Rapid7 Vulnerability & Exploit Database

Red Hat: CVE-2024-30156: varnish: HTTP/2 Broken Window Attack may result in denial of service (Multiple Advisories)

Free InsightVM Trial No Credit Card Necessary

2024 Attack Intel Report Latest research by Rapid7 Labs

Back to Search

Red Hat: CVE-2024-30156: varnish: HTTP/2 Broken Window Attack may result in denial of service (Multiple Advisories)

Severity

CVSS

(AV:N/AC:L/Au:N/C:N/I:N/A:C)

Published

03/24/2024

Created

04/10/2024

Added

04/09/2024

Modified

05/29/2024

Description

Varnish Cache before 7.3.2 and 7.4.x before 7.4.3 (and before 6.0.13 LTS), and Varnish Enterprise 6 before 6.0.12r6, allows credits exhaustion for an HTTP/2 connection control flow window, aka a Broke Window Attack.

Solution(s)

redhat-upgrade-varnish
redhat-upgrade-varnish-devel
redhat-upgrade-varnish-docs
redhat-upgrade-varnish-modules
redhat-upgrade-varnish-modules-debuginfo
redhat-upgrade-varnish-modules-debugsource

References

CVE-2024-30156
RHSA-2024:1690
RHSA-2024:1691
RHSA-2024:2700
RHSA-2024:2820
RHSA-2024:3305
RHSA-2024:3426

Advanced vulnerability management analytics and reporting.

Key Features

Free InsightVM Trial View All Features

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;

Rapid7 Vulnerability & Exploit Database

Red Hat: CVE-2024-30156: varnish: HTTP/2 Broken Window Attack may result in denial of service (Multiple Advisories)

Red Hat: CVE-2024-30156: varnish: HTTP/2 Broken Window Attack may result in denial of service (Multiple Advisories)

Description

Solution(s)

References

Success! Thank you for submission. We will be in touch shortly.

Oops! There was a problem in submission. Please try again.

Submit your information and we will get in touch with you.