Lucene search
K

181 matches found

SUSE CVE
SUSE CVE
added 2023/02/15 3:40 a.m.4 views

SUSE CVE-2021-33193

A crafted method sent through HTTP/2 will bypass validation and be forwarded by modproxy, which can lead to request splitting or cache poisoning. This issue affects Apache HTTP Server 2.4.17 to 2.4.48...

9.1CVSS7AI score0.46179EPSS
Exploits1References9
RedHat Linux
RedHat Linux
added 2023/02/09 9:28 a.m.2 views

golang: net/http: handle server errors after sending GOAWAY

A flaw was found in the golang package. In net/http in Go, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if a fatal error preempts the shutdown...

7.5CVSS6.6AI score0.02607EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2023/02/07 4:58 p.m.2 views

golang: net/http: handle server errors after sending GOAWAY

A flaw was found in the golang package. In net/http in Go, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if a fatal error preempts the shutdown...

7.5CVSS6.6AI score0.02607EPSS
Exploits0References6
OSV
OSV
added 2023/01/06 11:4 a.m.3 views

OESA-2023-1021 jetty security update

Jetty is a 100% Java HTTP Server and Servlet Container. This means that you do not need to configure and run a separate web server like Apache in order to use Java, servlets and JSPs to generate dynamic content. Jetty is a fully featured web server for static and dynamic content. Unlike separate...

7.5CVSS8.9AI score0.0227EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2022/10/25 9:7 a.m.2 views

golang: net/http: handle server errors after sending GOAWAY

A flaw was found in the golang package. In net/http in Go, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if a fatal error preempts the shutdown...

7.5CVSS6.6AI score0.02607EPSS
Exploits0References6
OSV
OSV
added 2022/09/06 6:15 p.m.2 views

DEBIAN-CVE-2022-27664

In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if shutdown were preempted by a fatal error...

7.5CVSS7.1AI score0.02607EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2022/09/06 6:15 p.m.2 views

CVE-2022-27664

In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if shutdown were preempted by a fatal error...

7.5CVSS7.2AI score0.02607EPSS
Exploits0References9
OSV
OSV
added 2022/08/26 4:15 p.m.3 views

UBUNTU-CVE-2021-3859

A flaw was found in Undertow that tripped the client-side invocation timeout with certain calls made over HTTP2. This flaw allows an attacker to carry out denial of service attacks...

7.5CVSS7AI score0.01287EPSS
Exploits0References3
Snyk
Snyk
added 2022/07/15 11:8 p.m.3 views

Allocation of Resources Without Limits or Throttling

Overview std/net/http is a Go standard library package std/net/http Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling. Go Vulnerability Report: An attacker can cause unbounded memory growth in servers accepting HTTP/2 requests. Remediation...

8.7CVSS6.8AI score0.03958EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/07/07 12:0 a.m.5 views

Eclipse Jetty 安全漏洞

Eclipse Jetty is an open source, Java-based Web server and Java Servlet container from the Eclipse Foundation. A security vulnerability exists in Eclipse Jetty that originates from an invalid HTTP/2 request that could result in a denial of service and affects the following products and versions:...

7.5CVSS7.2AI score0.0227EPSS
Exploits0References15
Positive Technologies
Positive Technologies
added 2022/05/24 12:0 a.m.4 views

PT-2022-10500 · Undertow · Undertow

Name of the Vulnerable Software and Affected Versions: Undertow versions prior to 2.0.40.Final Undertow versions prior to 2.2.11.Final Description: A flaw was found in Undertow, related to a potential security issue in flow control handling by the browser over HTTP/2, which may cause overhead or ...

5.9CVSS5.6AI score0.01175EPSS
Exploits0References13
OSV
OSV
added 2022/03/29 10:6 a.m.4 views

USN-5313-2 openjdk-lts regression

USN-5313-1 fixed vulnerabilities and added features in OpenJDK. Unfortunately, that update introduced a regression in OpenJDK 11 that could impact interoperability with some popular HTTP/2 servers making it unable to connect to said servers. This update fixes the problem. We apologize for the...

5.3CVSS5.9AI score0.08346EPSS
Exploits0References2
CNNVD
CNNVD
added 2022/03/03 12:0 a.m.8 views

Vmware VMware Spring Cloud Gateway 信任管理问题漏洞

Vmware VMware Spring Cloud Gateway is a gateway component from Vmware, Inc. A trust management issue vulnerability exists in VMware Spring Cloud Gateway that stems from a security bypass issue when using the HTTP2 insecure TrustManager. A local user can send a specially crafted request and connec...

5.5CVSS6.7AI score0.04846EPSS
Exploits0References4
OSV
OSV
added 2022/01/01 5:15 a.m.5 views

AZL-33571 CVE-2021-44716 affecting package cf-cli for versions less than 8.4.0-16

net/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontrolled memory consumption in the header canonicalization cache via HTTP/2 requests...

7.5CVSS6.6AI score0.03958EPSS
Exploits0References1
OSV
OSV
added 2022/01/01 5:15 a.m.5 views

AZL-33607 CVE-2021-44716 affecting package libcontainers-common for versions less than 20210626-3

net/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontrolled memory consumption in the header canonicalization cache via HTTP/2 requests...

7.5CVSS6.6AI score0.03958EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2021/12/16 4:38 p.m.1 views

golang: net/http: limit growth of header canonicalization cache

There's an uncontrolled resource consumption flaw in golang's net/http library in the canonicalHeader function. An attacker who submits specially crafted requests to applications linked with net/http's http2 functionality could cause excessive resource consumption that could lead to a denial of...

7.5CVSS7.2AI score0.03958EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2021/11/04 5:3 p.m.3 views

Mozilla: Opportunistic Encryption in HTTP2 could be used to bypass the Same-Origin-Policy on services hosted on other ports

The Mozilla Foundation Security Advisory describes this flaw as: The Opportunistic Encryption feature of HTTP2 RFC 8164 allows a connection to be transparently upgraded to TLS while retaining the visual properties of an HTTP connection, including being same-origin with unencrypted connections on...

6.5CVSS7.2AI score0.00805EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2021/09/27 7:40 a.m.6 views

nodejs: Use-after-free on close http2 on stream canceling

A flaw was found in Node.js, where it is vulnerable to a use-after-free attack. This flaw allows an attacker to exploit the memory corruption, which causes a change in the process behavior. The highest threat from this vulnerability is to confidentiality and integrity...

9.8CVSS7.3AI score0.37286EPSS
Exploits0References4
OSV
OSV
added 2021/08/17 5:1 p.m.4 views

USN-5042-1 haproxy vulnerabilities

It was discovered that HAProxy incorrectly handled the HTTP/2 protocol. A remote attacker could possibly use this issue to bypass restrictions...

5.3CVSS6AI score0.0177EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2021/08/11 6:21 p.m.1 views

tomcat: specially crafted sequence of HTTP/2 requests can lead to DoS

A specially crafted sequence of HTTP/2 requests sent to Apache Tomcat 10.0.0-M1 to 10.0.0-M5, 9.0.0.M1 to 9.0.35 and 8.5.0 to 8.5.55 could trigger high CPU usage for several seconds. If a sufficient number of such requests were made on concurrent HTTP/2 connections, the server could become...

7.5CVSS7.2AI score0.26699EPSS
Exploits0References8
Rows per page
Query Builder