Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2024-31309 (GCVE-0-2024-31309)
Vulnerability from cvelistv5
Published
2024-04-10 12:07
Modified
2025-02-13 17:47
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-20 - Improper Input Validation
Summary
HTTP/2 CONTINUATION DoS attack can cause Apache Traffic Server to consume more resources on the server. Version from 8.0.0 through 8.1.9, from 9.0.0 through 9.2.3 are affected.
Users can set a new setting (proxy.config.http2.max_continuation_frames_per_minute) to limit the number of CONTINUATION frames per minute. ATS does have a fixed amount of memory a request can use and ATS adheres to these limits in previous releases.
Users are recommended to upgrade to versions 8.1.10 or 9.2.4 which fixes the issue.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Traffic Server |
Version: 8.0.0 ≤ 8.1.9 Version: 9.0.0 ≤ 9.2.3 |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "traffic_server",
"vendor": "apache",
"versions": [
{
"lessThanOrEqual": "8.1.9",
"status": "affected",
"version": "8.0.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.2.3",
"status": "affected",
"version": "9.0.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-31309",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-12T18:21:30.828481Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-12T18:24:22.338Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T01:52:56.330Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.apache.org/thread/f9qh3g3jvy153wh82pz4onrfj1wh13kc"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QV77HYM7ARSTL3B6U3IFG7PHDU65WL4I/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T3XON6RM5ZKCZ6K6NB7BOTAWMJQKXJDO/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PBKLPQ6ECG4PGEPRCYI3Y3OITNDEFCCV/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00021.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/04/03/16"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/04/10/7"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Apache Traffic Server",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThanOrEqual": "8.1.9",
"status": "affected",
"version": "8.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "9.2.3",
"status": "affected",
"version": "9.0.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Bartek Nowotarski"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eHTTP/2 \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eCONTINUATION\u003c/span\u003e\u0026nbsp;DoS attack can cause Apache Traffic Server to consume more resources on the server.\u0026nbsp; Version from 8.0.0 through 8.1.9, from 9.0.0 through 9.2.3 are\u0026nbsp;affected.\u003c/p\u003eUsers can set a new setting (proxy.config.http2.max_continuation_frames_per_minute) to limit the number of CONTINUATION frames per minute. \u0026nbsp;ATS does have a fixed amount of memory a request can use and ATS adheres to these limits in previous releases.\u003cbr\u003e\u003cp\u003eUsers are recommended to upgrade to versions 8.1.10 or 9.2.4 which fixes the issue.\u003c/p\u003e"
}
],
"value": "HTTP/2 CONTINUATION\u00a0DoS attack can cause Apache Traffic Server to consume more resources on the server.\u00a0 Version from 8.0.0 through 8.1.9, from 9.0.0 through 9.2.3 are\u00a0affected.\n\nUsers can set a new setting (proxy.config.http2.max_continuation_frames_per_minute) to limit the number of CONTINUATION frames per minute. \u00a0ATS does have a fixed amount of memory a request can use and ATS adheres to these limits in previous releases.\nUsers are recommended to upgrade to versions 8.1.10 or 9.2.4 which fixes the issue."
}
],
"metrics": [
{
"other": {
"content": {
"text": "moderate"
},
"type": "Textual description of severity"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-01T18:06:33.496Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://lists.apache.org/thread/f9qh3g3jvy153wh82pz4onrfj1wh13kc"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QV77HYM7ARSTL3B6U3IFG7PHDU65WL4I/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T3XON6RM5ZKCZ6K6NB7BOTAWMJQKXJDO/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PBKLPQ6ECG4PGEPRCYI3Y3OITNDEFCCV/"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00021.html"
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/04/03/16"
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/04/10/7"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Apache Traffic Server: HTTP/2 CONTINUATION frames can be utilized for DoS attack",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2024-31309",
"datePublished": "2024-04-10T12:07:16.975Z",
"dateReserved": "2024-03-29T18:52:13.204Z",
"dateUpdated": "2025-02-13T17:47:53.194Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2024-31309\",\"sourceIdentifier\":\"security@apache.org\",\"published\":\"2024-04-10T12:15:09.257\",\"lastModified\":\"2025-06-03T21:11:14.920\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"HTTP/2 CONTINUATION\u00a0DoS attack can cause Apache Traffic Server to consume more resources on the server.\u00a0 Version from 8.0.0 through 8.1.9, from 9.0.0 through 9.2.3 are\u00a0affected.\\n\\nUsers can set a new setting (proxy.config.http2.max_continuation_frames_per_minute) to limit the number of CONTINUATION frames per minute. \u00a0ATS does have a fixed amount of memory a request can use and ATS adheres to these limits in previous releases.\\nUsers are recommended to upgrade to versions 8.1.10 or 9.2.4 which fixes the issue.\"},{\"lang\":\"es\",\"value\":\"Un ataque de HTTP/2 CONTINUATION DoS puede hacer que Apache Traffic Server consuma m\u00e1s recursos en el servidor. Las versiones de 8.0.0 a 8.1.9 y de 9.0.0 a 9.2.3 se ven afectadas. Los usuarios pueden establecer una nueva configuraci\u00f3n (proxy.config.http2.max_continuation_frames_per_minuto) para limitar el n\u00famero de fotogramas de CONTINUACI\u00d3N por minuto. ATS tiene una cantidad fija de memoria que una solicitud puede usar y ATS cumple con estos l\u00edmites en versiones anteriores. Se recomienda a los usuarios actualizar a las versiones 8.1.10 o 9.2.4, que solucionan el problema.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"security@apache.org\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.0.0\",\"versionEndExcluding\":\"8.1.10\",\"matchCriteriaId\":\"7F6B1B30-874B-45F6-9B62-D10E71BBEB95\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"9.0.0\",\"versionEndExcluding\":\"9.2.4\",\"matchCriteriaId\":\"0BEA0F10-BDD0-4973-9F40-CB6A010F4AFE\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CC559B26-5DFC-4B7A-A27C-B77DE755DFF9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:40:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CA277A6C-83EC-4536-9125-97B84C4FAF59\"}]}]}],\"references\":[{\"url\":\"http://www.openwall.com/lists/oss-security/2024/04/03/16\",\"source\":\"security@apache.org\",\"tags\":[\"Mailing List\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2024/04/10/7\",\"source\":\"security@apache.org\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.apache.org/thread/f9qh3g3jvy153wh82pz4onrfj1wh13kc\",\"source\":\"security@apache.org\",\"tags\":[\"Mailing List\",\"Vendor Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2024/04/msg00021.html\",\"source\":\"security@apache.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PBKLPQ6ECG4PGEPRCYI3Y3OITNDEFCCV/\",\"source\":\"security@apache.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QV77HYM7ARSTL3B6U3IFG7PHDU65WL4I/\",\"source\":\"security@apache.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T3XON6RM5ZKCZ6K6NB7BOTAWMJQKXJDO/\",\"source\":\"security@apache.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2024/04/03/16\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2024/04/10/7\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.apache.org/thread/f9qh3g3jvy153wh82pz4onrfj1wh13kc\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Vendor Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2024/04/msg00021.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PBKLPQ6ECG4PGEPRCYI3Y3OITNDEFCCV/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QV77HYM7ARSTL3B6U3IFG7PHDU65WL4I/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T3XON6RM5ZKCZ6K6NB7BOTAWMJQKXJDO/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://lists.apache.org/thread/f9qh3g3jvy153wh82pz4onrfj1wh13kc\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QV77HYM7ARSTL3B6U3IFG7PHDU65WL4I/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T3XON6RM5ZKCZ6K6NB7BOTAWMJQKXJDO/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PBKLPQ6ECG4PGEPRCYI3Y3OITNDEFCCV/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2024/04/msg00021.html\", \"tags\": [\"x_transferred\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2024/04/03/16\", \"tags\": [\"x_transferred\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2024/04/10/7\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T01:52:56.330Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-31309\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-11-12T18:21:30.828481Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:*\"], \"vendor\": \"apache\", \"product\": \"traffic_server\", \"versions\": [{\"status\": \"affected\", \"version\": \"8.0.0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"8.1.9\"}, {\"status\": \"affected\", \"version\": \"9.0.0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"9.2.3\"}], \"defaultStatus\": \"unknown\"}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-05-23T19:01:22.836Z\"}}], \"cna\": {\"title\": \"Apache Traffic Server: HTTP/2 CONTINUATION frames can be utilized for DoS attack\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"reporter\", \"value\": \"Bartek Nowotarski\"}], \"metrics\": [{\"other\": {\"type\": \"Textual description of severity\", \"content\": {\"text\": \"moderate\"}}}], \"affected\": [{\"vendor\": \"Apache Software Foundation\", \"product\": \"Apache Traffic Server\", \"versions\": [{\"status\": \"affected\", \"version\": \"8.0.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"8.1.9\"}, {\"status\": \"affected\", \"version\": \"9.0.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"9.2.3\"}], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://lists.apache.org/thread/f9qh3g3jvy153wh82pz4onrfj1wh13kc\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QV77HYM7ARSTL3B6U3IFG7PHDU65WL4I/\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T3XON6RM5ZKCZ6K6NB7BOTAWMJQKXJDO/\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PBKLPQ6ECG4PGEPRCYI3Y3OITNDEFCCV/\"}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2024/04/msg00021.html\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2024/04/03/16\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2024/04/10/7\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.1.0-dev\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"HTTP/2 CONTINUATION\\u00a0DoS attack can cause Apache Traffic Server to consume more resources on the server.\\u00a0 Version from 8.0.0 through 8.1.9, from 9.0.0 through 9.2.3 are\\u00a0affected.\\n\\nUsers can set a new setting (proxy.config.http2.max_continuation_frames_per_minute) to limit the number of CONTINUATION frames per minute. \\u00a0ATS does have a fixed amount of memory a request can use and ATS adheres to these limits in previous releases.\\nUsers are recommended to upgrade to versions 8.1.10 or 9.2.4 which fixes the issue.\\n\\n\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cp\u003eHTTP/2 \u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003eCONTINUATION\u003c/span\u003e\u0026nbsp;DoS attack can cause Apache Traffic Server to consume more resources on the server.\u0026nbsp; Version from 8.0.0 through 8.1.9, from 9.0.0 through 9.2.3 are\u0026nbsp;affected.\u003c/p\u003eUsers can set a new setting (proxy.config.http2.max_continuation_frames_per_minute) to limit the number of CONTINUATION frames per minute. \u0026nbsp;ATS does have a fixed amount of memory a request can use and ATS adheres to these limits in previous releases.\u003cbr\u003e\u003cp\u003eUsers are recommended to upgrade to versions 8.1.10 or 9.2.4 which fixes the issue.\u003c/p\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-20\", \"description\": \"CWE-20 Improper Input Validation\"}]}], \"providerMetadata\": {\"orgId\": \"f0158376-9dc2-43b6-827c-5f631a4d8d09\", \"shortName\": \"apache\", \"dateUpdated\": \"2024-04-10T12:07:16.975Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2024-31309\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-11-12T18:24:22.338Z\", \"dateReserved\": \"2024-03-29T18:52:13.204Z\", \"assignerOrgId\": \"f0158376-9dc2-43b6-827c-5f631a4d8d09\", \"datePublished\": \"2024-04-10T12:07:16.975Z\", \"assignerShortName\": \"apache\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
cnvd-2024-20834
Vulnerability from cnvd
Title: Apache Traffic Server输入验证错误漏洞(CNVD-2024-20834)
Description:
Apache Traffic Server(ATS)是美国阿帕奇(Apache)基金会的一套可扩展的HTTP代理和缓存服务器。
Apache Traffic Server存在输入验证错误漏洞,该漏洞源于HTTP/2协议栈中的延续帧泛滥,攻击者可利用该漏洞导致拒绝服务条件。
Severity: 中
Patch Name: Apache Traffic Server输入验证错误漏洞(CNVD-2024-20834)的补丁
Patch Description:
Apache Traffic Server(ATS)是美国阿帕奇(Apache)基金会的一套可扩展的HTTP代理和缓存服务器。
Apache Traffic Server存在输入验证错误漏洞,该漏洞源于HTTP/2协议栈中的延续帧泛滥,攻击者可利用该漏洞导致拒绝服务条件。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description:
厂商已发布了漏洞修复程序,请及时关注更新: https://lists.apache.org/thread/f9qh3g3jvy153wh82pz4onrfj1wh13kc
Reference: https://access.redhat.com/security/cve/cve-2024-31309
Impacted products
| Name | ['Apache Traffic Server >=8.0.0,<=8.1.9', 'Apache Traffic Server >=9.0.0,<=9.2.3'] |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2024-31309"
}
},
"description": "Apache Traffic Server\uff08ATS\uff09\u662f\u7f8e\u56fd\u963f\u5e15\u5947\uff08Apache\uff09\u57fa\u91d1\u4f1a\u7684\u4e00\u5957\u53ef\u6269\u5c55\u7684HTTP\u4ee3\u7406\u548c\u7f13\u5b58\u670d\u52a1\u5668\u3002\n\nApache Traffic Server\u5b58\u5728\u8f93\u5165\u9a8c\u8bc1\u9519\u8bef\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8eHTTP/2\u534f\u8bae\u6808\u4e2d\u7684\u5ef6\u7eed\u5e27\u6cdb\u6ee5\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4\u62d2\u7edd\u670d\u52a1\u6761\u4ef6\u3002",
"formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://lists.apache.org/thread/f9qh3g3jvy153wh82pz4onrfj1wh13kc",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2024-20834",
"openTime": "2024-04-29",
"patchDescription": "Apache Traffic Server\uff08ATS\uff09\u662f\u7f8e\u56fd\u963f\u5e15\u5947\uff08Apache\uff09\u57fa\u91d1\u4f1a\u7684\u4e00\u5957\u53ef\u6269\u5c55\u7684HTTP\u4ee3\u7406\u548c\u7f13\u5b58\u670d\u52a1\u5668\u3002\r\n\r\nApache Traffic Server\u5b58\u5728\u8f93\u5165\u9a8c\u8bc1\u9519\u8bef\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8eHTTP/2\u534f\u8bae\u6808\u4e2d\u7684\u5ef6\u7eed\u5e27\u6cdb\u6ee5\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4\u62d2\u7edd\u670d\u52a1\u6761\u4ef6\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "Apache Traffic Server\u8f93\u5165\u9a8c\u8bc1\u9519\u8bef\u6f0f\u6d1e\uff08CNVD-2024-20834\uff09\u7684\u8865\u4e01",
"products": {
"product": [
"Apache Traffic Server \u003e=8.0.0\uff0c\u003c=8.1.9",
"Apache Traffic Server \u003e=9.0.0\uff0c\u003c=9.2.3"
]
},
"referenceLink": "https://access.redhat.com/security/cve/cve-2024-31309",
"serverity": "\u4e2d",
"submitTime": "2024-04-09",
"title": "Apache Traffic Server\u8f93\u5165\u9a8c\u8bc1\u9519\u8bef\u6f0f\u6d1e\uff08CNVD-2024-20834\uff09"
}
WID-SEC-W-2024-0789
Vulnerability from csaf_certbund
Published
2024-04-03 22:00
Modified
2025-01-19 23:00
Summary
HTTP/2: Mehrere Schwachstellen ermöglichen Denial of Service
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
http/2 ist das HyperText Transfer Protocol in Version 2.
Angriff
Ein entfernter, anonymer Angreifer kann eine Schwachstellen in verschiedenen http/2 Implementierungen ausnutzen, um einen Denial of Service Angriff durchzuführen.
