Page 5 of 29 results (0.010 seconds)

CVSS: 7.8EPSS: 14%CPEs: 12EXPL: 0

CVE-2019-9512 – Some HTTP/2 implementations are vulnerable to ping floods, potentially leading to a denial of service

https://notcve.org/view.php?id=CVE-2019-9512

Some HTTP/2 implementations are vulnerable to ping floods, potentially leading to a denial of service. The attacker sends continual pings to an HTTP/2 peer, causing the peer to build an internal queue of responses. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both. Algunas implementaciones de HTTP / 2 son vulnerables a las inundaciones de ping, lo que puede conducir a una denegación de servicio. El atacante envía pings continuos a un par HTTP / 2, haciendo que el par construya una cola interna de respuestas. • http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00076.html http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00011.html http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00021.html http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00031.html http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00032.html http://lists.opensuse.org/opensuse-security-announce/2019-09 • CWE-400: Uncontrolled Resource Consumption •

CVSS: 7.8EPSS: 79%CPEs: 55EXPL: 0

CVE-2019-9514 – Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service

https://notcve.org/view.php?id=CVE-2019-9514

Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service. The attacker opens a number of streams and sends an invalid request over each stream that should solicit a stream of RST_STREAM frames from the peer. Depending on how the peer queues the RST_STREAM frames, this can consume excess memory, CPU, or both. Algunas implementaciones de HTTP / 2 son vulnerables a una inundación de reinicio, lo que puede conducir a una denegación de servicio. El atacante abre una serie de secuencias y envía una solicitud no válida sobre cada secuencia que debería solicitar una secuencia de tramas RST_STREAM del par. • http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00076.html http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00011.html http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00021.html http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00031.html http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00032.html http://lists.opensuse.org/opensuse-security-announce/2019-09 • CWE-400: Uncontrolled Resource Consumption CWE-770: Allocation of Resources Without Limits or Throttling •

CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0

CVE-2018-11783

https://notcve.org/view.php?id=CVE-2018-11783

sslheaders plugin extracts information from the client certificate and sets headers in the request based on the configuration of the plugin. The plugin doesn't strip the headers from the request in some scenarios. This problem was discovered in versions 6.0.0 to 6.0.3, 7.0.0 to 7.1.5, and 8.0.0 to 8.0.1. El plugin sslheaders extrae información del certificado del cliente y establece cabeceras en la petición en base a la configuración de dicho plugin. El plugin no elimina las cabeceras de la petición en algunos casos. • http://www.securityfocus.com/bid/107032 https://lists.apache.org/thread.html/4f102f943935476732fb1fb653d687c7b69d29d9792f0d6cf72c505e%40%3Cannounce.trafficserver.apache.org%3E • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 1

CVE-2018-8004

https://notcve.org/view.php?id=CVE-2018-8004

There are multiple HTTP smuggling and cache poisoning issues when clients making malicious requests interact with Apache Traffic Server (ATS). This affects versions 6.0.0 to 6.2.2 and 7.0.0 to 7.1.3. To resolve this issue users running 6.x should upgrade to 6.2.3 or later versions and 7.x users should upgrade to 7.1.4 or later versions. Hay múltiples problemas de "HTTP smuggling" y envenenamiento de caché cuando los clientes que realizan peticiones maliciosas interactúan con Apache Traffic Server (ATS). Esto afecta a las versiones desde la 6.0.0 hasta la 6.2.2 y desde la versión 7.0.0 hasta la 7.1.3. • https://github.com/mosesrenegade/CVE-2018-8004 http://www.securityfocus.com/bid/105192 https://github.com/apache/trafficserver/pull/3192 https://github.com/apache/trafficserver/pull/3201 https://github.com/apache/trafficserver/pull/3231 https://github.com/apache/trafficserver/pull/3251 https://lists.apache.org/thread.html/7df882eb09029a4460768a61f88a30c9c30c9dc88e9bcc6e19ba24d5%40%3Cusers.trafficserver.apache.org%3E https://www.debian.org/security/2018/dsa-4282 • CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •

CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 0

CVE-2018-8005

https://notcve.org/view.php?id=CVE-2018-8005

When there are multiple ranges in a range request, Apache Traffic Server (ATS) will read the entire object from cache. This can cause performance problems with large objects in cache. This affects versions 6.0.0 to 6.2.2 and 7.0.0 to 7.1.3. To resolve this issue users running 6.x users should upgrade to 6.2.3 or later versions and 7.x users should upgrade to 7.1.4 or later versions. Cuando hay múltiples rangos en una petición de rango, Apache Traffic Server (ATS) leerá el objeto completo desde la caché. • http://www.securityfocus.com/bid/105187 https://github.com/apache/trafficserver/pull/3106 https://github.com/apache/trafficserver/pull/3124 https://lists.apache.org/thread.html/55d225af92887bfed0194400fd1b718622cca4140fc7318d982e25ca%40%3Cusers.trafficserver.apache.org%3E https://www.debian.org/security/2018/dsa-4282 • CWE-400: Uncontrolled Resource Consumption •