Количество 10
Количество 10
CVE-2023-43622
An attacker, opening a HTTP/2 connection with an initial window size of 0, was able to block handling of that connection indefinitely in Apache HTTP Server. This could be used to exhaust worker resources in the server, similar to the well known "slow loris" attack pattern. This has been fixed in version 2.4.58, so that such connection are terminated properly after the configured connection timeout. This issue affects Apache HTTP Server: from 2.4.55 through 2.4.57. Users are recommended to upgrade to version 2.4.58, which fixes the issue.
CVE-2023-43622
An attacker, opening a HTTP/2 connection with an initial window size of 0, was able to block handling of that connection indefinitely in Apache HTTP Server. This could be used to exhaust worker resources in the server, similar to the well known "slow loris" attack pattern. This has been fixed in version 2.4.58, so that such connection are terminated properly after the configured connection timeout. This issue affects Apache HTTP Server: from 2.4.55 through 2.4.57. Users are recommended to upgrade to version 2.4.58, which fixes the issue.
CVE-2023-43622
An attacker, opening a HTTP/2 connection with an initial window size of 0, was able to block handling of that connection indefinitely in Apache HTTP Server. This could be used to exhaust worker resources in the server, similar to the well known "slow loris" attack pattern. This has been fixed in version 2.4.58, so that such connection are terminated properly after the configured connection timeout. This issue affects Apache HTTP Server: from 2.4.55 through 2.4.57. Users are recommended to upgrade to version 2.4.58, which fixes the issue.
CVE-2023-43622
CVE-2023-43622
An attacker, opening a HTTP/2 connection with an initial window size o ...
GHSA-w2qc-22jv-44g8
An attacker, opening a HTTP/2 connection with an initial window size of 0, was able to block handling of that connection indefinitely in Apache HTTP Server. This could be used to exhaust worker resources in the server, similar to the well known "slow loris" attack pattern. This has been fixed in version 2.4.58, so that such connection are terminated properly after the configured connection timeout. This issue affects Apache HTTP Server: from 2.4.55 through 2.4.57. Users are recommended to upgrade to version 2.4.58, which fixes the issue.
BDU:2023-07171
Уязвимость веб-сервера Apache HTTP Server, связанная с блокировкой обработки соединения HTTP/2, позволяющая нарушителю вызвать отказ в обслуживании
ROS-20231030-05
Уязвимость Apache httpd
ELSA-2024-2368
ELSA-2024-2368: mod_http2 security update (MODERATE)
ROS-20240423-01
Множественные уязвимости varnish
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2023-43622 An attacker, opening a HTTP/2 connection with an initial window size of 0, was able to block handling of that connection indefinitely in Apache HTTP Server. This could be used to exhaust worker resources in the server, similar to the well known "slow loris" attack pattern. This has been fixed in version 2.4.58, so that such connection are terminated properly after the configured connection timeout. This issue affects Apache HTTP Server: from 2.4.55 through 2.4.57. Users are recommended to upgrade to version 2.4.58, which fixes the issue. | CVSS3: 7.5 | 62% Средний | больше 2 лет назад |
 | CVE-2023-43622 An attacker, opening a HTTP/2 connection with an initial window size of 0, was able to block handling of that connection indefinitely in Apache HTTP Server. This could be used to exhaust worker resources in the server, similar to the well known "slow loris" attack pattern. This has been fixed in version 2.4.58, so that such connection are terminated properly after the configured connection timeout. This issue affects Apache HTTP Server: from 2.4.55 through 2.4.57. Users are recommended to upgrade to version 2.4.58, which fixes the issue. | CVSS3: 7.5 | 62% Средний | больше 2 лет назад |
 | CVE-2023-43622 An attacker, opening a HTTP/2 connection with an initial window size of 0, was able to block handling of that connection indefinitely in Apache HTTP Server. This could be used to exhaust worker resources in the server, similar to the well known "slow loris" attack pattern. This has been fixed in version 2.4.58, so that such connection are terminated properly after the configured connection timeout. This issue affects Apache HTTP Server: from 2.4.55 through 2.4.57. Users are recommended to upgrade to version 2.4.58, which fixes the issue. | CVSS3: 7.5 | 62% Средний | больше 2 лет назад |
 | CVSS3: 7.5 | 62% Средний | больше 2 лет назад | |
| CVE-2023-43622 An attacker, opening a HTTP/2 connection with an initial window size o ... | CVSS3: 7.5 | 62% Средний | больше 2 лет назад |
| GHSA-w2qc-22jv-44g8 An attacker, opening a HTTP/2 connection with an initial window size of 0, was able to block handling of that connection indefinitely in Apache HTTP Server. This could be used to exhaust worker resources in the server, similar to the well known "slow loris" attack pattern. This has been fixed in version 2.4.58, so that such connection are terminated properly after the configured connection timeout. This issue affects Apache HTTP Server: from 2.4.55 through 2.4.57. Users are recommended to upgrade to version 2.4.58, which fixes the issue. | CVSS3: 7.5 | 62% Средний | больше 2 лет назад |
 | BDU:2023-07171 Уязвимость веб-сервера Apache HTTP Server, связанная с блокировкой обработки соединения HTTP/2, позволяющая нарушителю вызвать отказ в обслуживании | CVSS3: 7.5 | 62% Средний | больше 2 лет назад |
 | ROS-20231030-05 Уязвимость Apache httpd | CVSS3: 7.5 | 62% Средний | больше 2 лет назад |
| ELSA-2024-2368 ELSA-2024-2368: mod_http2 security update (MODERATE) | почти 2 года назад | ||
| ROS-20240423-01 Множественные уязвимости varnish | CVSS3: 7.5 | почти 2 года назад |
Уязвимостей на страницу