Max CVSS | 7.8 | Min CVSS | 4.3 | Total Count | 2 |
ID | CVSS | Summary | Last (major) update | Published | |
CVE-2019-9517 | 7.8 |
Some HTTP/2 implementations are vulnerable to unconstrained interal data buffering, potentially leading to a denial of service. The attacker opens the HTTP/2 window so the peer can send without constraint; however, they leave the TCP window closed so
|
19-01-2023 - 20:13 | 13-08-2019 - 21:15 | |
CVE-2019-0197 | 4.9 |
A vulnerability was found in Apache HTTP Server 2.4.34 to 2.4.38. When HTTP/2 was enabled for a http: host or H2Upgrade was enabled for h2 on a https: host, an Upgrade request from http/1.1 to http/2 that was not the first request on a connection cou
|
07-09-2022 - 17:36 | 11-06-2019 - 22:29 | |
CVE-2019-10092 | 4.3 |
In Apache HTTP Server 2.4.0-2.4.39, a limited cross-site scripting issue was reported affecting the mod_proxy error page. An attacker could cause the link on the error page to be malformed and instead point to a page of their choice. This would only
|
09-09-2021 - 01:05 | 26-09-2019 - 16:15 | |
CVE-2019-10081 | 5.0 |
HTTP/2 (2.4.20 through 2.4.39) very early pushes, for example configured with "H2PushResource", could lead to an overwrite of memory in the pushing request's pool, leading to crashes. The memory copied is that of the configured push link header value
|
06-06-2021 - 11:15 | 15-08-2019 - 22:15 |