Описание
Apache Traffic Server is vulnerable to HTTP/2 setting flood attacks. Earlier versions of Apache Traffic Server didn't limit the number of setting frames sent from the client using the HTTP/2 protocol. Users should upgrade to Apache Traffic Server 7.1.7, 8.0.4, or later versions.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | ignored | end of standard support, was needs-triage |
| devel | DNE | |
| disco | ignored | end of life |
| eoan | not-affected | 8.0.5+ds-1 |
| esm-apps/bionic | needs-triage | |
| esm-apps/focal | not-affected | 8.0.5+ds-2 |
| esm-apps/jammy | not-affected | 8.0.5+ds-2 |
| esm-apps/noble | not-affected | 8.0.5+ds-2 |
| esm-apps/xenial | needs-triage | |
| esm-infra-legacy/trusty | DNE |
Показывать по
EPSS
5 Medium
CVSS2
7.5 High
CVSS3
Связанные уязвимости
Apache Traffic Server is vulnerable to HTTP/2 setting flood attacks. Earlier versions of Apache Traffic Server didn't limit the number of setting frames sent from the client using the HTTP/2 protocol. Users should upgrade to Apache Traffic Server 7.1.7, 8.0.4, or later versions.
Apache Traffic Server is vulnerable to HTTP/2 setting flood attacks. E ...
Apache Traffic Server is vulnerable to HTTP/2 setting flood attacks. Earlier versions of Apache Traffic Server didn't limit the number of setting frames sent from the client using the HTTP/2 protocol. Users should upgrade to Apache Traffic Server 7.1.7, 8.0.4, or later versions.
Уязвимость модуля HTTP/2 веб-сервера Apache Traffic Server, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность данных
EPSS
5 Medium
CVSS2
7.5 High
CVSS3