179 matches found
tomcat: HTTP/2 request header mix-up
While investigating bug 64830 it was discovered that Apache Tomcat 10.0.0-M1 to 10.0.0-M9, 9.0.0-M1 to 9.0.39 and 8.5.0 to 8.5.59 could re-use an HTTP request header value from the previous stream received on an HTTP/2 connection for the request associated with the subsequent stream. While this...
tomcat: specially crafted sequence of HTTP/2 requests can lead to DoS
A specially crafted sequence of HTTP/2 requests sent to Apache Tomcat 10.0.0-M1 to 10.0.0-M5, 9.0.0.M1 to 9.0.35 and 8.5.0 to 8.5.55 could trigger high CPU usage for several seconds. If a sufficient number of such requests were made on concurrent HTTP/2 connections, the server could become...
Some HTTP/2 implementations are vulnerable to a header leak potentially leading to a denial of service
...
httpd: mod_http2: DoS via slow, unneeded request bodies
In Apache HTTP server versions 2.4.37 and prior, by sending request bodies in a slow loris way to plain resources, the h2 stream for that request unnecessarily occupied a server thread cleaning up that incoming data. This affects only HTTP/2 modhttp2 connections...
IBM DataPower Gateway Denial of Service Vulnerability (CNVD-2020-54936)
IBM DataPower Gateway is a suite of security and integration platforms from IBM USA designed specifically for mobile, cloud, application programming interfaces APIs, web, service-oriented architecture SOA, B2B and cloud workloads. The platform protects, integrates and optimizes access across...
tomcat: OutOfMemoryException caused by HTTP/2 connection leak could lead to DoS
A flaw was found in Apache Tomcat, where an h2c direct connection did not release the HTTP/1.1 processor after the upgrade to HTTP/2. If a sufficient number of such requests are made, an OutOfMemoryException could occur, leading to a denial of service. The highest threat from this vulnerability i...
HTTP/2: flood using SETTINGS frames results in unbounded memory growth
A flaw was found in HTTP/2. Using SETTINGS frames and queuing of SETTINGS ACK frames, a flood could occur resulting in unbounded memory growth. The highest threat from this vulnerability is to system availability...
HTTP/2: flood using PING frames results in unbounded memory growth
A flaw was found in HTTP/2. Using PING frames and queuing of response PING ACK frames, a flood attack could occur resulting in unbounded memory growth. The highest threat from this vulnerability is to system availability...
HTTP/2: flood using PING frames results in unbounded memory growth
A flaw was found in HTTP/2. Using PING frames and queuing of response PING ACK frames, a flood attack could occur resulting in unbounded memory growth. The highest threat from this vulnerability is to system availability...
PT-2020-13162 · Envoy · Envoy
Name of the Vulnerable Software and Affected Versions: Envoy versions 1.14.2, 1.13.2, 1.12.4 or earlier Description: The issue is related to excessive memory consumption when proxying HTTP/2 requests or responses with many small data frames. This occurs when the software handles a large number of...
haproxy: HTTP/2 implementation vulnerable to intermediary encapsulation attacks
The HTTP/2 implementation in HAProxy before 2.0.10 mishandles headers, as demonstrated by carriage return CR, ASCII 0xd, line feed LF, ASCII 0xa, and the zero character NUL, ASCII 0x0, aka Intermediary Encapsulation Attacks...
DEBIAN-CVE-2020-9481
Apache ATS 6.0.0 to 6.2.3, 7.0.0 to 7.1.9, and 8.0.0 to 8.0.6 is vulnerable to a HTTP/2 slow read attack...
haproxy: malformed HTTP/2 requests can lead to out-of-bounds writes
A flaw was found in the way HAProxy processed certain HTTP/2 request packets. This flaw allows an attacker to send crafted HTTP/2 request packets, which cause memory corruption, leading to a crash or potential remote arbitrary code execution with the permissions of the user running HAProxy...
httpd: memory corruption on early pushes
A vulnerability was found in Apache httpd, in modhttp2. Under certain circumstances, HTTP/2 early pushes could lead to memory corruption, causing a server to crash...
HTTP/2: flood using PING frames results in unbounded memory growth
A flaw was found in HTTP/2. Using PING frames and queuing of response PING ACK frames, a flood attack could occur resulting in unbounded memory growth. The highest threat from this vulnerability is to system availability...
HTTP/2: flood using HEADERS frames results in unbounded memory growth
A flaw was found in HTTP/2. Using HEADER frames with invalid HTTP headers and queuing of response RSTSTREAM frames, an attacker could cause a flood resulting in unbounded memory growth. The highest threat from this vulnerability is to system availability...
Unspecified Vulnerability in HAProxy
HAProxy is an open source TCP/HTTP load balancing server from the French company HAProxy. The server provides 4-layer , 7-layer proxy , and can support tens of thousands of level of connections , with high efficiency , stability and other characteristics . A security vulnerability exists in the...
HTTP/2: large amount of data requests leads to denial of service
A flaw was found in HTTP/2. An attacker can request a large amount of data by manipulating window size and stream priority to force the server to queue the data in 1-byte chunks. Depending on how efficiently this data is queued, this queue can consume excess CPU, memory, or both, leading to a...
HTTP/2: flood using SETTINGS frames results in unbounded memory growth
A flaw was found in HTTP/2. Using SETTINGS frames and queuing of SETTINGS ACK frames, a flood could occur resulting in unbounded memory growth. The highest threat from this vulnerability is to system availability...
httpd: mod_http2: possible crash on late upgrade
A vulnerability was found in Apache HTTP Server 2.4.34 to 2.4.38. When HTTP/2 was enabled for a http: host or H2Upgrade was enabled for h2 on a https: host, an Upgrade request from http/1.1 to http/2 that was not the first request on a connection could lead to a misconfiguration and crash. Server...