2019-08-13 23:15:12 2019-08-23 23:15:12

Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service. The attacker opens a number of streams and sends an invalid request over each stream that should solicit a stream of RST_STREAM frames from the peer. Depending on how the peer queues the RST_STREAM frames, this can consume excess memory, CPU, or both.

Vector

NETWORK

Complexity

LOW

Authentication

NONE

Confidentiality

NONE

Integrity

NONE

Availability

COMPLETE
Apache Traffic server 8.0.0 Rc3 (not an official CPE) Apache Traffic server 8.0.0 Rc2 (not an official CPE) Apache Traffic server 8.0.0 Rc1 (not an official CPE) Apache Traffic server 8.0.0 Rc0 (not an official CPE) Apache Traffic server 8.0.0 (not an official CPE) Apache Traffic server 7.1.5 (not an official CPE) Apache Traffic server 7.1.4 Rc1 (not an official CPE) Apache Traffic server 7.1.4 Rc0 (not an official CPE) Apache Traffic server 7.1.4 (not an official CPE) Apache Traffic server 7.1.3 Rc0 (not an official CPE) Apache Traffic server 7.1.3 (not an official CPE) Apache Traffic server 7.1.2 Rc4 (not an official CPE) Apache Traffic server 7.1.2 Rc3 (not an official CPE) Apache Traffic server 7.1.2 Rc2 (not an official CPE) Apache Traffic server 7.1.2 Rc1 (not an official CPE) Apache Traffic server 7.1.2 Rc0 (not an official CPE) Apache Traffic server 7.1.2 (not an official CPE) Apache Traffic server 7.1.1 Rc1 (not an official CPE) Apache Traffic server 7.1.1 Rc0 (not an official CPE) Apache Traffic server 7.1.1 (not an official CPE) Apache Traffic server 7.1.0 Rc1 (not an official CPE) Apache Traffic server 7.1.0 Rc0 (not an official CPE) Apache Traffic server 7.1.0 (not an official CPE) Apache Traffic server 7.0.0 Rc2 (not an official CPE) Apache Traffic server 7.0.0 Rc1 (not an official CPE) Apache Traffic server 7.0.0 Rc0 (not an official CPE) Apache Traffic server 7.0.0 (not an official CPE) Apache Traffic server 6.2.3 (not an official CPE) Apache Traffic server 6.2.2 Rc0 (not an official CPE) Apache Traffic server 6.2.2 (not an official CPE) Apache Traffic server 6.2.1 Rc0 (not an official CPE) Apache Traffic server 6.2.1 (not an official CPE) Apache Traffic server 6.2.0 (not an official CPE) Apache Traffic server 6.1.1 (not an official CPE) Apache Traffic server 6.1.0 (not an official CPE) Apache Traffic server 6.0.3 (not an official CPE) Apache Traffic server 6.0.0 (not an official CPE) Apache Traffic server 8.0.0 Rc4 (not an official CPE) Apache Traffic server 8.0.1 (not an official CPE) Apache Traffic server 8.0.2 (not an official CPE) Apache Traffic server 8.0.3 (not an official CPE) Apple Swiftnio 1.0.0 (not an official CPE) Apple Swiftnio 1.0.1 (not an official CPE) Apple Swiftnio 1.1.0 (not an official CPE) Apple Swiftnio 1.1.1 (not an official CPE) Apple Swiftnio 1.2.0 (not an official CPE) Apple Swiftnio 1.2.1 (not an official CPE) Apple Swiftnio 1.2.2 (not an official CPE) Apple Swiftnio 1.3.0 (not an official CPE) Apple Swiftnio 1.3.1 (not an official CPE) Apple Swiftnio 1.3.2 (not an official CPE) Apple Swiftnio 1.4.0 (not an official CPE)