CVE-2019-10079
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2019-10079
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-10079.json
- Related
- Published
- 2019-10-22T16:15:10Z
- Modified
- 2023-11-07T03:02:22Z
- Details
-
Apache Traffic Server is vulnerable to HTTP/2 setting flood attacks. Earlier versions of Apache Traffic Server didn't limit the number of setting frames sent from the client using the HTTP/2 protocol. Users should upgrade to Apache Traffic Server 7.1.7, 8.0.4, or later versions.
- References
-
- https://lists.apache.org/thread.html/392108390cef48af647a2e47b7fd5380e050e35ae8d1aa2030254c04%40%3Cusers.trafficserver.apache.org%3E
- https://lists.apache.org/thread.html/ad3d01e767199c1aed8033bb6b3f5bf98c011c7c536f07a5d34b3c19%40%3Cannounce.trafficserver.apache.org%3E
- https://lists.apache.org/thread.html/bde52309316ae798186d783a5e29f4ad1527f61c9219a289d0eee0a7%40%3Cdev.trafficserver.apache.org%3E