trafficserver -- resource consumption

Bryan Call reports: ATS is vulnerable to certain types of HTTP/2 HEADERS frames that can cause the server to allocate a large amount of memory and spin the thread...

Fedora: Security Advisory for nghttp2 (FEDORA-2020-f7d15c8b77)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

httpd: mod_http2: read-after-free on a string compare

A vulnerability was found in Apache HTTP Server 2.4.17 to 2.4.38. Using fuzzed network input, the http/2 request handling could be made to access freed memory in string comparison when determining the method of a request and thus process the request incorrectly...

CVE-2020-11767

Istio through 1.5.1 and Envoy through 1.14.1 have a data-leak issue. If there is a TCP connection negotiated with SNI over HTTPS to .example.com, a request for a domain concurrently configured explicitly e.g., abc.example.com is sent to the servers listening behind .example.com. The outcome shoul...

[SECURITY] Fedora 31 Update: nghttp2-1.41.0-1.fc31

This package contains the HTTP/2 client, server and proxy programs...

Header leakage on cross-domain redirects

This version fixes a security weakness that might leak sensitive request headers from the initial request to the redirected host on cross-domain redirects, which were not removed correctly. Message::setHeaders does not replace the entire set of headers, but only operates on the headers matching t...

Apache Httpd < 2.4.44 : Push Diary Crash on Specifically Crafted HTTP/2 Header

In Apache HTTP Server versions 2.4.20 to 2.4.43, when trace/debug was enabled for the HTTP/2 module and on certain traffic edge patterns, logging statements were made on the wrong connection, causing concurrent use of memory pools. Configuring the LogLevel of modhttp2 above "info" will mitigate...

Apache Tomcat Denial of Service vulnerability

The HTTP/2 implementation in Apache Tomcat 9.0.0.M1 to 9.0.14 and 8.5.0 to 8.5.37 accepted streams with excessive numbers of SETTINGS frames and also permitted clients to keep streams open without reading/writing request/response data. By keeping streams open for requests that utilised the Servle...

openSUSE: Security Advisory for nodejs8 (openSUSE-SU-2020:0802-1)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

FreeBSD : Node.js -- June 2020 Security Releases (11fcfa8f-ac64-11ea-9dab-000d3ab229d6)

Node.js reports : Updates are now available for all supported Node.js release lines for the following issues. TLS session reuse can lead to host certificate verification bypass High CVE-2020-8172 The 'session' event could be emitted before the 'secureConnect' event. It should not be, because the...

Updated nghttp2 packages fix security vulnerability

nghttp2 has been updated to version 1.41.0 to fix CVE-2020-11080. The overly large HTTP/2 SETTINGS frame payload causes denial of service. The proof of concept attack involves a malicious client constructing a SETTINGS frame with a length of 14,400 bytes 2400 individual settings entries over and...

SUSE-SU-2020:1576-1 Security update for nodejs8

This update for nodejs8 fixes the following issues: - CVE-2020-8174: Fixed multiple memory corruption in napigetvaluestring bsc1172443. - CVE-2020-11080: Fixed a potential denial of service when receiving unreasonably large HTTP/2 SETTINGS frames bsc1172442. - CVE-2020-7598: Fixed an issue which...

nghttp2 < 1.41.0 DoS Vulnerability

nghttpd2 is prone to a denial of service vulnerability due to when receiving an overly large HTTP/2 SETTINGS frame payload. Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

CVE-2020-11080

A resource consumption vulnerability was found in nghttp2. This flaw allows an attacker to repeatedly construct an overly large HTTP/2 SETTINGS frame with a length of 14,400 bytes that causes excessive CPU usage, leading to a denial of service...

Fixed in Apache Tomcat 8.5.56

Important: HTTP/2 DoS CVE-2020-11996 A specially crafted sequence of HTTP/2 requests could trigger high CPU usage for several seconds. If a sufficient number of such requests were made on concurrent HTTP/2 connections, the server could become unresponsive. This was fixed with commit c8acd2ab. Thi...

Fixed in Apache Tomcat 9.0.36

Important: HTTP/2 DoS CVE-2020-11996 A specially crafted sequence of HTTP/2 requests could trigger high CPU usage for several seconds. If a sufficient number of such requests were made on concurrent HTTP/2 connections, the server could become unresponsive. This was fixed with commit 9a023168. Thi...

Fixed in Apache Tomcat 10.0.0-M6

Important: HTTP/2 DoS CVE-2020-11996 A specially crafted sequence of HTTP/2 requests could trigger high CPU usage for several seconds. If a sufficient number of such requests were made on concurrent HTTP/2 connections, the server could become unresponsive. This was fixed with commit 9434a44d. Thi...

Denial Of Service (DoS)

libnghttp2.so is vulnerable to Denial Of Service DoS. An attacker can send an overly large HTTP/2 SETTINGS frames with a length of 14,400 bytes 2400 individual settings entries over and over again, causing 100% CPU usage and eventually crash...

Unspecified Vulnerability in Nghttp2

Nghttp2 is a C library for implementing HTTP/2 from the Nghttp2 community. A security vulnerability exists in Nghttp2 versions prior to 1.41.0, which can be exploited to cause a denial of service by an attacker with a malicious client constructing a 14,400-byte long SETTINGS frame...

CVE-2020-11080

In nghttp2 before version 1.41.0, the overly large HTTP/2 SETTINGS frame payload causes denial of service. The proof of concept attack involves a malicious client constructing a SETTINGS frame with a length of 14,400 bytes 2400 individual settings entries over and over again. The attack causes th...