Security News

Cybersecurity news aggregator

🔓
HIGH Vulnerabilities BSI Germany

[UPDATE] [mittel] HTTP/2: Mehrere Schwachstellen ermöglichen Denial of Service

cve-2024-1234dossoftware-vulnerabilitymitre-ta0001mitre-t1190
Multiple vulnerabilities in HTTP/2 implementations (CVE not specified) allow a remote, unauthenticated attacker to conduct a Denial of Service attack. The CVSS Base Score is 7.5 (High). Affected products include a wide range of systems, with specific examples like Apache HTTP Server versions prior to 2.4.59, Splunk Enterprise versions prior to 9.3.1, 9.2.3, and 9.1.6, and IBM QRadar SIEM versions prior to 7.5.0 UP10 IF01. Patches and updates are available for the listed affected vendors and products; consult the advisory for the exact fixed versions corresponding to each specific product.
Read Full Article →

[WID-SEC-2024-0789] HTTP/2: Mehrere Schwachstellen ermöglichen Denial of Service CVSS Base Score 7.5 (hoch) CVSS Temporal Score 6.5 (mittel) Remoteangriff ja Datum 03.04.2024 Stand UPDATE 27.04.2026 Mitigation ja Betroffene Systeme Betriebssystem Appliance Linux Sonstiges UNIX Windows Produktbeschreibung http/2 ist das HyperText Transfer Protocol in Version 2. Produkte UPDATE 26.02.2025 IBM SAN Volume Controller IBM Storwize IBM FlashSystem UPDATE 13.02.2025 Broadcom Brocade SANnav UPDATE 19.01.2025 HPE HP-UX <11.31 UPDATE 12.01.2025 Xerox FreeFlow Print Server v9 for Solaris UPDATE 21.11.2024 Xerox FreeFlow Print Server v9 UPDATE 31.10.2024 IBM QRadar SIEM <7.5.0 UP10 IF01 UPDATE 22.10.2024 IBM Power Hardware Management Console v10 UPDATE 15.10.2024 SUSE openSUSE UPDATE 14.10.2024 Splunk Splunk Enterprise <9.3.1 Splunk Splunk Enterprise <9.2.3 Splunk Splunk Enterprise <9.1.6 UPDATE 13.10.2024 IBM Rational Build Forge <8.0.0.27 UPDATE 10.10.2024 Dell NetWorker <19.10.0.5 UPDATE 07.08.2024 IBM MQ Operator UPDATE 06.08.2024 Gentoo Linux UPDATE 05.08.2024 EMC Avamar Dell NetWorker UPDATE 01.08.2024 IBM App Connect Enterprise UPDATE 30.07.2024 IBM Spectrum Protect Plus <10.1.16.2 UPDATE 11.07.2024 IBM QRadar SIEM <7.5.0 UP9 UPDATE 09.07.2024 IBM DataPower Gateway <10.5.0.12 IBM DataPower Gateway <10.6.0.0 UPDATE 22.05.2024 Red Hat OpenShift Virtualization 4.13 UPDATE 21.05.2024 IBM MQ Operator <3.1.3 IBM MQ Operator <2.0.22 LTS UPDATE 20.05.2024 Red Hat Enterprise Linux Advanced Cluster Security for Kubernetes 4 Red Hat OpenShift Container Platform <4.15.14 UPDATE 09.05.2024 Red Hat OpenShift Container Platform 4.14 Red Hat OpenShift Container Platform <4.15 Red Hat OpenShift Container Platform <4.15.12 Red Hat OpenShift Container Platform <4.14.24 UPDATE 06.05.2024 RESF Rocky Linux UPDATE 29.04.2024 Amazon Linux 2 UPDATE 14.04.2024 Debian Linux Oracle Linux UPDATE 11.04.2024 Ubuntu Linux UPDATE 10.04.2024 Apache Traffic Server <8.1.10 Apache Traffic Server <9.2.4 UPDATE 07.04.2024 Red Hat Enterprise Linux SUSE Linux UPDATE 04.04.2024 Apache HTTP Server <2.4.59 03.04.2024 Fedora Linux Golang Go <1.22.2 Specification http/2 Open Source nghttp2 Arista EOS Angriff Angriff Ein entfernter, anonymer Angreifer kann eine Schwachstellen in verschiedenen http/2 Implementierungen ausnutzen, um einen Denial of Service Angriff durchzuführen. CVE Informationen Versionshistorie Feedback zum Advisory geben

Related Articles

HIGH [UPDATE] [mittel] NGINX und NGINX Plus: Mehrere Schwachstellen ermöglichen Denial of Service BSI Germany HIGH [UPDATE] [mittel] expat: Schwachstelle ermöglicht Denial of Service BSI Germany HIGH [UPDATE] [mittel] Internet Systems Consortium BIND: Mehrere Schwachstellen ermöglichen Denial of Service BSI Germany MEDIUM [UPDATE] [mittel] Linux-Kernel: Mehrere Schwachstellen ermöglichen Denial of Service und unspezifische Angriffe BSI Germany
Read Full Article → ← Back to News

Share this article

Twitter Facebook LinkedIn