HTTP/2 implementations do not robustly handle abnormal traffic and resource exhaustion

classic Classic list List threaded Threaded
2 messages Options
ashfaq ashfaq
Reply | Threaded
Open this post in threaded view
|

HTTP/2 implementations do not robustly handle abnormal traffic and resource exhaustion

Hi ,

There is a vulnerability reported in the usage of HTTP/2 protocol. so we would like to know if Ignite uses this protocol. Details of the vulnerability  is in the below link.

https://www.kb.cert.org/vuls/id/605641/

Regards
Stanislav Lukyanov Stanislav Lukyanov
Reply | Threaded
Open this post in threaded view
|

Re: HTTP/2 implementations do not robustly handle abnormal traffic and resource exhaustion

Hi,

AFAICS this is not about the *protocol*, this is about *implementations* of the protocol. I've followed the links and found this matrix of vulnerable technologies:
From this matrix, Ignite uses only Node.js in WebConsole, but isn't bound to any particular version AFAIK. Make sure to install the latest Node,js for your WebConsole.
Ignite doesn't use any other vulnerable technologies in the list.

Stan

On Sun, Aug 25, 2019 at 7:06 PM Ashfaq Ahamed MH <[hidden email]> wrote:
Hi ,

There is a vulnerability reported in the usage of HTTP/2 protocol. so we would like to know if Ignite uses this protocol. Details of the vulnerability  is in the below link.

https://www.kb.cert.org/vuls/id/605641/

Regards