Betroffene Betriebssysteme
- Appliance
- Linux
- Sonstiges
- UNIX
- Windows
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "http/2 ist das HyperText Transfer Protocol in Version 2.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann eine Schwachstellen in verschiedenen http/2 Implementierungen ausnutzen, um einen Denial of Service Angriff durchzuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Appliance\n- Linux\n- Sonstiges\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2024-0789 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-0789.json"
},
{
"category": "self",
"summary": "WID-SEC-2024-0789 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0789"
},
{
"category": "external",
"summary": "CERT Coordination Center VU#421644 vom 2024-04-03",
"url": "https://kb.cert.org/vuls/id/421644"
},
{
"category": "external",
"summary": "Go Package net/http GO-2024-2687 vom 2024-04-03",
"url": "https://pkg.go.dev/vuln/GO-2024-2687"
},
{
"category": "external",
"summary": "Arista Security Advisory 0094 vom 2024-04-03",
"url": "https://www.arista.com/en/support/advisories-notices/security-advisory/19221-security-advisory-0094"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2024-A00DE83DE9 vom 2024-04-04",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2024-a00de83de9"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2024-DA8CDD8414 vom 2024-04-04",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2024-da8cdd8414"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2024-EC22E51EC2 vom 2024-04-04",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2024-ec22e51ec2"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-EPEL-2024-866AC60917 vom 2024-04-04",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2024-866ac60917"
},
{
"category": "external",
"summary": "Apache 2.4.59 Changes vom 2024-04-04",
"url": "https://downloads.apache.org/httpd/CHANGES_2.4.59"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2024-4812897DD1 vom 2024-04-05",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2024-4812897dd1"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2024-1F11550E31 vom 2024-04-05",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2024-1f11550e31"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2024-528301BAC2 vom 2024-04-05",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2024-528301bac2"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:1121-1 vom 2024-04-05",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-April/018259.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:1122-1 vom 2024-04-05",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-April/018261.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:1683 vom 2024-04-08",
"url": "https://access.redhat.com/errata/RHSA-2024:1683"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:1681 vom 2024-04-08",
"url": "https://access.redhat.com/errata/RHSA-2024:1681"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:1161-1 vom 2024-04-08",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-April/018265.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:1167-1 vom 2024-04-08",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-April/018298.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:1156-1 vom 2024-04-08",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-April/018269.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:1160-1 vom 2024-04-08",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-April/018266.html"
},
{
"category": "external",
"summary": "Apache Traffic Server Announce",
"url": "https://lists.apache.org/thread/f9qh3g3jvy153wh82pz4onrfj1wh13kc"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:1786 vom 2024-04-11",
"url": "https://access.redhat.com/errata/RHSA-2024:1786"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-6729-1 vom 2024-04-11",
"url": "https://ubuntu.com/security/notices/USN-6729-1"
},
{
"category": "external",
"summary": "Debian Security Advisory DSA-5659 vom 2024-04-14",
"url": "https://lists.debian.org/debian-security-announce/2024/msg00067.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2024-1786 vom 2024-04-13",
"url": "https://linux.oracle.com/errata/ELSA-2024-1786.html"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2024-CE2EEFC399 vom 2024-04-16",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2024-ce2eefc399"
},
{
"category": "external",
"summary": "Debian Security Advisory DSA-5662 vom 2024-04-16",
"url": "https://lists.debian.org/debian-security-announce/2024/msg00070.html"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-6729-2 vom 2024-04-17",
"url": "https://ubuntu.com/security/notices/USN-6729-2"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:1872 vom 2024-04-18",
"url": "https://access.redhat.com/errata/RHSA-2024:1872"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2024-1872 vom 2024-04-19",
"url": "https://linux.oracle.com/errata/ELSA-2024-1872.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:1963 vom 2024-04-23",
"url": "https://access.redhat.com/errata/RHSA-2024:1963"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:1962 vom 2024-04-23",
"url": "https://access.redhat.com/errata/RHSA-2024:1962"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2024-1963 vom 2024-04-24",
"url": "https://linux.oracle.com/errata/ELSA-2024-1963.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2024-1962 vom 2024-04-24",
"url": "http://linux.oracle.com/errata/ELSA-2024-1962.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:2060 vom 2024-04-25",
"url": "https://access.redhat.com/errata/RHSA-2024:2060"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:1892 vom 2024-04-25",
"url": "https://access.redhat.com/errata/RHSA-2024:1892"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:2062 vom 2024-04-25",
"url": "https://access.redhat.com/errata/RHSA-2024:2062"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:1899 vom 2024-04-25",
"url": "https://access.redhat.com/errata/RHSA-2024:1899"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:2079 vom 2024-04-29",
"url": "https://access.redhat.com/errata/RHSA-2024:2079"
},
{
"category": "external",
"summary": "Debian Security Advisory DLA-3799 vom 2024-04-28",
"url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00021.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:1897 vom 2024-04-26",
"url": "https://access.redhat.com/errata/RHSA-2024:1897"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS-2024-2523 vom 2024-04-29",
"url": "https://alas.aws.amazon.com/AL2/ALAS-2024-2523.html"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-6729-3 vom 2024-04-29",
"url": "https://ubuntu.com/security/notices/USN-6729-3"
},
{
"category": "external",
"summary": "Debian Security Advisory DLA-3804 vom 2024-05-01",
"url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00026.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:2564 vom 2024-04-30",
"url": "https://access.redhat.com/errata/RHSA-2024:2564"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:2562 vom 2024-04-30",
"url": "https://access.redhat.com/errata/RHSA-2024:2562"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:2625 vom 2024-04-30",
"url": "https://access.redhat.com/errata/RHSA-2024:2625"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:2047 vom 2024-05-02",
"url": "https://access.redhat.com/errata/RHSA-2024:2049"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:2068 vom 2024-05-02",
"url": "https://access.redhat.com/errata/RHSA-2024:2068"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:2699 vom 2024-05-06",
"url": "https://access.redhat.com/errata/RHSA-2024:2699"
},
{
"category": "external",
"summary": "Rocky Linux Security Advisory RLSA-2024:1786 vom 2024-05-06",
"url": "https://errata.build.resf.org/RLSA-2024:1786"
},
{
"category": "external",
"summary": "Rocky Linux Security Advisory RLSA-2024:1962 vom 2024-05-06",
"url": "https://errata.build.resf.org/RLSA-2024:1962"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:2693 vom 2024-05-07",
"url": "https://access.redhat.com/errata/RHSA-2024:2693"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:2694 vom 2024-05-07",
"url": "https://access.redhat.com/errata/RHSA-2024:2694"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2024-2724 vom 2024-05-08",
"url": "https://linux.oracle.com/errata/ELSA-2024-2724.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2024-2564 vom 2024-05-08",
"url": "https://linux.oracle.com/errata/ELSA-2024-2564.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2024-2562 vom 2024-05-08",
"url": "https://linux.oracle.com/errata/ELSA-2024-2562.html"
},
{
"category": "external",
"summary": "Rocky Linux Security Advisory RLSA-2024:2778 vom 2024-05-09",
"url": "https://errata.build.resf.org/RLSA-2024:2778"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:2664 vom 2024-05-09",
"url": "https://access.redhat.com/errata/RHSA-2024:2664"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:2667 vom 2024-05-09",
"url": "https://access.redhat.com/errata/RHSA-2024:2667"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:2668 vom 2024-05-09",
"url": "https://access.redhat.com/errata/RHSA-2024:2668"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:2671 vom 2024-05-09",
"url": "https://access.redhat.com/errata/RHSA-2024:2671"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:2672 vom 2024-05-09",
"url": "https://access.redhat.com/errata/RHSA-2024:2672"
},
{
"category": "external",
"summary": "Rocky Linux Security Advisory RLSA-2024:2699 vom 2024-05-09",
"url": "https://errata.build.resf.org/RLSA-2024:2699"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:2779 vom 2024-05-09",
"url": "https://access.redhat.com/errata/RHSA-2024:2779"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:2778 vom 2024-05-09",
"url": "https://access.redhat.com/errata/RHSA-2024:2778"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:2780 vom 2024-05-09",
"url": "https://access.redhat.com/errata/RHSA-2024:2780"
},
{
"category": "external",
"summary": "Rocky Linux Security Advisory RLSA-2024:2779 vom 2024-05-09",
"url": "https://errata.build.resf.org/RLSA-2024:2779"
},
{
"category": "external",
"summary": "Rocky Linux Security Advisory RLSA-2024:2780 vom 2024-05-09",
"url": "https://errata.build.resf.org/RLSA-2024:2780"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2024-2699 vom 2024-05-09",
"url": "https://linux.oracle.com/errata/ELSA-2024-2699.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2024-2778 vom 2024-05-09",
"url": "https://linux.oracle.com/errata/ELSA-2024-2778.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2024-2780 vom 2024-05-10",
"url": "https://linux.oracle.com/errata/ELSA-2024-2780.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:1627-1 vom 2024-05-13",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-May/018514.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS-2024-1935 vom 2024-05-13",
"url": "https://alas.aws.amazon.com/ALAS-2024-1935.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2024-2779 vom 2024-05-15",
"url": "https://linux.oracle.com/errata/ELSA-2024-2779.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:2773 vom 2024-05-15",
"url": "https://access.redhat.com/errata/RHSA-2024:2773"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:2853 vom 2024-05-15",
"url": "https://access.redhat.com/errata/RHSA-2024:2853"
},
{
"category": "external",
"summary": "RedHat Security Advisory",
"url": "https://access.redhat.com/errata/RHSA-2024:2891"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2024-2853 vom 2024-05-17",
"url": "https://linux.oracle.com/errata/ELSA-2024-2853.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:2892 vom 2024-05-16",
"url": "https://access.redhat.com/errata/RHSA-2024:2892"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:2782 vom 2024-05-16",
"url": "https://access.redhat.com/errata/RHSA-2024:2782"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:2935 vom 2024-05-21",
"url": "https://access.redhat.com/errata/RHSA-2024:2935"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:2907 vom 2024-05-20",
"url": "https://access.redhat.com/errata/RHSA-2024:2907"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:2937 vom 2024-05-21",
"url": "https://access.redhat.com/errata/RHSA-2024:2937"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:2936 vom 2024-05-21",
"url": "https://access.redhat.com/errata/RHSA-2024:2936"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:2910 vom 2024-05-20",
"url": "https://access.redhat.com/errata/RHSA-2024:2910"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:2865 vom 2024-05-21",
"url": "https://access.redhat.com/errata/RHSA-2024:2865"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:2941 vom 2024-05-21",
"url": "https://access.redhat.com/errata/RHSA-2024:2941"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7154630 vom 2024-05-22",
"url": "https://www.ibm.com/support/pages/node/7154630"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:3259 vom 2024-05-22",
"url": "https://access.redhat.com/errata/RHSA-2024:3259"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:3315 vom 2024-05-23",
"url": "https://access.redhat.com/errata/RHSA-2024:3315"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2024-2910 vom 2024-05-23",
"url": "https://linux.oracle.com/errata/ELSA-2024-2910.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:3346 vom 2024-05-23",
"url": "https://access.redhat.com/errata/RHSA-2024:3346"
},
{
"category": "external",
"summary": "Debian Security Advisory DLA-3818 vom 2024-05-25",
"url": "https://lists.debian.org/debian-lts-announce/2024/05/msg00013.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:1788-1 vom 2024-05-27",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-May/018605.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:3417 vom 2024-05-28",
"url": "https://access.redhat.com/errata/RHSA-2024:3417"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:3402 vom 2024-05-28",
"url": "https://access.redhat.com/errata/RHSA-2024:3402"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:3331 vom 2024-05-30",
"url": "https://access.redhat.com/errata/RHSA-2024:3331"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:3479 vom 2024-05-29",
"url": "https://access.redhat.com/errata/RHSA-2024:3479"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:3467 vom 2024-05-29",
"url": "https://access.redhat.com/errata/RHSA-2024:3467"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:3327 vom 2024-05-29",
"url": "https://access.redhat.com/errata/RHSA-2024:3327"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2024-3346 vom 2024-05-30",
"url": "http://linux.oracle.com/errata/ELSA-2024-3346.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:3501 vom 2024-05-30",
"url": "https://access.redhat.com/errata/RHSA-2024:3501"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:2728 vom 2024-05-29",
"url": "https://access.redhat.com/errata/RHSA-2024:2728"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS-2024-2554 vom 2024-05-30",
"url": "https://alas.aws.amazon.com/AL2/ALAS-2024-2554.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALASNITRO-ENCLAVES-2024-040 vom 2024-05-30",
"url": "https://alas.aws.amazon.com/AL2/ALASNITRO-ENCLAVES-2024-040.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS-2024-2556 vom 2024-05-30",
"url": "https://alas.aws.amazon.com/AL2/ALAS-2024-2556.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS-2024-2550 vom 2024-05-30",
"url": "https://alas.aws.amazon.com/AL2/ALAS-2024-2550.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS-2024-2555 vom 2024-05-30",
"url": "https://alas.aws.amazon.com/AL2/ALAS-2024-2555.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2024-3259 vom 2024-06-01",
"url": "https://linux.oracle.com/errata/ELSA-2024-3259.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:3544 vom 2024-06-03",
"url": "https://access.redhat.com/errata/RHSA-2024:3544"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALASECS-2024-036 vom 2024-05-31",
"url": "https://alas.aws.amazon.com/AL2/ALASECS-2024-036.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:3665 vom 2024-06-06",
"url": "https://access.redhat.com/errata/RHSA-2024:3665"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:3701 vom 2024-06-06",
"url": "https://access.redhat.com/errata/RHSA-2024:3701"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:3763 vom 2024-06-10",
"url": "https://access.redhat.com/errata/RHSA-2024:3763"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:3523 vom 2024-06-10",
"url": "https://access.redhat.com/errata/RHSA-2024:3523"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:1963-1 vom 2024-06-10",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-June/018665.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS-2024-2568 vom 2024-06-12",
"url": "https://alas.aws.amazon.com/AL2/ALAS-2024-2568.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:3875 vom 2024-06-13",
"url": "https://access.redhat.com/errata/RHSA-2024:3875"
},
{
"category": "external",
"summary": "Rocky Linux Security Advisory RLSA-2024:2853 vom 2024-06-14",
"url": "https://errata.build.resf.org/RLSA-2024:2853"
},
{
"category": "external",
"summary": "Rocky Linux Security Advisory RLSA-2024:2910 vom 2024-06-14",
"url": "https://errata.build.resf.org/RLSA-2024:2910"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:3885 vom 2024-06-19",
"url": "https://access.redhat.com/errata/RHSA-2024:3885"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:2108-1 vom 2024-06-20",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-June/018771.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:4023 vom 2024-06-21",
"url": "https://access.redhat.com/errata/RHSA-2024:4023"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:4034 vom 2024-06-21",
"url": "https://access.redhat.com/errata/RHSA-2024:4034"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2024-3501 vom 2024-06-21",
"url": "https://linux.oracle.com/errata/ELSA-2024-3501.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:4010 vom 2024-06-26",
"url": "https://access.redhat.com/errata/RHSA-2024:4010"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:4006 vom 2024-06-27",
"url": "https://access.redhat.com/errata/RHSA-2024:4006"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:4041 vom 2024-06-26",
"url": "https://access.redhat.com/errata/RHSA-2024:4041"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:4125 vom 2024-06-26",
"url": "https://access.redhat.com/errata/RHSA-2024:4125"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:4146 vom 2024-06-27",
"url": "https://access.redhat.com/errata/RHSA-2024:4146"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:4126 vom 2024-06-26",
"url": "https://access.redhat.com/errata/RHSA-2024:4126"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS-2024-2524 vom 2024-06-28",
"url": "https://alas.aws.amazon.com/AL2/ALAS-2024-2524.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS-2024-1931 vom 2024-06-28",
"url": "https://alas.aws.amazon.com/ALAS-2024-1931.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:4252 vom 2024-07-03",
"url": "https://access.redhat.com/errata/RHSA-2024:4252"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2024-4252 vom 2024-07-03",
"url": "https://linux.oracle.com/errata/ELSA-2024-4252.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:4390 vom 2024-07-08",
"url": "https://access.redhat.com/errata/RHSA-2024:4390"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:4392 vom 2024-07-09",
"url": "https://access.redhat.com/errata/RHSA-2024:4392"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7159857 vom 2024-07-09",
"url": "https://www.ibm.com/support/pages/node/7159857"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:4321 vom 2024-07-10",
"url": "https://access.redhat.com/errata/RHSA-2024:4321"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:4464 vom 2024-07-11",
"url": "https://access.redhat.com/errata/RHSA-2024:4464"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:4520 vom 2024-07-11",
"url": "https://access.redhat.com/errata/RHSA-2024:4520"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7160134 vom 2024-07-12",
"url": "https://www.ibm.com/support/pages/node/7160134"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:4545 vom 2024-07-15",
"url": "https://access.redhat.com/errata/RHSA-2024:4545"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:4546 vom 2024-07-15",
"url": "https://access.redhat.com/errata/RHSA-2024:4546"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:4543 vom 2024-07-15",
"url": "https://access.redhat.com/errata/RHSA-2024:4543"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:4484 vom 2024-07-17",
"url": "https://access.redhat.com/errata/RHSA-2024:4484"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:4576 vom 2024-07-17",
"url": "https://access.redhat.com/errata/RHSA-2024:4576"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:4631 vom 2024-07-18",
"url": "https://access.redhat.com/errata/RHSA-2024:4631"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALASECS-2024-039 vom 2024-07-23",
"url": "https://alas.aws.amazon.com/AL2/ALASECS-2024-039.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:4721 vom 2024-07-23",
"url": "https://access.redhat.com/errata/RHSA-2024:4721"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:4732 vom 2024-07-23",
"url": "https://access.redhat.com/errata/RHSA-2024:4732"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:4677 vom 2024-07-25",
"url": "https://access.redhat.com/errata/RHSA-2024:4677"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:4824 vom 2024-07-24",
"url": "https://access.redhat.com/errata/RHSA-2024:4824"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:4922 vom 2024-07-31",
"url": "https://access.redhat.com/errata/RHSA-2024:4922"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7161954 vom 2024-07-30",
"url": "https://www.ibm.com/support/pages/node/7161954"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:1167-2 vom 2024-07-31",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-July/019073.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:4934 vom 2024-07-31",
"url": "https://access.redhat.com/errata/RHSA-2024:4934"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:1868-1 vom 2024-07-31",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-July/019070.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:4933 vom 2024-07-31",
"url": "https://access.redhat.com/errata/RHSA-2024:4933"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:4982 vom 2024-08-02",
"url": "https://access.redhat.com/errata/RHSA-2024:4982"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7162191 vom 2024-08-01",
"url": "https://www.ibm.com/support/pages/node/7162191"
},
{
"category": "external",
"summary": "Dell Security Advisory DSA-2024-348 vom 2024-08-06",
"url": "https://www.dell.com/support/kbdoc/de-de/000227573/dsa-2024-348-security-update-for-dell-avamar-dell-networker-virtual-edition-nve-and-dell-powerprotect-dp-series-appliance-dell-integrated-data-protection-appliance-idpa-security-update-for-multiple-vulnerabilities"
},
{
"category": "external",
"summary": "Gentoo Linux Security Advisory GLSA-202408-07 vom 2024-08-07",
"url": "https://security.gentoo.org/glsa/202408-07"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:4960 vom 2024-08-07",
"url": "https://access.redhat.com/errata/RHSA-2024:4960"
},
{
"category": "external",
"summary": "Gentoo Linux Security Advisory GLSA-202408-10 vom 2024-08-07",
"url": "https://security.gentoo.org/glsa/202408-10"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7162272 vom 2024-08-08",
"url": "https://www.ibm.com/support/pages/node/7162272"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:5143 vom 2024-08-09",
"url": "https://access.redhat.com/errata/RHSA-2024:5143"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:5144 vom 2024-08-09",
"url": "https://access.redhat.com/errata/RHSA-2024:5144"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:5145 vom 2024-08-09",
"url": "https://access.redhat.com/errata/RHSA-2024:5145"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:5147 vom 2024-08-09",
"url": "https://access.redhat.com/errata/RHSA-2024:5147"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7165265 vom 2024-08-12",
"url": "https://www.ibm.com/support/pages/node/7165265"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS-2024-2618 vom 2024-08-13",
"url": "https://alas.aws.amazon.com/AL2/ALAS-2024-2618.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2024-5193 vom 2024-08-14",
"url": "https://linux.oracle.com/errata/ELSA-2024-5193.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALASDOCKER-2024-042 vom 2024-08-21",
"url": "https://alas.aws.amazon.com/AL2/ALASDOCKER-2024-042.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALASNITRO-ENCLAVES-2024-043 vom 2024-08-21",
"url": "https://alas.aws.amazon.com/AL2/ALASNITRO-ENCLAVES-2024-043.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:3098-1 vom 2024-09-03",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-September/019363.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:6004 vom 2024-09-04",
"url": "https://access.redhat.com/errata/RHSA-2024:6004"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:3089-1 vom 2024-09-03",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-September/019369.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:3097-1 vom 2024-09-03",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-September/019364.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:6221 vom 2024-09-03",
"url": "https://access.redhat.com/errata/RHSA-2024:6221"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:3155-1 vom 2024-09-06",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/T5LFLVGNA2FSZS3KR7555733PGXOIY4S/"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:6409 vom 2024-09-11",
"url": "https://access.redhat.com/errata/RHSA-2024:6409"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:6406 vom 2024-09-12",
"url": "https://access.redhat.com/errata/RHSA-2024:6406"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:6642 vom 2024-09-18",
"url": "https://access.redhat.com/errata/RHSA-2024:6642"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:3344-1 vom 2024-09-19",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-September/019471.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:3341-1 vom 2024-09-19",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-September/019474.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:3343-1 vom 2024-09-19",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-September/019472.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:3342-1 vom 2024-09-19",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-September/019473.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:6811 vom 2024-09-25",
"url": "https://access.redhat.com/errata/RHSA-2024:6811"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:7164 vom 2024-09-26",
"url": "https://access.redhat.com/errata/RHSA-2024:7164"
},
{
"category": "external",
"summary": "Debian Security Advisory DLA-3898 vom 2024-09-27",
"url": "https://lists.debian.org/debian-lts-announce/2024/09/msg00041.html"
},
{
"category": "external",
"summary": "Gentoo Linux Security Advisory GLSA-202409-31 vom 2024-09-28",
"url": "https://security.gentoo.org/glsa/202409-31"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS-2024-2645 vom 2024-10-02",
"url": "https://alas.aws.amazon.com/AL2/ALAS-2024-2645.html"
},
{
"category": "external",
"summary": "Dell Security Advisory DSA-2024-422 vom 2024-10-10",
"url": "https://www.dell.com/support/kbdoc/de-de/000234730/dsa-2024-422-security-update-for-dell-networker-vproxy-multiple-component-vulnerabilities"
},
{
"category": "external",
"summary": "Dell Security Advisory DSA-2024-423 vom 2024-10-11",
"url": "https://www.dell.com/support/kbdoc/de-de/000235068/dsa-2024-423-security-update-for-dell-networker-and-networker-management-console-nmc-multiple-component-vulnerabilities"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7173018 vom 2024-10-14",
"url": "https://www.ibm.com/support/pages/node/7173018"
},
{
"category": "external",
"summary": "Splunk Security Advisory SVD-2024-1012 vom 2024-10-14",
"url": "https://advisory.splunk.com//advisories/SVD-2024-1012"
},
{
"category": "external",
"summary": "openSUSE Security Update OPENSUSE-SU-2024:14399-1 vom 2024-10-15",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/4SYE7WTKUNXNTHQW42V7UBGJBEQBHRTP/"
},
{
"category": "external",
"summary": "openSUSE Security Update OPENSUSE-SU-2024:14400-1 vom 2024-10-15",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/4ZZCCVQLIJ7QABQ7SEQNIICQGIOXKWPA/"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7173744 vom 2024-10-22",
"url": "https://www.ibm.com/support/pages/node/7173744"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:3755-1 vom 2024-10-24",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/IDZD3NVTACJTTUYRJDCRM2C2RTOJVHD6/"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:8235 vom 2024-10-23",
"url": "https://access.redhat.com/errata/RHSA-2024:8235"
},
{
"category": "external",
"summary": "IBM Security Bulletin",
"url": "https://www.ibm.com/support/pages/node/7174634"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:8692 vom 2024-11-07",
"url": "https://access.redhat.com/errata/RHSA-2024:8692"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7111-1 vom 2024-11-14",
"url": "https://ubuntu.com/security/notices/USN-7111-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7109-1 vom 2024-11-14",
"url": "https://ubuntu.com/security/notices/USN-7109-1"
},
{
"category": "external",
"summary": "XEROX Security Advisory XRX24-017 vom 2024-11-21",
"url": "https://securitydocs.business.xerox.com/wp-content/uploads/2024/11/Xerox-Security-Bulletin-XRX24-017-for-Xerox%C2%AE-FreeFlow%C2%AE-Print-Server-v9.pdf"
},
{
"category": "external",
"summary": "XEROX Security Advisory XRX25-001 vom 2025-01-13",
"url": "https://securitydocs.business.xerox.com/wp-content/uploads/2025/01/Xerox-Security-Bulletin-XRX25-001-for-Xerox%C2%AE-FreeFlow%C2%AE-Print-Server-v9.pdf"
},
{
"category": "external",
"summary": "HPE Security Bulletin vom 2025-01-17",
"url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbux04773en_us\u0026docLocale=en_US"
}
],
"source_lang": "en-US",
"title": "HTTP/2: Mehrere Schwachstellen erm\u00f6glichen Denial of Service",
"tracking": {
"current_release_date": "2025-01-19T23:00:00.000+00:00",
"generator": {
"date": "2025-01-20T09:27:52.258+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.10"
}
},
"id": "WID-SEC-W-2024-0789",
"initial_release_date": "2024-04-03T22:00:00.000+00:00",
"revision_history": [
{
"date": "2024-04-03T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2024-04-04T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von Fedora aufgenommen"
},
{
"date": "2024-04-07T22:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von Fedora und SUSE aufgenommen"
},
{
"date": "2024-04-08T22:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2024-04-10T22:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates aufgenommen"
},
{
"date": "2024-04-11T22:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von Red Hat und Ubuntu aufgenommen"
},
{
"date": "2024-04-14T22:00:00.000+00:00",
"number": "7",
"summary": "Neue Updates von Debian und Oracle Linux aufgenommen"
},
{
"date": "2024-04-16T22:00:00.000+00:00",
"number": "8",
"summary": "Neue Updates von Fedora aufgenommen"
},
{
"date": "2024-04-17T22:00:00.000+00:00",
"number": "9",
"summary": "Neue Updates von Ubuntu und Red Hat aufgenommen"
},
{
"date": "2024-04-18T22:00:00.000+00:00",
"number": "10",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2024-04-22T22:00:00.000+00:00",
"number": "11",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-04-23T22:00:00.000+00:00",
"number": "12",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2024-04-24T22:00:00.000+00:00",
"number": "13",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2024-04-25T22:00:00.000+00:00",
"number": "14",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-04-28T22:00:00.000+00:00",
"number": "15",
"summary": "Neue Updates von Red Hat und Debian aufgenommen"
},
{
"date": "2024-04-29T22:00:00.000+00:00",
"number": "16",
"summary": "Neue Updates von Amazon und Ubuntu aufgenommen"
},
{
"date": "2024-05-01T22:00:00.000+00:00",
"number": "17",
"summary": "Neue Updates von Debian und Red Hat aufgenommen"
},
{
"date": "2024-05-02T22:00:00.000+00:00",
"number": "18",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-05-05T22:00:00.000+00:00",
"number": "19",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-05-06T22:00:00.000+00:00",
"number": "20",
"summary": "Neue Updates von Rocky Enterprise Software Foundation aufgenommen"
},
{
"date": "2024-05-07T22:00:00.000+00:00",
"number": "21",
"summary": "Neue Updates von Red Hat und Oracle Linux aufgenommen"
},
{
"date": "2024-05-09T22:00:00.000+00:00",
"number": "22",
"summary": "Neue Updates von Rocky Enterprise Software Foundation, Red Hat und Oracle Linux aufgenommen"
},
{
"date": "2024-05-12T22:00:00.000+00:00",
"number": "23",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2024-05-13T22:00:00.000+00:00",
"number": "24",
"summary": "Neue Updates von SUSE und Amazon aufgenommen"
},
{
"date": "2024-05-14T22:00:00.000+00:00",
"number": "25",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2024-05-15T22:00:00.000+00:00",
"number": "26",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-05-16T22:00:00.000+00:00",
"number": "27",
"summary": "Neue Updates von Red Hat und Oracle Linux aufgenommen"
},
{
"date": "2024-05-20T22:00:00.000+00:00",
"number": "28",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-05-21T22:00:00.000+00:00",
"number": "29",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2024-05-22T22:00:00.000+00:00",
"number": "30",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-05-23T22:00:00.000+00:00",
"number": "31",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-05-26T22:00:00.000+00:00",
"number": "32",
"summary": "Neue Updates von Debian aufgenommen"
},
{
"date": "2024-05-27T22:00:00.000+00:00",
"number": "33",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2024-05-28T22:00:00.000+00:00",
"number": "34",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-05-30T22:00:00.000+00:00",
"number": "35",
"summary": "Neue Updates von Red Hat und Oracle Linux aufgenommen"
},
{
"date": "2024-06-02T22:00:00.000+00:00",
"number": "36",
"summary": "Neue Updates von Oracle Linux, Red Hat und Amazon aufgenommen"
},
{
"date": "2024-06-05T22:00:00.000+00:00",
"number": "37",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-06-06T22:00:00.000+00:00",
"number": "38",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-06-10T22:00:00.000+00:00",
"number": "39",
"summary": "Neue Updates von Red Hat und SUSE aufgenommen"
},
{
"date": "2024-06-11T22:00:00.000+00:00",
"number": "40",
"summary": "Neue Updates von Amazon aufgenommen"
},
{
"date": "2024-06-12T22:00:00.000+00:00",
"number": "41",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-06-16T22:00:00.000+00:00",
"number": "42",
"summary": "Neue Updates von Rocky Enterprise Software Foundation aufgenommen"
},
{
"date": "2024-06-18T22:00:00.000+00:00",
"number": "43",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-06-20T22:00:00.000+00:00",
"number": "44",
"summary": "Neue Updates von SUSE und Red Hat aufgenommen"
},
{
"date": "2024-06-25T22:00:00.000+00:00",
"number": "45",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-06-26T22:00:00.000+00:00",
"number": "46",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-06-30T22:00:00.000+00:00",
"number": "47",
"summary": "Neue Updates von Amazon aufgenommen"
},
{
"date": "2024-07-02T22:00:00.000+00:00",
"number": "48",
"summary": "Neue Updates von Red Hat und Oracle Linux aufgenommen"
},
{
"date": "2024-07-08T22:00:00.000+00:00",
"number": "49",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-07-09T22:00:00.000+00:00",
"number": "50",
"summary": "Neue Updates von IBM und IBM-APAR aufgenommen"
},
{
"date": "2024-07-10T22:00:00.000+00:00",
"number": "51",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-07-11T22:00:00.000+00:00",
"number": "52",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-07-15T22:00:00.000+00:00",
"number": "53",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-07-16T22:00:00.000+00:00",
"number": "54",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-07-18T22:00:00.000+00:00",
"number": "55",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-07-22T22:00:00.000+00:00",
"number": "56",
"summary": "Neue Updates von Amazon aufgenommen"
},
{
"date": "2024-07-23T22:00:00.000+00:00",
"number": "57",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-07-24T22:00:00.000+00:00",
"number": "58",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-07-30T22:00:00.000+00:00",
"number": "59",
"summary": "Neue Updates von Red Hat und IBM aufgenommen"
},
{
"date": "2024-07-31T22:00:00.000+00:00",
"number": "60",
"summary": "Neue Updates von SUSE und Red Hat aufgenommen"
},
{
"date": "2024-08-01T22:00:00.000+00:00",
"number": "61",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-08-05T22:00:00.000+00:00",
"number": "62",
"summary": "Neue Updates von Dell aufgenommen"
},
{
"date": "2024-08-06T22:00:00.000+00:00",
"number": "63",
"summary": "Neue Updates von Gentoo aufgenommen"
},
{
"date": "2024-08-07T22:00:00.000+00:00",
"number": "64",
"summary": "Neue Updates von Red Hat und Gentoo aufgenommen"
},
{
"date": "2024-08-08T22:00:00.000+00:00",
"number": "65",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-08-11T22:00:00.000+00:00",
"number": "66",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2024-08-13T22:00:00.000+00:00",
"number": "67",
"summary": "Neue Updates von Amazon aufgenommen"
},
{
"date": "2024-08-14T22:00:00.000+00:00",
"number": "68",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2024-08-21T22:00:00.000+00:00",
"number": "69",
"summary": "Neue Updates von Amazon aufgenommen"
},
{
"date": "2024-09-03T22:00:00.000+00:00",
"number": "70",
"summary": "Neue Updates von SUSE und Red Hat aufgenommen"
},
{
"date": "2024-09-08T22:00:00.000+00:00",
"number": "71",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2024-09-11T22:00:00.000+00:00",
"number": "72",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-09-17T22:00:00.000+00:00",
"number": "73",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-09-19T22:00:00.000+00:00",
"number": "74",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2024-09-24T22:00:00.000+00:00",
"number": "75",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-09-25T22:00:00.000+00:00",
"number": "76",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-09-29T22:00:00.000+00:00",
"number": "77",
"summary": "Neue Updates von Debian und Gentoo aufgenommen"
},
{
"date": "2024-10-03T22:00:00.000+00:00",
"number": "78",
"summary": "Neue Updates von Amazon aufgenommen"
},
{
"date": "2024-10-09T22:00:00.000+00:00",
"number": "79",
"summary": "Neue Updates von Dell aufgenommen"
},
{
"date": "2024-10-10T22:00:00.000+00:00",
"number": "80",
"summary": "Neue Updates von Dell aufgenommen"
},
{
"date": "2024-10-13T22:00:00.000+00:00",
"number": "81",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2024-10-14T22:00:00.000+00:00",
"number": "82",
"summary": "Neue Updates von Splunk-SVD aufgenommen"
},
{
"date": "2024-10-15T22:00:00.000+00:00",
"number": "83",
"summary": "Neue Updates von openSUSE aufgenommen"
},
{
"date": "2024-10-22T22:00:00.000+00:00",
"number": "84",
"summary": "Neue Updates von IBM und IBM-APAR aufgenommen"
},
{
"date": "2024-10-23T22:00:00.000+00:00",
"number": "85",
"summary": "Neue Updates von SUSE und Red Hat aufgenommen"
},
{
"date": "2024-10-31T23:00:00.000+00:00",
"number": "86",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2024-11-06T23:00:00.000+00:00",
"number": "87",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-11-14T23:00:00.000+00:00",
"number": "88",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2024-11-21T23:00:00.000+00:00",
"number": "89",
"summary": "Neue Updates von XEROX aufgenommen"
},
{
"date": "2024-12-15T23:00:00.000+00:00",
"number": "90",
"summary": "Referenz(en) aufgenommen: 7178947"
},
{
"date": "2025-01-12T23:00:00.000+00:00",
"number": "91",
"summary": "Neue Updates von XEROX aufgenommen"
},
{
"date": "2025-01-19T23:00:00.000+00:00",
"number": "92",
"summary": "Neue Updates von HP aufgenommen"
}
],
"status": "final",
"version": "92"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Amazon Linux 2",
"product": {
"name": "Amazon Linux 2",
"product_id": "398363",
"product_identification_helper": {
"cpe": "cpe:/o:amazon:linux_2:-"
}
}
}
],
"category": "vendor",
"name": "Amazon"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c2.4.59",
"product": {
"name": "Apache HTTP Server \u003c2.4.59",
"product_id": "T033904"
}
},
{
"category": "product_version",
"name": "2.4.59",
"product": {
"name": "Apache HTTP Server 2.4.59",
"product_id": "T033904-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:apache:http_server:2.4.59"
}
}
}
],
"category": "product_name",
"name": "HTTP Server"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c8.1.10",
"product": {
"name": "Apache Traffic Server \u003c8.1.10",
"product_id": "T034079"
}
},
{
"category": "product_version",
"name": "8.1.10",
"product": {
"name": "Apache Traffic Server 8.1.10",
"product_id": "T034079-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:apache:traffic_server:8.1.10"
}
}
},
{
"category": "product_version_range",
"name": "\u003c9.2.4",
"product": {
"name": "Apache Traffic Server \u003c9.2.4",
"product_id": "T034080"
}
},
{
"category": "product_version",
"name": "9.2.4",
"product": {
"name": "Apache Traffic Server 9.2.4",
"product_id": "T034080-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:apache:traffic_server:9.2.4"
}
}
}
],
"category": "product_name",
"name": "Traffic Server"
}
],
"category": "vendor",
"name": "Apache"
},
{
"branches": [
{
"category": "product_name",
"name": "Arista EOS",
"product": {
"name": "Arista EOS",
"product_id": "T033896",
"product_identification_helper": {
"cpe": "cpe:/o:arista:arista_eos:-"
}
}
}
],
"category": "vendor",
"name": "Arista"
},
{
"branches": [
{
"category": "product_name",
"name": "Debian Linux",
"product": {
"name": "Debian Linux",
"product_id": "2951",
"product_identification_helper": {
"cpe": "cpe:/o:debian:debian_linux:-"
}
}
}
],
"category": "vendor",
"name": "Debian"
},
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Dell NetWorker",
"product": {
"name": "Dell NetWorker",
"product_id": "T024663",
"product_identification_helper": {
"cpe": "cpe:/a:dell:networker:-"
}
}
},
{
