You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@ignite.apache.org by Ashfaq Ahamed MH <as...@gmail.com> on 2019/08/25 16:06:22 UTC
HTTP/2 implementations do not robustly handle abnormal traffic and
resource exhaustion
Hi ,
There is a vulnerability reported in the usage of HTTP/2 protocol. so we
would like to know if Ignite uses this protocol. Details of the
vulnerability is in the below link.
https://www.kb.cert.org/vuls/id/605641/
Regards
Re: HTTP/2 implementations do not robustly handle abnormal traffic
and resource exhaustion
Posted by Stanislav Lukyanov <st...@gmail.com>.
Hi,
AFAICS this is not about the *protocol*, this is about *implementations* of
the protocol. I've followed the links and found this matrix of vulnerable
technologies:
https://vuls.cert.org/confluence/pages/viewpage.action?pageId=56393752
From this matrix, Ignite uses only Node.js in WebConsole, but isn't bound
to any particular version AFAIK. Make sure to install the latest Node,js
for your WebConsole.
Ignite doesn't use any other vulnerable technologies in the list.
Stan
On Sun, Aug 25, 2019 at 7:06 PM Ashfaq Ahamed MH <as...@gmail.com>
wrote:
> Hi ,
>
> There is a vulnerability reported in the usage of HTTP/2 protocol. so we
> would like to know if Ignite uses this protocol. Details of the
> vulnerability is in the below link.
>
> https://www.kb.cert.org/vuls/id/605641/
>
> Regards
>