Shodan
Vulnerabilities
Vulnerable Software

Vulnerability Details CVE-2024-45397

h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. When an HTTP request using TLS/1.3 early data on top of TCP Fast Open or QUIC 0-RTT packets is received and the IP-address-based access control is used, the access control does not detect and prohibit HTTP requests conveyed by packets with a spoofed source address. This behavior allows attackers on the network to execute HTTP requests from addresses that are otherwise rejected by the address-based access control. The vulnerability has been addressed in commit 15ed15a. Users may disable the use of TCP FastOpen and QUIC to mitigate the issue.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 22.2%
CVSS Severity
CVSS v3 Score 5.9
Products affected by CVE-2024-45397
  • Dena » H2o » Version: 0.9.0
    cpe:2.3:a:dena:h2o:0.9.0
  • Dena » H2o » Version: 0.9.1
    cpe:2.3:a:dena:h2o:0.9.1
  • Dena » H2o » Version: 0.9.2
    cpe:2.3:a:dena:h2o:0.9.2
  • Dena » H2o » Version: 1.0.0
    cpe:2.3:a:dena:h2o:1.0.0
  • Dena » H2o » Version: 1.0.1
    cpe:2.3:a:dena:h2o:1.0.1
  • Dena » H2o » Version: 1.1.0
    cpe:2.3:a:dena:h2o:1.1.0
  • Dena » H2o » Version: 1.1.1
    cpe:2.3:a:dena:h2o:1.1.1
  • Dena » H2o » Version: 1.2.0
    cpe:2.3:a:dena:h2o:1.2.0
  • Dena » H2o » Version: 1.3.0
    cpe:2.3:a:dena:h2o:1.3.0
  • Dena » H2o » Version: 1.3.1
    cpe:2.3:a:dena:h2o:1.3.1
  • Dena » H2o » Version: 1.4.0
    cpe:2.3:a:dena:h2o:1.4.0
  • Dena » H2o » Version: 1.4.1
    cpe:2.3:a:dena:h2o:1.4.1
  • Dena » H2o » Version: 1.4.2
    cpe:2.3:a:dena:h2o:1.4.2
  • Dena » H2o » Version: 1.4.3
    cpe:2.3:a:dena:h2o:1.4.3
  • Dena » H2o » Version: 1.4.4
    cpe:2.3:a:dena:h2o:1.4.4
  • Dena » H2o » Version: 1.4.5
    cpe:2.3:a:dena:h2o:1.4.5
  • Dena » H2o » Version: 1.5.0
    cpe:2.3:a:dena:h2o:1.5.0
  • Dena » H2o » Version: 1.5.1
    cpe:2.3:a:dena:h2o:1.5.1
  • Dena » H2o » Version: 1.5.2
    cpe:2.3:a:dena:h2o:1.5.2
  • Dena » H2o » Version: 1.5.3
    cpe:2.3:a:dena:h2o:1.5.3
  • Dena » H2o » Version: 1.5.4
    cpe:2.3:a:dena:h2o:1.5.4
  • Dena » H2o » Version: 1.5.5
    cpe:2.3:a:dena:h2o:1.5.5
  • Dena » H2o » Version: 1.6.0
    cpe:2.3:a:dena:h2o:1.6.0
  • Dena » H2o » Version: 1.6.1
    cpe:2.3:a:dena:h2o:1.6.1
  • Dena » H2o » Version: 1.6.2
    cpe:2.3:a:dena:h2o:1.6.2
  • Dena » H2o » Version: 1.6.3
    cpe:2.3:a:dena:h2o:1.6.3
  • Dena » H2o » Version: 1.7.0
    cpe:2.3:a:dena:h2o:1.7.0
  • Dena » H2o » Version: 1.7.1
    cpe:2.3:a:dena:h2o:1.7.1
  • Dena » H2o » Version: 1.7.2
    cpe:2.3:a:dena:h2o:1.7.2
  • Dena » H2o » Version: 1.7.3
    cpe:2.3:a:dena:h2o:1.7.3
  • Dena » H2o » Version: 2.0.0
    cpe:2.3:a:dena:h2o:2.0.0
  • Dena » H2o » Version: 2.0.1
    cpe:2.3:a:dena:h2o:2.0.1
  • Dena » H2o » Version: 2.0.2
    cpe:2.3:a:dena:h2o:2.0.2
  • Dena » H2o » Version: 2.0.3
    cpe:2.3:a:dena:h2o:2.0.3
  • Dena » H2o » Version: 2.0.4
    cpe:2.3:a:dena:h2o:2.0.4
  • Dena » H2o » Version: 2.0.5
    cpe:2.3:a:dena:h2o:2.0.5
  • Dena » H2o » Version: 2.0.6
    cpe:2.3:a:dena:h2o:2.0.6
  • Dena » H2o » Version: 2.1.0
    cpe:2.3:a:dena:h2o:2.1.0
  • Dena » H2o » Version: 2.2.0
    cpe:2.3:a:dena:h2o:2.2.0
  • Dena » H2o » Version: 2.2.1
    cpe:2.3:a:dena:h2o:2.2.1
  • Dena » H2o » Version: 2.2.2
    cpe:2.3:a:dena:h2o:2.2.2
  • Dena » H2o » Version: 2.2.3
    cpe:2.3:a:dena:h2o:2.2.3
  • Dena » H2o » Version: 2.2.4
    cpe:2.3:a:dena:h2o:2.2.4
  • Dena » H2o » Version: 2.2.5
    cpe:2.3:a:dena:h2o:2.2.5
  • Dena » H2o » Version: 2.2.6
    cpe:2.3:a:dena:h2o:2.2.6
  • Dena » H2o » Version: 2.3.0
    cpe:2.3:a:dena:h2o:2.3.0


Products
Pricing
Contact Us

Shodan ® - All rights reserved