"category": "product_version_range",
"name": "\u003c19.10.0.5",
"product": {
"name": "Dell NetWorker \u003c19.10.0.5",
"product_id": "T038270"
}
},
{
"category": "product_version",
"name": "19.10.0.5",
"product": {
"name": "Dell NetWorker 19.10.0.5",
"product_id": "T038270-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:dell:networker:19.10.0.5"
}
}
}
],
"category": "product_name",
"name": "NetWorker"
}
],
"category": "vendor",
"name": "Dell"
},
{
"branches": [
{
"category": "product_name",
"name": "EMC Avamar",
"product": {
"name": "EMC Avamar",
"product_id": "T014381",
"product_identification_helper": {
"cpe": "cpe:/a:emc:avamar:-"
}
}
}
],
"category": "vendor",
"name": "EMC"
},
{
"branches": [
{
"category": "product_name",
"name": "Fedora Linux",
"product": {
"name": "Fedora Linux",
"product_id": "74185",
"product_identification_helper": {
"cpe": "cpe:/o:fedoraproject:fedora:-"
}
}
}
],
"category": "vendor",
"name": "Fedora"
},
{
"branches": [
{
"category": "product_name",
"name": "Gentoo Linux",
"product": {
"name": "Gentoo Linux",
"product_id": "T012167",
"product_identification_helper": {
"cpe": "cpe:/o:gentoo:linux:-"
}
}
}
],
"category": "vendor",
"name": "Gentoo"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c1.22.2",
"product": {
"name": "Golang Go \u003c1.22.2",
"product_id": "T033893"
}
},
{
"category": "product_version",
"name": "1.22.2",
"product": {
"name": "Golang Go 1.22.2",
"product_id": "T033893-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:golang:go:1.22.2"
}
}
}
],
"category": "product_name",
"name": "Go"
}
],
"category": "vendor",
"name": "Golang"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c11.31",
"product": {
"name": "HPE HP-UX \u003c11.31",
"product_id": "T040402"
}
},
{
"category": "product_version",
"name": "11.31",
"product": {
"name": "HPE HP-UX 11.31",
"product_id": "T040402-fixed",
"product_identification_helper": {
"cpe": "cpe:/o:hp:hp-ux:11.31"
}
}
}
],
"category": "product_name",
"name": "HP-UX"
}
],
"category": "vendor",
"name": "HPE"
},
{
"branches": [
{
"category": "product_name",
"name": "IBM App Connect Enterprise",
"product": {
"name": "IBM App Connect Enterprise",
"product_id": "T032495",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:app_connect_enterprise:-"
}
}
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c10.5.0.12",
"product": {
"name": "IBM DataPower Gateway \u003c10.5.0.12",
"product_id": "T035904"
}
},
{
"category": "product_version",
"name": "10.5.0.12",
"product": {
"name": "IBM DataPower Gateway 10.5.0.12",
"product_id": "T035904-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:datapower_gateway:10.5.0.12"
}
}
},
{
"category": "product_version_range",
"name": "\u003c10.6.0.0",
"product": {
"name": "IBM DataPower Gateway \u003c10.6.0.0",
"product_id": "T035905"
}
},
{
"category": "product_version",
"name": "10.6.0.0",
"product": {
"name": "IBM DataPower Gateway 10.6.0.0",
"product_id": "T035905-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:datapower_gateway:10.6.0.0"
}
}
}
],
"category": "product_name",
"name": "DataPower Gateway"
},
{
"branches": [
{
"category": "product_version_range",
"name": "Operator \u003c3.1.3",
"product": {
"name": "IBM MQ Operator \u003c3.1.3",
"product_id": "T034999"
}
},
{
"category": "product_version",
"name": "Operator 3.1.3",
"product": {
"name": "IBM MQ Operator 3.1.3",
"product_id": "T034999-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:mq:operator__3.1.3"
}
}
},
{
"category": "product_version_range",
"name": "Operator \u003c2.0.22 LTS",
"product": {
"name": "IBM MQ Operator \u003c2.0.22 LTS",
"product_id": "T035000"
}
},
{
"category": "product_version",
"name": "Operator 2.0.22 LTS",
"product": {
"name": "IBM MQ Operator 2.0.22 LTS",
"product_id": "T035000-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:mq:operator__2.0.22_lts"
}
}
},
{
"category": "product_version",
"name": "Operator",
"product": {
"name": "IBM MQ Operator",
"product_id": "T036688",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:mq:operator"
}
}
}
],
"category": "product_name",
"name": "MQ"
},
{
"branches": [
{
"category": "product_version",
"name": "v10",
"product": {
"name": "IBM Power Hardware Management Console v10",
"product_id": "T023373",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:hardware_management_console:v10"
}
}
}
],
"category": "product_name",
"name": "Power Hardware Management Console"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c7.5.0 UP9",
"product": {
"name": "IBM QRadar SIEM \u003c7.5.0 UP9",
"product_id": "T036127"
}
},
{
"category": "product_version",
"name": "7.5.0 UP9",
"product": {
"name": "IBM QRadar SIEM 7.5.0 UP9",
"product_id": "T036127-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:qradar_siem:7.5.0_up9"
}
}
},
{
"category": "product_version_range",
"name": "\u003c7.5.0 UP10 IF01",
"product": {
"name": "IBM QRadar SIEM \u003c7.5.0 UP10 IF01",
"product_id": "T038741"
}
},
{
"category": "product_version",
"name": "7.5.0 UP10 IF01",
"product": {
"name": "IBM QRadar SIEM 7.5.0 UP10 IF01",
"product_id": "T038741-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:qradar_siem:7.5.0_up10_if01"
}
}
}
],
"category": "product_name",
"name": "QRadar SIEM"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c8.0.0.27",
"product": {
"name": "IBM Rational Build Forge \u003c8.0.0.27",
"product_id": "T038286"
}
},
{
"category": "product_version",
"name": "8.0.0.27",
"product": {
"name": "IBM Rational Build Forge 8.0.0.27",
"product_id": "T038286-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:rational_build_forge:8.0.0.27"
}
}
}
],
"category": "product_name",
"name": "Rational Build Forge"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c10.1.16.2",
"product": {
"name": "IBM Spectrum Protect Plus \u003c10.1.16.2",
"product_id": "T036379"
}
},
{
"category": "product_version",
"name": "10.1.16.2",
"product": {
"name": "IBM Spectrum Protect Plus 10.1.16.2",
"product_id": "T036379-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:spectrum_protect_plus:10.1.16.2"
}
}
}
],
"category": "product_name",
"name": "Spectrum Protect Plus"
}
],
"category": "vendor",
"name": "IBM"
},
{
"branches": [
{
"category": "product_name",
"name": "Open Source nghttp2",
"product": {
"name": "Open Source nghttp2",
"product_id": "T033895",
"product_identification_helper": {
"cpe": "cpe:/a:nghttp2:nghttp2:-"
}
}
}
],
"category": "vendor",
"name": "Open Source"
},
{
"branches": [
{
"category": "product_name",
"name": "Oracle Linux",
"product": {
"name": "Oracle Linux",
"product_id": "T004914",
"product_identification_helper": {
"cpe": "cpe:/o:oracle:linux:-"
}
}
}
],
"category": "vendor",
"name": "Oracle"
},
{
"branches": [
{
"category": "product_name",
"name": "RESF Rocky Linux",
"product": {
"name": "RESF Rocky Linux",
"product_id": "T032255",
"product_identification_helper": {
"cpe": "cpe:/o:resf:rocky_linux:-"
}
}
}
],
"category": "vendor",
"name": "RESF"
},
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
},
{
"category": "product_version",
"name": "Advanced Cluster Security for Kubernetes 4",
"product": {
"name": "Red Hat Enterprise Linux Advanced Cluster Security for Kubernetes 4",
"product_id": "T027916",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:advanced_cluster_security_for_kubernetes_4"
}
}
}
],
"category": "product_name",
"name": "Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "Virtualization 4.13",
"product": {
"name": "Red Hat OpenShift Virtualization 4.13",
"product_id": "T027763",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:virtualization_4.13"
}
}
},
{
"category": "product_version",
"name": "Container Platform 4.14",
"product": {
"name": "Red Hat OpenShift Container Platform 4.14",
"product_id": "T031393",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:container_platform_4.14.4"
}
}
},
{
"category": "product_version_range",
"name": "Container Platform \u003c4.15",
"product": {
"name": "Red Hat OpenShift Container Platform \u003c4.15",
"product_id": "T034232"
}
},
{
"category": "product_version",
"name": "Container Platform 4.15",
"product": {
"name": "Red Hat OpenShift Container Platform 4.15",
"product_id": "T034232-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:container_platform__4.15"
}
}
},
{
"category": "product_version_range",
"name": "Container Platform \u003c4.15.12",
"product": {
"name": "Red Hat OpenShift Container Platform \u003c4.15.12",
"product_id": "T034661"
}
},
{
"category": "product_version",
"name": "Container Platform 4.15.12",
"product": {
"name": "Red Hat OpenShift Container Platform 4.15.12",
"product_id": "T034661-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:container_platform__4.15.12"
}
}
},
{
"category": "product_version_range",
"name": "Container Platform \u003c4.14.24",
"product": {
"name": "Red Hat OpenShift Container Platform \u003c4.14.24",
"product_id": "T034662"
}
},
{
"category": "product_version",
"name": "Container Platform 4.14.24",
"product": {
"name": "Red Hat OpenShift Container Platform 4.14.24",
"product_id": "T034662-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:container_platform__4.14.24"
}
}
},
{
"category": "product_version_range",
"name": "Container Platform \u003c4.15.14",
"product": {
"name": "Red Hat OpenShift Container Platform \u003c4.15.14",
"product_id": "T034932"
}
},
{
"category": "product_version",
"name": "Container Platform 4.15.14",
"product": {
"name": "Red Hat OpenShift Container Platform 4.15.14",
"product_id": "T034932-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:container_platform__4.15.14"
}
}
}
],
"category": "product_name",
"name": "OpenShift"
}
],
"category": "vendor",
"name": "Red Hat"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux",
"product": {
"name": "SUSE Linux",
"product_id": "T002207",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_linux:-"
}
}
},
{
"category": "product_name",
"name": "SUSE openSUSE",
"product": {
"name": "SUSE openSUSE",
"product_id": "T027843",
"product_identification_helper": {
"cpe": "cpe:/o:suse:opensuse:-"
}
}
}
],
"category": "vendor",
"name": "SUSE"
},
{
"branches": [
{
"category": "product_name",
"name": "Specification http/2",
"product": {
"name": "Specification http/2",
"product_id": "T033894",
"product_identification_helper": {
"cpe": "cpe:/a:ietf:http2:-"
}
}
}
],
"category": "vendor",
"name": "Specification"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c9.3.1",
"product": {
"name": "Splunk Splunk Enterprise \u003c9.3.1",
"product_id": "T038314"
}
},
{
"category": "product_version",
"name": "9.3.1",
"product": {
"name": "Splunk Splunk Enterprise 9.3.1",
"product_id": "T038314-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:splunk:splunk:9.3.1"
}
}
},
{
"category": "product_version_range",
"name": "\u003c9.2.3",
"product": {
"name": "Splunk Splunk Enterprise \u003c9.2.3",
"product_id": "T038315"
}
},
{
"category": "product_version",
"name": "9.2.3",
"product": {
"name": "Splunk Splunk Enterprise 9.2.3",
"product_id": "T038315-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:splunk:splunk:9.2.3"
}
}
},
{
"category": "product_version_range",
"name": "\u003c9.1.6",
"product": {
"name": "Splunk Splunk Enterprise \u003c9.1.6",
"product_id": "T038316"
}
},
{
"category": "product_version",
"name": "9.1.6",
"product": {
"name": "Splunk Splunk Enterprise 9.1.6",
"product_id": "T038316-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:splunk:splunk:9.1.6"
}
}
}
],
"category": "product_name",
"name": "Splunk Enterprise"
}
],
"category": "vendor",
"name": "Splunk"
},
{
"branches": [
{
"category": "product_name",
"name": "Ubuntu Linux",
"product": {
"name": "Ubuntu Linux",
"product_id": "T000126",
"product_identification_helper": {
"cpe": "cpe:/o:canonical:ubuntu_linux:-"
}
}
}
],
"category": "vendor",
"name": "Ubuntu"
},
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "v9",
"product": {
"name": "Xerox FreeFlow Print Server v9",
"product_id": "T015632",
"product_identification_helper": {
"cpe": "cpe:/a:xerox:freeflow_print_server:v9"
}
}
},
{
"category": "product_version",
"name": "v9 for Solaris",
"product": {
"name": "Xerox FreeFlow Print Server v9 for Solaris",
"product_id": "T028053",
"product_identification_helper": {
"cpe": "cpe:/a:xerox:freeflow_print_server:v9_for_solaris"
}
}
}
],
"category": "product_name",
"name": "FreeFlow Print Server"
}
],
"category": "vendor",
"name": "Xerox"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-45288",
"notes": [
{
"category": "description",
"text": "Mehrere Implementierungen der http/2-Spezifikation enthalten eine Schwachstelle im Zusammenhang mit der Fragmentierung von Anfragen. Solange das END_HEADERS-Flag in einem Frame nicht gesetzt ist, empf\u00e4ngt der Endpunkt weiterhin Header-Daten. Mit einer gro\u00dfen Anzahl von CONTINUATION-Frames kann so der Speicher auf der Serverseite beliebig gef\u00fcllt werden. Ein entfernter, anonymer Angreifer kann dies ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033895",
"T033896",
"67646",
"T031393",
"T036127",
"T036688",
"T004914",
"T033893",
"T033894",
"T034662",
"T038741",
"T034661",
"T034080",
"T027916",
"T038286",
"T024663",
"398363",
"T033904",
"T035905",
"T023373",
"T034932",
"T028053",
"T035904",
"T034999",
"T035000",
"T038314",
"T015632",
"T036379",
"T038315",
"T012167",
"T038316",
"T032255",
"74185",
"T034079",
"T032495",
"T034232",
"T014381",
"2951",
"T002207",
"T000126",
"T038270",
"T027843",
"T040402",
"T027763"
]
},
"release_date": "2024-04-03T22:00:00.000+00:00",
"title": "CVE-2023-45288"
},
{
"cve": "CVE-2024-2653",
"notes": [
{
"category": "description",
"text": "Mehrere Implementierungen der http/2-Spezifikation enthalten eine Schwachstelle im Zusammenhang mit der Fragmentierung von Anfragen. Solange das END_HEADERS-Flag in einem Frame nicht gesetzt ist, empf\u00e4ngt der Endpunkt weiterhin Header-Daten. Mit einer gro\u00dfen Anzahl von CONTINUATION-Frames kann so der Speicher auf der Serverseite beliebig gef\u00fcllt werden. Ein entfernter, anonymer Angreifer kann dies ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033895",
"T033896",
"67646",
"T031393",
"T036127",
"T036688",
"T004914",
"T033893",
"T033894",
"T034662",
"T038741",
"T034661",
"T034080",
"T027916",
"T038286",
"T024663",
"398363",
"T033904",
"T035905",
"T023373",
"T034932",
"T028053",
"T035904",
"T034999",
"T035000",
"T038314",
"T015632",
"T036379",
"T038315",
"T012167",
"T038316",
"T032255",
"74185",
"T034079",
"T032495",
"T034232",
"T014381",
"2951",
"T002207",
"T000126",
"T038270",
"T027843",
"T040402",
"T027763"
]
},
"release_date": "2024-04-03T22:00:00.000+00:00",
"title": "CVE-2024-2653"
},
{
"cve": "CVE-2024-27316",
"notes": [
{
"category": "description",
"text": "Mehrere Implementierungen der http/2-Spezifikation enthalten eine Schwachstelle im Zusammenhang mit der Fragmentierung von Anfragen. Solange das END_HEADERS-Flag in einem Frame nicht gesetzt ist, empf\u00e4ngt der Endpunkt weiterhin Header-Daten. Mit einer gro\u00dfen Anzahl von CONTINUATION-Frames kann so der Speicher auf der Serverseite beliebig gef\u00fcllt werden. Ein entfernter, anonymer Angreifer kann dies ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033895",
"T033896",
"67646",
"T031393",
"T036127",
"T036688",
"T004914",
"T033893",
"T033894",
"T034662",
"T038741",
"T034661",
"T034080",
"T027916",
"T038286",
"T024663",
"398363",
"T033904",
"T035905",
"T023373",
"T034932",
"T028053",
"T035904",
"T034999",
"T035000",
"T038314",
"T015632",
"T036379",
"T038315",
"T012167",
"T038316",
"T032255",
"74185",
"T034079",
"T032495",
"T034232",
"T014381",
"2951",
"T002207",
"T000126",
"T038270",
"T027843",
"T040402",
"T027763"
]
},
"release_date": "2024-04-03T22:00:00.000+00:00",
"title": "CVE-2024-27316"
},
{
"cve": "CVE-2024-2758",
"notes": [
{
"category": "description",
"text": "Mehrere Implementierungen der http/2-Spezifikation enthalten eine Schwachstelle im Zusammenhang mit der Fragmentierung von Anfragen. Solange das END_HEADERS-Flag in einem Frame nicht gesetzt ist, empf\u00e4ngt der Endpunkt weiterhin Header-Daten. Mit einer gro\u00dfen Anzahl von CONTINUATION-Frames kann so der Speicher auf der Serverseite beliebig gef\u00fcllt werden. Ein entfernter, anonymer Angreifer kann dies ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033895",
"T033896",
"67646",
"T031393",
"T036127",
"T036688",
"T004914",
"T033893",
"T033894",
"T034662",
"T038741",
"T034661",
"T034080",
"T027916",
"T038286",
"T024663",
"398363",
"T033904",
"T035905",
"T023373",
"T034932",
"T028053",
"T035904",
"T034999",
"T035000",
"T038314",
"T015632",
"T036379",
"T038315",
"T012167",
"T038316",
"T032255",
"74185",
"T034079",
"T032495",
"T034232",
"T014381",
"2951",
"T002207",
"T000126",
"T038270",
"T027843",
"T040402",
"T027763"
]
},
"release_date": "2024-04-03T22:00:00.000+00:00",
"title": "CVE-2024-2758"
},
{
"cve": "CVE-2024-27919",
"notes": [
{
"category": "description",
"text": "Mehrere Implementierungen der http/2-Spezifikation enthalten eine Schwachstelle im Zusammenhang mit der Fragmentierung von Anfragen. Solange das END_HEADERS-Flag in einem Frame nicht gesetzt ist, empf\u00e4ngt der Endpunkt weiterhin Header-Daten. Mit einer gro\u00dfen Anzahl von CONTINUATION-Frames kann so der Speicher auf der Serverseite beliebig gef\u00fcllt werden. Ein entfernter, anonymer Angreifer kann dies ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033895",
"T033896",
"67646",
"T031393",
"T036127",
"T036688",
"T004914",
"T033893",
"T033894",
"T034662",
"T038741",
"T034661",
"T034080",
"T027916",
"T038286",
"T024663",
"398363",
"T033904",
"T035905",
"T023373",
"T034932",
"T028053",
"T035904",
"T034999",
"T035000",
"T038314",
"T015632",
"T036379",
"T038315",
"T012167",
"T038316",
"T032255",
"74185",
"T034079",
"T032495",
"T034232",
"T014381",
"2951",
"T002207",
"T000126",
"T038270",
"T027843",
"T040402",
"T027763"
]
},
"release_date": "2024-04-03T22:00:00.000+00:00",
"title": "CVE-2024-27919"
},
{
"cve": "CVE-2024-28182",
"notes": [
{
"category": "description",
"text": "Mehrere Implementierungen der http/2-Spezifikation enthalten eine Schwachstelle im Zusammenhang mit der Fragmentierung von Anfragen. Solange das END_HEADERS-Flag in einem Frame nicht gesetzt ist, empf\u00e4ngt der Endpunkt weiterhin Header-Daten. Mit einer gro\u00dfen Anzahl von CONTINUATION-Frames kann so der Speicher auf der Serverseite beliebig gef\u00fcllt werden. Ein entfernter, anonymer Angreifer kann dies ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033895",
"T033896",
"67646",
"T031393",
"T036127",
"T036688",
"T004914",
"T033893",
"T033894",
"T034662",
"T038741",
"T034661",
"T034080",
"T027916",
"T038286",
"T024663",
"398363",
"T033904",
"T035905",
"T023373",
"T034932",
"T028053",
"T035904",
"T034999",
"T035000",
"T038314",
"T015632",
"T036379",
"T038315",
"T012167",
"T038316",
"T032255",
"74185",
"T034079",
"T032495",
"T034232",
"T014381",
"2951",
"T002207",
"T000126",
"T038270",
"T027843",
"T040402",
"T027763"
]
},
"release_date": "2024-04-03T22:00:00.000+00:00",
"title": "CVE-2024-28182"
},
{
"cve": "CVE-2024-30255",
"notes": [
{
"category": "description",
"text": "Mehrere Implementierungen der http/2-Spezifikation enthalten eine Schwachstelle im Zusammenhang mit der Fragmentierung von Anfragen. Solange das END_HEADERS-Flag in einem Frame nicht gesetzt ist, empf\u00e4ngt der Endpunkt weiterhin Header-Daten. Mit einer gro\u00dfen Anzahl von CONTINUATION-Frames kann so der Speicher auf der Serverseite beliebig gef\u00fcllt werden. Ein entfernter, anonymer Angreifer kann dies ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033895",
"T033896",
"67646",
"T031393",
"T036127",
"T036688",
"T004914",
"T033893",
"T033894",
"T034662",
"T038741",
"T034661",
"T034080",
"T027916",
"T038286",
"T024663",
"398363",
"T033904",
"T035905",
"T023373",
"T034932",
"T028053",
"T035904",
"T034999",
"T035000",
"T038314",
"T015632",
"T036379",
"T038315",
"T012167",
"T038316",
"T032255",
"74185",
"T034079",
"T032495",
"T034232",
"T014381",
"2951",
"T002207",
"T000126",
"T038270",
"T027843",
"T040402",
"T027763"
]
},
"release_date": "2024-04-03T22:00:00.000+00:00",
"title": "CVE-2024-30255"
},
{
"cve": "CVE-2024-31309",
"notes": [
{
"category": "description",
"text": "Mehrere Implementierungen der http/2-Spezifikation enthalten eine Schwachstelle im Zusammenhang mit der Fragmentierung von Anfragen. Solange das END_HEADERS-Flag in einem Frame nicht gesetzt ist, empf\u00e4ngt der Endpunkt weiterhin Header-Daten. Mit einer gro\u00dfen Anzahl von CONTINUATION-Frames kann so der Speicher auf der Serverseite beliebig gef\u00fcllt werden. Ein entfernter, anonymer Angreifer kann dies ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033895",
"T033896",
"67646",
"T031393",
"T036127",
"T036688",
"T004914",
"T033893",
"T033894",
"T034662",
"T038741",
"T034661",
"T034080",
"T027916",
"T038286",
"T024663",
"398363",
"T033904",
"T035905",
"T023373",
"T034932",
"T028053",
"T035904",
"T034999",
"T035000",
"T038314",
"T015632",
"T036379",
"T038315",
"T012167",
"T038316",
"T032255",
"74185",
"T034079",
"T032495",
"T034232",
"T014381",
"2951",
"T002207",
"T000126",
"T038270",
"T027843",
"T040402",
"T027763"
]
},
"release_date": "2024-04-03T22:00:00.000+00:00",
"title": "CVE-2024-31309"
}
]
}
wid-sec-w-2024-0789
Vulnerability from csaf_certbund
Published
2024-04-03 22:00
Modified
2025-01-19 23:00
Summary
HTTP/2: Mehrere Schwachstellen ermöglichen Denial of Service
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
http/2 ist das HyperText Transfer Protocol in Version 2.
