Apache Traffic Server is vulnerable to HTTP/2 setting flood attacks. Earlier versions of Apache Traffic Server didn't limit the number of setting frames sent from the client using the HTTP/2 protocol. Users should upgrade to Apache Traffic Server 7.1.7, 8.0.4, or later versions.
References
Configurations
Configuration 1 (hide)
|
History
07 Nov 2023, 03:02
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
01 Jan 2022, 20:11
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-770 | |
References | (MLIST) https://lists.apache.org/thread.html/392108390cef48af647a2e47b7fd5380e050e35ae8d1aa2030254c04@%3Cusers.trafficserver.apache.org%3E - Mailing List, Patch, Third Party Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/ad3d01e767199c1aed8033bb6b3f5bf98c011c7c536f07a5d34b3c19@%3Cannounce.trafficserver.apache.org%3E - Mailing List, Patch, Third Party Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/bde52309316ae798186d783a5e29f4ad1527f61c9219a289d0eee0a7@%3Cdev.trafficserver.apache.org%3E - Mailing List, Patch, Third Party Advisory |
Information
Published : 2019-10-22 16:15
Updated : 2023-12-10 13:13
NVD link : CVE-2019-10079
Mitre link : CVE-2019-10079
CVE.ORG link : CVE-2019-10079
JSON object : View
Products Affected
apache
- traffic_server
CWE
CWE-770
Allocation of Resources Without Limits or Throttling