Lucene search
K

179 matches found

RedHat Linux
RedHat Linux
added 2021/02/11 1:51 p.m.4 views

tomcat: HTTP/2 request header mix-up

While investigating bug 64830 it was discovered that Apache Tomcat 10.0.0-M1 to 10.0.0-M9, 9.0.0-M1 to 9.0.39 and 8.5.0 to 8.5.59 could re-use an HTTP request header value from the previous stream received on an HTTP/2 connection for the request associated with the subsequent stream. While this...

7.5CVSS7.2AI score0.24622EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2021/01/07 11:49 a.m.6 views

tomcat: specially crafted sequence of HTTP/2 requests can lead to DoS

A specially crafted sequence of HTTP/2 requests sent to Apache Tomcat 10.0.0-M1 to 10.0.0-M5, 9.0.0.M1 to 9.0.35 and 8.5.0 to 8.5.55 could trigger high CPU usage for several seconds. If a sufficient number of such requests were made on concurrent HTTP/2 connections, the server could become...

7.5CVSS7.2AI score0.26699EPSS
Exploits0References8
Microsoft CVE
Microsoft CVE
added 2020/11/11 12:0 a.m.5 views

Some HTTP/2 implementations are vulnerable to a header leak potentially leading to a denial of service

...

7.5CVSS9.3AI score0.56262EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2020/11/04 1:44 a.m.2 views

httpd: mod_http2: DoS via slow, unneeded request bodies

In Apache HTTP server versions 2.4.37 and prior, by sending request bodies in a slow loris way to plain resources, the h2 stream for that request unnecessarily occupied a server thread cleaning up that incoming data. This affects only HTTP/2 modhttp2 connections...

5.3CVSS7.1AI score0.19404EPSS
Exploits0References4
CNVD
CNVD
added 2020/09/22 12:0 a.m.4 views

IBM DataPower Gateway Denial of Service Vulnerability (CNVD-2020-54936)

IBM DataPower Gateway is a suite of security and integration platforms from IBM USA designed specifically for mobile, cloud, application programming interfaces APIs, web, service-oriented architecture SOA, B2B and cloud workloads. The platform protects, integrates and optimizes access across...

7.5CVSS6.6AI score0.0224EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2020/08/04 11:31 a.m.4 views

tomcat: OutOfMemoryException caused by HTTP/2 connection leak could lead to DoS

A flaw was found in Apache Tomcat, where an h2c direct connection did not release the HTTP/1.1 processor after the upgrade to HTTP/2. If a sufficient number of such requests are made, an OutOfMemoryException could occur, leading to a denial of service. The highest threat from this vulnerability i...

7.5CVSS7.1AI score0.64124EPSS
Exploits0References9
RedHat Linux
RedHat Linux
added 2020/07/29 6:21 a.m.4 views

HTTP/2: flood using SETTINGS frames results in unbounded memory growth

A flaw was found in HTTP/2. Using SETTINGS frames and queuing of SETTINGS ACK frames, a flood could occur resulting in unbounded memory growth. The highest threat from this vulnerability is to system availability...

7.8CVSS7.1AI score0.87806EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2020/07/29 6:21 a.m.4 views

HTTP/2: flood using PING frames results in unbounded memory growth

A flaw was found in HTTP/2. Using PING frames and queuing of response PING ACK frames, a flood attack could occur resulting in unbounded memory growth. The highest threat from this vulnerability is to system availability...

7.8CVSS7.1AI score0.83433EPSS
Exploits1References9
RedHat Linux
RedHat Linux
added 2020/07/29 6:6 a.m.6 views

HTTP/2: flood using PING frames results in unbounded memory growth

A flaw was found in HTTP/2. Using PING frames and queuing of response PING ACK frames, a flood attack could occur resulting in unbounded memory growth. The highest threat from this vulnerability is to system availability...

7.8CVSS7.1AI score0.83433EPSS
Exploits1References9
Positive Technologies
Positive Technologies
added 2020/07/01 12:0 a.m.3 views

PT-2020-13162 · Envoy · Envoy

Name of the Vulnerable Software and Affected Versions: Envoy versions 1.14.2, 1.13.2, 1.12.4 or earlier Description: The issue is related to excessive memory consumption when proxying HTTP/2 requests or responses with many small data frames. This occurs when the software handles a large number of...

