cbcvebase.
CVE-2024-2758
published 2024-04-03

CVE-2024-2758: Tempesta FW rate limits are not enabled by default. They are either set too large to capture empty CONTINUATION frames attacks or too small to handle normal…

PriorityP352medium6.3CVSS 3.1
AVNACLPRLUINSUCLILAL
EPSS
72.75%
99.4th percentile
Tempesta FW rate limits are not enabled by default. They are either set too large to capture empty CONTINUATION frames attacks or too small to handle normal HTTP requests appropriately.

Affected

1 ranges
VendorProductVersion rangeFixed in
tempestatempesta_fw0.7.0 – 0.7.0

Detection & IOCsextracted from sources · hover to see the quote

  • HTTP/2 CONTINUATION frames can be sent in a flood pattern to conduct DoS attacks against Tempesta FW when rate limits are not configured
  • Tempesta FW rate limits are disabled by default, leaving the server exposed to empty CONTINUATION frame floods; monitor for high volumes of empty HTTP/2 CONTINUATION frames
  • ·Tempesta FW rate limits are off by default; without explicit configuration they will not mitigate empty CONTINUATION frame DoS attacks
  • ·Tempesta FW is not shipped in any Red Hat product, so Red Hat-based environments are not directly affected

CVSS provenance

nvdv3.16.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
vendor_redhat6.3MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.