10 Jan 2017
CVE-2016-6581 - CVE Vulnerability
A HTTP/2 implementation built using any version of the Python HPACK library between v1.0.0 and v2.2.0 could be targetted for a denial of service attack, specifically a so-called "HPACK Bomb" attack. This attack occurs when an attacker inserts a header field that is exactly the size of the HPACK dynamic header table into the dynamic header table. The attacker can then send a header block that is simply repeated requests to expand that field in the dynamic table. This can lead to a gigantic compression ratio of 4,096 or better, meaning that 16kB of data can decompress to 64MB of data on the target machine. (CVSS:0.0) (Last Update:2017-01-10)
Vulnerability Details : A HTTP/2 implementation built using any version of the Python HPACK library between v1.0.0 and v2.2.0 could be targetted for a denial of service attack, specifically a so-called "HPACK Bomb" attack. This attack occurs when an attacker inserts a header field that is exactly the size of the HPACK dynamic header table into the dynamic header table. The attacker can then send a header block that is simply repeated requests to expand that field in the dynamic table. This can lead to a gigantic compression ratio of 4,096 or better, meaning that 16kB of data can decompress to 64MB of data on the target machine. Publish Date : 2017-01-10 Last Update Date : 2017-01-10 - CVSS Scores & Vulnerability Types
- Products Affected By CVE-2016-6581
- References For CVE-2016-6581
| |||||||||||||||||||||||||||||||||||||||||||||||
- Metasploit Modules Related To CVE-2016-6581There are not any metasploit modules related to this CVE entry (Please visit www.metasploit.com for more information) |