You are viewing a plain text version of this content. The canonical link for it is here.

Posted to user@ignite.apache.org by Ashfaq Ahamed MH <as...@gmail.com> on 2019/08/25 16:06:22 UTC

HTTP/2 implementations do not robustly handle abnormal traffic and resource exhaustion

Hi ,

There is a vulnerability reported in the usage of HTTP/2 protocol. so we
would like to know if Ignite uses this protocol. Details of the
vulnerability  is in the below link.

https://www.kb.cert.org/vuls/id/605641/

Regards

Re: HTTP/2 implementations do not robustly handle abnormal traffic and resource exhaustion

Posted by Stanislav Lukyanov <st...@gmail.com>.

Hi,

AFAICS this is not about the *protocol*, this is about *implementations* of
the protocol. I've followed the links and found this matrix of vulnerable
technologies:
https://vuls.cert.org/confluence/pages/viewpage.action?pageId=56393752
From this matrix, Ignite uses only Node.js in WebConsole, but isn't bound
to any particular version AFAIK. Make sure to install the latest Node,js
for your WebConsole.
Ignite doesn't use any other vulnerable technologies in the list.

Stan

On Sun, Aug 25, 2019 at 7:06 PM Ashfaq Ahamed MH <as...@gmail.com>
wrote:

> Hi ,
>
> There is a vulnerability reported in the usage of HTTP/2 protocol. so we
> would like to know if Ignite uses this protocol. Details of the
> vulnerability  is in the below link.
>
> https://www.kb.cert.org/vuls/id/605641/
>
> Regards
>