2 matches found
Jetty 10.0.6 HTTP/2 Stream Exhaustion Denial of Service
Jetty version 10.0.6 is vulnerable to a denial of service condition via HTTP/2 stream exhaustion. By opening and maintaining a large number of idle HTTP/2 streams, an attacker can exhaust server resources and cause the service to become unresponsive. This archive includes a Ruby Metasploit...
AZL-34682 CVE-2023-44487 affecting package etcd for versions less than 3.5.6-11
The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023...