Описание
An HTTP/2 implementation flaw allows a denial-of-service (DoS) that uses malformed HTTP/2 control frames in order to break the max concurrent streams limit (HTTP/2 MadeYouReset Attack). Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Отчет
No versions of NGINX used in Red Hat products or services are vulnerable.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 10 | nginx | Not affected | ||
| Red Hat Enterprise Linux 8 | nginx:1.22/nginx | Not affected | ||
| Red Hat Enterprise Linux 8 | nginx:1.24/nginx | Not affected | ||
| Red Hat Enterprise Linux 9 | nginx | Not affected | ||
| Red Hat Enterprise Linux 9 | nginx:1.22/nginx | Not affected | ||
| Red Hat Enterprise Linux 9 | nginx:1.24/nginx | Not affected | ||
| Red Hat Enterprise Linux 9 | nginx:1.26/nginx | Not affected | ||
| Red Hat Insights proxy 1 | insights-proxy/insights-proxy-container-rhel9 | Not affected |
Показывать по
Дополнительная информация
Статус:
EPSS
7.5 High
CVSS3
Связанные уязвимости
An HTTP/2 implementation flaw allows a denial-of-service (DoS) that uses malformed HTTP/2 control frames in order to break the max concurrent streams limit (HTTP/2 MadeYouReset Attack). Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
An HTTP/2 implementation flaw allows a denial-of-service (DoS) that uses malformed HTTP/2 control frames in order to break the max concurrent streams limit (HTTP/2 MadeYouReset Attack). Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Уязвимость реализации протокола HTTP/2 программного обеспечения для защиты и управления трафиком приложений BIG-IP Next и программных средств BIG-IP Next SPK, BIG-IP Next CNF, BIG-IP Next for Kubernetes, BIG-IP, F5 Silverline, позволяющая нарушителю вызвать отказ в обслуживании
EPSS
7.5 High
CVSS3