CVE-2019-9513
- EPSS 4.78%
- Veröffentlicht 13.08.2019 21:15:12
- Zuletzt bearbeitet 14.01.2025 19:29:55
Some HTTP/2 implementations are vulnerable to resource loops, potentially leading to a denial of service. The attacker creates multiple request streams and continually shuffles the priority of the streams in a way that causes substantial churn to the...
CVE-2019-9511
- EPSS 13.95%
- Veröffentlicht 13.08.2019 21:15:12
- Zuletzt bearbeitet 14.01.2025 19:29:55
Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service. The attacker requests a large amount of data from a specified resource over multiple streams. T...
CVE-2019-9900
- EPSS 0.04%
- Veröffentlicht 25.04.2019 15:29:01
- Zuletzt bearbeitet 21.11.2024 04:52:32
When parsing HTTP/1.x header values, Envoy 1.9.0 and before does not reject embedded zero characters (NUL, ASCII 0x0). This allows remote attackers crafting header values containing embedded NUL characters to potentially bypass header matching rules,...