[ANNOUNCE] Apache Traffic Server is vulnerable to a HTTP/2 slow read attack (revised URL to CVE)

2020-04-27 Thread Bryan Call
Description: ATS is vulnerable to a HTTP/2 slow read attack CVE: CVE-2020-9481 Reported By: Masaori Koshiba Vendor: The Apache Software Foundation Version Affected: ATS 6.0.0 to 6.2.3 ATS 7.0.0 to 7.1.9 ATS 8.0.0 to 8.0.6 Mitigation: 6.x users should upgrade to 7.1.10, 8.0.7, or later versions

[ANNOUNCE] Apache Traffic Server is vulnerable to a HTTP/2 slow read attack

2020-04-16 Thread Bryan Call
Description: ATS is vulnerable to a HTTP/2 slow read attack CVE: CVE-2020-9481 Reported By: Masaori Koshiba Vendor: The Apache Software Foundation Version Affected: ATS 6.0.0 to 6.2.3 ATS 7.0.0 to 7.1.9 ATS 8.0.0 to 8.0.6 Mitigation: 6.x users should upgrade to 7.1.10, 8.0.7, or later versions