CVE-2019-9515

A flaw was found in HTTP/2. Using SETTINGS frames and queuing of SETTINGS ACK frames, a flood could occur resulting in unbounded memory growth. The highest threat from this vulnerability is to system availability...

CVE-2021-39240

A flaw was found in haproxy. An input validation flaw when processing HTTP/2 requests causes haproxy to not ensure that the scheme and path portions of a URI have the expected characters. This may cause specially crafted input to bypass implemented security restrictions. The highest threat from...

Ubuntu: Security Advisory (USN-5042-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2021-39240

An issue was discovered in HAProxy 2.2 before 2.2.16, 2.3 before 2.3.13, and 2.4 before 2.4.3. It does not ensure that the scheme and path portions of a URI have the expected characters. For example, the authority field as observed on a target HTTP/2 server might differ from what the routing rule...

CVE-2021-39240

An issue was discovered in HAProxy 2.2 before 2.2.16, 2.3 before 2.3.13, and 2.4 before 2.4.3. It does not ensure that the scheme and path portions of a URI have the expected characters. For example, the authority field as observed on a target HTTP/2 server might differ from what the routing rule...

CVE-2021-39240

CVE-2021-39240 affects HAProxy versions before 2.2.16, 2.3 before 2.3.13, and 2.4 before 2.4.3. Root cause: the scheme and path portions of a URI are not guaranteed to contain expected characters, allowing authority mismatches and potential information exposure. Connected advisories (Astra Linux,...

USN-5042-1: HAProxy vulnerabilities

It was discovered that HAProxy incorrectly handled the HTTP/2 protocol. A remote attacker could possibly use this issue to bypass restrictions...

CVE-2021-33193

A crafted method sent through HTTP/2 will bypass validation and be forwarded by modproxy, which can lead to request splitting or cache poisoning. This issue affects Apache HTTP Server 2.4.17 to 2.4.48...

CVE-2021-33193

A crafted method sent through HTTP/2 will bypass validation and be forwarded by modproxy, which can lead to request splitting or cache poisoning. This issue affects Apache HTTP Server 2.4.17 to 2.4.48...

Input validation

A crafted method sent through HTTP/2 will bypass validation and be forwarded by modproxy, which can lead to request splitting or cache poisoning. This issue affects Apache HTTP Server 2.4.17 to 2.4.48...

CVE-2021-33193

A crafted method sent through HTTP/2 will bypass validation and be forwarded by modproxy, which can lead to request splitting or cache poisoning. This issue affects Apache HTTP Server 2.4.17 to 2.4.48...

CVE-2021-33193

CVE-2021-33193 describes a vulnerability in Apache HTTP Server where a crafted HTTP/2 method can bypass validation and be forwarded by mod_proxy, potentially enabling request splitting or cache poisoning. The issue affects Apache httpd versions 2.4.17 through 2.4.48. Connected advisories and noti...

CVE-2021-33193

A crafted method sent through HTTP/2 will bypass validation and be forwarded by modproxy, which can lead to request splitting or cache poisoning. This issue affects Apache HTTP Server 2.4.17 to 2.4.48...

CVE-2021-33193 Request splitting via HTTP/2 method injection and mod_proxy

A crafted method sent through HTTP/2 will bypass validation and be forwarded by modproxy, which can lead to request splitting or cache poisoning. This issue affects Apache HTTP Server 2.4.17 to 2.4.48...

CVE-2021-33193

A crafted method sent through HTTP/2 will bypass validation and be forwarded by modproxy, which can lead to request splitting or cache poisoning. This issue affects Apache HTTP Server 2.4.17 to 2.4.48...

Privilege Escalation

apache2 is vulnerability to privilege escalation. An attacker may exploit the vulnerability by sending a crafted method through HTTP/2 which will bypass validation and be forwarded by modproxy, which can lead to request splitting or cache poisoning...

CVE-2021-33193

A NULL pointer dereference was found in Apache httpd modh2. The highest threat from this flaw is to system integrity. Mitigation This flaw can be mitigated by disabling HTTP/2. More information available at:...

CentOS 8 : varnish:6 (CESA-2021:2988)

The remote CentOS Linux 8 host has packages installed that are affected by a vulnerability as referenced in the CESA-2021:2988 advisory. - varnish: HTTP/2 request smuggling attack via a large Content-Length header for a POST request CVE-2021-36740 Note that Nessus has not tested for this issue bu...

RHEL 8 : varnish:6 (RHSA-2021:2988)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2021:2988 advisory. Varnish Cache is a high-performance HTTP accelerator. It stores web pages in memory so web servers don't have to create the same web page over and ov...

RHEL 7 : rh-varnish6-varnish (RHSA-2021:2993)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2021:2993 advisory. Varnish Cache is a high-performance HTTP accelerator. It stores web pages in memory so web servers don't have to create the same web page over and ov...