Angriff
Ein entfernter, anonymer Angreifer kann eine Schwachstellen in verschiedenen http/2 Implementierungen ausnutzen, um einen Denial of Service Angriff durchzuführen.
Betroffene Betriebssysteme
- Appliance
- Linux
- Sonstiges
- UNIX
- Windows
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "http/2 ist das HyperText Transfer Protocol in Version 2.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann eine Schwachstellen in verschiedenen http/2 Implementierungen ausnutzen, um einen Denial of Service Angriff durchzuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Appliance\n- Linux\n- Sonstiges\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2024-0789 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-0789.json"
},
{
"category": "self",
"summary": "WID-SEC-2024-0789 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0789"
},
{
"category": "external",
"summary": "CERT Coordination Center VU#421644 vom 2024-04-03",
"url": "https://kb.cert.org/vuls/id/421644"
},
{
"category": "external",
"summary": "Go Package net/http GO-2024-2687 vom 2024-04-03",
"url": "https://pkg.go.dev/vuln/GO-2024-2687"
},
{
"category": "external",
"summary": "Arista Security Advisory 0094 vom 2024-04-03",
"url": "https://www.arista.com/en/support/advisories-notices/security-advisory/19221-security-advisory-0094"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2024-A00DE83DE9 vom 2024-04-04",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2024-a00de83de9"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2024-DA8CDD8414 vom 2024-04-04",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2024-da8cdd8414"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2024-EC22E51EC2 vom 2024-04-04",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2024-ec22e51ec2"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-EPEL-2024-866AC60917 vom 2024-04-04",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2024-866ac60917"
},
{
"category": "external",
"summary": "Apache 2.4.59 Changes vom 2024-04-04",
"url": "https://downloads.apache.org/httpd/CHANGES_2.4.59"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2024-4812897DD1 vom 2024-04-05",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2024-4812897dd1"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2024-1F11550E31 vom 2024-04-05",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2024-1f11550e31"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2024-528301BAC2 vom 2024-04-05",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2024-528301bac2"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:1121-1 vom 2024-04-05",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-April/018259.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:1122-1 vom 2024-04-05",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-April/018261.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:1683 vom 2024-04-08",
"url": "https://access.redhat.com/errata/RHSA-2024:1683"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:1681 vom 2024-04-08",
"url": "https://access.redhat.com/errata/RHSA-2024:1681"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:1161-1 vom 2024-04-08",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-April/018265.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:1167-1 vom 2024-04-08",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-April/018298.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:1156-1 vom 2024-04-08",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-April/018269.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:1160-1 vom 2024-04-08",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-April/018266.html"
},
{
"category": "external",
"summary": "Apache Traffic Server Announce",
"url": "https://lists.apache.org/thread/f9qh3g3jvy153wh82pz4onrfj1wh13kc"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:1786 vom 2024-04-11",
"url": "https://access.redhat.com/errata/RHSA-2024:1786"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-6729-1 vom 2024-04-11",
"url": "https://ubuntu.com/security/notices/USN-6729-1"
},
{
"category": "external",
"summary": "Debian Security Advisory DSA-5659 vom 2024-04-14",
"url": "https://lists.debian.org/debian-security-announce/2024/msg00067.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2024-1786 vom 2024-04-13",
"url": "https://linux.oracle.com/errata/ELSA-2024-1786.html"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2024-CE2EEFC399 vom 2024-04-16",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2024-ce2eefc399"
},
{
"category": "external",
"summary": "Debian Security Advisory DSA-5662 vom 2024-04-16",
"url": "https://lists.debian.org/debian-security-announce/2024/msg00070.html"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-6729-2 vom 2024-04-17",
"url": "https://ubuntu.com/security/notices/USN-6729-2"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:1872 vom 2024-04-18",
"url": "https://access.redhat.com/errata/RHSA-2024:1872"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2024-1872 vom 2024-04-19",
"url": "https://linux.oracle.com/errata/ELSA-2024-1872.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:1963 vom 2024-04-23",
"url": "https://access.redhat.com/errata/RHSA-2024:1963"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:1962 vom 2024-04-23",
"url": "https://access.redhat.com/errata/RHSA-2024:1962"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2024-1963 vom 2024-04-24",
"url": "https://linux.oracle.com/errata/ELSA-2024-1963.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2024-1962 vom 2024-04-24",
"url": "http://linux.oracle.com/errata/ELSA-2024-1962.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:2060 vom 2024-04-25",
"url": "https://access.redhat.com/errata/RHSA-2024:2060"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:1892 vom 2024-04-25",
"url": "https://access.redhat.com/errata/RHSA-2024:1892"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:2062 vom 2024-04-25",
"url": "https://access.redhat.com/errata/RHSA-2024:2062"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:1899 vom 2024-04-25",
"url": "https://access.redhat.com/errata/RHSA-2024:1899"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:2079 vom 2024-04-29",
"url": "https://access.redhat.com/errata/RHSA-2024:2079"
},
{
"category": "external",
"summary": "Debian Security Advisory DLA-3799 vom 2024-04-28",
"url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00021.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:1897 vom 2024-04-26",
"url": "https://access.redhat.com/errata/RHSA-2024:1897"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS-2024-2523 vom 2024-04-29",
"url": "https://alas.aws.amazon.com/AL2/ALAS-2024-2523.html"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-6729-3 vom 2024-04-29",
"url": "https://ubuntu.com/security/notices/USN-6729-3"
},
{
"category": "external",
"summary": "Debian Security Advisory DLA-3804 vom 2024-05-01",
"url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00026.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:2564 vom 2024-04-30",
"url": "https://access.redhat.com/errata/RHSA-2024:2564"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:2562 vom 2024-04-30",
"url": "https://access.redhat.com/errata/RHSA-2024:2562"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:2625 vom 2024-04-30",
"url": "https://access.redhat.com/errata/RHSA-2024:2625"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:2047 vom 2024-05-02",
"url": "https://access.redhat.com/errata/RHSA-2024:2049"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:2068 vom 2024-05-02",
"url": "https://access.redhat.com/errata/RHSA-2024:2068"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:2699 vom 2024-05-06",
"url": "https://access.redhat.com/errata/RHSA-2024:2699"
},
{
"category": "external",
"summary": "Rocky Linux Security Advisory RLSA-2024:1786 vom 2024-05-06",
"url": "https://errata.build.resf.org/RLSA-2024:1786"
},
{
"category": "external",
"summary": "Rocky Linux Security Advisory RLSA-2024:1962 vom 2024-05-06",
"url": "https://errata.build.resf.org/RLSA-2024:1962"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:2693 vom 2024-05-07",
"url": "https://access.redhat.com/errata/RHSA-2024:2693"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:2694 vom 2024-05-07",
"url": "https://access.redhat.com/errata/RHSA-2024:2694"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2024-2724 vom 2024-05-08",
"url": "https://linux.oracle.com/errata/ELSA-2024-2724.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2024-2564 vom 2024-05-08",
"url": "https://linux.oracle.com/errata/ELSA-2024-2564.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2024-2562 vom 2024-05-08",
"url": "https://linux.oracle.com/errata/ELSA-2024-2562.html"
},
{
"category": "external",
"summary": "Rocky Linux Security Advisory RLSA-2024:2778 vom 2024-05-09",
"url": "https://errata.build.resf.org/RLSA-2024:2778"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:2664 vom 2024-05-09",
"url": "https://access.redhat.com/errata/RHSA-2024:2664"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:2667 vom 2024-05-09",
"url": "https://access.redhat.com/errata/RHSA-2024:2667"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:2668 vom 2024-05-09",
"url": "https://access.redhat.com/errata/RHSA-2024:2668"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:2671 vom 2024-05-09",
"url": "https://access.redhat.com/errata/RHSA-2024:2671"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:2672 vom 2024-05-09",
"url": "https://access.redhat.com/errata/RHSA-2024:2672"
},
{
"category": "external",
"summary": "Rocky Linux Security Advisory RLSA-2024:2699 vom 2024-05-09",
"url": "https://errata.build.resf.org/RLSA-2024:2699"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:2779 vom 2024-05-09",
"url": "https://access.redhat.com/errata/RHSA-2024:2779"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:2778 vom 2024-05-09",
"url": "https://access.redhat.com/errata/RHSA-2024:2778"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:2780 vom 2024-05-09",
"url": "https://access.redhat.com/errata/RHSA-2024:2780"
},
{
"category": "external",
"summary": "Rocky Linux Security Advisory RLSA-2024:2779 vom 2024-05-09",
"url": "https://errata.build.resf.org/RLSA-2024:2779"
},
{
"category": "external",
"summary": "Rocky Linux Security Advisory RLSA-2024:2780 vom 2024-05-09",
"url": "https://errata.build.resf.org/RLSA-2024:2780"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2024-2699 vom 2024-05-09",
"url": "https://linux.oracle.com/errata/ELSA-2024-2699.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2024-2778 vom 2024-05-09",
"url": "https://linux.oracle.com/errata/ELSA-2024-2778.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2024-2780 vom 2024-05-10",
"url": "https://linux.oracle.com/errata/ELSA-2024-2780.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:1627-1 vom 2024-05-13",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-May/018514.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS-2024-1935 vom 2024-05-13",
"url": "https://alas.aws.amazon.com/ALAS-2024-1935.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2024-2779 vom 2024-05-15",
"url": "https://linux.oracle.com/errata/ELSA-2024-2779.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:2773 vom 2024-05-15",
"url": "https://access.redhat.com/errata/RHSA-2024:2773"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:2853 vom 2024-05-15",
"url": "https://access.redhat.com/errata/RHSA-2024:2853"
},
{
"category": "external",
"summary": "RedHat Security Advisory",
"url": "https://access.redhat.com/errata/RHSA-2024:2891"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2024-2853 vom 2024-05-17",
"url": "https://linux.oracle.com/errata/ELSA-2024-2853.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:2892 vom 2024-05-16",
"url": "https://access.redhat.com/errata/RHSA-2024:2892"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:2782 vom 2024-05-16",
"url": "https://access.redhat.com/errata/RHSA-2024:2782"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:2935 vom 2024-05-21",
"url": "https://access.redhat.com/errata/RHSA-2024:2935"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:2907 vom 2024-05-20",
"url": "https://access.redhat.com/errata/RHSA-2024:2907"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:2937 vom 2024-05-21",
"url": "https://access.redhat.com/errata/RHSA-2024:2937"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:2936 vom 2024-05-21",
"url": "https://access.redhat.com/errata/RHSA-2024:2936"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:2910 vom 2024-05-20",
"url": "https://access.redhat.com/errata/RHSA-2024:2910"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:2865 vom 2024-05-21",
"url": "https://access.redhat.com/errata/RHSA-2024:2865"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:2941 vom 2024-05-21",
"url": "https://access.redhat.com/errata/RHSA-2024:2941"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7154630 vom 2024-05-22",
"url": "https://www.ibm.com/support/pages/node/7154630"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:3259 vom 2024-05-22",
"url": "https://access.redhat.com/errata/RHSA-2024:3259"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:3315 vom 2024-05-23",
"url": "https://access.redhat.com/errata/RHSA-2024:3315"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2024-2910 vom 2024-05-23",
"url": "https://linux.oracle.com/errata/ELSA-2024-2910.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:3346 vom 2024-05-23",
"url": "https://access.redhat.com/errata/RHSA-2024:3346"
},
{
"category": "external",
"summary": "Debian Security Advisory DLA-3818 vom 2024-05-25",
"url": "https://lists.debian.org/debian-lts-announce/2024/05/msg00013.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:1788-1 vom 2024-05-27",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-May/018605.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:3417 vom 2024-05-28",
"url": "https://access.redhat.com/errata/RHSA-2024:3417"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:3402 vom 2024-05-28",
"url": "https://access.redhat.com/errata/RHSA-2024:3402"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:3331 vom 2024-05-30",
"url": "https://access.redhat.com/errata/RHSA-2024:3331"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:3479 vom 2024-05-29",
"url": "https://access.redhat.com/errata/RHSA-2024:3479"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:3467 vom 2024-05-29",
"url": "https://access.redhat.com/errata/RHSA-2024:3467"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:3327 vom 2024-05-29",
"url": "https://access.redhat.com/errata/RHSA-2024:3327"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2024-3346 vom 2024-05-30",
"url": "http://linux.oracle.com/errata/ELSA-2024-3346.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:3501 vom 2024-05-30",
"url": "https://access.redhat.com/errata/RHSA-2024:3501"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:2728 vom 2024-05-29",
"url": "https://access.redhat.com/errata/RHSA-2024:2728"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS-2024-2554 vom 2024-05-30",
"url": "https://alas.aws.amazon.com/AL2/ALAS-2024-2554.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALASNITRO-ENCLAVES-2024-040 vom 2024-05-30",
"url": "https://alas.aws.amazon.com/AL2/ALASNITRO-ENCLAVES-2024-040.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS-2024-2556 vom 2024-05-30",
"url": "https://alas.aws.amazon.com/AL2/ALAS-2024-2556.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS-2024-2550 vom 2024-05-30",
"url": "https://alas.aws.amazon.com/AL2/ALAS-2024-2550.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS-2024-2555 vom 2024-05-30",
"url": "https://alas.aws.amazon.com/AL2/ALAS-2024-2555.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2024-3259 vom 2024-06-01",
"url": "https://linux.oracle.com/errata/ELSA-2024-3259.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:3544 vom 2024-06-03",
"url": "https://access.redhat.com/errata/RHSA-2024:3544"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALASECS-2024-036 vom 2024-05-31",
"url": "https://alas.aws.amazon.com/AL2/ALASECS-2024-036.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:3665 vom 2024-06-06",
"url": "https://access.redhat.com/errata/RHSA-2024:3665"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:3701 vom 2024-06-06",
"url": "https://access.redhat.com/errata/RHSA-2024:3701"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:3763 vom 2024-06-10",
"url": "https://access.redhat.com/errata/RHSA-2024:3763"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:3523 vom 2024-06-10",
"url": "https://access.redhat.com/errata/RHSA-2024:3523"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:1963-1 vom 2024-06-10",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-June/018665.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS-2024-2568 vom 2024-06-12",
"url": "https://alas.aws.amazon.com/AL2/ALAS-2024-2568.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:3875 vom 2024-06-13",
"url": "https://access.redhat.com/errata/RHSA-2024:3875"
},
{
"category": "external",
"summary": "Rocky Linux Security Advisory RLSA-2024:2853 vom 2024-06-14",
"url": "https://errata.build.resf.org/RLSA-2024:2853"
},
{
"category": "external",
"summary": "Rocky Linux Security Advisory RLSA-2024:2910 vom 2024-06-14",
"url": "https://errata.build.resf.org/RLSA-2024:2910"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:3885 vom 2024-06-19",
"url": "https://access.redhat.com/errata/RHSA-2024:3885"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:2108-1 vom 2024-06-20",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-June/018771.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:4023 vom 2024-06-21",
"url": "https://access.redhat.com/errata/RHSA-2024:4023"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:4034 vom 2024-06-21",
"url": "https://access.redhat.com/errata/RHSA-2024:4034"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2024-3501 vom 2024-06-21",
"url": "https://linux.oracle.com/errata/ELSA-2024-3501.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:4010 vom 2024-06-26",
"url": "https://access.redhat.com/errata/RHSA-2024:4010"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:4006 vom 2024-06-27",
"url": "https://access.redhat.com/errata/RHSA-2024:4006"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:4041 vom 2024-06-26",
"url": "https://access.redhat.com/errata/RHSA-2024:4041"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:4125 vom 2024-06-26",
"url": "https://access.redhat.com/errata/RHSA-2024:4125"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:4146 vom 2024-06-27",
"url": "https://access.redhat.com/errata/RHSA-2024:4146"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:4126 vom 2024-06-26",
"url": "https://access.redhat.com/errata/RHSA-2024:4126"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS-2024-2524 vom 2024-06-28",
