National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Keyword (text search): http/2
  • Search Type: Search All
  • Contains Software Flaws (CVE)
There are 37 matching records.
Displaying matches 1 through 20.
Vuln ID Summary CVSS Severity
CVE-2018-16844

nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the implementation of HTTP/2 that can allow for excessive CPU usage. This issue affects nginx compiled with the ngx_http_v2_module (not compiled by default) if the 'http2' option of the 'listen' directive is used in a configuration file.

Published: November 07, 2018; 09:29:00 AM -05:00
(not available)
CVE-2018-16843

nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the implementation of HTTP/2 that can allow for excessive memory consumption. This issue affects nginx compiled with the ngx_http_v2_module (not compiled by default) if the 'http2' option of the 'listen' directive is used in a configuration file.

Published: November 07, 2018; 09:29:00 AM -05:00
(not available)
CVE-2016-7475

Under some circumstances on BIG-IP 12.0.0-12.1.0, 11.6.0-11.6.1, or 11.4.0-11.5.4 HF1, the Traffic Management Microkernel (TMM) may not properly clean-up pool member network connections when using SPDY or HTTP/2 virtual server profiles.

Published: October 08, 2018; 03:29:00 PM -04:00
(not available)
CVE-2018-11763

In Apache HTTP Server 2.4.17 to 2.4.34, by sending continuous, large SETTINGS frames a client can occupy a connection, server thread and CPU time without any connection timeout coming to effect. This affects only HTTP/2 connections. A possible mitigation is to not enable the h2 protocol.

Published: September 25, 2018; 05:29:00 PM -04:00
(not available)
CVE-2018-14645

A flaw was discovered in the HPACK decoder of HAProxy, before 1.8.14, that is used for HTTP/2. An out-of-bounds read access in hpack_valid_idx() resulted in a remote crash and denial of service.

Published: September 21, 2018; 09:29:00 AM -04:00
V3: 7.5 HIGH
V2: 5.0 MEDIUM
CVE-2018-5530

F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.3.5, or 11.6.0-11.6.3.1 virtual servers with HTTP/2 profiles enabled are vulnerable to "HPACK Bomb".

Published: July 25, 2018; 10:29:00 AM -04:00
V3: 7.5 HIGH
V2: 5.0 MEDIUM
CVE-2018-1333

By specially crafting HTTP/2 requests, workers would be allocated 60 seconds longer than necessary, leading to worker exhaustion and a denial of service. Fixed in Apache HTTP Server 2.4.34 (Affected 2.4.18-2.4.30,2.4.33).

Published: June 18, 2018; 02:29:00 PM -04:00
V3: 7.5 HIGH
V2: 5.0 MEDIUM
CVE-2017-5446

An out-of-bounds read when an HTTP/2 connection to a servers sends "DATA" frames with incorrect data content. This leads to a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.

Published: June 11, 2018; 05:29:06 PM -04:00
V3: 9.8 CRITICAL
V2: 7.5 HIGH
CVE-2018-5514

On F5 BIG-IP 13.1.0-13.1.0.5, maliciously crafted HTTP/2 request frames can lead to denial of service. There is data plane exposure for virtual servers when the HTTP2 profile is enabled. There is no control plane exposure to this issue.

Published: May 02, 2018; 09:29:00 AM -04:00
V3: 7.5 HIGH
V2: 5.0 MEDIUM
CVE-2017-6155

On F5 BIG-IP 13.0.0, 12.0.0-12.1.3.1, 11.6.0-11.6.2, 11.4.1-11.5.5, or 11.2.1, malformed SPDY or HTTP/2 requests may result in a disruption of service to TMM. Data plane is only exposed when a SPDY or HTTP/2 profile is attached to a virtual server. There is no control plane exposure.

Published: April 13, 2018; 09:29:00 AM -04:00
V3: 7.5 HIGH
V2: 5.0 MEDIUM
CVE-2018-1302

When an HTTP/2 stream was destroyed after being handled, the Apache HTTP Server prior to version 2.4.30 could have written a NULL pointer potentially to an already freed memory. The memory pools maintained by the server make this vulnerability hard to trigger in usual configurations, the reporter and the team could not reproduce it outside debug builds, so it is classified as low risk.