7.5CVSS7.3AI score0.02364EPSS
Exploits1References17
RedHat Linux
RedHat Linux
added 2020/04/28 3:37 p.m.1 views

haproxy: HTTP/2 implementation vulnerable to intermediary encapsulation attacks

The HTTP/2 implementation in HAProxy before 2.0.10 mishandles headers, as demonstrated by carriage return CR, ASCII 0xd, line feed LF, ASCII 0xa, and the zero character NUL, ASCII 0x0, aka Intermediary Encapsulation Attacks...

9.8CVSS5.8AI score0.03955EPSS
Exploits0References4
OSV
OSV
added 2020/04/27 10:15 p.m.1 views

DEBIAN-CVE-2020-9481

Apache ATS 6.0.0 to 6.2.3, 7.0.0 to 7.1.9, and 8.0.0 to 8.0.6 is vulnerable to a HTTP/2 slow read attack...

7.5CVSS7.3AI score0.02387EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2020/04/07 7:44 p.m.46 views

haproxy: malformed HTTP/2 requests can lead to out-of-bounds writes

A flaw was found in the way HAProxy processed certain HTTP/2 request packets. This flaw allows an attacker to send crafted HTTP/2 request packets, which cause memory corruption, leading to a crash or potential remote arbitrary code execution with the permissions of the user running HAProxy...

8.8CVSS7.9AI score0.60727EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2020/04/06 7:28 p.m.3 views

httpd: memory corruption on early pushes

A vulnerability was found in Apache httpd, in modhttp2. Under certain circumstances, HTTP/2 early pushes could lead to memory corruption, causing a server to crash...

7.5CVSS7.1AI score0.14563EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2020/03/23 8:21 a.m.4 views

HTTP/2: flood using PING frames results in unbounded memory growth

A flaw was found in HTTP/2. Using PING frames and queuing of response PING ACK frames, a flood attack could occur resulting in unbounded memory growth. The highest threat from this vulnerability is to system availability...

7.8CVSS7.1AI score0.83433EPSS
Exploits1References9
RedHat Linux
RedHat Linux
added 2019/12/19 5:37 p.m.3 views

HTTP/2: flood using HEADERS frames results in unbounded memory growth

A flaw was found in HTTP/2. Using HEADER frames with invalid HTTP headers and queuing of response RSTSTREAM frames, an attacker could cause a flood resulting in unbounded memory growth. The highest threat from this vulnerability is to system availability...

7.8CVSS7.1AI score0.82813EPSS
Exploits0References9
CNVD
CNVD
added 2019/11/29 12:0 a.m.2 views

Unspecified Vulnerability in HAProxy

HAProxy is an open source TCP/HTTP load balancing server from the French company HAProxy. The server provides 4-layer , 7-layer proxy , and can support tens of thousands of level of connections , with high efficiency , stability and other characteristics . A security vulnerability exists in the...

9.8CVSS6.8AI score0.03955EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2019/11/26 8:1 p.m.3 views

HTTP/2: large amount of data requests leads to denial of service

A flaw was found in HTTP/2. An attacker can request a large amount of data by manipulating window size and stream priority to force the server to queue the data in 1-byte chunks. Depending on how efficiently this data is queued, this queue can consume excess CPU, memory, or both, leading to a...

7.8CVSS7.2AI score0.58373EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2019/11/26 7:57 p.m.2 views

HTTP/2: flood using SETTINGS frames results in unbounded memory growth

A flaw was found in HTTP/2. Using SETTINGS frames and queuing of SETTINGS ACK frames, a flood could occur resulting in unbounded memory growth. The highest threat from this vulnerability is to system availability...

7.8CVSS7.1AI score0.87806EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2019/11/20 4:14 p.m.4 views

httpd: mod_http2: possible crash on late upgrade

A vulnerability was found in Apache HTTP Server 2.4.34 to 2.4.38. When HTTP/2 was enabled for a http: host or H2Upgrade was enabled for h2 on a https: host, an Upgrade request from http/1.1 to http/2 that was not the first request on a connection could lead to a misconfiguration and crash. Server...

4.9CVSS7AI score0.08441EPSS
Exploits0References6
Rows per page
Query Builder