Hostnames |
prostomarkets.com www.prostomarkets.com static.80.10.243.136.clients.your-server.de |
Domains | prostomarkets.com your-server.de |
Country | Germany |
City | Falkenstein |
Organization | Hetzner Online GmbH |
ISP | Hetzner Online GmbH |
ASN | AS24940 |
Note: the device may not be impacted by all of these issues. The vulnerabilities are implied based on the software and version.
CVE-2023-44487 | The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. |
CVE-2021-3618 | 5.8ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. A MiTM attacker having access to victim's traffic at the TCP/IP layer can redirect traffic from one subdomain to another, resulting in a valid TLS session. This breaks the authentication of TLS and cross-protocol attacks may be possible where the behavior of one protocol service may compromise the other at the application layer. |
CVE-2021-23017 | 6.8A security issue in nginx resolver was identified, which might allow an attacker who is able to forge UDP packets from the DNS server to cause 1-byte memory overwrite, resulting in worker process crash or potential other impact. |
CVE-2019-9516 | 6.8Some HTTP/2 implementations are vulnerable to a header leak, potentially leading to a denial of service. The attacker sends a stream of headers with a 0-length header name and 0-length header value, optionally Huffman encoded into 1-byte or greater headers. Some implementations allocate memory for these headers and keep the allocation alive until the session dies. This can consume excess memory. |
CVE-2019-9513 | 7.8Some HTTP/2 implementations are vulnerable to resource loops, potentially leading to a denial of service. The attacker creates multiple request streams and continually shuffles the priority of the streams in a way that causes substantial churn to the priority tree. This can consume excess CPU. |
CVE-2019-9511 | 7.8Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service. The attacker requests a large amount of data from a specified resource over multiple streams. They manipulate window size and stream priority to force the server to queue the data in 1-byte chunks. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both. |
CVE-2019-20372 | 4.3NGINX before 1.17.7, with certain error_page configurations, allows HTTP request smuggling, as demonstrated by the ability of an attacker to read unauthorized web pages in environments where NGINX is being fronted by a load balancer. |
-1805696647 | 2024-04-17T04:49:02.69012221 / tcp
828023957 | 2024-04-16T02:56:58.70285722 / tcp
-2017734732 | 2024-04-18T00:00:18.54287853 / tcp
-2017734732 | 2024-04-16T15:39:29.71626153 / udp
1788556008 | 2024-04-05T01:54:05.68482780 / tcp
95325947 | 2024-04-14T14:16:26.369180123 / udp
-1025756554 | 2024-04-16T12:09:46.669992443 / tcp
-105794975 | 2024-04-20T03:21:38.1795233306 / tcp
-1246004407 | 2024-04-17T12:14:57.2598264000 / tcp