Published: March 26, 2018; 11:29:00 AM -04:00
V3: 5.9 MEDIUM
V2: 4.3 MEDIUM
CVE-2018-1000005

libcurl 7.49.0 to and including 7.57.0 contains an out bounds read in code handling HTTP/2 trailers. It was reported (https://github.com/curl/curl/pull/2231) that reading an HTTP/2 trailer could mess up future trailers since the stored size was one byte less than required. The problem is that the code that creates HTTP/1-like headers from the HTTP/2 trailer data once appended a string like `:` to the target buffer, while this was recently changed to `: ` (a space was added after the colon) but the following math wasn't updated correspondingly. When accessed, the data is read out of bounds and causes either a crash or that the (too large) data gets passed to client write. This could lead to a denial-of-service situation or an information disclosure if someone has a service that echoes back or uses the trailers for something.

Published: January 24, 2018; 05:29:00 PM -05:00
V3: 9.1 CRITICAL
V2: 6.4 MEDIUM
CVE-2017-10908

H2O version 2.2.3 and earlier allows remote attackers to cause a denial of service in the server via specially crafted HTTP/2 header.

Published: December 22, 2017; 09:29:12 AM -05:00
V3: 7.5 HIGH
V2: 5.0 MEDIUM
CVE-2017-6151

In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator and WebSafe software version 13.0.0, undisclosed requests made to BIG-IP virtual servers which make use of the "HTTP/2 profile" may result in a disruption of service to TMM.

Published: December 21, 2017; 12:29:00 PM -05:00
V3: 7.5 HIGH
V2: 7.8 HIGH
CVE-2015-3249

The HTTP/2 experimental feature in Apache Traffic Server 5.3.x before 5.3.1 allows remote attackers to cause a denial of service (out-of-bounds access and daemon crash) or possibly execute arbitrary code via vectors related to the (1) frame_handlers array or (2) set_dynamic_table_size function.

Published: October 30, 2017; 10:29:00 AM -04:00
V3: 9.8 CRITICAL
V2: 7.5 HIGH
CVE-2017-6163

In F5 BIG-IP LTM, AAM, AFM, APM, ASM, Link Controller, PEM, PSM software version 12.0.0 to 12.1.2, 11.6.0 to 11.6.1, 11.4.0 to 11.5.4, when a virtual server uses the standard configuration of HTTP/2 or SPDY profile with Client SSL profile, and the client initiates a number of concurrent streams beyond the advertised limit can cause a disruption of service. Remote client initiating stream beyond the advertised limit can cause a disruption of service. The Traffic Management Microkernel (TMM) data plane is exposed to this issue; the control plane is not exposed.

Published: October 27, 2017; 10:29:00 AM -04:00
V3: 5.9 MEDIUM
V2: 4.3 MEDIUM
CVE-2017-12270

A vulnerability in the gRPC code of Cisco IOS XR Software for Cisco Network Convergence System (NCS) 5500 Series Routers could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition when the emsd service stops. The vulnerability is due to the software's inability to process HTTP/2 packets. An attacker could exploit this vulnerability by sending a malformed HTTP/2 frame to the affected device. A successful exploit could allow the attacker to create a DoS condition when the emsd service stops. Cisco Bug IDs: CSCvb99388.

Published: October 05, 2017; 03:29:00 AM -04:00
V3: 7.5 HIGH
V2: 5.0 MEDIUM
CVE-2015-5206

Unspecified vulnerability in the HTTP/2 experimental feature in Apache Traffic Server before 5.3.x before 5.3.2 has unknown impact and attack vectors, a different vulnerability than CVE-2015-5168.

Published: September 13, 2017; 12:29:00 PM -04:00
V3: 9.8 CRITICAL
V2: 10.0 HIGH
CVE-2015-5168

Unspecified vulnerability in the HTTP/2 experimental feature in Apache Traffic Server 5.3.x before 5.3.2 has unknown impact and attack vectors, a different vulnerability than CVE-2015-5206.

Published: September 13, 2017; 12:29:00 PM -04:00
V3: 9.8 CRITICAL
V2: 10.0 HIGH
CVE-2017-7675

The HTTP/2 implementation in Apache Tomcat 9.0.0.M1 to 9.0.0.M21 and 8.5.0 to 8.5.15 bypassed a number of security checks that prevented directory traversal attacks. It was therefore possible to bypass security constraints using a specially crafted URL.

Published: August 10, 2017; 10:29:00 PM -04:00
V3: 7.5 HIGH
V2: 5.0 MEDIUM