Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Apache Traffic Server Allocation of Resources Without Limits or Throttling Vulnerability - CVE-2019-9514 - Vulnerability Database
Apache Traffic Server

Apache Traffic Server Allocation of Resources Without Limits or Throttling Vulnerability - CVE-2019-9514

High
Reference: CVE-2019-9514
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2019-9514
Title: Apache Traffic Server Allocation of Resources Without Limits or Throttling Vulnerability
Overview:

Some HTTP/2 implementations are vulnerable to a reset flood potentially leading to a denial of service. The attacker opens a number of streams and sends an invalid request over each stream that should solicit a stream of RST_STREAM frames from the peer. Depending on how the peer queues the RST_STREAM frames this can consume excess memory CPU or both.