admin/cve
1
0
Fork 0
mirror of https://github.com/0xMarcio/cve.git synced 2025-11-28 18:48:49 +00:00
Code Issues Packages Projects Releases Wiki Activity
cve/2024/CVE-2024-31309.md

22 lines
1.2 KiB
Markdown
Raw Normal View History

Update Sat May 25 21:48:12 CEST 2024
2024-05-25 21:48:12 +02:00
### [CVE-2024-31309](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31309)
![](https://img.shields.io/static/v1?label=Product&message=Apache%20Traffic%20Server&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=8.0.0%3C%3D%208.1.9%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-20%20Improper%20Input%20Validation&color=brighgreen)
### Description
HTTP/2 CONTINUATION DoS attack can cause Apache Traffic Server to consume more resources on the server.  Version from 8.0.0 through 8.1.9, from 9.0.0 through 9.2.3 are affected.Users can set a new setting (proxy.config.http2.max_continuation_frames_per_minute) to limit the number of CONTINUATION frames per minute.  ATS does have a fixed amount of memory a request can use and ATS adheres to these limits in previous releases.Users are recommended to upgrade to versions 8.1.10 or 9.2.4 which fixes the issue.
### POC
#### Reference
No PoCs from references.
#### Github
- https://github.com/Ampferl/poc_http2-continuation-flood
- https://github.com/DrewskyDev/H2Flood
- https://github.com/Vos68/HTTP2-Continuation-Flood-PoC
- https://github.com/fkie-cad/nvd-json-data-feeds
- https://github.com/lockness-Ko/CVE-2024-27316
Reference in New Issue Copy Permalink