4432 matches found
CVE-2020-11996
A specially crafted sequence of HTTP/2 requests sent to Apache Tomcat 10.0.0-M1 to 10.0.0-M5, 9.0.0.M1 to 9.0.35 and 8.5.0 to 8.5.55 could trigger high CPU usage for several seconds. If a sufficient number of such requests were made on concurrent HTTP/2 connections, the server could become...
CVE-2020-11996
CVE-2020-11996 affects Apache Tomcat versions 10.0.0-M1 to 10.0.0-M5, 9.0.0.M1 to 9.0.35, and 8.5.0 to 8.5.55, where a specially crafted sequence of HTTP/2 requests could trigger high CPU and make the server unresponsive. Multiple connected advisories confirm this DoS through HTTP/2 traffic. Publ...
CVE-2020-11996
A specially crafted sequence of HTTP/2 requests sent to Apache Tomcat 10.0.0-M1 to 10.0.0-M5, 9.0.0.M1 to 9.0.35 and 8.5.0 to 8.5.55 could trigger high CPU usage for several seconds. If a sufficient number of such requests were made on concurrent HTTP/2 connections, the server could become...
CVE-2020-11996
A specially crafted sequence of HTTP/2 requests sent to Apache Tomcat 10.0.0-M1 to 10.0.0-M5, 9.0.0.M1 to 9.0.35 and 8.5.0 to 8.5.55 could trigger high CPU usage for several seconds. If a sufficient number of such requests were made on concurrent HTTP/2 connections, the server could become...
Denial Of Service (DoS)
tomcat-coyote is vulnerable to denial of service DoS. The vulnerability is caused due to lack of proper handling of sequence of HTTP/2 requests, leading to a high CUP consumption and an application crash...
Huawei EulerOS: Security Advisory for haproxy (EulerOS-SA-2020-1709)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Vulnerability fixed in Apache Tomcat
A vulnerability has been fixed in Apache Tomcat. A malicious party could potentially exploit the vulnerability to cause a Denial-of-Service on the Tomcat server. To do this the malicious party needs to send a specially crafted HTTP/2 request to the server. This request causes an increased CPU loa...
Apache Traffic Server (ATS) HTTP/2 DoS Vulnerability
Apache Traffic Server is prone to a denial of service vulnerability due to certain types of HTTP/2 HEADERS frames can cause the server to allocate a large amount of memory and spin the thread. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced...
Important: nghttp2 security update
libnghttp2 is a library implementing the Hypertext Transfer Protocol version 2 HTTP/2 protocol in C. Security Fixes: nghttp2: overly large SETTINGS frames can lead to DoS CVE-2020-11080 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other...
ALSA-2020:2755 Important: nghttp2 security update
libnghttp2 is a library implementing the Hypertext Transfer Protocol version 2 HTTP/2 protocol in C. Security Fixes: nghttp2: overly large SETTINGS frames can lead to DoS CVE-2020-11080 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other...
nghttp2 security update
An update is available for nghttp2. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list libnghttp2 is a library implementing the Hypertext Transfer Protocol version ...
RLSA-2020:2755 Important: nghttp2 security update
libnghttp2 is a library implementing the Hypertext Transfer Protocol version 2 HTTP/2 protocol in C. Security Fixes: nghttp2: overly large SETTINGS frames can lead to DoS CVE-2020-11080 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other...
EulerOS Virtualization for ARM 64 3.0.6.0 : haproxy (EulerOS-SA-2020-1709)
According to the version of the haproxy package installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerability : - In hpackdhtinsert in hpack-tbl.c in the HPACK decoder in HAProxy 1.8 through 2.x before 2.1.4, a remote attacker can writ...
CVE-2020-9494
Apache Traffic Server 6.0.0 to 6.2.3, 7.0.0 to 7.1.10, and 8.0.0 to 8.0.7 is vulnerable to certain types of HTTP/2 HEADERS frames that can cause the server to allocate a large amount of memory and spin the thread...
CVE-2020-9494
Apache Traffic Server 6.0.0 to 6.2.3, 7.0.0 to 7.1.10, and 8.0.0 to 8.0.7 is vulnerable to certain types of HTTP/2 HEADERS frames that can cause the server to allocate a large amount of memory and spin the thread...
Design/Logic Flaw
Apache Traffic Server 6.0.0 to 6.2.3, 7.0.0 to 7.1.10, and 8.0.0 to 8.0.7 is vulnerable to certain types of HTTP/2 HEADERS frames that can cause the server to allocate a large amount of memory and spin the thread...
CVE-2020-9494
Apache Traffic Server 6.0.0 to 6.2.3, 7.0.0 to 7.1.10, and 8.0.0 to 8.0.7 is vulnerable to certain types of HTTP/2 HEADERS frames that can cause the server to allocate a large amount of memory and spin the thread...
CVE-2020-9494
CVE-2020-9494 affects Apache Tomcat across multiple branches and versions: 7.0.0–7.0.107, 8.5.0–8.5.61, 9.0.0-M1–9.0.41, and 10.0.0-M1–10.0.0. The issue stems from handling of HTTP/2 HEADERS frames that can cause excessive memory allocation and thread spinning. Connected advisories note the fix f...
CVE-2020-9494
Apache Traffic Server 6.0.0 to 6.2.3, 7.0.0 to 7.1.10, and 8.0.0 to 8.0.7 is vulnerable to certain types of HTTP/2 HEADERS frames that can cause the server to allocate a large amount of memory and spin the thread...
CVE-2020-9494
Apache Traffic Server 6.0.0 to 6.2.3, 7.0.0 to 7.1.10, and 8.0.0 to 8.0.7 is vulnerable to certain types of HTTP/2 HEADERS frames that can cause the server to allocate a large amount of memory and spin the thread...