CVE-2021-32567

Improper Input Validation vulnerability in HTTP/2 of Apache Traffic Server allows an attacker to DOS the server. This issue affects Apache Traffic Server 7.0.0 to 7.1.12, 8.0.0 to 8.1.1, 9.0.0 to 9.0.1...

Input validation

Improper Input Validation vulnerability in HTTP/2 of Apache Traffic Server allows an attacker to DOS the server. This issue affects Apache Traffic Server 7.0.0 to 7.1.12, 8.0.0 to 8.1.1, 9.0.0 to 9.0.1...

CVE-2021-32566

Improper Input Validation vulnerability in HTTP/2 of Apache Traffic Server allows an attacker to DOS the server. This issue affects Apache Traffic Server 7.0.0 to 7.1.12, 8.0.0 to 8.1.1, 9.0.0 to 9.0.1...

Input validation

Improper Input Validation vulnerability in HTTP/2 of Apache Traffic Server allows an attacker to DOS the server. This issue affects Apache Traffic Server 7.0.0 to 7.1.12, 8.0.0 to 8.1.1, 9.0.0 to 9.0.1...

CVE-2021-32567

Improper Input Validation vulnerability in HTTP/2 of Apache Traffic Server allows an attacker to DOS the server. This issue affects Apache Traffic Server 7.0.0 to 7.1.12, 8.0.0 to 8.1.1, 9.0.0 to 9.0.1...

CVE-2021-32567

CVE-2021-32567 is an HTTP/2 input-validation vulnerability in Apache Traffic Server that can cause denial of service. Affected are ATS versions 7.0.0–7.1.12, 8.0.0–8.1.1, and 9.0.0–9.0.1. The core issue is improper input validation in HTTP/2 handling, leading to server DOS conditions. The connect...

CVE-2021-32567

Improper Input Validation vulnerability in HTTP/2 of Apache Traffic Server allows an attacker to DOS the server. This issue affects Apache Traffic Server 7.0.0 to 7.1.12, 8.0.0 to 8.1.1, 9.0.0 to 9.0.1...

CVE-2021-32566

Apache Traffic Server is affected by CVE-2021-32566 (Improper Input Validation in HTTP/2) which can lead to denial of service. The vulnerability affects ATS versions 7.0.0–7.1.12, 8.0.0–8.1.1, and 9.0.0–9.0.1. Evidence from multiple sources confirms the issue and its impact on availability (NVD C...

CVE-2021-32566 Specific sequence of HTTP/2 frames can cause ATS to crash

Improper Input Validation vulnerability in HTTP/2 of Apache Traffic Server allows an attacker to DOS the server. This issue affects Apache Traffic Server 7.0.0 to 7.1.12, 8.0.0 to 8.1.1, 9.0.0 to 9.0.1...

CVE-2021-32566

Improper Input Validation vulnerability in HTTP/2 of Apache Traffic Server allows an attacker to DOS the server. This issue affects Apache Traffic Server 7.0.0 to 7.1.12, 8.0.0 to 8.1.1, 9.0.0 to 9.0.1...

USN-4866-1: Netty vulnerabilities

It was discovered that Netty incorrectly implements HTTP/2. An attacker could possibly use this issue to cause a denial of service. CVE-2019-9512, CVE-2019-9514, CVE-2019-9515, CVE-2019-9518...

openSUSE 15 Security Update : apache2 (openSUSE-SU-2021:0908-1)

The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:0908-1 advisory. - Apache HTTP Server versions 2.4.41 to 2.4.46 modproxyhttp can be made to crash NULL pointer dereference with specially crafted requests...

FreeBSD : Apache httpd -- Multiple vulnerabilities (cce76eca-ca16-11eb-9b84-d4c9ef517024)

The Apache httpd reports : - moderate: modproxywstunnel tunneling of non Upgraded connections CVE-2019-17567 - moderate: Improper Handling of Insufficient Privileges CVE-2020-13938 - low: modproxyhttp NULL pointer dereference CVE-2020-13950 - low: modauthdigest possible stack overflow by one nul...

Amazon Linux 2 : httpd (ALAS-2021-1672)

The version of httpd installed on the remote host is prior to 2.4.46-2. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2021-1672 advisory. A null pointer de-reference was found in the way httpd handled specially crafted HTTP/2 request. A remote attacker could use this fl...

Apache Tomcat 10.0.0.M1 < 10.0.0.M7 multiple vulnerabilities

The version of Tomcat installed on the remote host is prior to 10.0.0.M7. It is, therefore, affected by multiple vulnerabilities as referenced in the fixedinapachetomcat10.0.0-m7security-10 advisory. - The payload length in a WebSocket frame was not correctly validated in Apache Tomcat 10.0.0-M1 ...

Apache Tomcat 10.0.0.M1 < 10.0.0.M8

The version of Tomcat installed on the remote host is prior to 10.0.0.M8. It is, therefore, affected by a vulnerability as referenced in the fixedinapachetomcat10.0.0-m8security-10 advisory. - If an HTTP/2 client connecting to Apache Tomcat 10.0.0-M1 to 10.0.0-M7, 9.0.0.M1 to 9.0.37 or 8.5.0 to...

Apache Tomcat 10.0.0.M1 < 10.0.0.M6

The version of Tomcat installed on the remote host is prior to 10.0.0.M6. It is, therefore, affected by a vulnerability as referenced in the fixedinapachetomcat10.0.0-m6security-10 advisory. - A specially crafted sequence of HTTP/2 requests sent to Apache Tomcat 10.0.0-M1 to 10.0.0-M5, 9.0.0.M1 t...

SUSE SLED12: apache2 / apache2-devel / apache2-doc / apache2-example-pages / etc (SUSE-SU-2021:2006-1)

The remote SUSE Linux SLED12 / SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:2006-1 advisory. - fixed CVE-2021-30641 bsc1187174: MergeSlashes regression - fixed CVE-2021-31618 bsc1186924: NULL pointer dereference on...

Apache Tomcat 10.0.0.M1 < 10.0.0.M10 multiple vulnerabilities

The version of Tomcat installed on the remote host is prior to 10.0.0.M10. It is, therefore, affected by multiple vulnerabilities as referenced in the fixedinapachetomcat10.0.0-m10security-10 advisory. - When serving resources from a network location using the NTFS file system, Apache Tomcat...

Important: httpd

Issue Overview: A flaw was found in Apache httpd. The modproxywstunnel module tunnels non-upgraded connections. CVE-2019-17567 Apache HTTP Server versions 2.4.0 to 2.4.46 Unprivileged local users can stop httpd on Windows CVE-2020-13938 A flaw was found In Apache httpd. The modproxy has a NULL...