Lucene search
+L

18 matches found

OSV
OSV
added 2026/07/09 12:56 p.m.3 views

OESA-2026-2979 nghttp2 security update

The framing layer of HTTP/2 is implemented as a form of reusable C library. On top of that, we have implemented HTTP/2 client, server and proxy. We have also developed load test and benchmarking tool for HTTP/2. Security Fixes: nghttp2's nghttpx proxy through 1.69.0 forwards an HTTP/1.1 Upgrade...

6.3CVSS6.1AI score0.00202EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2026/06/30 1:42 a.m.9 views

SUSE CVE-2026-58055

nghttp2's nghttpx proxy through 1.69.0 forwards an HTTP/1.1 Upgrade request that also carries a Content-Length header and body onto reusable keep-alive backend connections, re-adding the Upgrade and Connection headers while passing Content-Length verbatim. A backend that resolves the resulting...

5.4CVSS5.8AI score0.00202EPSS
Exploits0References6
OSV
OSV
added 2026/06/28 2:16 a.m.4 views

DEBIAN-CVE-2026-58055

nghttp2's nghttpx proxy through 1.69.0 forwards an HTTP/1.1 Upgrade request that also carries a Content-Length header and body onto reusable keep-alive backend connections, re-adding the Upgrade and Connection headers while passing Content-Length verbatim. A backend that resolves the resulting...

6.3CVSS5.8AI score0.00202EPSS
Exploits0References1
OSV
OSV
added 2026/06/28 2:16 a.m.4 views

UBUNTU-CVE-2026-58055

nghttp2's nghttpx proxy through 1.69.0 forwards an HTTP/1.1 Upgrade request that also carries a Content-Length header and body onto reusable keep-alive backend connections, re-adding the Upgrade and Connection headers while passing Content-Length verbatim. A backend that resolves the resulting...

6.3CVSS5.8AI score0.00202EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/06/28 1:32 a.m.38 views

CVE-2026-58055 nghttp2 nghttpx - HTTP Request/Response Smuggling via Upgrade Request with Content-Length

nghttp2's nghttpx proxy through 1.69.0 forwards an HTTP/1.1 Upgrade request that also carries a Content-Length header and body onto reusable keep-alive backend connections, re-adding the Upgrade and Connection headers while passing Content-Length verbatim. A backend that resolves the resulting...

6.3CVSS0.00202EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2026/06/28 1:32 a.m.5 views

CVE-2026-58055

nghttp2's nghttpx proxy through 1.69.0 forwards an HTTP/1.1 Upgrade request that also carries a Content-Length header and body onto reusable keep-alive backend connections, re-adding the Upgrade and Connection headers while passing Content-Length verbatim. A backend that resolves the resulting...

6.3CVSS5.8AI score0.00202EPSS
Exploits0
EUVD
EUVD
added 2026/06/28 1:32 a.m.10 views

EUVD-2026-39975

nghttp2's nghttpx proxy through 1.69.0 forwards an HTTP/1.1 Upgrade request that also carries a Content-Length header and body onto reusable keep-alive backend connections, re-adding the Upgrade and Connection headers while passing Content-Length verbatim. A backend that resolves the resulting...

6.3CVSS5.8AI score0.00202EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/06/28 1:32 a.m.8 views

CVE-2026-58055

nghttp2's nghttpx proxy through 1.69.0 forwards an HTTP/1.1 Upgrade request that also carries a Content-Length header and body onto reusable keep-alive backend connections, re-adding the Upgrade and Connection headers while passing Content-Length verbatim. A backend that resolves the resulting...

6.3CVSS5.8AI score0.00202EPSS
Exploits0References3
OSV
OSV
added 2026/06/28 1:32 a.m.3 views

CVE-2026-58055 nghttp2 nghttpx - HTTP Request/Response Smuggling via Upgrade Request with Content-Length

nghttp2's nghttpx proxy through 1.69.0 forwards an HTTP/1.1 Upgrade request that also carries a Content-Length header and body onto reusable keep-alive backend connections, re-adding the Upgrade and Connection headers while passing Content-Length verbatim. A backend that resolves the resulting...

