subject:"ATS is vulnerable to a HTTP\/2 attack with empty frames"

Re: ATS is vulnerable to a HTTP/2 attack with empty frames

2019-08-20 Thread Bryan Call

This also affects 7.1.7 and 8.0.4. I updated the version range below. -Bryan > On Aug 20, 2019, at 11:36 AM, Bryan Call wrote: > > Description: > ATS is vulnerable to a HTTP/2 attack with empty frames > > CVE: > CVE-2019-9518 Empty Frames Flood > > Reported By:

ATS is vulnerable to a HTTP/2 attack with empty frames

2019-08-20 Thread Bryan Call

Description: ATS is vulnerable to a HTTP/2 attack with empty frames CVE: CVE-2019-9518 Empty Frames Flood Reported By: Piotr Sikora Vendor: The Apache Software Foundation Version Affected: ATS 6.0.0 to 6.2.3 ATS 7.0.0 to 7.1.6 ATS 8.0.0 to 8.0.3 Mitigation: Turn off HTTP/2 or upgrade ATS to a