GHSA-QCXH-W3J9-58QR Apache Tomcat Denial of Service vulnerability

The HTTP/2 implementation in Apache Tomcat 9.0.0.M1 to 9.0.14 and 8.5.0 to 8.5.37 accepted streams with excessive numbers of SETTINGS frames and also permitted clients to keep streams open without reading/writing request/response data. By keeping streams open for requests that utilised the Servle...

openSUSE Security Update : haproxy (openSUSE-2019-2645)

This update for haproxy to version 2.0.10 fixes the following issues : HAProxy was updated to 2.0.10 Security issues fixed : - CVE-2019-18277: Fixed a potential HTTP smuggling in messages with transfer-encoding header missing the 'chunked' bsc1154980. - Fixed an improper handling of headers which...

Security update for haproxy (important)

openSUSE Security Update: Security update for haproxy Announcement ID: openSUSE-SU-2019:2645-1 Rating: important References: 1082318 1154980 1157712 1157714 Cross-References: CVE-2019-18277 Affected Products: openSUSE Leap 15.1 An update that solves one vulnerability and has three fixes is now...

SUSE-SU-2019:3125-1 Security update for haproxy

This update for haproxy to version 2.0.10 fixes the following issues: HAProxy was updated to 2.0.10 Security issues fixed: - CVE-2019-18277: Fixed a potential HTTP smuggling in messages with transfer-encoding header missing the 'chunked' bsc1154980. - Fixed an improper handling of headers which...

Denial Of Service (DoS)

tomcat-coyote/tomcat-embed-core is vulnerable to denial of service. The vulnerability exists due to an incomplete fix of CVE-2019-0199 which is due to the lack of timeout idling streams and keeping the idle streams open without any read/write and request/response data...