6.3CVSS6.1AI score0.00202EPSS
Exploits0References5
CVE
CVE
added 2026/06/28 1:32 a.m.120 views

CVE-2026-58055

nghttp2 nghttpx (up to version 1.69.0) is affected. The proxy forwards an HTTP/1.1 Upgrade request that also carries a Content-Length header and body to reusable keep-alive backend connections, re-adding Upgrade and Connection headers while passing Content-Length verbatim. This creates an ambiguo...

6.3CVSS5.8AI score0.00202EPSS
Exploits0References3Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/06/28 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2026-58055

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - nghttp2's nghttpx proxy through 1.69.0 forwards an HTTP/1.1 Upgrade request that also carries a Content- Length header and body onto reusable keep-alive backend...

6.3CVSS6.2AI score0.00202EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/22 12:0 a.m.18 views

PT-2026-53087

Name of the Vulnerable Software and Affected Versions nghttp2 nghttpx versions prior to 1.69.0 Description The nghttpx proxy forwards HTTP/1.1 Upgrade requests that contain a Content-Length header and body onto reusable keep-alive backend connections. During this process, it re-adds the Upgrade a...

6.3CVSS6AI score0.00202EPSS
Exploits0References24
Tenable Nessus
Tenable Nessus
added 2021/03/01 12:0 a.m.31 views

openSUSE Security Update : nghttp2 (openSUSE-2021-341)

This update for nghttp2 fixes the following issues : nghttp2 was update to version 1.40.0 bsc1166481 - lib: Add nghttp2checkauthority as public API - lib: Fix the bug that stream is closed with wrong error code - lib: Faster huffman encoding and decoding - build: Avoid filename collision of stati...

9.8CVSS7.3AI score0.02457EPSS
Exploits1References3
OPENSUSE Linux
OPENSUSE Linux
added 2021/02/25 12:0 a.m.33 views

Security update for nghttp2 (moderate)

openSUSE Security Update: Security update for nghttp2 Announcement ID: openSUSE-SU-2021:0341-1 Rating: moderate References: 1159003 1166481 Cross-References: CVE-2019-18802 CVSS scores: CVE-2019-18802 NVD : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2019-18802 SUSE: 7.5...

7.5CVSS7.8AI score0.02457EPSS
Exploits1References2
OPENSUSE Linux
OPENSUSE Linux
added 2020/03/25 12:0 a.m.60 views

Security update for nghttp2 (moderate)

openSUSE Security Update: Security update for nghttp2 Announcement ID: openSUSE-SU-2020:0379-1 Rating: moderate References: 1159003 1166481 Cross-References: CVE-2019-18802 Affected Products: openSUSE Leap 15.1 An update that solves one vulnerability and has one errata is now available...

9.8CVSS7.5AI score0.02457EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2020/03/20 12:0 a.m.25 views

SUSE SLED15 / SLES15 Security Update : nghttp2 (SUSE-SU-2020:0722-1)

This update for nghttp2 fixes the following issues : nghttp2 was update to version 1.40.0 bsc1166481 lib: Add nghttp2checkauthority as public API lib: Fix the bug that stream is closed with wrong error code lib: Faster huffman encoding and decoding build: Avoid filename collision of static and...

9.8CVSS7.3AI score0.02457EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added 2019/08/20 12:0 a.m.46 views

FreeBSD : nghttp2 -- multiple vulnerabilities (121fec01-c042-11e9-a73f-b36f5969f162) (Data Dribble) (Resource Loop)

nghttp2 GitHub releases : This release fixes CVE-2019-9511 'Data Dribble' and CVE-2019-9513 'Resource Loop' vulnerability in nghttpx and nghttpd. Specially crafted HTTP/2 frames cause Denial of Service by consuming CPU time. Check out...

7.8CVSS7.8AI score0.82017EPSS
Exploits0References5
FreeBSD
FreeBSD
added 2019/08/13 12:0 a.m.97 views

nghttp2 -- multiple vulnerabilities

nghttp2 GitHub releases: This release fixes CVE-2019-9511 "Data Dribble" and CVE-2019-9513 "Resource Loop" vulnerability in nghttpx and nghttpd. Specially crafted HTTP/2 frames cause Denial of Service by consuming CPU time. Check out...

7.8CVSS1.1AI score0.82017EPSS
Exploits0References2
Rows per page
Query Builder