[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ANNOUNCE] HPACK Bomb Attack vulnerability in ATS - CVE-2016-5396

To: dev <dev@xxxxxxxxxxxxxxxxxxxxxxxx>, users@xxxxxxxxxxxxxxxxxxxxxxxx, announce@xxxxxxxxxxxxxxxxxxxxxxxx, security@xxxxxxxxxxxxxxxxxxxxxxxx, oss-security@xxxxxxxxxxxxxxxxxx, bugtraq@xxxxxxxxxxxxxxxxx, Masaori Koshiba <masaori@xxxxxxxxxx>
Subject: [ANNOUNCE] HPACK Bomb Attack vulnerability in ATS - CVE-2016-5396
From: Bryan Call <bcall@xxxxxxxxxx>
Date: Mon, 17 Apr 2017 16:09:08 -0700

There is a vulnerability in ATS with the HPACK Bomb Attack that can lead to a 
DoS.  Versions 6.0.0 to 6.2.0 are affected.  Please upgrade to ATS 6.2.1 or 
7.0.0.

Downloads:
        https://trafficserver.apache.org/downloads

Jira Ticket:
        ttps://issues.apache.org/jira/browse/TS-5019

CVE
        https://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2016-5396

-Bryan

Prev by Date: Watchguard Fireware XXE DoS & User Enumeration
Next by Date: [CVE-2017-5661] Apache XML Graphics FOP information disclosure vulnerability
Previous by thread: Watchguard Fireware XXE DoS & User Enumeration
Next by thread: [CVE-2017-5661] Apache XML Graphics FOP information disclosure vulnerability
Index(es):
- Date
- Thread