Download
| Alert*
oval:org.secpod.oval:def:69904
Several vulnerabilities have been found in the Apache HTTPD server. CVE-2019-9517 Jonathan Looney reported that a malicious client could perform a denial of service attack by flooding a connection with requests and basically never reading responses on the TCP connection. CVE-2019-10081 Craig Young ... oval:org.secpod.oval:def:89003349 This update for apache2 fixes the following issues: Security issues fixed: - CVE-2019-9517: Fixed HTTP/2 implementations that are vulnerable to unconstrained interal data buffering . - CVE-2019-10081: Fixed mod_http2 that is vulnerable to memory corruption on early pushes . - CVE-2019-10082: Fixed m ... oval:org.secpod.oval:def:1700254 Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service. The attacker requests a large amount of data from a specified resource over multiple streams. They manipulate window size and stream priority to ... oval:org.secpod.oval:def:117828 Node.js is a platform built on Chrome's JavaScript runtime for easily building fast, scalable network applications. Node.js uses an event-driven, non-blocking I/O model that makes it lightweight and efficient, perfect for data-intensive real-time applications that run across distributed devices. oval:org.secpod.oval:def:604505 Several vulnerabilities have been found in the Apache HTTPD server. CVE-2019-9517 Jonathan Looney reported that a malicious client could perform a denial of service attack by flooding a connection with requests and basically never reading responses on the TCP connection. CVE-2019-10081 Craig Young ... oval:org.secpod.oval:def:58065 This opens the HTTP/2 window so the server can send without constraint; however, it leaves the TCP window closed so the server cannot actually write (many of) the bytes on the wire. The client could then send a stream of requests for a large response object. Depending on how the servers queue the re ... oval:org.secpod.oval:def:58348 Several vulnerabilities have been found in the Apache HTTPD server. CVE-2019-9517 Jonathan Looney reported that a malicious client could perform a denial of service attack by flooding a connection with requests and basically never reading responses on the TCP connection. CVE-2019-10081 Craig Young ... oval:org.secpod.oval:def:503353 The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix: * HTTP/2: request for large response leads to denial of service For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related inform ... oval:org.secpod.oval:def:504882 Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: rh-nodejs10-nodejs . Security Fix: * HTTP/2: large amount of data requests leads to denial of ... oval:org.secpod.oval:def:503354 Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: nodejs . Security Fix: * HTTP/2: large amount of data requests leads to denial of service * H ... oval:org.secpod.oval:def:58420 apache2: Apache HTTP server Several security issues were fixed in Apache. oval:org.secpod.oval:def:58421 apache2: Apache HTTP server Several security issues were fixed in Apache. oval:org.secpod.oval:def:58855 apache2: Apache HTTP server Several security issues were fixed in Apache. oval:org.secpod.oval:def:90247 The remote host is missing a patch 152643-08 containing a security fix. For more information please visit the reference link. oval:org.secpod.oval:def:90249 The remote host is missing a patch 152644-08 containing a security fix. For more information please visit the reference link. oval:org.secpod.oval:def:58231 The host is installed with Apache HTTP Server 2.4.20 through 2.4.39 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to properly handle an issue in http/2. Successful exploitation could allow attackers to perform a DoS attack by flooding a connecti ... oval:org.secpod.oval:def:504930 Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: rh-nodejs8-nodejs . Security Fix: * HTTP/2: large amount of data requests leads to denial of s ... oval:org.secpod.oval:def:1502684 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502685 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:89050824 This update for apache2 fixes the following issues: Security issues fixed: - CVE-2019-9517: Fixed HTTP/2 implementations that are vulnerable to unconstrained interal data buffering . - CVE-2019-10081: Fixed mod_http2 that is vulnerable to memory corruption on early pushes . - CVE-2019-10082: Fixed m ... oval:org.secpod.oval:def:1801978 * CVE-2019-9511 "Data Dribble": The attacker requests a large amount of data from a specified resource over multiple streams. They manipulate window size and stream priority to force the server to queue the data in 1-byte chunks. Depending on how efficiently this data is queued, this can consume exc ... oval:org.secpod.oval:def:2500035 Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. oval:org.secpod.oval:def:2105185 In Apache HTTP Server 2.4.0-2.4.39, a limited cross-site scripting issue was reported affecting the mod_proxy error page. An attacker could cause the link on the error page to be malformed and instead point to a page of their choice. This would only be exploitable where a server was set up with prox ... oval:org.secpod.oval:def:66766 The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix: * HTTP/2: request for large response leads to denial of service For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related inform ... oval:org.secpod.oval:def:117006 Node.js is a platform built on Chrome's JavaScript runtime for easily building fast, scalable network applications. Node.js uses an event-driven, non-blocking I/O model that makes it lightweight and efficient, perfect for data-intensive real-time applications that run across distributed devices. oval:org.secpod.oval:def:117004 Node.js is a platform built on Chrome's JavaScript runtime for easily building fast, scalable network applications. Node.js uses an event-driven, non-blocking I/O model that makes it lightweight and efficient, perfect for data-intensive real-time applications that run across distributed devices. oval:org.secpod.oval:def:2105103 Some HTTP/2 implementations are vulnerable to a flood of empty frames, potentially leading to a denial of service. The attacker sends a stream of frames with an empty payload and without the end-of-stream flag. These frames can be DATA, HEADERS, CONTINUATION and/or PUSH_PROMISE. The peer spends time ... oval:org.secpod.oval:def:505114 The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix: * HTTP/2: large amount of data requests leads to denial of service * HTTP/2: flood using PRIORITY frames resulting in excessive resource consumption * HTTP/2: request for large respon ... oval:org.secpod.oval:def:1601069 A vulnerability was found in Apache httpd, in mod_http2. Under certain circumstances, HTTP/2 early pushes could lead to memory corruption, causing a server to crash.A read-after-free vulnerability was discovered in Apache httpd, in mod_http2. A specially crafted http/2 client session could cause the ... oval:org.secpod.oval:def:66455 Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: nodejs . Security Fix: * HTTP/2: large amount of data requests leads to denial of service * H ... oval:org.secpod.oval:def:89043994 This update contains the Mozilla Firefox ESR 68.2 release. Mozilla Firefox was updated to ESR 68.2 release: * Enterprise: New administrative policies were added. More information and templates are available at the Policy Templates page. * Various security fixes: MFSA 2019-33 * CVE-2019-15903: Heap ... |