"url": "https://alas.aws.amazon.com/AL2/ALAS-2024-2524.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS-2024-1931 vom 2024-06-28",
"url": "https://alas.aws.amazon.com/ALAS-2024-1931.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:4252 vom 2024-07-03",
"url": "https://access.redhat.com/errata/RHSA-2024:4252"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2024-4252 vom 2024-07-03",
"url": "https://linux.oracle.com/errata/ELSA-2024-4252.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:4390 vom 2024-07-08",
"url": "https://access.redhat.com/errata/RHSA-2024:4390"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:4392 vom 2024-07-09",
"url": "https://access.redhat.com/errata/RHSA-2024:4392"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7159857 vom 2024-07-09",
"url": "https://www.ibm.com/support/pages/node/7159857"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:4321 vom 2024-07-10",
"url": "https://access.redhat.com/errata/RHSA-2024:4321"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:4464 vom 2024-07-11",
"url": "https://access.redhat.com/errata/RHSA-2024:4464"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:4520 vom 2024-07-11",
"url": "https://access.redhat.com/errata/RHSA-2024:4520"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7160134 vom 2024-07-12",
"url": "https://www.ibm.com/support/pages/node/7160134"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:4545 vom 2024-07-15",
"url": "https://access.redhat.com/errata/RHSA-2024:4545"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:4546 vom 2024-07-15",
"url": "https://access.redhat.com/errata/RHSA-2024:4546"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:4543 vom 2024-07-15",
"url": "https://access.redhat.com/errata/RHSA-2024:4543"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:4484 vom 2024-07-17",
"url": "https://access.redhat.com/errata/RHSA-2024:4484"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:4576 vom 2024-07-17",
"url": "https://access.redhat.com/errata/RHSA-2024:4576"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:4631 vom 2024-07-18",
"url": "https://access.redhat.com/errata/RHSA-2024:4631"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALASECS-2024-039 vom 2024-07-23",
"url": "https://alas.aws.amazon.com/AL2/ALASECS-2024-039.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:4721 vom 2024-07-23",
"url": "https://access.redhat.com/errata/RHSA-2024:4721"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:4732 vom 2024-07-23",
"url": "https://access.redhat.com/errata/RHSA-2024:4732"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:4677 vom 2024-07-25",
"url": "https://access.redhat.com/errata/RHSA-2024:4677"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:4824 vom 2024-07-24",
"url": "https://access.redhat.com/errata/RHSA-2024:4824"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:4922 vom 2024-07-31",
"url": "https://access.redhat.com/errata/RHSA-2024:4922"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7161954 vom 2024-07-30",
"url": "https://www.ibm.com/support/pages/node/7161954"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:1167-2 vom 2024-07-31",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-July/019073.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:4934 vom 2024-07-31",
"url": "https://access.redhat.com/errata/RHSA-2024:4934"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:1868-1 vom 2024-07-31",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-July/019070.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:4933 vom 2024-07-31",
"url": "https://access.redhat.com/errata/RHSA-2024:4933"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:4982 vom 2024-08-02",
"url": "https://access.redhat.com/errata/RHSA-2024:4982"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7162191 vom 2024-08-01",
"url": "https://www.ibm.com/support/pages/node/7162191"
},
{
"category": "external",
"summary": "Dell Security Advisory DSA-2024-348 vom 2024-08-06",
"url": "https://www.dell.com/support/kbdoc/de-de/000227573/dsa-2024-348-security-update-for-dell-avamar-dell-networker-virtual-edition-nve-and-dell-powerprotect-dp-series-appliance-dell-integrated-data-protection-appliance-idpa-security-update-for-multiple-vulnerabilities"
},
{
"category": "external",
"summary": "Gentoo Linux Security Advisory GLSA-202408-07 vom 2024-08-07",
"url": "https://security.gentoo.org/glsa/202408-07"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:4960 vom 2024-08-07",
"url": "https://access.redhat.com/errata/RHSA-2024:4960"
},
{
"category": "external",
"summary": "Gentoo Linux Security Advisory GLSA-202408-10 vom 2024-08-07",
"url": "https://security.gentoo.org/glsa/202408-10"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7162272 vom 2024-08-08",
"url": "https://www.ibm.com/support/pages/node/7162272"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:5143 vom 2024-08-09",
"url": "https://access.redhat.com/errata/RHSA-2024:5143"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:5144 vom 2024-08-09",
"url": "https://access.redhat.com/errata/RHSA-2024:5144"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:5145 vom 2024-08-09",
"url": "https://access.redhat.com/errata/RHSA-2024:5145"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:5147 vom 2024-08-09",
"url": "https://access.redhat.com/errata/RHSA-2024:5147"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7165265 vom 2024-08-12",
"url": "https://www.ibm.com/support/pages/node/7165265"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS-2024-2618 vom 2024-08-13",
"url": "https://alas.aws.amazon.com/AL2/ALAS-2024-2618.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2024-5193 vom 2024-08-14",
"url": "https://linux.oracle.com/errata/ELSA-2024-5193.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALASDOCKER-2024-042 vom 2024-08-21",
"url": "https://alas.aws.amazon.com/AL2/ALASDOCKER-2024-042.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALASNITRO-ENCLAVES-2024-043 vom 2024-08-21",
"url": "https://alas.aws.amazon.com/AL2/ALASNITRO-ENCLAVES-2024-043.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:3098-1 vom 2024-09-03",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-September/019363.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:6004 vom 2024-09-04",
"url": "https://access.redhat.com/errata/RHSA-2024:6004"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:3089-1 vom 2024-09-03",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-September/019369.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:3097-1 vom 2024-09-03",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-September/019364.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:6221 vom 2024-09-03",
"url": "https://access.redhat.com/errata/RHSA-2024:6221"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:3155-1 vom 2024-09-06",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/T5LFLVGNA2FSZS3KR7555733PGXOIY4S/"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:6409 vom 2024-09-11",
"url": "https://access.redhat.com/errata/RHSA-2024:6409"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:6406 vom 2024-09-12",
"url": "https://access.redhat.com/errata/RHSA-2024:6406"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:6642 vom 2024-09-18",
"url": "https://access.redhat.com/errata/RHSA-2024:6642"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:3344-1 vom 2024-09-19",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-September/019471.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:3341-1 vom 2024-09-19",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-September/019474.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:3343-1 vom 2024-09-19",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-September/019472.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:3342-1 vom 2024-09-19",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-September/019473.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:6811 vom 2024-09-25",
"url": "https://access.redhat.com/errata/RHSA-2024:6811"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:7164 vom 2024-09-26",
"url": "https://access.redhat.com/errata/RHSA-2024:7164"
},
{
"category": "external",
"summary": "Debian Security Advisory DLA-3898 vom 2024-09-27",
"url": "https://lists.debian.org/debian-lts-announce/2024/09/msg00041.html"
},
{
"category": "external",
"summary": "Gentoo Linux Security Advisory GLSA-202409-31 vom 2024-09-28",
"url": "https://security.gentoo.org/glsa/202409-31"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS-2024-2645 vom 2024-10-02",
"url": "https://alas.aws.amazon.com/AL2/ALAS-2024-2645.html"
},
{
"category": "external",
"summary": "Dell Security Advisory DSA-2024-422 vom 2024-10-10",
"url": "https://www.dell.com/support/kbdoc/de-de/000234730/dsa-2024-422-security-update-for-dell-networker-vproxy-multiple-component-vulnerabilities"
},
{
"category": "external",
"summary": "Dell Security Advisory DSA-2024-423 vom 2024-10-11",
"url": "https://www.dell.com/support/kbdoc/de-de/000235068/dsa-2024-423-security-update-for-dell-networker-and-networker-management-console-nmc-multiple-component-vulnerabilities"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7173018 vom 2024-10-14",
"url": "https://www.ibm.com/support/pages/node/7173018"
},
{
"category": "external",
"summary": "Splunk Security Advisory SVD-2024-1012 vom 2024-10-14",
"url": "https://advisory.splunk.com//advisories/SVD-2024-1012"
},
{
"category": "external",
"summary": "openSUSE Security Update OPENSUSE-SU-2024:14399-1 vom 2024-10-15",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/4SYE7WTKUNXNTHQW42V7UBGJBEQBHRTP/"
},
{
"category": "external",
"summary": "openSUSE Security Update OPENSUSE-SU-2024:14400-1 vom 2024-10-15",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/4ZZCCVQLIJ7QABQ7SEQNIICQGIOXKWPA/"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7173744 vom 2024-10-22",
"url": "https://www.ibm.com/support/pages/node/7173744"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:3755-1 vom 2024-10-24",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/IDZD3NVTACJTTUYRJDCRM2C2RTOJVHD6/"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:8235 vom 2024-10-23",
"url": "https://access.redhat.com/errata/RHSA-2024:8235"
},
{
"category": "external",
"summary": "IBM Security Bulletin",
"url": "https://www.ibm.com/support/pages/node/7174634"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:8692 vom 2024-11-07",
"url": "https://access.redhat.com/errata/RHSA-2024:8692"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7111-1 vom 2024-11-14",
"url": "https://ubuntu.com/security/notices/USN-7111-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7109-1 vom 2024-11-14",
"url": "https://ubuntu.com/security/notices/USN-7109-1"
},
{
"category": "external",
"summary": "XEROX Security Advisory XRX24-017 vom 2024-11-21",
"url": "https://securitydocs.business.xerox.com/wp-content/uploads/2024/11/Xerox-Security-Bulletin-XRX24-017-for-Xerox%C2%AE-FreeFlow%C2%AE-Print-Server-v9.pdf"
},
{
"category": "external",
"summary": "XEROX Security Advisory XRX25-001 vom 2025-01-13",
"url": "https://securitydocs.business.xerox.com/wp-content/uploads/2025/01/Xerox-Security-Bulletin-XRX25-001-for-Xerox%C2%AE-FreeFlow%C2%AE-Print-Server-v9.pdf"
},
{
"category": "external",
"summary": "HPE Security Bulletin vom 2025-01-17",
"url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbux04773en_us\u0026docLocale=en_US"
}
],
"source_lang": "en-US",
"title": "HTTP/2: Mehrere Schwachstellen erm\u00f6glichen Denial of Service",
"tracking": {
"current_release_date": "2025-01-19T23:00:00.000+00:00",
"generator": {
"date": "2025-01-20T09:27:52.258+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.10"
}
},
"id": "WID-SEC-W-2024-0789",
"initial_release_date": "2024-04-03T22:00:00.000+00:00",
"revision_history": [
{
"date": "2024-04-03T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2024-04-04T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von Fedora aufgenommen"
},
{
"date": "2024-04-07T22:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von Fedora und SUSE aufgenommen"
},
{
"date": "2024-04-08T22:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2024-04-10T22:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates aufgenommen"
},
{
"date": "2024-04-11T22:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von Red Hat und Ubuntu aufgenommen"
},
{
"date": "2024-04-14T22:00:00.000+00:00",
"number": "7",
"summary": "Neue Updates von Debian und Oracle Linux aufgenommen"
},
{
"date": "2024-04-16T22:00:00.000+00:00",
"number": "8",
"summary": "Neue Updates von Fedora aufgenommen"
},
{
"date": "2024-04-17T22:00:00.000+00:00",
"number": "9",
"summary": "Neue Updates von Ubuntu und Red Hat aufgenommen"
},
{
"date": "2024-04-18T22:00:00.000+00:00",
"number": "10",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2024-04-22T22:00:00.000+00:00",
"number": "11",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-04-23T22:00:00.000+00:00",
"number": "12",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2024-04-24T22:00:00.000+00:00",
"number": "13",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2024-04-25T22:00:00.000+00:00",
"number": "14",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-04-28T22:00:00.000+00:00",
"number": "15",
"summary": "Neue Updates von Red Hat und Debian aufgenommen"
},
{
"date": "2024-04-29T22:00:00.000+00:00",
"number": "16",
"summary": "Neue Updates von Amazon und Ubuntu aufgenommen"
},
{
"date": "2024-05-01T22:00:00.000+00:00",
"number": "17",
"summary": "Neue Updates von Debian und Red Hat aufgenommen"
},
{
"date": "2024-05-02T22:00:00.000+00:00",
"number": "18",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-05-05T22:00:00.000+00:00",
"number": "19",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-05-06T22:00:00.000+00:00",
"number": "20",
"summary": "Neue Updates von Rocky Enterprise Software Foundation aufgenommen"
},
{
"date": "2024-05-07T22:00:00.000+00:00",
"number": "21",
"summary": "Neue Updates von Red Hat und Oracle Linux aufgenommen"
},
{
"date": "2024-05-09T22:00:00.000+00:00",
"number": "22",
"summary": "Neue Updates von Rocky Enterprise Software Foundation, Red Hat und Oracle Linux aufgenommen"
},
{
"date": "2024-05-12T22:00:00.000+00:00",
"number": "23",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2024-05-13T22:00:00.000+00:00",
"number": "24",
"summary": "Neue Updates von SUSE und Amazon aufgenommen"
},
{
"date": "2024-05-14T22:00:00.000+00:00",
"number": "25",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2024-05-15T22:00:00.000+00:00",
"number": "26",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-05-16T22:00:00.000+00:00",
"number": "27",
"summary": "Neue Updates von Red Hat und Oracle Linux aufgenommen"
},
{
"date": "2024-05-20T22:00:00.000+00:00",
"number": "28",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-05-21T22:00:00.000+00:00",
"number": "29",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2024-05-22T22:00:00.000+00:00",
"number": "30",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-05-23T22:00:00.000+00:00",
"number": "31",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-05-26T22:00:00.000+00:00",
"number": "32",
"summary": "Neue Updates von Debian aufgenommen"
},
{
"date": "2024-05-27T22:00:00.000+00:00",
"number": "33",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2024-05-28T22:00:00.000+00:00",
"number": "34",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-05-30T22:00:00.000+00:00",
"number": "35",
"summary": "Neue Updates von Red Hat und Oracle Linux aufgenommen"
},
{
"date": "2024-06-02T22:00:00.000+00:00",
"number": "36",
"summary": "Neue Updates von Oracle Linux, Red Hat und Amazon aufgenommen"
},
{
"date": "2024-06-05T22:00:00.000+00:00",
"number": "37",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-06-06T22:00:00.000+00:00",
"number": "38",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-06-10T22:00:00.000+00:00",
"number": "39",
"summary": "Neue Updates von Red Hat und SUSE aufgenommen"
},
{
"date": "2024-06-11T22:00:00.000+00:00",
"number": "40",
"summary": "Neue Updates von Amazon aufgenommen"
},
{
"date": "2024-06-12T22:00:00.000+00:00",
"number": "41",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-06-16T22:00:00.000+00:00",
"number": "42",
"summary": "Neue Updates von Rocky Enterprise Software Foundation aufgenommen"
},
{
"date": "2024-06-18T22:00:00.000+00:00",
"number": "43",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-06-20T22:00:00.000+00:00",
"number": "44",
"summary": "Neue Updates von SUSE und Red Hat aufgenommen"
},
{
"date": "2024-06-25T22:00:00.000+00:00",
"number": "45",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-06-26T22:00:00.000+00:00",
"number": "46",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-06-30T22:00:00.000+00:00",
"number": "47",
"summary": "Neue Updates von Amazon aufgenommen"
},
{
"date": "2024-07-02T22:00:00.000+00:00",
"number": "48",
"summary": "Neue Updates von Red Hat und Oracle Linux aufgenommen"
},
{
"date": "2024-07-08T22:00:00.000+00:00",
"number": "49",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-07-09T22:00:00.000+00:00",
"number": "50",
"summary": "Neue Updates von IBM und IBM-APAR aufgenommen"
},
{
"date": "2024-07-10T22:00:00.000+00:00",
"number": "51",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-07-11T22:00:00.000+00:00",
"number": "52",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-07-15T22:00:00.000+00:00",
"number": "53",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-07-16T22:00:00.000+00:00",
"number": "54",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-07-18T22:00:00.000+00:00",
"number": "55",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-07-22T22:00:00.000+00:00",
"number": "56",
"summary": "Neue Updates von Amazon aufgenommen"
},
{
"date": "2024-07-23T22:00:00.000+00:00",
"number": "57",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-07-24T22:00:00.000+00:00",
"number": "58",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-07-30T22:00:00.000+00:00",
"number": "59",
"summary": "Neue Updates von Red Hat und IBM aufgenommen"
},
{
"date": "2024-07-31T22:00:00.000+00:00",
"number": "60",
"summary": "Neue Updates von SUSE und Red Hat aufgenommen"
},
{
"date": "2024-08-01T22:00:00.000+00:00",
"number": "61",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-08-05T22:00:00.000+00:00",
"number": "62",
"summary": "Neue Updates von Dell aufgenommen"
},
{
"date": "2024-08-06T22:00:00.000+00:00",
"number": "63",
"summary": "Neue Updates von Gentoo aufgenommen"
},
{
"date": "2024-08-07T22:00:00.000+00:00",
"number": "64",
"summary": "Neue Updates von Red Hat und Gentoo aufgenommen"
},
{
"date": "2024-08-08T22:00:00.000+00:00",
"number": "65",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-08-11T22:00:00.000+00:00",
"number": "66",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2024-08-13T22:00:00.000+00:00",
"number": "67",
"summary": "Neue Updates von Amazon aufgenommen"
},
{
"date": "2024-08-14T22:00:00.000+00:00",
