Some HTTP/2 implementations are vulnerable to ping floods, potentially leading to a denial of service. The attacker sends continual pings to an HTTP/2 peer, causing the peer to build an internal queue of responses. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both.
Vector
NETWORK
Complexity
LOW
Authentication
NONE
Confidentiality
NONE
Integrity
NONE
Availability
COMPLETE
Apache Traffic server 8.0.0 Rc3 (not an official CPE)
Apache Traffic server 8.0.0 Rc2 (not an official CPE)
Apache Traffic server 8.0.0 Rc1 (not an official CPE)
Apache Traffic server 8.0.0 Rc0 (not an official CPE)
Apache Traffic server 8.0.0 (not an official CPE)
Apache Traffic server 7.1.5 (not an official CPE)
Apache Traffic server 7.1.4 Rc1 (not an official CPE)
Apache Traffic server 7.1.4 Rc0 (not an official CPE)
Apache Traffic server 7.1.4 (not an official CPE)
Apache Traffic server 7.1.3 Rc0 (not an official CPE)
Apache Traffic server 7.1.3 (not an official CPE)
Apache Traffic server 7.1.2 Rc4 (not an official CPE)
Apache Traffic server 7.1.2 Rc3 (not an official CPE)
Apache Traffic server 7.1.2 Rc2 (not an official CPE)
Apache Traffic server 7.1.2 Rc1 (not an official CPE)
Apache Traffic server 7.1.2 Rc0 (not an official CPE)
Apache Traffic server 7.1.2 (not an official CPE)
Apache Traffic server 7.1.1 Rc1 (not an official CPE)
Apache Traffic server 7.1.1 Rc0 (not an official CPE)
Apache Traffic server 7.1.1 (not an official CPE)
Apache Traffic server 7.1.0 Rc1 (not an official CPE)
Apache Traffic server 7.1.0 Rc0 (not an official CPE)
Apache Traffic server 7.1.0 (not an official CPE)
Apache Traffic server 7.0.0 Rc2 (not an official CPE)
Apache Traffic server 7.0.0 Rc1 (not an official CPE)
Apache Traffic server 7.0.0 Rc0 (not an official CPE)
Apache Traffic server 7.0.0 (not an official CPE)
Apache Traffic server 6.2.3 (not an official CPE)
Apache Traffic server 6.2.2 Rc0 (not an official CPE)
Apache Traffic server 6.2.2 (not an official CPE)
Apache Traffic server 6.2.1 Rc0 (not an official CPE)
Apache Traffic server 6.2.1 (not an official CPE)
Apache Traffic server 6.2.0 (not an official CPE)
Apache Traffic server 6.1.1 (not an official CPE)
Apache Traffic server 6.1.0 (not an official CPE)
Apache Traffic server 6.0.3 (not an official CPE)
Apache Traffic server 6.0.0 (not an official CPE)
Apache Traffic server 8.0.0 Rc4 (not an official CPE)
Apache Traffic server 8.0.1 (not an official CPE)
Apache Traffic server 8.0.2 (not an official CPE)
Apache Traffic server 8.0.3 (not an official CPE)
Apple Swiftnio 1.0.0 (not an official CPE)
Apple Swiftnio 1.0.1 (not an official CPE)
Apple Swiftnio 1.1.0 (not an official CPE)
Apple Swiftnio 1.1.1 (not an official CPE)
Apple Swiftnio 1.2.0 (not an official CPE)
Apple Swiftnio 1.2.1 (not an official CPE)
Apple Swiftnio 1.2.2 (not an official CPE)
Apple Swiftnio 1.3.0 (not an official CPE)
Apple Swiftnio 1.3.1 (not an official CPE)
Apple Swiftnio 1.3.2 (not an official CPE)
Apple Swiftnio 1.4.0 (not an official CPE)