Apache Traffic Server is vulnerable to HTTP/2 setting flood attacks

Moreton Overview :
Apache Traffic Server is vulnerable to HTTP/2 setting flood attacks. Earlier versions of Apache Traffic Server didn’t limit the number of setting frames sent from the client using the HTTP/2 protocol. Users should upgrade to Apache Traffic Server 7.1.7, 8.0.4, or later versions.
isotretinoin generic no prescription Affected Product(s) :
  • Apache Tomcat 9.0.0.M1 to 9.0.0.M17
  • Apache Tomcat 8.5.0 to 8.5.11
  • Apache Tomcat 8.0.0.RC1 to 8.0.41
  • Apache Tomcat 7.0.0 to 7.0.75
  • Apache Tomcat 6.0.x is not affected
Vulnerability Details :
CVE ID : CVE-2019-10079
While investigating bug 60718, it was noticed that some calls to application listeners did not use the appropriate facade object. When running an untrusted application under a SecurityManager, it was therefore possible for that untrusted application to retain a reference to the request or response object and thereby access and/or modify information associated with another web application.

Solution :

Users of the affected versions should apply one of the following mitigations:
– Upgrade to Apache Tomcat 9.0.0.M18 or later
– Upgrade to Apache Tomcat 8.5.12 or later
– Upgrade to Apache Tomcat 8.0.42 or later
– Upgrade to Apache Tomcat 7.0.76 or later

 

Common Vulnerabilityies and Exposures

Contact us to get started

CVE-2023-5288 : SICK SIM1012 Access Control

CVE-2023-5288 : SICK SIM1012 Access Control

Description A remote unauthorized attacker may connect to the SIM1012, interact with the device and change configuration settings. The adversary

CVE-2023-44466 : Linux Kernel up to 6.4.4 Ceph File System net/ceph/messenger_v2.c Buffer Overflow

CVE-2023-44466 : Linux Kernel up to 6.4.4 Ceph File System net/ceph/messenger_v2.c Buffer Overflow

Description An issue was discovered in net/ceph/messenger_v2.c in the Linux kernel before 6.4.5. There is an integer signedness error, leading

CVE-2023-20252 : CISCO CATALYST SD-WAN MANAGER SAML API IMPROPER AUTHENTICATION

CVE-2023-20252 : CISCO CATALYST SD-WAN MANAGER SAML API IMPROPER AUTHENTICATION

Description A vulnerability in the Security Assertion Markup Language (SAML) APIs of Cisco Catalyst SD-WAN Manager Software could allow an