2 matches found
CVE-2023-54365
Traefik before 2.10.5 and 3.0.0-beta4 is affected by a denial-of-service vulnerability in HTTP/2 request handling inherited from the Go standard library's HTTP/2 implementation CVE-2023-44487 / CVE-2023-39325, the 'Rapid Reset' technique. A remote attacker can rapidly create and cancel HTTP/2...
www/varnish7 -- Denial of Service in HTTP/2
Varnish Development Team reports: A denial of service attack can be performed on Varnish Cache servers that have the HTTP/2 protocol turned on. An attacker can create a large number of streams and immediately reset them without ever reaching the maximum number of concurrent streams allowed for th...