Eclipse/jetty.project
1
0
Fork 0
mirror of https://github.com/jetty/jetty.project.git synced 2025-03-03 12:29:31 +00:00
Code Issues Packages Projects Releases Wiki Activity

Updated security reports for HTTP/2 fix in #2722

Browse Source
This commit is contained in:
Chris Walker 2019-08-15 10:55:12 -04:00
parent 50b524bb6b
commit d6bd6e6e32
No known key found for this signature in database
GPG Key ID: 422B41E6AAA5A72C
1 changed files with 3 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
jetty-documentation/src/main/asciidoc/reference/troubleshooting/security-reports.adoc
View File

@ -28,6 +28,9 @@ If you would like to report a security issue please follow these link:#security-
|=======================================================================
|yyyy/mm/dd |ID |Exploitable |Severity |Affects |Fixed Version |Comment
|2019/08/13 |CVE-2019-9515 |Med |Med |< = 9.4.20 |9.4.21
|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9515[Some HTTP/2 implementations are vulnerable to a settings flood, potentially leading to a denial of service when an attacker sent a stream of SETTINGS frames to the peer.]
|2019/04/11 |CVE-2019-10247 |Med |Med |< = 9.4.16 |9.2.28, 9.3.27, 9.4.17
|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10247[If no webapp was mounted to the root namespace and a 404 was encountered, an HTML page would be generated displaying the fully qualified base resource location for each context.]