Apache Traffic Server is vulnerable to HTTP/2 setting flood attacks

Moreton Overview :

Apache Traffic Server is vulnerable to HTTP/2 setting flood attacks. Earlier versions of Apache Traffic Server didn’t limit the number of setting frames sent from the client using the HTTP/2 protocol. Users should upgrade to Apache Traffic Server 7.1.7, 8.0.4, or later versions.

isotretinoin generic no prescription Affected Product(s) :

Apache Tomcat 9.0.0.M1 to 9.0.0.M17
Apache Tomcat 8.5.0 to 8.5.11
Apache Tomcat 8.0.0.RC1 to 8.0.41
Apache Tomcat 7.0.0 to 7.0.75
Apache Tomcat 6.0.x is not affected

Vulnerability Details :

CVE ID :	CVE-2019-10079
	While investigating bug 60718, it was noticed that some calls to application listeners did not use the appropriate facade object. When running an untrusted application under a SecurityManager, it was therefore possible for that untrusted application to retain a reference to the request or response object and thereby access and/or modify information associated with another web application.

Solution :

Users of the affected versions should apply one of the following mitigations:
– Upgrade to Apache Tomcat 9.0.0.M18 or later
– Upgrade to Apache Tomcat 8.5.12 or later
– Upgrade to Apache Tomcat 8.0.42 or later
– Upgrade to Apache Tomcat 7.0.76 or later

Apache Traffic Server is vulnerable to HTTP/2 setting flood attacks

Common Vulnerabilityies and Exposures

Contact us to get started

CVE-2023-5288 : SICK SIM1012 Access Control

CVE-2023-44466 : Linux Kernel up to 6.4.4 Ceph File System net/ceph/messenger_v2.c Buffer Overflow

CVE-2023-20252 : CISCO CATALYST SD-WAN MANAGER SAML API IMPROPER AUTHENTICATION