CVSS: 9.8EPSS: 94%CPEs: 444EXPL: 19CVE-2023-44487 – HTTP/2 Rapid Reset Attack Vulnerability
https://notcve.org/view.php?id=CVE-2023-44487
10 Oct 2023 — The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. El protocolo HTTP/2 permite una denegación de servicio (consumo de recursos del servidor) porque la cancelación de solicitudes puede restablecer muchas transmisiones rápidamente, como se explotó en la naturaleza entre agosto y octubre de 2023. A flaw was found in handling multiplexed streams in the HTTP/2 protocol. ... • https://github.com/imabee101/CVE-2023-44487 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.5EPSS: 1%CPEs: 9EXPL: 0CVE-2015-8852 – Debian Security Advisory 3553-1
https://notcve.org/view.php?id=CVE-2015-8852
22 Apr 2016 — Varnish 3.x before 3.0.7, when used in certain stacked installations, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a header line terminated by a \r (carriage return) character in conjunction with multiple Content-Length headers in an HTTP request. Varnish 3.x en versiones anteriores a 3.0.7, cuando se utiliza en ciertas instalaciones apiladas, permite a atacantes remotos inyectar cabeceras HTTP arbitrarias y llevar a cabo ataques de separación de r... • http://lists.opensuse.org/opensuse-updates/2016-05/msg00064.html •
CVSS: 7.5EPSS: 1%CPEs: 20EXPL: 2CVE-2013-4484 – Varnish Cache Denial of Service
https://notcve.org/view.php?id=CVE-2013-4484
31 Oct 2013 — Varnish before 3.0.5 allows remote attackers to cause a denial of service (child-process crash and temporary caching outage) via a GET request with trailing whitespace characters and no URI. Vulnerablilidad en Varnish antes de 3.0.5 permite a atacantes remotos provocar una denegación de servicio (caída del proceso hijo y corte de caché temporal) a través de una solicitud GET con espacios en blanco finales y sin URI. If Varnish receives a certain illegal request, and the subroutine 'vcl_error{}' restarts the... • https://packetstorm.news/files/id/123867 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •