Overview
About vulnerability
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.Details
- Affected product:
- AlmaLinux 9.2 ESU , Alpine Linux 3.18 ELS , Alpine Linux 3.22 , Apache ActiveMQ , Apache Hadoop , Apache Hive , Apache Kafka , Apache Lucene , Apache Spark , Apache Tapestry , Apache Tomcat , CentOS 6 ELS , CentOS 7 ELS , CentOS 8.4 ELS , CentOS 8.5 ELS , CentOS Stream 8 ELS , CloudLinux 6 ELS , CloudLinux 7 ELS , Debian 10 , Debian 10 ELS , Debian 11 , Debian 12 , Debian 13 , EL 10 , EL 7 , EL 8 , EL 9 , Eclipse Jetty , Hibernate , Netty , Oracle Linux 6 ELS , Oracle Linux 7 ELS , RHEL 7 ELS , Spring , TuxCare 9.6 ESU , Ubuntu 16.04 ELS , Ubuntu 18.04 , Ubuntu 18.04 ELS , Ubuntu 20.04 , Ubuntu 20.04 ELS , Ubuntu 22.04 , Ubuntu 24.04 , accumulo , activemq , agepredictor , apache-el , apache-jsp , artemis , async-http-client , avro , aws-sdk-java , azure-sdk-for-java , bookkeeper-common-allocator , cassandra-java-driver , couchbase-jvm-clients , cxf , druid , elasticsearch , flume-ng-sdk , gradle , grpc-api , grpc-context , grpc-core , grpc-java , grpc-netty , grpc-protobuf , grpc-protobuf-lite , hbase , htmlunit , http-client , infinispan , jasper-jsp , java-datastore , java-driver , java-storage , jgit , karaf , lettuce , lettuce-core , littleproxy , logging-flume , logging-log4j2 , lucene , neo4j-java-driver , netty , rsocket-java , solr , sonatype-aether , tika , wildfly , zookeeper
- Affected packages:
- grafana @ 10.2.6 (+5601 more)