69 matches found
PT-2026-33367
Name of the Vulnerable Software and Affected Versions spdystream versions prior to 0.5.1 Description The SPDY/3 frame parser fails to validate attacker-controlled counts and lengths before allocating memory. This occurs in three allocation paths: the SETTINGS frame entry count, the header count i...
tomcat: Apache Tomcat denial of service
A denial of service flaw was found in Apache Tomcat. An uncontrolled resource consumption vulnerability, where an HTTP/2 client fails to acknowledge the initial settings frame that reduces the maximum permitted concurrent streams, could result in a denial of service...
tomcat: Apache Tomcat denial of service
A denial of service flaw was found in Apache Tomcat. An uncontrolled resource consumption vulnerability, where an HTTP/2 client fails to acknowledge the initial settings frame that reduces the maximum permitted concurrent streams, could result in a denial of service...
tomcat: Apache Tomcat denial of service
A denial of service flaw was found in Apache Tomcat. An uncontrolled resource consumption vulnerability, where an HTTP/2 client fails to acknowledge the initial settings frame that reduces the maximum permitted concurrent streams, could result in a denial of service...
tomcat: Apache Tomcat denial of service
A denial of service flaw was found in Apache Tomcat. An uncontrolled resource consumption vulnerability, where an HTTP/2 client fails to acknowledge the initial settings frame that reduces the maximum permitted concurrent streams, could result in a denial of service...
tomcat: Apache Tomcat denial of service
A denial of service flaw was found in Apache Tomcat. An uncontrolled resource consumption vulnerability, where an HTTP/2 client fails to acknowledge the initial settings frame that reduces the maximum permitted concurrent streams, could result in a denial of service...
tomcat: Apache Tomcat denial of service
A denial of service flaw was found in Apache Tomcat. An uncontrolled resource consumption vulnerability, where an HTTP/2 client fails to acknowledge the initial settings frame that reduces the maximum permitted concurrent streams, could result in a denial of service...
DEBIAN-CVE-2025-53506
Uncontrolled Resource Consumption vulnerability in Apache Tomcat if an HTTP/2 client did not acknowledge the initial settings frame that reduces the maximum permitted concurrent streams. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.8, from 10.1.0-M1 through 10.1.42, from 9.0.0.M1...
BIT-NODE-MIN-2020-11080 Denial of service in nghttp2
In nghttp2 before version 1.41.0, the overly large HTTP/2 SETTINGS frame payload causes denial of service. The proof of concept attack involves a malicious client constructing a SETTINGS frame with a length of 14,400 bytes 2400 individual settings entries over and over again. The attack causes th...
BIT-NODE-2020-11080 Denial of service in nghttp2
In nghttp2 before version 1.41.0, the overly large HTTP/2 SETTINGS frame payload causes denial of service. The proof of concept attack involves a malicious client constructing a SETTINGS frame with a length of 14,400 bytes 2400 individual settings entries over and over again. The attack causes th...
Rocky Linux 8 : nodejs:10 (RLSA-2020:2848)
The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2020:2848 advisory. - In nghttp2 before version 1.41.0, the overly large HTTP/2 SETTINGS frame payload causes denial of service. The proof of concept attack involves a...
Ubuntu 16.04 ESM / 18.04 ESM / 20.04 LTS : nghttp2 vulnerability (USN-6142-1)
The remote Ubuntu 16.04 ESM / 18.04 ESM / 20.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-6142-1 advisory. Gal Goldshtein discovered that nghttp2 incorrectly handled certain inputs. If a user or an automated system were tricked into opening a...
Debian DLA-2786-1 : nghttp2 - LTS security update
The remote Debian 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-2786 advisory. - nghttp2 version = 1.10.0 and nghttp2 = 1.31.1. CVE-2018-1000168 - In nghttp2 before version 1.41.0, the overly large HTTP/2 SETTINGS frame payload causes denial ...
CVE-2021-39162
Pomerium is an open source identity-aware access proxy. Envoy, which Pomerium is based on, can abnormally terminate if an H/2 GOAWAY and SETTINGS frame are received in the same IO event. This can lead to a DoS in the presence of untrusted upstream servers. 0.15.1 contains an upgraded envoy binary...
Caleb Doxsey pomerium 代码问题漏洞
Caleb Doxsey pomerium is a Caleb Doxsey open source application. An identity agent that allows secure access to internal applications. A code issue vulnerability exists in Pomerium that stems from the fact that the Envoy on which Pomerium is based may terminate abnormally if an H/2 GOAWAY and...
PT-2021-19926 · Envoy · Envoy
Name of the Vulnerable Software and Affected Versions: Envoy versions prior to 1.18.4 Envoy versions prior to 1.19.1 Description: Envoy is an open source L7 proxy and communication bus designed for large modern service oriented architectures. In affected versions, Envoy transitions a H/2 connecti...
SUSE: Security Advisory (SUSE-SU-2021:0931-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
openSUSE: Security Advisory for nghttp2 (openSUSE-SU-2021:0468-1)
The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
SUSE SLES15 Security Update : nghttp2 (SUSE-SU-2021:0931-1)
This update for nghttp2 fixes the following issues : CVE-2020-11080: HTTP/2 Large Settings Frame DoS bsc1181358 Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as...
Security update for nghttp2 (important)
openSUSE Security Update: Security update for nghttp2 Announcement ID: openSUSE-SU-2021:0468-1 Rating: important References: 1172442 1181358 Cross-References: CVE-2020-11080 CVSS scores: CVE-2020-11080 NVD : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2020-11080 SUSE: 7.5...