Количество 10
Количество 10
GHSA-w2qc-22jv-44g8
An attacker, opening a HTTP/2 connection with an initial window size of 0, was able to block handling of that connection indefinitely in Apache HTTP Server. This could be used to exhaust worker resources in the server, similar to the well known "slow loris" attack pattern. This has been fixed in version 2.4.58, so that such connection are terminated properly after the configured connection timeout. This issue affects Apache HTTP Server: from 2.4.55 through 2.4.57. Users are recommended to upgrade to version 2.4.58, which fixes the issue.
CVE-2023-43622
An attacker, opening a HTTP/2 connection with an initial window size of 0, was able to block handling of that connection indefinitely in Apache HTTP Server. This could be used to exhaust worker resources in the server, similar to the well known "slow loris" attack pattern. This has been fixed in version 2.4.58, so that such connection are terminated properly after the configured connection timeout. This issue affects Apache HTTP Server: from 2.4.55 through 2.4.57. Users are recommended to upgrade to version 2.4.58, which fixes the issue.
CVE-2023-43622
An attacker, opening a HTTP/2 connection with an initial window size of 0, was able to block handling of that connection indefinitely in Apache HTTP Server. This could be used to exhaust worker resources in the server, similar to the well known "slow loris" attack pattern. This has been fixed in version 2.4.58, so that such connection are terminated properly after the configured connection timeout. This issue affects Apache HTTP Server: from 2.4.55 through 2.4.57. Users are recommended to upgrade to version 2.4.58, which fixes the issue.
CVE-2023-43622
An attacker, opening a HTTP/2 connection with an initial window size of 0, was able to block handling of that connection indefinitely in Apache HTTP Server. This could be used to exhaust worker resources in the server, similar to the well known "slow loris" attack pattern. This has been fixed in version 2.4.58, so that such connection are terminated properly after the configured connection timeout. This issue affects Apache HTTP Server: from 2.4.55 through 2.4.57. Users are recommended to upgrade to version 2.4.58, which fixes the issue.
CVE-2023-43622
CVE-2023-43622
An attacker, opening a HTTP/2 connection with an initial window size o ...
BDU:2023-07171
Уязвимость веб-сервера Apache HTTP Server, связанная с блокировкой обработки соединения HTTP/2, позволяющая нарушителю вызвать отказ в обслуживании
ROS-20231030-05
Уязвимость Apache httpd
ELSA-2024-2368
ELSA-2024-2368: mod_http2 security update (MODERATE)
ROS-20240423-01
Множественные уязвимости varnish
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
| GHSA-w2qc-22jv-44g8 An attacker, opening a HTTP/2 connection with an initial window size of 0, was able to block handling of that connection indefinitely in Apache HTTP Server. This could be used to exhaust worker resources in the server, similar to the well known "slow loris" attack pattern. This has been fixed in version 2.4.58, so that such connection are terminated properly after the configured connection timeout. This issue affects Apache HTTP Server: from 2.4.55 through 2.4.57. Users are recommended to upgrade to version 2.4.58, which fixes the issue. | CVSS3: 7.5 | 57% Средний | больше 1 года назад |
 | CVE-2023-43622 An attacker, opening a HTTP/2 connection with an initial window size of 0, was able to block handling of that connection indefinitely in Apache HTTP Server. This could be used to exhaust worker resources in the server, similar to the well known "slow loris" attack pattern. This has been fixed in version 2.4.58, so that such connection are terminated properly after the configured connection timeout. This issue affects Apache HTTP Server: from 2.4.55 through 2.4.57. Users are recommended to upgrade to version 2.4.58, which fixes the issue. | CVSS3: 7.5 | 57% Средний | больше 1 года назад |
 | CVE-2023-43622 An attacker, opening a HTTP/2 connection with an initial window size of 0, was able to block handling of that connection indefinitely in Apache HTTP Server. This could be used to exhaust worker resources in the server, similar to the well known "slow loris" attack pattern. This has been fixed in version 2.4.58, so that such connection are terminated properly after the configured connection timeout. This issue affects Apache HTTP Server: from 2.4.55 through 2.4.57. Users are recommended to upgrade to version 2.4.58, which fixes the issue. | CVSS3: 7.5 | 57% Средний | больше 1 года назад |
 | CVE-2023-43622 An attacker, opening a HTTP/2 connection with an initial window size of 0, was able to block handling of that connection indefinitely in Apache HTTP Server. This could be used to exhaust worker resources in the server, similar to the well known "slow loris" attack pattern. This has been fixed in version 2.4.58, so that such connection are terminated properly after the configured connection timeout. This issue affects Apache HTTP Server: from 2.4.55 through 2.4.57. Users are recommended to upgrade to version 2.4.58, which fixes the issue. | CVSS3: 7.5 | 57% Средний | больше 1 года назад |
 | CVSS3: 7.5 | 57% Средний | больше 1 года назад | |
| CVE-2023-43622 An attacker, opening a HTTP/2 connection with an initial window size o ... | CVSS3: 7.5 | 57% Средний | больше 1 года назад |
 | BDU:2023-07171 Уязвимость веб-сервера Apache HTTP Server, связанная с блокировкой обработки соединения HTTP/2, позволяющая нарушителю вызвать отказ в обслуживании | CVSS3: 7.5 | 57% Средний | больше 1 года назад |
 | ROS-20231030-05 Уязвимость Apache httpd | CVSS3: 7.5 | 57% Средний | больше 1 года назад |
| ELSA-2024-2368 ELSA-2024-2368: mod_http2 security update (MODERATE) | около 1 года назад | ||
| ROS-20240423-01 Множественные уязвимости varnish | CVSS3: 7.5 | около 1 года назад |
Уязвимостей на страницу