"number": "68",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2024-08-21T22:00:00.000+00:00",
"number": "69",
"summary": "Neue Updates von Amazon aufgenommen"
},
{
"date": "2024-09-03T22:00:00.000+00:00",
"number": "70",
"summary": "Neue Updates von SUSE und Red Hat aufgenommen"
},
{
"date": "2024-09-08T22:00:00.000+00:00",
"number": "71",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2024-09-11T22:00:00.000+00:00",
"number": "72",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-09-17T22:00:00.000+00:00",
"number": "73",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-09-19T22:00:00.000+00:00",
"number": "74",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2024-09-24T22:00:00.000+00:00",
"number": "75",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-09-25T22:00:00.000+00:00",
"number": "76",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-09-29T22:00:00.000+00:00",
"number": "77",
"summary": "Neue Updates von Debian und Gentoo aufgenommen"
},
{
"date": "2024-10-03T22:00:00.000+00:00",
"number": "78",
"summary": "Neue Updates von Amazon aufgenommen"
},
{
"date": "2024-10-09T22:00:00.000+00:00",
"number": "79",
"summary": "Neue Updates von Dell aufgenommen"
},
{
"date": "2024-10-10T22:00:00.000+00:00",
"number": "80",
"summary": "Neue Updates von Dell aufgenommen"
},
{
"date": "2024-10-13T22:00:00.000+00:00",
"number": "81",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2024-10-14T22:00:00.000+00:00",
"number": "82",
"summary": "Neue Updates von Splunk-SVD aufgenommen"
},
{
"date": "2024-10-15T22:00:00.000+00:00",
"number": "83",
"summary": "Neue Updates von openSUSE aufgenommen"
},
{
"date": "2024-10-22T22:00:00.000+00:00",
"number": "84",
"summary": "Neue Updates von IBM und IBM-APAR aufgenommen"
},
{
"date": "2024-10-23T22:00:00.000+00:00",
"number": "85",
"summary": "Neue Updates von SUSE und Red Hat aufgenommen"
},
{
"date": "2024-10-31T23:00:00.000+00:00",
"number": "86",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2024-11-06T23:00:00.000+00:00",
"number": "87",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-11-14T23:00:00.000+00:00",
"number": "88",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2024-11-21T23:00:00.000+00:00",
"number": "89",
"summary": "Neue Updates von XEROX aufgenommen"
},
{
"date": "2024-12-15T23:00:00.000+00:00",
"number": "90",
"summary": "Referenz(en) aufgenommen: 7178947"
},
{
"date": "2025-01-12T23:00:00.000+00:00",
"number": "91",
"summary": "Neue Updates von XEROX aufgenommen"
},
{
"date": "2025-01-19T23:00:00.000+00:00",
"number": "92",
"summary": "Neue Updates von HP aufgenommen"
}
],
"status": "final",
"version": "92"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Amazon Linux 2",
"product": {
"name": "Amazon Linux 2",
"product_id": "398363",
"product_identification_helper": {
"cpe": "cpe:/o:amazon:linux_2:-"
}
}
}
],
"category": "vendor",
"name": "Amazon"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c2.4.59",
"product": {
"name": "Apache HTTP Server \u003c2.4.59",
"product_id": "T033904"
}
},
{
"category": "product_version",
"name": "2.4.59",
"product": {
"name": "Apache HTTP Server 2.4.59",
"product_id": "T033904-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:apache:http_server:2.4.59"
}
}
}
],
"category": "product_name",
"name": "HTTP Server"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c8.1.10",
"product": {
"name": "Apache Traffic Server \u003c8.1.10",
"product_id": "T034079"
}
},
{
"category": "product_version",
"name": "8.1.10",
"product": {
"name": "Apache Traffic Server 8.1.10",
"product_id": "T034079-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:apache:traffic_server:8.1.10"
}
}
},
{
"category": "product_version_range",
"name": "\u003c9.2.4",
"product": {
"name": "Apache Traffic Server \u003c9.2.4",
"product_id": "T034080"
}
},
{
"category": "product_version",
"name": "9.2.4",
"product": {
"name": "Apache Traffic Server 9.2.4",
"product_id": "T034080-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:apache:traffic_server:9.2.4"
}
}
}
],
"category": "product_name",
"name": "Traffic Server"
}
],
"category": "vendor",
"name": "Apache"
},
{
"branches": [
{
"category": "product_name",
"name": "Arista EOS",
"product": {
"name": "Arista EOS",
"product_id": "T033896",
"product_identification_helper": {
"cpe": "cpe:/o:arista:arista_eos:-"
}
}
}
],
"category": "vendor",
"name": "Arista"
},
{
"branches": [
{
"category": "product_name",
"name": "Debian Linux",
"product": {
"name": "Debian Linux",
"product_id": "2951",
"product_identification_helper": {
"cpe": "cpe:/o:debian:debian_linux:-"
}
}
}
],
"category": "vendor",
"name": "Debian"
},
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Dell NetWorker",
"product": {
"name": "Dell NetWorker",
"product_id": "T024663",
"product_identification_helper": {
"cpe": "cpe:/a:dell:networker:-"
}
}
},
{
"category": "product_version_range",
"name": "\u003c19.10.0.5",
"product": {
"name": "Dell NetWorker \u003c19.10.0.5",
"product_id": "T038270"
}
},
{
"category": "product_version",
"name": "19.10.0.5",
"product": {
"name": "Dell NetWorker 19.10.0.5",
"product_id": "T038270-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:dell:networker:19.10.0.5"
}
}
}
],
"category": "product_name",
"name": "NetWorker"
}
],
"category": "vendor",
"name": "Dell"
},
{
"branches": [
{
"category": "product_name",
"name": "EMC Avamar",
"product": {
"name": "EMC Avamar",
"product_id": "T014381",
"product_identification_helper": {
"cpe": "cpe:/a:emc:avamar:-"
}
}
}
],
"category": "vendor",
"name": "EMC"
},
{
"branches": [
{
"category": "product_name",
"name": "Fedora Linux",
"product": {
"name": "Fedora Linux",
"product_id": "74185",
"product_identification_helper": {
"cpe": "cpe:/o:fedoraproject:fedora:-"
}
}
}
],
"category": "vendor",
"name": "Fedora"
},
{
"branches": [
{
"category": "product_name",
"name": "Gentoo Linux",
"product": {
"name": "Gentoo Linux",
"product_id": "T012167",
"product_identification_helper": {
"cpe": "cpe:/o:gentoo:linux:-"
}
}
}
],
"category": "vendor",
"name": "Gentoo"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c1.22.2",
"product": {
"name": "Golang Go \u003c1.22.2",
"product_id": "T033893"
}
},
{
"category": "product_version",
"name": "1.22.2",
"product": {
"name": "Golang Go 1.22.2",
"product_id": "T033893-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:golang:go:1.22.2"
}
}
}
],
"category": "product_name",
"name": "Go"
}
],
"category": "vendor",
"name": "Golang"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c11.31",
"product": {
"name": "HPE HP-UX \u003c11.31",
"product_id": "T040402"
}
},
{
"category": "product_version",
"name": "11.31",
"product": {
"name": "HPE HP-UX 11.31",
"product_id": "T040402-fixed",
"product_identification_helper": {
"cpe": "cpe:/o:hp:hp-ux:11.31"
}
}
}
],
"category": "product_name",
"name": "HP-UX"
}
],
"category": "vendor",
"name": "HPE"
},
{
"branches": [
{
"category": "product_name",
"name": "IBM App Connect Enterprise",
"product": {
"name": "IBM App Connect Enterprise",
"product_id": "T032495",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:app_connect_enterprise:-"
}
}
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c10.5.0.12",
"product": {
"name": "IBM DataPower Gateway \u003c10.5.0.12",
"product_id": "T035904"
}
},
{
"category": "product_version",
"name": "10.5.0.12",
"product": {
"name": "IBM DataPower Gateway 10.5.0.12",
"product_id": "T035904-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:datapower_gateway:10.5.0.12"
}
}
},
{
"category": "product_version_range",
"name": "\u003c10.6.0.0",
"product": {
"name": "IBM DataPower Gateway \u003c10.6.0.0",
"product_id": "T035905"
}
},
{
"category": "product_version",
"name": "10.6.0.0",
"product": {
"name": "IBM DataPower Gateway 10.6.0.0",
"product_id": "T035905-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:datapower_gateway:10.6.0.0"
}
}
}
],
"category": "product_name",
"name": "DataPower Gateway"
},
{
"branches": [
{
"category": "product_version_range",
"name": "Operator \u003c3.1.3",
"product": {
"name": "IBM MQ Operator \u003c3.1.3",
"product_id": "T034999"
}
},
{
"category": "product_version",
"name": "Operator 3.1.3",
"product": {
"name": "IBM MQ Operator 3.1.3",
"product_id": "T034999-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:mq:operator__3.1.3"
}
}
},
{
"category": "product_version_range",
"name": "Operator \u003c2.0.22 LTS",
"product": {
"name": "IBM MQ Operator \u003c2.0.22 LTS",
"product_id": "T035000"
}
},
{
"category": "product_version",
"name": "Operator 2.0.22 LTS",
"product": {
"name": "IBM MQ Operator 2.0.22 LTS",
"product_id": "T035000-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:mq:operator__2.0.22_lts"
}
}
},
{
"category": "product_version",
"name": "Operator",
"product": {
"name": "IBM MQ Operator",
"product_id": "T036688",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:mq:operator"
}
}
}
],
"category": "product_name",
"name": "MQ"
},
{
"branches": [
{
"category": "product_version",
"name": "v10",
"product": {
"name": "IBM Power Hardware Management Console v10",
"product_id": "T023373",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:hardware_management_console:v10"
}
}
}
],
"category": "product_name",
"name": "Power Hardware Management Console"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c7.5.0 UP9",
"product": {
"name": "IBM QRadar SIEM \u003c7.5.0 UP9",
"product_id": "T036127"
}
},
{
"category": "product_version",
"name": "7.5.0 UP9",
"product": {
"name": "IBM QRadar SIEM 7.5.0 UP9",
"product_id": "T036127-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:qradar_siem:7.5.0_up9"
}
}
},
{
"category": "product_version_range",
"name": "\u003c7.5.0 UP10 IF01",
"product": {
"name": "IBM QRadar SIEM \u003c7.5.0 UP10 IF01",
"product_id": "T038741"
}
},
{
"category": "product_version",
"name": "7.5.0 UP10 IF01",
"product": {
"name": "IBM QRadar SIEM 7.5.0 UP10 IF01",
"product_id": "T038741-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:qradar_siem:7.5.0_up10_if01"
}
}
}
],
"category": "product_name",
"name": "QRadar SIEM"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c8.0.0.27",
"product": {
"name": "IBM Rational Build Forge \u003c8.0.0.27",
"product_id": "T038286"
}
},
{
"category": "product_version",
"name": "8.0.0.27",
"product": {
"name": "IBM Rational Build Forge 8.0.0.27",
"product_id": "T038286-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:rational_build_forge:8.0.0.27"
}
}
}
],
"category": "product_name",
"name": "Rational Build Forge"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c10.1.16.2",
"product": {
"name": "IBM Spectrum Protect Plus \u003c10.1.16.2",
"product_id": "T036379"
}
},
{
"category": "product_version",
"name": "10.1.16.2",
"product": {
"name": "IBM Spectrum Protect Plus 10.1.16.2",
"product_id": "T036379-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:spectrum_protect_plus:10.1.16.2"
}
}
}
],
"category": "product_name",
"name": "Spectrum Protect Plus"
}
],
"category": "vendor",
"name": "IBM"
},
{
"branches": [
{
"category": "product_name",
"name": "Open Source nghttp2",
"product": {
"name": "Open Source nghttp2",
"product_id": "T033895",
"product_identification_helper": {
"cpe": "cpe:/a:nghttp2:nghttp2:-"
}
}
}
],
"category": "vendor",
"name": "Open Source"
},
{
"branches": [
{
"category": "product_name",
"name": "Oracle Linux",
"product": {
"name": "Oracle Linux",
"product_id": "T004914",
"product_identification_helper": {
"cpe": "cpe:/o:oracle:linux:-"
}
}
}
],
"category": "vendor",
"name": "Oracle"
},
{
"branches": [
{
"category": "product_name",
"name": "RESF Rocky Linux",
"product": {
"name": "RESF Rocky Linux",
"product_id": "T032255",
"product_identification_helper": {
"cpe": "cpe:/o:resf:rocky_linux:-"
}
}
}
],
"category": "vendor",
"name": "RESF"
},
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
},
{
"category": "product_version",
"name": "Advanced Cluster Security for Kubernetes 4",
"product": {
"name": "Red Hat Enterprise Linux Advanced Cluster Security for Kubernetes 4",
"product_id": "T027916",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:advanced_cluster_security_for_kubernetes_4"
}
}
}
],
"category": "product_name",
"name": "Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "Virtualization 4.13",
"product": {
"name": "Red Hat OpenShift Virtualization 4.13",
"product_id": "T027763",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:virtualization_4.13"
}
}
},
{
"category": "product_version",
"name": "Container Platform 4.14",
"product": {
"name": "Red Hat OpenShift Container Platform 4.14",
"product_id": "T031393",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:container_platform_4.14.4"
}
}
},
{
"category": "product_version_range",
"name": "Container Platform \u003c4.15",
"product": {
"name": "Red Hat OpenShift Container Platform \u003c4.15",
"product_id": "T034232"
}
},
{
"category": "product_version",
"name": "Container Platform 4.15",
"product": {
"name": "Red Hat OpenShift Container Platform 4.15",
"product_id": "T034232-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:container_platform__4.15"
}
}
},
{
"category": "product_version_range",
"name": "Container Platform \u003c4.15.12",
"product": {
"name": "Red Hat OpenShift Container Platform \u003c4.15.12",
"product_id": "T034661"
}
},
{
"category": "product_version",
"name": "Container Platform 4.15.12",
"product": {
"name": "Red Hat OpenShift Container Platform 4.15.12",
"product_id": "T034661-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:container_platform__4.15.12"
}
}
},
{
"category": "product_version_range",
"name": "Container Platform \u003c4.14.24",
"product": {
"name": "Red Hat OpenShift Container Platform \u003c4.14.24",
"product_id": "T034662"
}
},
{
"category": "product_version",
"name": "Container Platform 4.14.24",
"product": {
"name": "Red Hat OpenShift Container Platform 4.14.24",
"product_id": "T034662-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:container_platform__4.14.24"
}
}
},
{
"category": "product_version_range",
"name": "Container Platform \u003c4.15.14",
"product": {
"name": "Red Hat OpenShift Container Platform \u003c4.15.14",
"product_id": "T034932"
}
},
{
"category": "product_version",
"name": "Container Platform 4.15.14",
"product": {
"name": "Red Hat OpenShift Container Platform 4.15.14",
"product_id": "T034932-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:container_platform__4.15.14"
}
}
}
],
"category": "product_name",
"name": "OpenShift"
}
],
"category": "vendor",
"name": "Red Hat"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux",
"product": {
"name": "SUSE Linux",
"product_id": "T002207",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_linux:-"
}
}
},
{
"category": "product_name",
"name": "SUSE openSUSE",
"product": {
"name": "SUSE openSUSE",
"product_id": "T027843",
"product_identification_helper": {
"cpe": "cpe:/o:suse:opensuse:-"
}
}
}
],
"category": "vendor",
"name": "SUSE"
},
{
"branches": [
{
"category": "product_name",
"name": "Specification http/2",
"product": {
"name": "Specification http/2",
"product_id": "T033894",
"product_identification_helper": {
"cpe": "cpe:/a:ietf:http2:-"
}
}
}
],
"category": "vendor",
"name": "Specification"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c9.3.1",
"product": {
"name": "Splunk Splunk Enterprise \u003c9.3.1",
"product_id": "T038314"
}
},
{
"category": "product_version",
"name": "9.3.1",
"product": {
"name": "Splunk Splunk Enterprise 9.3.1",
"product_id": "T038314-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:splunk:splunk:9.3.1"
}
}
},
{
"category": "product_version_range",
"name": "\u003c9.2.3",
"product": {
"name": "Splunk Splunk Enterprise \u003c9.2.3",
"product_id": "T038315"
}
},
{
"category": "product_version",
"name": "9.2.3",
"product": {
"name": "Splunk Splunk Enterprise 9.2.3",
"product_id": "T038315-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:splunk:splunk:9.2.3"
}
}
},
{
"category": "product_version_range",
"name": "\u003c9.1.6",
"product": {
"name": "Splunk Splunk Enterprise \u003c9.1.6",
"product_id": "T038316"
}
},
{
"category": "product_version",
"name": "9.1.6",
"product": {
"name": "Splunk Splunk Enterprise 9.1.6",
"product_id": "T038316-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:splunk:splunk:9.1.6"
}
}
}
],
"category": "product_name",
"name": "Splunk Enterprise"
}
],
"category": "vendor",
"name": "Splunk"
},
{
"branches": [
{
"category": "product_name",
"name": "Ubuntu Linux",
"product": {
"name": "Ubuntu Linux",
"product_id": "T000126",
"product_identification_helper": {
"cpe": "cpe:/o:canonical:ubuntu_linux:-"
}
}
}
],
"category": "vendor",
"name": "Ubuntu"
},
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "v9",
"product": {
"name": "Xerox FreeFlow Print Server v9",
"product_id": "T015632",
"product_identification_helper": {
"cpe": "cpe:/a:xerox:freeflow_print_server:v9"
}
}
},
{
"category": "product_version",
"name": "v9 for Solaris",
"product": {
"name": "Xerox FreeFlow Print Server v9 for Solaris",
"product_id": "T028053",
"product_identification_helper": {
"cpe": "cpe:/a:xerox:freeflow_print_server:v9_for_solaris"
}
}
}
],
"category": "product_name",
"name": "FreeFlow Print Server"
}
],
"category": "vendor",
"name": "Xerox"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-45288",
"notes": [
{
"category": "description",
"text": "Mehrere Implementierungen der http/2-Spezifikation enthalten eine Schwachstelle im Zusammenhang mit der Fragmentierung von Anfragen. Solange das END_HEADERS-Flag in einem Frame nicht gesetzt ist, empf\u00e4ngt der Endpunkt weiterhin Header-Daten. Mit einer gro\u00dfen Anzahl von CONTINUATION-Frames kann so der Speicher auf der Serverseite beliebig gef\u00fcllt werden. Ein entfernter, anonymer Angreifer kann dies ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033895",
"T033896",
"67646",
"T031393",
"T036127",
"T036688",
"T004914",
"T033893",
"T033894",
"T034662",
"T038741",
"T034661",
"T034080",
"T027916",
"T038286",
"T024663",
"398363",
"T033904",
"T035905",
"T023373",
"T034932",
"T028053",
"T035904",
"T034999",
"T035000",
"T038314",
"T015632",
"T036379",
"T038315",
"T012167",
"T038316",
"T032255",
"74185",
"T034079",
"T032495",
"T034232",
"T014381",
"2951",
"T002207",
"T000126",
"T038270",
"T027843",
"T040402",
"T027763"
]
},
"release_date": "2024-04-03T22:00:00.000+00:00",
"title": "CVE-2023-45288"
},
{
"cve": "CVE-2024-2653",
"notes": [
{
"category": "description",
"text": "Mehrere Implementierungen der http/2-Spezifikation enthalten eine Schwachstelle im Zusammenhang mit der Fragmentierung von Anfragen. Solange das END_HEADERS-Flag in einem Frame nicht gesetzt ist, empf\u00e4ngt der Endpunkt weiterhin Header-Daten. Mit einer gro\u00dfen Anzahl von CONTINUATION-Frames kann so der Speicher auf der Serverseite beliebig gef\u00fcllt werden. Ein entfernter, anonymer Angreifer kann dies ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033895",
"T033896",
"67646",
"T031393",
"T036127",
"T036688",
"T004914",
"T033893",
"T033894",
"T034662",
"T038741",
"T034661",
"T034080",
"T027916",
"T038286",
"T024663",
"398363",
"T033904",
"T035905",
"T023373",
"T034932",
