42 matches found
Apache HTTP Server 2.4.66 - 'mod_http2' Double-Free Denial of Service
Exploit Title: Apache HTTP Server 2.4.66 - 'modhttp2' Double-Free Denial of Service Google Dork: intext:"Apache/2.4.66" "HTTP/2" Date: 2026-05-06 Exploit Author: xeloxa https://github.com/xeloxa/ Vendor Homepage: https://httpd.apache.org/ Software Link:...
CLSA-2026-1778129164 nghttp2: Fix of 2 CVEs
CVE-2023-35945: fix memory leak on RSTSTREAM followed by GOAWAY - CVE-2026-27135: fix iframe state validation to prevent assertion failure...
Exploit for Double Free in Apache Http_Server
CVE-2026-23918-test This repository contains a Proof of Concep...
Astra Linux - уязвимость в jetty9
In Eclipse Jetty, versions =9.4.57, =10.0.25, =11.0.25, =12.0.21, and =12.1.0alpha2, an HTTP/2 client may trigger the server to send RSTSTREAM frames. This can happen by sending frames that are malformed or should not be sent under certain stream conditions, thereby forcing the server to consume...
JLSEC-2026-2 Envoy is a cloud-native high-performance edge/middle/service proxy
Envoy is a cloud-native high-performance edge/middle/service proxy. Envoy’s HTTP/2 codec may leak a header map and bookkeeping structures upon receiving RSTSTREAM immediately followed by the GOAWAY frames from an upstream server. In nghttp2, cleanup of pending requests due to receipt of the GOAWA...
Jenkins LTS < 2.516.3 / Jenkins weekly < 2.528 Multiple Vulnerabilities
According to its its self-reported version number, the version of Jenkins running on the remote web server is Jenkins LTS prior to 2.516.3 or Jenkins weekly prior to 2.528. It is, therefore, affected by multiple vulnerabilities: - In Eclipse Jetty, versions =9.4.57, =10.0.25, =11.0.25, =12.0.21,...
SUSE CVE-2025-5115
In Eclipse Jetty, versions =9.4.57, =10.0.25, =11.0.25, =12.0.21, =12.1.0.alpha2, an HTTP/2 client may trigger the server to send RSTSTREAM frames, for example by sending frames that are malformed or that should not be sent in a particular stream state, therefore forcing the server to consume...
Allocation of Resources Without Limits or Throttling
Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via malformed HTTP/2 control frames that manipulate the RSTSTREAM process. An attacker can exhaust server resources and disrupt service availability by rapidly sending specially craft...
CVE-2025-5115
In Eclipse Jetty, versions =9.4.57, =10.0.25, =11.0.25, =12.0.21, =12.1.0.alpha2, an HTTP/2 client may trigger the server to send RSTSTREAM frames, for example by sending frames that are malformed or that should not be sent in a particular stream state, therefore forcing the server to consume...
CVE-2025-5115
In Eclipse Jetty, versions =9.4.57, =10.0.25, =11.0.25, =12.0.21, =12.1.0.alpha2, an HTTP/2 client may trigger the server to send RSTSTREAM frames, for example by sending frames that are malformed or that should not be sent in a particular stream state, therefore forcing the server to consume...
UBUNTU-CVE-2025-5115
In Eclipse Jetty, versions =9.4.57, =10.0.25, =11.0.25, =12.0.21, =12.1.0.alpha2, an HTTP/2 client may trigger the server to send RSTSTREAM frames, for example by sending frames that are malformed or that should not be sent in a particular stream state, therefore forcing the server to consume...
CVE-2025-5115
CVE-2025-5115 (MadeYouReset) is a protocol-level HTTP/2 vulnerability in Jetty affecting versions <= 9.4.57, <= 10.0.25, <= 11.0.25, <= 12.0.21,
Eclipse Jetty 安全漏洞
Eclipse Jetty is an open source, Java-based web server and Java Servlet container from the Eclipse Foundation. A security vulnerability exists in Eclipse Jetty versions 9.4.57 and earlier, 10.0.25 and earlier, 11.0.25 and earlier, 12.0.21 and earlier, and 12.1.0.alpha2 and earlier, which originat...
SUSE CVE-2023-35945
Envoy is a cloud-native high-performance edge/middle/service proxy. Envoy's HTTP/2 codec may leak a header map and bookkeeping structures upon receiving RSTSTREAM immediately followed by the GOAWAY frames from an upstream server. In nghttp2, cleanup of pending requests due to receipt of the GOAWA...
HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)
A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RSTSTREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any...
HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)
A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RSTSTREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any...
HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)
A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RSTSTREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any...
Exploit for Uncontrolled Resource Consumption in Ietf Http
CVE-2023-44487 and http2-rst-stream-attacker CVE-2023-4448...
HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)
A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RSTSTREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any...
HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)
A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RSTSTREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any...