Lucene search
K

363 matches found

RedHat Linux
RedHat Linux
added 2023/10/31 2:6 p.m.3 views

HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)

A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RSTSTREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any...

7.5CVSS6.7AI score0.99999EPSS
Exploits19References10
OSV
OSV
added 2023/10/31 8:28 a.m.18 views

SUSE-SU-2023:4295-1 Security update for nodejs10

This update for nodejs10 fixes the following issues: - CVE-2023-44487: Fixed the Rapid Reset attack in nghttp2. bsc1216190...

7.5CVSS8AI score0.99999EPSS
Exploits19References3
Debian
Debian
added 2023/10/30 8:10 p.m.35 views

[SECURITY] [DLA 3641-1] jetty9 security update

Debian LTS Advisory DLA-3641-1 [email protected] https://www.debian.org/lts/security/ Markus Koschany October 30, 2023 https://wiki.debian.org/LTS Package : jetty9 Version : 9.4.50-4+deb10u1 CVE ID : CVE-2020-27218 CVE-2023-36478 CVE-2023-44487 Debian Bug : 976211 Two remotely exploitab...

7.5CVSS7.1AI score0.99999EPSS
Exploits20
Debian
Debian
added 2023/10/30 7:52 p.m.54 views

[SECURITY] [DSA 5540-1] jetty9 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5540-1 [email protected] https://www.debian.org/security/ Markus Koschany October 30, 2023 https://www.debian.org/security/faq -...

7.5CVSS7.4AI score0.99999EPSS
Exploits20
RedHat Linux
RedHat Linux
added 2023/10/30 1:3 p.m.5 views

HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)

A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RSTSTREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any...

7.5CVSS6.7AI score0.99999EPSS
Exploits19References10
RedHat Linux
RedHat Linux
added 2023/10/30 1:3 p.m.5 views

golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)

A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RSTSTREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any...

7.5CVSS6.7AI score0.99999EPSS
Exploits19References9
RedHat Linux
RedHat Linux
added 2023/10/30 1:3 p.m.93 views

Critical: Red Hat Security Advisory: Red Hat Product OCP Tools 4.13 OpenShift Jenkins security update

An update for jenkins and jenkins-2-plugins is now available for OpenShift Developer Tools and Services for OCP 4.13. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

9.8CVSS7.1AI score0.99999EPSS
Exploits61References10
RedHat Linux
RedHat Linux
added 2023/10/30 11:24 a.m.6 views

golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)

A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RSTSTREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any...

7.5CVSS6.7AI score0.99999EPSS
Exploits19References9
RedHat Linux
RedHat Linux
added 2023/10/30 11:10 a.m.5 views

golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)

A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RSTSTREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any...

7.5CVSS6.7AI score0.99999EPSS
Exploits19References9
OSV
OSV
added 2023/10/30 8:54 a.m.17 views

SUSE-SU-2023:4259-1 Security update for nodejs12

This update for nodejs12 fixes the following issues: - CVE-2023-44487: Fixed the Rapid Reset attack in nghttp2. bsc1216190 - CVE-2023-38552: Fixed an integrity checks according to policies that could be circumvented. bsc1216272...

7.5CVSS7.8AI score0.99999EPSS
Exploits19References5
RedHat Linux
RedHat Linux
added 2023/10/30 8:22 a.m.6 views

HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)

A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RSTSTREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any...

7.5CVSS6.7AI score0.99999EPSS
Exploits19References10
RedHat Linux
RedHat Linux
added 2023/10/30 8:22 a.m.5 views

golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)

A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RSTSTREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any...

7.5CVSS6.7AI score0.99999EPSS
Exploits19References9
RedHat Linux
RedHat Linux
added 2023/10/27 11:59 a.m.4 views

HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)

A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RSTSTREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any...

7.5CVSS6.7AI score0.99999EPSS
Exploits19References10
RedHat Linux
RedHat Linux
added 2023/10/27 11:58 a.m.7 views

HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)

A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RSTSTREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any...

7.5CVSS6.7AI score0.99999EPSS
Exploits19References10
OpenVAS
OpenVAS
added 2023/10/27 12:0 a.m.28 views

SUSE: Security Advisory (SUSE-SU-2023:4200-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS8.5AI score0.99999EPSS
Exploits19References7
RedHat Linux
RedHat Linux
added 2023/10/26 1:25 p.m.5 views

HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)

A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RSTSTREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any...

7.5CVSS6.7AI score0.99999EPSS
Exploits19References10
RedHat Linux
RedHat Linux
added 2023/10/26 1:20 p.m.71 views

Important: Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.57 SP1 security update

Red Hat JBoss Core Services Apache HTTP Server 2.4.57 Service Pack 1 is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

7.5CVSS7AI score0.99999EPSS
Exploits19References3
RedHat Linux
RedHat Linux
added 2023/10/26 1:20 p.m.3 views

HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)

A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RSTSTREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any...

7.5CVSS6.7AI score0.99999EPSS
Exploits19References10
OSV
OSV
added 2023/10/26 8:24 a.m.20 views

SUSE-SU-2023:4207-1 Security update for nodejs18

This update for nodejs18 fixes the following issues: - Update to version 18.18.2 - CVE-2023-44487: Fixed the Rapid Reset attack in nghttp2. bsc1216190 - CVE-2023-45143: Fixed a cookie leakage in undici. bsc1216205 - CVE-2023-38552: Fixed an integrity checks according to policies that could be...

7.5CVSS7.8AI score0.99999EPSS
Exploits19References9
RedHat Linux
RedHat Linux
added 2023/10/25 5:59 p.m.61 views

Important: Red Hat Security Advisory: Red Hat Advanced Cluster Management 2.8.3 security and bug fix updates

Red Hat Advanced Cluster Management for Kubernetes 2.8.3 General Availability release images, which provide security updates and fix bugs. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a...

7.5CVSS8.9AI score0.99999EPSS
Exploits19References45
Rows per page
Query Builder