Denial Of Service (DoS)

eap7 is vulnerable to denial of service. The vulnerability exists due to the insecure way of handling the browser over http/2, allowing an attacker to cause an application crash...

RHEL 8 : Red Hat JBoss Enterprise Application Platform 7.4.2 security update on RHEL 8 (Moderate) (RHSA-2021:4677)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:4677 advisory. Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release o...

Moderate: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.2 security update on RHEL 7

A security update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

Mozilla Firefox Security Advisory (MFSA2015-44) - Linux

This host is missing a security update for Mozilla Firefox. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; y...

Mozilla Firefox Security Advisory (MFSA2015-142) - Linux

This host is missing a security update for Mozilla Firefox. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; y...

Ddosify - High-performance Load Testing Tool

Features Protocol Agnostic - Currently supporting HTTP, HTTPS, HTTP/2. Other protocols are on the way. Scenario-Based - Create your flow in a JSON file. Without a line of code! Different Load Types - Test your system's limits across different load types. Installation ddosify is available via...

Internet Bug Bounty: Request line injection via HTTP/2 in Apache mod_proxy

I've written this issue up fully here: https://portswigger.net/research/http2request In case it's useful, here's the original report as sent to Apache: I'd like to report a vulnerability in Apache modproxy when used with HTTP/2 enabled. It fails to reject HTTP requests that contain spaces in the...

WPS Hide Login < 1.9.1 - Protection Bypass with Referer-Header

The plugin has a bug which allows to get the secret login page by setting a random referer string and making a request to /wp-admin/options.php as an unauthenticated user. curl --referer "something" -sIXGET https://example.com/wp-admin/options.php HTTP/2 302 ... location:...

Debian: Security Advisory (DLA-2786-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DLA 2786-1] nghttp2 security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-2786-1 [email protected] https://www.debian.org/lts/security/ Anton Gladky October 16, 2021 https://wiki.debian.org/LTS -...

Amazon Linux AMI : httpd24 (ALAS-2021-1543)

The version of httpd24 installed on the remote host is prior to 2.4.51-1.94. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2021-1543 advisory. A NULL pointer dereference was found in Apache httpd modh2. The highest threat from this flaw is to system integrity...

Debian DLA-2786-1 : nghttp2 - LTS security update

The remote Debian 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-2786 advisory. - nghttp2 version = 1.10.0 and nghttp2 = 1.31.1. CVE-2018-1000168 - In nghttp2 before version 1.41.0, the overly large HTTP/2 SETTINGS frame payload causes denial ...

SUSE SLES15: apache2 / apache2-devel / apache2-doc / apache2-prefork / etc (SUSE-SU-2021:3335-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:3335-1 advisory. - CVE-2021-40438: Fixed a SRF via a crafted request uri-path. bsc1190703 - CVE-2021-36160: Fixed an out-of-bounds read via a crafte...

Apache HTTP Server Denial of Service Vulnerability (CNVD-2022-09237)

Apache HTTP Server is the United States Apache Apache Foundation of an open source web server . The server is fast, reliable and can be expanded through a simple API. A denial of service vulnerability exists in Apache HTTP Server version 2.4.49, which arises from the detection of new null pointer...

Updated apache packages fix security vulnerabilities

The updated packages fix a security vulnerabilities: While fuzzing the 2.4.49 httpd, a new null pointer dereference was detected during HTTP/2 request processing, allowing an external source to DoS the server. This requires a specially crafted request. The vulnerability was recently introduced in...

Denial Of Service (DoS)

apache2 is vulnerable to denial of service. The vulnerability exists due to a null pointer dereference during HTTP/2 request processing...

Apache 2.4.49 < 2.4.50 Multiple Vulnerabilities

According to its banner, the version of Apache running on the remote host is 2.4.49. It is, therefore, affected by multiple vulnerabilities: - While fuzzing the 2.4.49 httpd, a new null pointer dereference was detected during HTTP/2 request processing, allowing an external source to DoS the serve...

CVE-2021-41524

While fuzzing the 2.4.49 httpd, a new null pointer dereference was detected during HTTP/2 request processing, allowing an external source to DoS the server. This requires a specially crafted request. The vulnerability was recently introduced in version 2.4.49. No exploit is known to the project...

CVE-2021-41524

While fuzzing the 2.4.49 httpd, a new null pointer dereference was detected during HTTP/2 request processing, allowing an external source to DoS the server. This requires a specially crafted request. The vulnerability was recently introduced in version 2.4.49. No exploit is known to the project...

CVE-2021-41524

While fuzzing the 2.4.49 httpd, a new null pointer dereference was detected during HTTP/2 request processing, allowing an external source to DoS the server. This requires a specially crafted request. The vulnerability was recently introduced in version 2.4.49. No exploit is known to the project...