CVE - CVE-2024-2758

CVE-ID
CVE-2024-2758	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
Tempesta FW rate limits are not enabled by default. They are either set too large to capture empty CONTINUATION frames attacks or too small to handle normal HTTP requests appropriately.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
CERT-VN:VU#421644 URL:https://www.kb.cert.org/vuls/id/421644 MISC:https://github.com/tempesta-tech/tempesta/security/advisories/GHSA-3xwj-5ch3-q9p4 URL:https://github.com/tempesta-tech/tempesta/security/advisories/GHSA-3xwj-5ch3-q9p4 MLIST:[oss-security] 20240403 CERT/CC VU#421644: HTTP/2 CONTINUATION frames can be utilized for DoS attacks URL:http://www.openwall.com/lists/oss-security/2024/04/03/16
Assigning CNA
CERT/CC
Date Record Created
20240321	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20240321)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)