Apache Traffic Server is vulnerable to HTTP/2 setting flood attacks. Earlier versions of Apache Traffic Server didn't limit the number of setting frames sent from the client using the HTTP/2 protocol. Users should upgrade to Apache Traffic Server 7.1.7, 8.0.4, or later versions.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: apache

Published:

Updated: 2024-08-04T22:10:09.532Z

Reserved: 2019-03-26T00:00:00

Link: CVE-2019-10079

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2019-10-22T16:15:10.610

Modified: 2024-11-21T04:18:21.293

Link: CVE-2019-10079

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.