"T028053",
"T035904",
"T034999",
"T035000",
"T038314",
"T015632",
"T036379",
"T038315",
"T012167",
"T038316",
"T032255",
"74185",
"T034079",
"T032495",
"T034232",
"T014381",
"2951",
"T002207",
"T000126",
"T038270",
"T027843",
"T040402",
"T027763"
]
},
"release_date": "2024-04-03T22:00:00.000+00:00",
"title": "CVE-2024-2653"
},
{
"cve": "CVE-2024-27316",
"notes": [
{
"category": "description",
"text": "Mehrere Implementierungen der http/2-Spezifikation enthalten eine Schwachstelle im Zusammenhang mit der Fragmentierung von Anfragen. Solange das END_HEADERS-Flag in einem Frame nicht gesetzt ist, empf\u00e4ngt der Endpunkt weiterhin Header-Daten. Mit einer gro\u00dfen Anzahl von CONTINUATION-Frames kann so der Speicher auf der Serverseite beliebig gef\u00fcllt werden. Ein entfernter, anonymer Angreifer kann dies ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033895",
"T033896",
"67646",
"T031393",
"T036127",
"T036688",
"T004914",
"T033893",
"T033894",
"T034662",
"T038741",
"T034661",
"T034080",
"T027916",
"T038286",
"T024663",
"398363",
"T033904",
"T035905",
"T023373",
"T034932",
"T028053",
"T035904",
"T034999",
"T035000",
"T038314",
"T015632",
"T036379",
"T038315",
"T012167",
"T038316",
"T032255",
"74185",
"T034079",
"T032495",
"T034232",
"T014381",
"2951",
"T002207",
"T000126",
"T038270",
"T027843",
"T040402",
"T027763"
]
},
"release_date": "2024-04-03T22:00:00.000+00:00",
"title": "CVE-2024-27316"
},
{
"cve": "CVE-2024-2758",
"notes": [
{
"category": "description",
"text": "Mehrere Implementierungen der http/2-Spezifikation enthalten eine Schwachstelle im Zusammenhang mit der Fragmentierung von Anfragen. Solange das END_HEADERS-Flag in einem Frame nicht gesetzt ist, empf\u00e4ngt der Endpunkt weiterhin Header-Daten. Mit einer gro\u00dfen Anzahl von CONTINUATION-Frames kann so der Speicher auf der Serverseite beliebig gef\u00fcllt werden. Ein entfernter, anonymer Angreifer kann dies ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033895",
"T033896",
"67646",
"T031393",
"T036127",
"T036688",
"T004914",
"T033893",
"T033894",
"T034662",
"T038741",
"T034661",
"T034080",
"T027916",
"T038286",
"T024663",
"398363",
"T033904",
"T035905",
"T023373",
"T034932",
"T028053",
"T035904",
"T034999",
"T035000",
"T038314",
"T015632",
"T036379",
"T038315",
"T012167",
"T038316",
"T032255",
"74185",
"T034079",
"T032495",
"T034232",
"T014381",
"2951",
"T002207",
"T000126",
"T038270",
"T027843",
"T040402",
"T027763"
]
},
"release_date": "2024-04-03T22:00:00.000+00:00",
"title": "CVE-2024-2758"
},
{
"cve": "CVE-2024-27919",
"notes": [
{
"category": "description",
"text": "Mehrere Implementierungen der http/2-Spezifikation enthalten eine Schwachstelle im Zusammenhang mit der Fragmentierung von Anfragen. Solange das END_HEADERS-Flag in einem Frame nicht gesetzt ist, empf\u00e4ngt der Endpunkt weiterhin Header-Daten. Mit einer gro\u00dfen Anzahl von CONTINUATION-Frames kann so der Speicher auf der Serverseite beliebig gef\u00fcllt werden. Ein entfernter, anonymer Angreifer kann dies ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033895",
"T033896",
"67646",
"T031393",
"T036127",
"T036688",
"T004914",
"T033893",
"T033894",
"T034662",
"T038741",
"T034661",
"T034080",
"T027916",
"T038286",
"T024663",
"398363",
"T033904",
"T035905",
"T023373",
"T034932",
"T028053",
"T035904",
"T034999",
"T035000",
"T038314",
"T015632",
"T036379",
"T038315",
"T012167",
"T038316",
"T032255",
"74185",
"T034079",
"T032495",
"T034232",
"T014381",
"2951",
"T002207",
"T000126",
"T038270",
"T027843",
"T040402",
"T027763"
]
},
"release_date": "2024-04-03T22:00:00.000+00:00",
"title": "CVE-2024-27919"
},
{
"cve": "CVE-2024-28182",
"notes": [
{
"category": "description",
"text": "Mehrere Implementierungen der http/2-Spezifikation enthalten eine Schwachstelle im Zusammenhang mit der Fragmentierung von Anfragen. Solange das END_HEADERS-Flag in einem Frame nicht gesetzt ist, empf\u00e4ngt der Endpunkt weiterhin Header-Daten. Mit einer gro\u00dfen Anzahl von CONTINUATION-Frames kann so der Speicher auf der Serverseite beliebig gef\u00fcllt werden. Ein entfernter, anonymer Angreifer kann dies ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033895",
"T033896",
"67646",
"T031393",
"T036127",
"T036688",
"T004914",
"T033893",
"T033894",
"T034662",
"T038741",
"T034661",
"T034080",
"T027916",
"T038286",
"T024663",
"398363",
"T033904",
"T035905",
"T023373",
"T034932",
"T028053",
"T035904",
"T034999",
"T035000",
"T038314",
"T015632",
"T036379",
"T038315",
"T012167",
"T038316",
"T032255",
"74185",
"T034079",
"T032495",
"T034232",
"T014381",
"2951",
"T002207",
"T000126",
"T038270",
"T027843",
"T040402",
"T027763"
]
},
"release_date": "2024-04-03T22:00:00.000+00:00",
"title": "CVE-2024-28182"
},
{
"cve": "CVE-2024-30255",
"notes": [
{
"category": "description",
"text": "Mehrere Implementierungen der http/2-Spezifikation enthalten eine Schwachstelle im Zusammenhang mit der Fragmentierung von Anfragen. Solange das END_HEADERS-Flag in einem Frame nicht gesetzt ist, empf\u00e4ngt der Endpunkt weiterhin Header-Daten. Mit einer gro\u00dfen Anzahl von CONTINUATION-Frames kann so der Speicher auf der Serverseite beliebig gef\u00fcllt werden. Ein entfernter, anonymer Angreifer kann dies ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033895",
"T033896",
"67646",
"T031393",
"T036127",
"T036688",
"T004914",
"T033893",
"T033894",
"T034662",
"T038741",
"T034661",
"T034080",
"T027916",
"T038286",
"T024663",
"398363",
"T033904",
"T035905",
"T023373",
"T034932",
"T028053",
"T035904",
"T034999",
"T035000",
"T038314",
"T015632",
"T036379",
"T038315",
"T012167",
"T038316",
"T032255",
"74185",
"T034079",
"T032495",
"T034232",
"T014381",
"2951",
"T002207",
"T000126",
"T038270",
"T027843",
"T040402",
"T027763"
]
},
"release_date": "2024-04-03T22:00:00.000+00:00",
"title": "CVE-2024-30255"
},
{
"cve": "CVE-2024-31309",
"notes": [
{
"category": "description",
"text": "Mehrere Implementierungen der http/2-Spezifikation enthalten eine Schwachstelle im Zusammenhang mit der Fragmentierung von Anfragen. Solange das END_HEADERS-Flag in einem Frame nicht gesetzt ist, empf\u00e4ngt der Endpunkt weiterhin Header-Daten. Mit einer gro\u00dfen Anzahl von CONTINUATION-Frames kann so der Speicher auf der Serverseite beliebig gef\u00fcllt werden. Ein entfernter, anonymer Angreifer kann dies ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T033895",
"T033896",
"67646",
"T031393",
"T036127",
"T036688",
"T004914",
"T033893",
"T033894",
"T034662",
"T038741",
"T034661",
"T034080",
"T027916",
"T038286",
"T024663",
"398363",
"T033904",
"T035905",
"T023373",
"T034932",
"T028053",
"T035904",
"T034999",
"T035000",
"T038314",
"T015632",
"T036379",
"T038315",
"T012167",
"T038316",
"T032255",
"74185",
"T034079",
"T032495",
"T034232",
"T014381",
"2951",
"T002207",
"T000126",
"T038270",
"T027843",
"T040402",
"T027763"
]
},
"release_date": "2024-04-03T22:00:00.000+00:00",
"title": "CVE-2024-31309"
}
]
}
gsd-2024-31309
Vulnerability from gsd
Modified
2024-04-03 05:02
Details
HTTP/2 CONTINUATION DoS attack can cause Apache Traffic Server to consume more resources on the server. Version from 8.0.0 through 8.1.9, from 9.0.0 through 9.2.3 are affected.
Users can set a new setting (proxy.config.http2.max_continuation_frames_per_minute) to limit the number of CONTINUATION frames per minute. ATS does have a fixed amount of memory a request can use and ATS adheres to these limits in previous releases.
Users are recommended to upgrade to versions 8.1.10 or 9.2.4 which fixes the issue.
Aliases
{
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2024-31309"
],
"details": "HTTP/2 CONTINUATION\u00a0DoS attack can cause Apache Traffic Server to consume more resources on the server.\u00a0 Version from 8.0.0 through 8.1.9, from 9.0.0 through 9.2.3 are\u00a0affected.\n\nUsers can set a new setting (proxy.config.http2.max_continuation_frames_per_minute) to limit the number of CONTINUATION frames per minute. \u00a0ATS does have a fixed amount of memory a request can use and ATS adheres to these limits in previous releases.\nUsers are recommended to upgrade to versions 8.1.10 or 9.2.4 which fixes the issue.\n\n",
"id": "GSD-2024-31309",
"modified": "2024-04-03T05:02:25.546171Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"ID": "CVE-2024-31309",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache Traffic Server",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "8.0.0",
"version_value": "8.1.9"
},
{
"version_affected": "\u003c=",
"version_name": "9.0.0",
"version_value": "9.2.3"
}
]
}
}
]
},
"vendor_name": "Apache Software Foundation"
}
]
}
},
"credits": [
{
"lang": "en",
"value": "Bartek Nowotarski"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "HTTP/2 CONTINUATION\u00a0DoS attack can cause Apache Traffic Server to consume more resources on the server.\u00a0 Version from 8.0.0 through 8.1.9, from 9.0.0 through 9.2.3 are\u00a0affected.\n\nUsers can set a new setting (proxy.config.http2.max_continuation_frames_per_minute) to limit the number of CONTINUATION frames per minute. \u00a0ATS does have a fixed amount of memory a request can use and ATS adheres to these limits in previous releases.\nUsers are recommended to upgrade to versions 8.1.10 or 9.2.4 which fixes the issue.\n\n"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"cweId": "CWE-20",
"lang": "eng",
"value": "CWE-20 Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://lists.apache.org/thread/f9qh3g3jvy153wh82pz4onrfj1wh13kc",
"refsource": "MISC",
"url": "https://lists.apache.org/thread/f9qh3g3jvy153wh82pz4onrfj1wh13kc"
},
{
"name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QV77HYM7ARSTL3B6U3IFG7PHDU65WL4I/",
"refsource": "MISC",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QV77HYM7ARSTL3B6U3IFG7PHDU65WL4I/"
},
{
"name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T3XON6RM5ZKCZ6K6NB7BOTAWMJQKXJDO/",
"refsource": "MISC",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T3XON6RM5ZKCZ6K6NB7BOTAWMJQKXJDO/"
},
{
"name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PBKLPQ6ECG4PGEPRCYI3Y3OITNDEFCCV/",
"refsource": "MISC",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PBKLPQ6ECG4PGEPRCYI3Y3OITNDEFCCV/"
},
{
"name": "https://lists.debian.org/debian-lts-announce/2024/04/msg00021.html",
"refsource": "MISC",
"url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00021.html"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
},
"nvd.nist.gov": {
"cve": {
"descriptions": [
{
"lang": "en",
"value": "HTTP/2 CONTINUATION\u00a0DoS attack can cause Apache Traffic Server to consume more resources on the server.\u00a0 Version from 8.0.0 through 8.1.9, from 9.0.0 through 9.2.3 are\u00a0affected.\n\nUsers can set a new setting (proxy.config.http2.max_continuation_frames_per_minute) to limit the number of CONTINUATION frames per minute. \u00a0ATS does have a fixed amount of memory a request can use and ATS adheres to these limits in previous releases.\nUsers are recommended to upgrade to versions 8.1.10 or 9.2.4 which fixes the issue.\n\n"
},
{
"lang": "es",
"value": "Un ataque de HTTP/2 CONTINUATION DoS puede hacer que Apache Traffic Server consuma m\u00e1s recursos en el servidor. Las versiones de 8.0.0 a 8.1.9 y de 9.0.0 a 9.2.3 se ven afectadas. Los usuarios pueden establecer una nueva configuraci\u00f3n (proxy.config.http2.max_continuation_frames_per_minuto) para limitar el n\u00famero de fotogramas de CONTINUACI\u00d3N por minuto. ATS tiene una cantidad fija de memoria que una solicitud puede usar y ATS cumple con estos l\u00edmites en versiones anteriores. Se recomienda a los usuarios actualizar a las versiones 8.1.10 o 9.2.4, que solucionan el problema."
}
],
"id": "CVE-2024-31309",
"lastModified": "2024-04-28T22:15:45.930",
"metrics": {},
"published": "2024-04-10T12:15:09.257",
"references": [
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread/f9qh3g3jvy153wh82pz4onrfj1wh13kc"
},
{
"source": "security@apache.org",
"url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00021.html"
},
{
"source": "security@apache.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PBKLPQ6ECG4PGEPRCYI3Y3OITNDEFCCV/"
},
{
"source": "security@apache.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QV77HYM7ARSTL3B6U3IFG7PHDU65WL4I/"
},
{
"source": "security@apache.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T3XON6RM5ZKCZ6K6NB7BOTAWMJQKXJDO/"
}
],
"sourceIdentifier": "security@apache.org",
"vulnStatus": "Awaiting Analysis",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "security@apache.org",
"type": "Primary"
}
]
}
}
}
}
fkie_cve-2024-31309
Vulnerability from fkie_nvd
Published
2024-04-10 12:15
Modified
2025-06-03 21:11
Severity ?
Summary
HTTP/2 CONTINUATION DoS attack can cause Apache Traffic Server to consume more resources on the server. Version from 8.0.0 through 8.1.9, from 9.0.0 through 9.2.3 are affected.
Users can set a new setting (proxy.config.http2.max_continuation_frames_per_minute) to limit the number of CONTINUATION frames per minute. ATS does have a fixed amount of memory a request can use and ATS adheres to these limits in previous releases.
Users are recommended to upgrade to versions 8.1.10 or 9.2.4 which fixes the issue.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apache | traffic_server | * | |
| apache | traffic_server | * | |
| debian | debian_linux | 10.0 | |
| fedoraproject | fedora | 38 | |
| fedoraproject | fedora | 39 | |
| fedoraproject | fedora | 40 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7F6B1B30-874B-45F6-9B62-D10E71BBEB95",
"versionEndExcluding": "8.1.10",
"versionStartIncluding": "8.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0BEA0F10-BDD0-4973-9F40-CB6A010F4AFE",
"versionEndExcluding": "9.2.4",
"versionStartIncluding": "9.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*",
"matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*",
"matchCriteriaId": "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:40:*:*:*:*:*:*:*",
"matchCriteriaId": "CA277A6C-83EC-4536-9125-97B84C4FAF59",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "HTTP/2 CONTINUATION\u00a0DoS attack can cause Apache Traffic Server to consume more resources on the server.\u00a0 Version from 8.0.0 through 8.1.9, from 9.0.0 through 9.2.3 are\u00a0affected.\n\nUsers can set a new setting (proxy.config.http2.max_continuation_frames_per_minute) to limit the number of CONTINUATION frames per minute. \u00a0ATS does have a fixed amount of memory a request can use and ATS adheres to these limits in previous releases.\nUsers are recommended to upgrade to versions 8.1.10 or 9.2.4 which fixes the issue."
},
{
"lang": "es",
"value": "Un ataque de HTTP/2 CONTINUATION DoS puede hacer que Apache Traffic Server consuma m\u00e1s recursos en el servidor. Las versiones de 8.0.0 a 8.1.9 y de 9.0.0 a 9.2.3 se ven afectadas. Los usuarios pueden establecer una nueva configuraci\u00f3n (proxy.config.http2.max_continuation_frames_per_minuto) para limitar el n\u00famero de fotogramas de CONTINUACI\u00d3N por minuto. ATS tiene una cantidad fija de memoria que una solicitud puede usar y ATS cumple con estos l\u00edmites en versiones anteriores. Se recomienda a los usuarios actualizar a las versiones 8.1.10 o 9.2.4, que solucionan el problema."
}
],
"id": "CVE-2024-31309",
"lastModified": "2025-06-03T21:11:14.920",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2024-04-10T12:15:09.257",
"references": [
{
"source": "security@apache.org",
"tags": [
"Mailing List"
],
"url": "http://www.openwall.com/lists/oss-security/2024/04/03/16"
},
{
"source": "security@apache.org",
"tags": [
"Mailing List"
],
"url": "http://www.openwall.com/lists/oss-security/2024/04/10/7"
},
{
"source": "security@apache.org",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread/f9qh3g3jvy153wh82pz4onrfj1wh13kc"
},
{
"source": "security@apache.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00021.html"
},
{
"source": "security@apache.org",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PBKLPQ6ECG4PGEPRCYI3Y3OITNDEFCCV/"
},
{
"source": "security@apache.org",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QV77HYM7ARSTL3B6U3IFG7PHDU65WL4I/"
},
{
"source": "security@apache.org",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T3XON6RM5ZKCZ6K6NB7BOTAWMJQKXJDO/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "http://www.openwall.com/lists/oss-security/2024/04/03/16"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "http://www.openwall.com/lists/oss-security/2024/04/10/7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread/f9qh3g3jvy153wh82pz4onrfj1wh13kc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PBKLPQ6ECG4PGEPRCYI3Y3OITNDEFCCV/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QV77HYM7ARSTL3B6U3IFG7PHDU65WL4I/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T3XON6RM5ZKCZ6K6NB7BOTAWMJQKXJDO/"
}
],
"sourceIdentifier": "security@apache.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "security@apache.org",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
ghsa-7hpg-wrjj-gghq
Vulnerability from github
Published
2024-04-10 15:30
Modified
2025-02-13 18:32
Severity ?
VLAI Severity ?
Details
HTTP/2 CONTINUATION DoS attack can cause Apache Traffic Server to consume more resources on the server. Version from 8.0.0 through 8.1.9, from 9.0.0 through 9.2.3 are affected.
Users can set a new setting (proxy.config.http2.max_continuation_frames_per_minute) to limit the number of CONTINUATION frames per minute. ATS does have a fixed amount of memory a request can use and ATS adheres to these limits in previous releases. Users are recommended to upgrade to versions 8.1.10 or 9.2.4 which fixes the issue.
{
"affected": [],
"aliases": [
"CVE-2024-31309"
],
"database_specific": {
"cwe_ids": [
"CWE-20"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-04-10T12:15:09Z",
"severity": "HIGH"
},
"details": "HTTP/2 CONTINUATION\u00a0DoS attack can cause Apache Traffic Server to consume more resources on the server.\u00a0 Version from 8.0.0 through 8.1.9, from 9.0.0 through 9.2.3 are\u00a0affected.\n\nUsers can set a new setting (proxy.config.http2.max_continuation_frames_per_minute) to limit the number of CONTINUATION frames per minute. \u00a0ATS does have a fixed amount of memory a request can use and ATS adheres to these limits in previous releases.\nUsers are recommended to upgrade to versions 8.1.10 or 9.2.4 which fixes the issue.\n\n",
"id": "GHSA-7hpg-wrjj-gghq",
"modified": "2025-02-13T18:32:25Z",
"published": "2024-04-10T15:30:40Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-31309"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread/f9qh3g3jvy153wh82pz4onrfj1wh13kc"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00021.html"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PBKLPQ6ECG4PGEPRCYI3Y3OITNDEFCCV"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QV77HYM7ARSTL3B6U3IFG7PHDU65WL4I"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T3XON6RM5ZKCZ6K6NB7BOTAWMJQKXJDO"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2024/04/03/16"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2024/04/10/7"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…