Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Apache Traffic Server Allocation of Resources Without Limits or Throttling Vulnerability - CVE-2019-9516 - Vulnerability Database
Apache Traffic Server

Apache Traffic Server Allocation of Resources Without Limits or Throttling Vulnerability - CVE-2019-9516

Medium
Reference: CVE-2019-9516
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2019-9516
Title: Apache Traffic Server Allocation of Resources Without Limits or Throttling Vulnerability
Overview:

Some HTTP/2 implementations are vulnerable to a header leak potentially leading to a denial of service. The attacker sends a stream of headers with a 0-length header name and 0-length header value optionally Huffman encoded into 1-byte or greater headers. Some implementations allocate memory for these headers and keep the allocation alive until the session dies. This can consume excess memory.