CVSS: 7.8EPSS: 94%CPEs: 444EXPL: 17CVE-2023-44487 – HTTP/2 Rapid Reset Attack Vulnerability
https://notcve.org/view.php?id=CVE-2023-44487
10 Oct 2023 — The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. El protocolo HTTP/2 permite una denegación de servicio (consumo de recursos del servidor) porque la cancelación de solicitudes puede restablecer muchas transmisiones rápidamente, como se explotó en la naturaleza entre agosto y octubre de 2023. A flaw was found in handling multiplexed streams in the HTTP/2 protocol. ... • https://github.com/imabee101/CVE-2023-44487 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 8.1EPSS: 76%CPEs: 25EXPL: 9CVE-2021-23017 – Nginx 1.20.0 - Denial of Service (DOS)
https://notcve.org/view.php?id=CVE-2021-23017
26 May 2021 — A security issue in nginx resolver was identified, which might allow an attacker who is able to forge UDP packets from the DNS server to cause 1-byte memory overwrite, resulting in worker process crash or potential other impact. Se identificó un problema de seguridad en el solucionador de nginx, que podría permitir a un atacante que pueda falsificar paquetes UDP desde el servidor DNS para causar una sobrescritura de memoria de 1 byte, lo que causaría un bloqueo del proceso de trabajo u otro impacto potencia... • https://packetstorm.news/files/id/167720 • CWE-193: Off-by-one Error •
CVSS: 7.5EPSS: 1%CPEs: 3EXPL: 0CVE-2020-11724 – Debian Security Advisory 4750-1
https://notcve.org/view.php?id=CVE-2020-11724
12 Apr 2020 — An issue was discovered in OpenResty before 1.15.8.4. ngx_http_lua_subrequest.c allows HTTP request smuggling, as demonstrated by the ngx.location.capture API. Se detectó un problema en OpenResty versiones anteriores a 1.15.8.4. El archivo ngx_http_lua_subrequest.c permite un tráfico no autorizado de peticiones HTTP, como es demostrado por la API ngx.location.capture. USN-5371-1 and USN-5371-2 fixed several vulnerabilities in nginx. This update provides the corresponding update for CVE-2020-11724 for Ubuntu... • https://github.com/openresty/lua-nginx-module/commit/9ab38e8ee35fc08a57636b1b6190dca70b0076fa • CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •
CVSS: 9.8EPSS: 43%CPEs: 1EXPL: 1CVE-2018-9230
https://notcve.org/view.php?id=CVE-2018-9230
02 Apr 2018 — In OpenResty through 1.13.6.1, URI parameters are obtained using the ngx.req.get_uri_args and ngx.req.get_post_args functions that ignore parameters beyond the hundredth one, which might allow remote attackers to bypass intended access restrictions or interfere with certain Web Application Firewall (ngx_lua_waf or X-WAF) products. NOTE: the vendor has reported that 100 parameters is an intentional default setting, but is adjustable within the API. The vendor's position is that a security-relevant misuse of ... • https://github.com/Bypass007/vuln/blob/master/OpenResty/Uri%20parameter%20overflow%20in%20Openresty.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •