363 matches found
golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)
A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RSTSTREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any...
Important: Red Hat Security Advisory: Logging Subsystem 5.5.17 - Red Hat OpenShift security update
Logging Subsystem 5.5.17 - Red Hat OpenShift Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the...
Important: Red Hat Security Advisory: RHACS 4.0 enhancement and security update
Updated images are now available for Red Hat Advanced Cluster Security. The updated image includes new features and bug fixes. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...
RHEL 9 : toolbox (RHSA-2023:6077)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:6077 advisory. The rhel9/toolbox container image can be used with Toolbox to obtain RHEL based containerized command line environments to aid with...
tomcat security update
1:9.0.62-5.2 - HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack Rapid Reset Attack CVE-2023-44487...
Important: Red Hat Security Advisory: Red Hat OpenShift Pipelines 1.12.1 release and security update
Red Hat OpenShift Pipelines 1.12.1 has been released. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in t...
golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)
A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RSTSTREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any...
Important: Red Hat Security Advisory: Red Hat OpenShift Pipelines Client tkn for 1.12.1 release and security update
Red Hat OpenShift Pipelines Client tkn for 1.12.1 has been released. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...
HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)
A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RSTSTREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any...
Important: Red Hat Security Advisory: Cost Management security update
An update for costmanagement-metrics-operator-bundle-container and costmanagement-metrics-operator-container is now available for Cost Management for RHEL 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base...
Important: Red Hat Security Advisory: Self Node Remediation Operator 0.7.1 security update
This is an updated version of the Self Node Remediation Operator. This Operator is delivered by Red Hat Workload Availability. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...
Important: Red Hat Security Advisory: Node Maintenance Operator 5.0.1 security update
This is an updated version of the Node Maintenance Operator. This Operator is delivered by Red Hat Workload Availability. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...
HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)
A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RSTSTREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any...
Important: Red Hat Security Advisory: Red Hat AMQ Streams 2.2.2 release and security update
Red Hat AMQ Streams 2.2.2 is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...
HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)
A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RSTSTREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any...
HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)
A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RSTSTREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any...
Important: Red Hat Security Advisory: varnish security update
An update for varnish is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...
HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)
A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RSTSTREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any...
SUSE-SU-2023:4155-1 Security update for nodejs18
This update for nodejs18 fixes the following issues: - Update to version 18.18.2 - CVE-2023-44487: Fixed the Rapid Reset attack in nghttp2. bsc1216190 - CVE-2023-45143: Fixed a cookie leakage in undici. bsc1216205 - CVE-2023-38552: Fixed an integrity checks according to policies that could be...
ALSA-2023:5989 Important: varnish security update
Varnish Cache is a high-performance HTTP accelerator. It stores web pages in memory so web servers don't have to create the same web page over and over again, giving the website a significant speed up. Security Fixes: HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack Rap...