Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Perimeter Scanner
Scanning
Projects
Scanner
Agent Scanning
API Scanning
Manual Audit
Email
Webhook
Resources
Documents
Blog
Glossary
FAQ
Plugins
Pricing
Contacts
About Us
Partners
Branding Guideline
Settings
Sign in
DenaH2o

10 matches found

CVE
CVEadded 2023/10/10 2:15 p.m.4447 views

CVE-2023-44487

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.

7.5CVSS8AI score0.94375EPSS
CVE
CVEadded 2017/12/22 2:29 p.m.78 views

CVE-2017-10868

H2O version 2.2.2 and earlier allows remote attackers to cause a denial of service in the server via specially crafted HTTP/1 header.

7.5CVSS7.2AI score0.01218EPSS
CVE
CVEadded 2022/02/01 1:15 p.m.57 views

CVE-2021-43848

h2o is an open source http server. In code prior to the 8c0eca3 commit h2o may attempt to access uninitialized memory. When receiving QUIC frames in certain order, HTTP/3 server-side implementation of h2o can be misguided to treat uninitialized memory as HTTP/3 frames that have been received. When ...

7.4CVSS5.9AI score0.133EPSS
CVE
CVEadded 2017/12/22 2:29 p.m.56 views

CVE-2017-10869

Buffer overflow in H2O version 2.2.2 and earlier allows remote attackers to cause a denial-of-service in the server via unspecified vectors.

7.5CVSS7.4AI score0.01867EPSS
CVE
CVEadded 2017/12/22 2:29 p.m.56 views

CVE-2017-10908

H2O version 2.2.3 and earlier allows remote attackers to cause a denial of service in the server via specially crafted HTTP/2 header.

7.5CVSS7.3AI score0.01336EPSS
CVE
CVEadded 2024/10/11 3:15 p.m.51 views

CVE-2024-45403

h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. When h2o is configured as a reverse proxy and HTTP/3 requests are cancelled by the client, h2o might crash due to an assertion failure. The crash can be exploited by an attacker to mount a Denial-of-Service attack. By default, the ...

7.5CVSS4.4AI score0.00447EPSS
CVE
CVEadded 2024/10/11 3:15 p.m.48 views

CVE-2024-45397

h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. When an HTTP request using TLS/1.3 early data on top of TCP Fast Open or QUIC 0-RTT packets is received and the IP-address-based access control is used, the access control does not detect and prohibit HTTP requests conveyed by pack...

7.5CVSS6.1AI score0.00125EPSS
CVE
CVEadded 2016/06/19 1:59 a.m.41 views

CVE-2016-4817

lib/http2/connection.c in H2O before 1.7.3 and 2.x before 2.0.0-beta5 mishandles HTTP/2 disconnection, which allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly execute arbitrary code via a crafted packet.

7.5CVSS8AI score0.07518EPSS
CVE
CVEadded 2023/12/12 8:15 p.m.40 views

CVE-2023-50247

h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. The QUIC stack (quicly), as used by H2O up to commit 43f86e5 (in version 2.3.0-beta and prior), is susceptible to a state exhaustion attack. When H2O is serving HTTP/3, a remote attacker can exploit this vulnerability to progressiv...

7.5CVSS5.6AI score0.00562EPSS
CVE
CVEadded 2017/05/12 6:29 p.m.39 views

CVE-2016-4864

H2O versions 2.0.3 and earlier and 2.1.0-beta2 and earlier allows remote attackers to cause a denial-of-service (DoS) via format string specifiers in a template file via fastcgi, mruby, proxy, redirect or reproxy.

7.5CVSS7.3AI score0.01598EPSS