[ANNOUNCE] HPACK Bomb Attack vulnerability in ATS - CVE-2016-5396
From: |
Bryan Call <bcall@apache.org> |
To: |
dev <dev@trafficserver.apache.org>,users@trafficserver.apache.org,announce@trafficserver.apache.org,security@trafficserver.apache.org,oss-security@lists.openwall.com,bugtraq@securityfocus.com,Masaori Koshiba <masaori@apache.org> |
Cc: |
|
Subject: |
[ANNOUNCE] HPACK Bomb Attack vulnerability in ATS - CVE-2016-5396 |
Date: |
Mon, 17 April 2017 23:09 GMT |
There is a vulnerability in ATS with the HPACK Bomb Attack that can lead to a DoS. Versions 6.0.0 to 6.2.0 are affected. Please upgrade to ATS 6.2.1 or 7.0.0.
Downloads:
https://trafficserver.apache.org/downloads
Jira Ticket:
ttps://issues.apache.org/jira/browse/TS-5019
CVE
https://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2016-5396
-Bryan
|
|
|