Lucene search
ApacheCVELIST:CVE-2019-10079HistoryOct 22, 2019 - 3:42 p.m.
CVE-2019-10079
2019-10-2215:42:35
apache
www.cve.org
0.004 Low
EPSS
Percentile
72.3%
Apache Traffic Server is vulnerable to HTTP/2 setting flood attacks. Earlier versions of Apache Traffic Server didn’t limit the number of setting frames sent from the client using the HTTP/2 protocol. Users should upgrade to Apache Traffic Server 7.1.7, 8.0.4, or later versions.
CNA Affected
[
{
"product": "Apache Traffic Server",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Apache Traffic Server 6.0.0 to 6.2.3, 7.0.0 to 7.1.6, and 8.0.0 to 8.0.3"
}
]
}
]References
lists.apache.org/thread.html/392108390cef48af647a2e47b7fd5380e050e35ae8d1aa2030254c04%40%3Cusers.trafficserver.apache.org%3E
lists.apache.org/thread.html/ad3d01e767199c1aed8033bb6b3f5bf98c011c7c536f07a5d34b3c19%40%3Cannounce.trafficserver.apache.org%3E
lists.apache.org/thread.html/bde52309316ae798186d783a5e29f4ad1527f61c9219a289d0eee0a7%40%3Cdev.trafficserver.apache.org%3E
Related
ubuntucve
ubuntucve
CVE-2019-10079
2019-10-22 00:00:00
osv
osv
CVE-2019-10079
2019-10-22 16:15:10
trafficserver - security update
2019-09-09 00:00:00
debiancve
debiancve
CVE-2019-10079
2019-10-22 16:15:10
cve
cve
CVE-2019-10079
2019-10-22 16:15:10
prion
prion
Code injection
2019-10-22 16:15:00
nvd
nvd
CVE-2019-10079
2019-10-22 16:15:10
openvas
openvas
Apache Traffic Server (ATS) Multiple HTTP/2 DoS Vulnerabilities
2019-10-28 00:00:00
Debian: Security Advisory (DSA-4520-1)
2019-09-11 00:00:00