tempesta-tech/tempesta

Releases29

Frequency3 months 2 weeks

Last Release 9 months ago

Stars706

Web application acceleration, advanced DDoS protection and web security

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2024-2758 ↗	Apr 3, 2024Wednesday, 3 April 2024, 18:15	6.3 MEDIUM	—
Tempesta FW rate limits are not enabled by default. They are either set too large to capture empty CONTINUATION frames attacks or too small to handle normal HTTP requests appropriately.
CVE-2023-44487 ↗	Oct 10, 2023Tuesday, 10 October 2023, 14:15	7.5 HIGH	—
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.