7.5

CVE-2024-31309

Apache Traffic Server: HTTP/2 CONTINUATION frames can be utilized for DoS attack

HTTP/2 CONTINUATION DoS attack can cause Apache Traffic Server to consume more resources on the server.  Version from 8.0.0 through 8.1.9, from 9.0.0 through 9.2.3 are affected.

Users can set a new setting (proxy.config.http2.max_continuation_frames_per_minute) to limit the number of CONTINUATION frames per minute.  ATS does have a fixed amount of memory a request can use and ATS adheres to these limits in previous releases.
Users are recommended to upgrade to versions 8.1.10 or 9.2.4 which fixes the issue.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
ApacheTraffic Server Version >= 8.0.0 < 8.1.10
ApacheTraffic Server Version >= 9.0.0 < 9.2.4
DebianDebian Linux Version10.0
FedoraprojectFedora Version38
FedoraprojectFedora Version39
FedoraprojectFedora Version40
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 94.62% 0.998
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://www.openwall.com/lists/oss-security/2024/04/03/16
Mailing List
https://www.kb.cert.org/vuls/id/421644
http://www.openwall.com/lists/oss-security/2024/04/10/7
Mailing List
https://lists.apache.org/thread/f9qh3g3jvy153wh82pz4onrfj1wh13kc
Vendor Advisory
Mailing List
https://lists.debian.org/debian-lts-announce/2024/04/msg00021.html
Third Party Advisory
Mailing List
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PBKLPQ6ECG4PGEPRCYI3Y3OITNDEFCCV/
Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QV77HYM7ARSTL3B6U3IFG7PHDU65WL4I/
Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T3XON6RM5ZKCZ6K6NB7BOTAWMJQKXJDO/
Third Party Advisory