomcat...

CVE-2022-1259

A flaw was found in Undertow. A potential security issue in flow control handling by the browser over HTTP/2 may cause overhead or a denial of service in the server. This flaw exists because of an incomplete fix for CVE-2021-3629...

CVE-2022-1259

A flaw was found in Undertow. A potential security issue in flow control handling by the browser over HTTP/2 may cause overhead or a denial of service in the server. This flaw exists because of an incomplete fix for CVE-2021-3629...

Design/Logic Flaw

A flaw was found in Undertow. A potential security issue in flow control handling by the browser over HTTP/2 may cause overhead or a denial of service in the server. This flaw exists because of an incomplete fix for CVE-2021-3629...

CVE-2022-1259

A flaw was found in Undertow. A potential security issue in flow control handling by the browser over HTTP/2 may cause overhead or a denial of service in the server. This flaw exists because of an incomplete fix for CVE-2021-3629...

CVE-2022-1259

CVE-2022-1259 is an Undertow-related denial-of-service issue. The root cause is an incomplete fix for CVE-2021-3629, causing potential DoS from HTTP/2 flow-control handling. Connected documents (Nessus plugin references and IBM/Red Hat advisories) confirm this in context of Undertow and note that...

CVE-2022-1259

A flaw was found in Undertow. A potential security issue in flow control handling by the browser over HTTP/2 may cause overhead or a denial of service in the server. This flaw exists because of an incomplete fix for CVE-2021-3629...

CVE-2022-1259

A flaw was found in Undertow. A potential security issue in flow control handling by the browser over HTTP/2 may cause overhead or a denial of service in the server. This flaw exists because of an incomplete fix for CVE-2021-3629...

Debian dla-3079 : jetty9 - security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3079 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3079-1 [email protected]...

[SECURITY] [DLA 3079-1] jetty9 security update

Debian LTS Advisory DLA-3079-1 [email protected] https://www.debian.org/lts/security/ Markus Koschany August 22, 2022 https://wiki.debian.org/LTS Package : jetty9 Version : 9.4.16-0+deb10u2 CVE ID : CVE-2022-2047 CVE-2022-2048 Two security vulnerabilities were discovered in Jetty, a Jav...

Improper Input Validation

trafficserver is vulnerable to improper input validation vulnerability. The vulnerability exists in HTTP/2 header parsing of Apache Traffic Server which allows an attacker to smuggle requests...

Improper Input Validation

trafficserver is vulnerable to improper input validation. The vulnerability exist in HTTP/2 frame handling of Apache Traffic Server which allows an attacker to smuggle requests...

Privilege Escalation

trafficserver is vulnerable to privilege escalation. The vulnerability exists due to the improper input validation in the HTTP/2 requests, allowing an attacker to create smuggle or cache poison attacks through the malicious HTTP/2 requests...

GLSA-202208-20 : Apache HTTPD: Multiple Vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202208-20 Apache HTTPD: Multiple Vulnerabilities - A crafted method sent through HTTP/2 will bypass validation and be forwarded by modproxy, which can lead to request splitting or cache poisoning. This issue affects Apache HTTP...

Apache Traffic Server (ATS) 8.0.0 <= 8.1.4, 9.0.0 <= 9.1.2 Multiple Vulnerabilities

Apache Traffic Server ATS is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

CVE-2022-31780

Improper Input Validation vulnerability in HTTP/2 frame handling of Apache Traffic Server allows an attacker to smuggle requests. This issue affects Apache Traffic Server 8.0.0 to 9.1.2...