|
|
Message-ID: <CAGjw+kNH6rAk=OZzCSSMBMrTD+YgEKNgr_A0uY44f2tBwts4vQ@mail.gmail.com> Date: Thu, 16 Jul 2026 23:46:34 -0600 From: Masakazu Kitajo <maskit@...che.org> To: announce@...fficserver.apache.org, Dev <dev@...fficserver.apache.org>, users <users@...fficserver.apache.org>, security@...fficserver.apache.org Cc: oss-security@...ts.openwall.com Subject: CVE-2026-59173: Apache Traffic Server is vulnerable to stalled HTTP/2 flow-control Apache Traffic Server is vulnerable to stalled HTTP/2 flow-control. CVE: CVE-2026-59173 - DoS vulnerability in HTTP/2 via stalled flow-control conditions Severity: important Reported By: Okta Red Team Vendor: The Apache Software Foundation Version Affected: ATS 9.0.0 to 9.2.13 ATS 10.0.0 to 10.1.2 Mitigation: 9.x users should upgrade to 9.2.14 or later versions 10.x users should upgrade to 10.1.3 or later versions Reference: https://www.cve.org/CVERecord?id=CVE-2026-59173
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.