Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

Apache Traffic Server Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2019-9516)

Description

Some HTTP/2 implementations are vulnerable to a header leak, potentially leading to a denial of service. The attacker sends a stream of headers with a 0-length header name and 0-length header value, optionally Huffman encoded into 1-byte or greater headers. Some implementations allocate memory for these headers and keep the allocation alive until the session dies. This can consume excess memory.

Remediation

References

Related Vulnerabilities

SharePoint Authentication Bypass by Spoofing Vulnerability (CVE-2021-42320)

Dolibarr Weak Password Recovery Mechanism for Forgotten Password Vulnerability (CVE-2021-25957)

WordPress Plugin YITH Product Size Charts for WooCommerce Security Bypass (1.1.11)

WordPress Plugin Relevanssi-A Better Search SQL Injection (3.2)

MySQL CVE-2012-1696 Vulnerability (CVE-2012-1696)

Severity

Medium

Classification

CVE-2019-9516 CWE-770 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Tags

Missing Update Known Vulnerabilities