tempesta-tech/tempesta
Releases29
Frequency3 months 2 weeks
Last Release
Stars709
Web application acceleration, advanced DDoS protection and web security
CVE History
| CVE | Affected | Published | CVSS v3 | CVSS v2 |
|---|---|---|---|---|
| — | 6.3 MEDIUM | — | ||
Tempesta FW rate limits are not enabled by default. They are either set too large to capture empty CONTINUATION frames attacks or too small to handle normal HTTP requests appropriately. | ||||
| — | 7.5 HIGH | — | ||
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. | ||||