CVSS: 7.5EPSS: 83%CPEs: 444EXPL: 7CVE-2023-44487 – HTTP/2 Rapid Reset Attack Vulnerability
https://notcve.org/view.php?id=CVE-2023-44487
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. El protocolo HTTP/2 permite una denegación de servicio (consumo de recursos del servidor) porque la cancelación de solicitudes puede restablecer muchas transmisiones rápidamente, como se explotó en la naturaleza entre agosto y octubre de 2023. A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. • https://github.com/imabee101/CVE-2023-44487 https://github.com/studiogangster/CVE-2023-44487 https://github.com/bcdannyboy/CVE-2023-44487 https://github.com/sigridou/CVE-2023-44487- https://github.com/ByteHackr/CVE-2023-44487 https://github.com/ReToCode/golang-CVE-2023-44487 http://www.openwall.com/lists/oss-security/2023/10/13/4 http://www.openwall.com/lists/oss-security/2023/10/13/9 http://www.openwall.com/lists/oss-security/2023/10/18/4 http://www. • CWE-400: Uncontrolled Resource Consumption •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2022-35720 – IBM Sterling External Authentication Server information disclosure
https://notcve.org/view.php?id=CVE-2022-35720
IBM Sterling External Authentication Server 6.1.0 and IBM Sterling Secure Proxy 6.0.3 uses weaker than expected cryptographic algorithms during installation that could allow a local attacker to decrypt sensitive information. IBM X-Force ID: 231373. • https://www.ibm.com/support/pages/node/6890663 https://www.ibm.com/support/pages/node/6890669 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 4.9EPSS: 0%CPEs: 12EXPL: 0CVE-2021-29728
https://notcve.org/view.php?id=CVE-2021-29728
IBM Sterling Secure Proxy 6.0.1, 6.0.2, 2.4.3.2, and 3.4.3.2 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 201160. IBM Sterling Secure Proxy versiones 6.0.1, 6.0.2, 2.4.3.2 y 3.4.3.2, contiene credenciales embebidas, como una contraseña o una clave criptográfica, que usa para su propia autenticación de entrada, una comunicación de salida con componentes externos o el cifrado de datos internos. IBM X-Force ID: 201160. • https://exchange.xforce.ibmcloud.com/vulnerabilities/201160 https://www.ibm.com/support/pages/node/6484681 https://www.ibm.com/support/pages/node/6484685 • CWE-798: Use of Hard-coded Credentials •
CVSS: 7.5EPSS: 0%CPEs: 12EXPL: 0CVE-2021-29723
https://notcve.org/view.php?id=CVE-2021-29723
IBM Sterling Secure Proxy 6.0.1, 6.0.2, 2.4.3.2, and 3.4.3.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-ForceID: 201100. IBM Sterling Secure Proxy versiones 6.0.1, 6.0.2, 2.4.3.2 y 3.4.3.2, usa algoritmos criptográficos más débiles de lo esperado que podrían permitir a un atacante descifrar información altamente confidencial. IBM X-ForceID: 201100. • https://exchange.xforce.ibmcloud.com/vulnerabilities/201100 https://www.ibm.com/support/pages/node/6484681 https://www.ibm.com/support/pages/node/6484685 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 7.5EPSS: 0%CPEs: 12EXPL: 0CVE-2021-29722
https://notcve.org/view.php?id=CVE-2021-29722
IBM Sterling Secure Proxy 6.0.1, 6.0.2, 2.4.3.2, and 3.4.3.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 201095. IBM Sterling Secure Proxy versiones 6.0.1, 6.0.2, 2.4.3.2 y 3.4.3.2, usa algoritmos criptográficos más débiles de lo esperado que podrían permitir a un atacante descifrar información altamente confidencial. IBM X-Force ID: 201095. • https://exchange.xforce.ibmcloud.com/vulnerabilities/201095 https://www.ibm.com/support/pages/node/6484681 https://www.ibm.com/support/pages/node/6484685 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •