{"document":{"acknowledgments":[{"urls":["https://kb.cert.org/vuls/id/767506#acknowledgements"]}],"category":"CERT/CC Vulnerability Note","csaf_version":"2.0","notes":[{"category":"summary","text":"### Overview\r\nA vulnerability has been discovered within many HTTP/2 implementations allowing for denial of service (DoS) attacks through HTTP/2 control frames. This vulnerability is colloquially known as \"MadeYouReset\" and is tracked as CVE-2025-8671. Some vendors have assigned a specific CVE to their products to describe the vulnerability, such as CVE-2025-48989, which is used to identify Apache Tomcat products affected by the vulnerability. MadeYouReset exploits a mismatch caused by stream resets between HTTP/2 specifications and the internal architectures of many real-world web servers. This results in resource exhaustion, and a threat actor can leverage this vulnerability to perform a distributed denial of service attack (DDoS). This vulnerability is similar to CVE-2023-44487, colloquially known as \"Rapid Reset.\" Multiple vendors have issued patches or responses to the vulnerability, and readers should review the statements provided by vendors at the end of this Vulnerability Note and patch as appropriate. \r\n\r\n### Description\r\nA mismatch caused by client-triggered server-sent stream resets between HTTP/2 specifications and the internal architectures of some HTTP/2 implementations may result in excessive server resource consumption leading to denial-of-service (DoS). This vulnerability is tracked as CVE-2025-8671 and is known colloquially as \"MadeYouReset.\" This vulnerability is similar to CVE-2023-44487, colloquially known as \"Rapid Reset\", which abused client-sent stream resets. HTTP/2 introduced stream cancellation - the ability of both client and server to immediately close a stream at any time. However, after a stream is canceled, many implementations keep processing the request, compute the response, but don't send it back to the client. This creates a mismatch between the amount of active streams from the HTTP/2 point of view, and the actual active HTTP requests the backend server is processing. \r\n\r\nBy opening streams and then rapidly triggering the server to reset them using malformed frames or flow control errors, an attacker can exploit a discrepancy created between HTTP/2 streams accounting and the servers active HTTP requests. Streams reset by the server are considered closed, even though backend processing continues. This allows a client to cause the server to handle an unbounded number of concurrent HTTP/2 requests on a single connection.\r\n\r\nThe flaw largely stems from many implementations of the HTTP/2 protocol equating resetting streams to closing them; however, in practice, the server will still process them. An attacker can exploit this to continually send reset requests, where the protocol is considering these reset streams as closed, but the server will still be processing them, causing a DoS. \r\n\r\nHTTP/2 does support a parameter called [SETTINGS_MAX_CONCURRENT_STREAMS](https://www.rfc-editor.org/rfc/rfc9113.html#section-6.5.2), which defines a set of currently active streams per session. In theory, this setting would prevent an attacker from overloading the target server, as they would max out the concurrent stream counter for their specific malicious session. In practice, when a stream is reset by the attacker, the protocol considers it no longer active and no longer accounts for it within this counter. \r\n\r\n### Impact\r\nThe main impact of this vulnerability is its potential usage in DDoS attacks. Threat actors exploiting the vulnerability will likely be able to force targets offline or heavily limit connection possibilities for clients by making the server process an extremely high number of concurrent requests. Victims will have to address either high CPU overload or memory exhaustion depending on their implementation of HTTP/2. \r\n\r\n### Solution\r\nVarious vendors have provided patches and statements to address the vulnerability. Please review their statements below. CERT/CC recommends that vendors who use HTTP/2 in their products review their implementation and limit the number/rate of [RST_STREAMs](https://www.rfc-editor.org/rfc/rfc9113.html#name-rst_stream) sent from the server. Additionally, please review the supplemental materials provided by the reporters, which include additional mitigations and other potential solutions here: https://galbarnahum.com/made-you-reset\r\n\r\n### Acknowledgements\r\nThanks to the reporters, Gal Bar Nahum, Anat Bremler-Barr, and Yaniv Harel of Tel Aviv University. This document was written by Christopher Cullen.","title":"Summary"},{"category":"legal_disclaimer","text":"THIS DOCUMENT IS PROVIDED ON AN 'AS IS' BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. ","title":"Legal Disclaimer"},{"category":"other","text":"CERT/CC Vulnerability Note is a limited advisory. It primarily identifies vendors impacted by the advisory and not specific products. We only support \"known_affected\" and \"known_not_affected\" status. Please consult the vendor's statements and advisory URL if provided by the vendor for more details ","title":"Limitations of Advisory"},{"category":"other","text":"The following releases of Varnish Cache and Varnish Enterprise are vulnerable to the issue described in CVE-2025-8671.\r\n* Varnish Cache releases 5.x, 6.x, 7.0.x, 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.x, 7.6.0, 7.6.1, 7.6.2, 7.6.3, 7.7.0, 7.7.1\r\n* Varnish Cache 6.0 LTS series up to and including 6.0.14\r\n* Varnish Enterprise by Varnish Software 6.0.x up to and including 6.0.14r4\r\n\r\nThe issue has been patched in the following releases:\r\n* Varnish Cache 7.6.4 (released 2025-08-13)\r\n* Varnish Cache 7.7.2 (released 2025-08-13)\r\n* Varnish Cache 6.0 LTS version 6.0.15 (released 2025-08-13)\r\n* Varnish Enterprise by Varnish Software version 6.0.14r5 (released 2025-06-19)\r\n\r\nAt the coordinated time of disclosure, there will be information pages specific to Varnish Cache and Varnish Enterprise published at:\r\n* Varnish Cache: [https://varnish-cache.org/security/VSV00017.html](https://varnish-cache.org/security/VSV00017.html)\r\n* Varnish Enterprise: [https://docs.varnish-software.com/security/VSV00017/](https://docs.varnish-software.com/security/VSV00017/)","title":"Vendor statment from Varnish Software"},{"category":"other","text":"Digi International has reviewed the recently disclosed HTTP/2 stream reset vulnerability, in which client-triggered server-sent stream resets can cause excessive server resource consumption and potentially lead to denial-of-service (DoS). This vulnerability arises when attackers open multiple streams and rapidly reset them, often through malformed frames or flow control errors, exploiting discrepancies in stream accounting between protocol specifications and certain HTTP/2 implementations. Although streams may be marked as closed at the protocol level, backend processing can continue, allowing an unbounded number of concurrent streams to be processed over a single connection. \r\n\r\nAfter thorough evaluation, Digi International confirms that our products and services are not vulnerable to this CVE. Our HTTP/2 implementations do not exhibit the incorrect stream accounting behavior required for exploitation and therefore are not susceptible to this denial-of-service condition. We will continue to monitor developments and update our security advisories should new information arise.","title":"Vendor statment from Digi International"},{"category":"other","text":"This is not a vulnerability in the HTTP protocol, but instead an implementation issue. We understand that there is a strong incentive for researchers to identify protocol flaws, but that characterisation is not justified in this case. \r\n\r\nImplementations that are deployed in adversarial conditions need to anticipate abuses including denial of service. While protocol design can help to mitigate these attacks, there is no inherent flaw preventing implementations from correctly defending them. Indeed, HTTP/2's enablement of high concurrency (an explicit design goal of the protocol) makes it necessary for implementations to consider and actively handle such situations. \r\n\r\nFurthermore, HTTP/2 goes to great lengths to document denial of service considerations:\r\n  https://datatracker.ietf.org/doc/html/rfc9113#section-10.5\r\n\t\r\nIncluding noting that \"An invalid request (or server push) can cause a peer to send RST_STREAM frames in response.\"","title":"Vendor statment from IETF HTTP Working Group"},{"category":"other","text":"Product(s) are affected or potentially affected by virtue of upstream components that are included with the product(s).","title":"Vendor statment from Wind River"},{"category":"other","text":"The X.Org Foundation does not ship any implementations of the HTTP/2 protocol.","title":"Vendor statment from X.org Foundation"},{"category":"other","text":"Fastly implemented a fix for MadeYouReset (CVE-2025-8671) in release 25.17 of Fastly’s internal fork of H2O. The fix was deployed and fully implemented across Fastly on the 2nd of June 2025.","title":"Vendor statment from Fastly"},{"category":"other","text":"The Zephyr RTOS provides an implementation of HTTP/2, and is thus likely to be affected by this vulnerability. Investigation is underway at this time.","title":"Vendor statment from Zephyr Project"},{"category":"other","text":"Many of Mozilla's websites and services run on affected platforms and will need to be patched. The software Mozilla ships, primarily client software like Firefox, is not affected.","title":"Vendor statment from Mozilla"},{"category":"other","text":"I do not believe Go's net/http package is affected by this attack.\r\n\r\nThe mitigation in net/http for the Rapid Reset attack was to cap the number of requests which will be handled concurrently, to queue requests over that cap, and to close connections where the queue length exceeds the cap by too much.\r\n\r\nSince this mitigation only takes into account the number of concurrently executing handlers and the number of queued requests waiting for a handler, it does not depend on the mechanism used to reset streams. It doesn't matter whether the client sends an explicit reset or induces the server to issue a reset.","title":"Vendor statment from Go Programming Language"},{"category":"other","text":"The Rust Programming Language does not ship an HTTP implementation in its standard library.","title":"Vendor statment from Rust Security Response WG"},{"category":"other","text":"No HTTP/2 implementations are shipped with eCosPro RTOS","title":"Vendor statment from eCosCentric"},{"category":"other","text":"The Node.js team does not consider it as a vulnerability for the reasons expressed in the original report on HackerOne.","title":"Vendor statment from Node.js"},{"category":"other","text":"We have thoroughly investigated the matter and similarly as with other RESET_STREAM based attacks, we are not vulnerable for this particular type of attacks. Streams are counted and closed as soon as RST is seen in any direction and we also enforce the limit based on allocated streams. We also have glitches mechanism which detects and kills faulty connections depending on the configurable threshold.","title":"Vendor statment from HAProxy"},{"category":"other","text":"Severity: important \r\n\r\nAffected versions:\r\n\r\n- Apache Tomcat 11.0.0-M1 through 11.0.9\r\n- Apache Tomcat 10.1.0-M1 through 10.1.43\r\n- Apache Tomcat 9.0.0.M1 through 9.0.107\r\n- Apache Tomcat 8.5.0 through 8.5.100 unknown\r\n\r\nDescription:\r\n\r\nImproper Resource Shutdown or Release vulnerability in Apache Tomcat.\r\n\r\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.9, from 10.1.0-M1 through 10.1.43 and from 9.0.0.M1 through 9.0.107. Older, EOL versions may also be affected.\r\n\r\nUsers are recommended to upgrade to one of versions 11.0.10, 10.1.44 or 9.0.108 which fix the issue.\r\n\r\nCredit:\r\n\r\nGal Bar Nahum, Tel Aviv University (finder)","title":"Vendor statment from Apache Tomcat"},{"category":"other","text":"lighttpd is not directly vulnerable to HTTP/2 MadeYouReset.  lighttpd tracks request streams with connections to backends, makes a single request on each backend socket connection, and closes the socket (or kill()s the CGI) when the request stream is reset.","title":"Vendor statment from lighttpd"},{"category":"other","text":"Tempesta FW provides request rate limit mitigating the attack, but they aren't set by default. Rate limiting of control frames makes the protection stronger.","title":"Vendor statment from Tempesta"},{"category":"other","text":"We simulated an attack, and our LiteSpeed servers quickly blocked it due to the aggressiveness of the HTTP/2 behavior. Before blocking the client, LiteSpeed’s memory usage was not affected. This is mainly because of LiteSpeed’s efficient stream life cycle and memory management. Resources are promptly released when streams are reset, even in cases where a quick blocking is not triggered.\r\n\r\nWe are confident that MadeYouReset attacks cannot cause any trouble with LiteSpeed’s HTTP/2 implementation.","title":"Vendor statment from LiteSpeed Technologies"},{"category":"other","text":"The Juniper SIRT is not aware of any Juniper Networks products or platforms that are vulnerable to this issue.","title":"Vendor statment from Juniper Networks"},{"category":"other","text":"Cisco does not implement any proprietary HTTP stack and as such is not directly affected by this vulnerability. Cisco products and services may be affected by this HTTP/2 implementation issue as result of using an affected third-party software library.\r\n\r\nCustomers can view, and if neccessary request, Cisco product dispositions status for affected libraries' CVEs in the Cisco Vulnerability Repository at https://sec.cloudapps.cisco.com/security/center/cvr.","title":"Vendor statment from Cisco"},{"category":"other","text":"After testing this issue we found Envoy to not be vulnerable as the mitigations we added for \"rapid reset\" also prevent this newer vulnerability from being exploited.\r\n\r\nAs our mitigation for rapid reset was implemented in Envoy's HTTPConnectionManager it should cover all codecs.\r\n\r\nEnvoy security team.","title":"Vendor statment from Envoy"}],"publisher":{"category":"coordinator","contact_details":"Email: cert@cert.org, Phone: +1412 268 5800","issuing_authority":"CERT/CC under DHS/CISA https://www.cisa.gov/cybersecurity also see https://kb.cert.org/ ","name":"CERT/CC","namespace":"https://kb.cert.org/"},"references":[{"url":"https://certcc.github.io/certcc_disclosure_policy","summary":"CERT/CC vulnerability disclosure policy"},{"summary":"CERT/CC document released","category":"self","url":"https://kb.cert.org/vuls/id/767506"},{"url":"https://github.com/galbarnahum/MadeYouReset","summary":"https://github.com/galbarnahum/MadeYouReset"},{"url":"https://galbarnahum.com/made-you-reset","summary":"https://galbarnahum.com/made-you-reset"},{"url":"https://deepness-lab.org/publications/madeyoureset/","summary":"https://deepness-lab.org/publications/madeyoureset/"},{"url":"https://www.imperva.com/blog/madeyoureset-turning-http-2-server-against-itself/","summary":"https://www.imperva.com/blog/madeyoureset-turning-http-2-server-against-itself/"},{"url":"https://www.cve.org/CVERecord?id=CVE-2025-8671","summary":"https://www.cve.org/CVERecord?id=CVE-2025-8671"},{"url":"https://www.rfc-editor.org/rfc/rfc9113.html#name-rst_stream","summary":"https://www.rfc-editor.org/rfc/rfc9113.html#name-rst_stream"},{"url":"https://www.rfc-editor.org/rfc/rfc9113.html#section-6.5.2","summary":"https://www.rfc-editor.org/rfc/rfc9113.html#section-6.5.2"},{"url":"https://github.com/tempesta-tech/tempesta/issues/2439","summary":"https://github.com/tempesta-tech/tempesta/issues/2439"},{"url":"https://github.com/tempesta-tech/tempesta/issues/2451","summary":"https://github.com/tempesta-tech/tempesta/issues/2451"},{"url":"https://seanmonstar.com/blog/hyper-http2-didnt-madeyoureset/","summary":"https://seanmonstar.com/blog/hyper-http2-didnt-madeyoureset/"},{"url":"https://blog.litespeedtech.com/2025/08/13/litespeed-not-affected-by-madeyoureset/","summary":"https://blog.litespeedtech.com/2025/08/13/litespeed-not-affected-by-madeyoureset/"},{"url":"https://blog.cloudflare.com/madeyoureset-an-http-2-vulnerability-thwarted-by-rapid-reset-mitigations/","summary":"https://blog.cloudflare.com/madeyoureset-an-http-2-vulnerability-thwarted-by-rapid-reset-mitigations/"},{"url":"https://www.akamai.com/blog/security/response-madeyoureset-http2-protocol-attacks","summary":"https://www.akamai.com/blog/security/response-madeyoureset-http2-protocol-attacks"},{"url":"https://www.windriver.com/security/vulnerability-responses/http2-madeyoureset-vulnerability","summary":"https://www.windriver.com/security/vulnerability-responses/http2-madeyoureset-vulnerability"},{"url":"https://thehackernews.com/2025/08/new-http2-madeyoureset-vulnerability.html","summary":"https://thehackernews.com/2025/08/new-http2-madeyoureset-vulnerability.html"},{"url":"https://tempesta-tech.com/blog/made-you-reset-http2-ddos-attack-analysis-and-mitigation/","summary":"https://tempesta-tech.com/blog/made-you-reset-http2-ddos-attack-analysis-and-mitigation/"},{"url":"https://www.isc2.org/Insights/2023/10/The-HTTP2-Fast-Reset-Attack-Vulnerability-What-You-Need-To-Know","summary":"https://www.isc2.org/Insights/2023/10/The-HTTP2-Fast-Reset-Attack-Vulnerability-What-You-Need-To-Know"},{"url":"https://gitlab.isc.org/isc-projects/bind9/-/issues/5325","summary":"https://gitlab.isc.org/isc-projects/bind9/-/issues/5325"},{"url":"https://varnish-cache.org/security/VSV00017.html","summary":"Reference(s) from vendor \"Varnish Software\""},{"url":"https://docs.varnish-software.com/security/VSV00017/","summary":"Reference(s) from vendor \"Varnish Software\""},{"url":"https://access.redhat.com/security/cve/CVE-2025-48989","summary":"Reference(s) from vendor \"Red Hat\""},{"url":"https://access.redhat.com/security/cve/CVE-2025-55163","summary":"Reference(s) from vendor \"Red Hat\""},{"url":"https://access.redhat.com/security/cve/CVE-2025-9784","summary":"Reference(s) from vendor \"Red Hat\""},{"url":"https://access.redhat.com/security/cve/CVE-2025-5115","summary":"Reference(s) from vendor \"Red Hat\""},{"url":"https://www.fastlystatus.com/incident/377810","summary":"Reference(s) from vendor \"Fastly\""},{"url":"https://gitlab.isc.org/isc-projects/bind9/-/issues/5325","summary":"Reference(s) from vendor \"Internet Systems Consortium\""},{"url":"https://tomcat.apache.org/","summary":"Reference(s) from vendor \"Apache Tomcat\""},{"url":"https://www.cve.org/CVERecord?id=CVE-2025-48989","summary":"Reference(s) from vendor \"Apache Tomcat\""},{"url":"https://github.com/tempesta-tech/tempesta/issues/2439","summary":"Reference(s) from vendor \"Tempesta\""},{"url":"https://github.com/tempesta-tech/tempesta/issues/2451","summary":"Reference(s) from vendor \"Tempesta\""}],"title":"HTTP/2 implementations are vulnerable to \"MadeYouReset\" DoS attack through HTTP/2 control frames","tracking":{"current_release_date":"2026-03-17T16:01:39+00:00","generator":{"engine":{"name":"VINCE","version":"3.0.35"}},"id":"VU#767506","initial_release_date":"2025-08-13 12:00:50.245004+00:00","revision_history":[{"date":"2026-03-17T16:01:39+00:00","number":"1.20260317160139.29","summary":"Released on 2026-03-17T16:01:39+00:00"}],"status":"final","version":"1.20260317160139.29"}},"vulnerabilities":[{"title":"IBM WebSphere Application Server Liberty is vulnerable to a denial of service, caused by sending a specially-crafted request.","notes":[{"category":"summary","text":"IBM WebSphere Application Server Liberty is vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume memory resources."}],"cve":"CVE-2025-36047","ids":[{"system_name":"CERT/CC V Identifier ","text":"VU#767506"}],"product_status":{"known_not_affected":["CSAFPID-efd37200-34e3-11f1-8422-122e2785dc9f","CSAFPID-efd4013e-34e3-11f1-8422-122e2785dc9f","CSAFPID-efd43c62-34e3-11f1-8422-122e2785dc9f","CSAFPID-efd466c4-34e3-11f1-8422-122e2785dc9f","CSAFPID-efd4ac56-34e3-11f1-8422-122e2785dc9f","CSAFPID-efd4f274-34e3-11f1-8422-122e2785dc9f","CSAFPID-efd5336a-34e3-11f1-8422-122e2785dc9f","CSAFPID-efd56f38-34e3-11f1-8422-122e2785dc9f","CSAFPID-efd5af5c-34e3-11f1-8422-122e2785dc9f","CSAFPID-efd5d7f2-34e3-11f1-8422-122e2785dc9f","CSAFPID-efd5fff2-34e3-11f1-8422-122e2785dc9f","CSAFPID-efd63580-34e3-11f1-8422-122e2785dc9f"]}},{"title":"Netty is an asynchronous, event-driven network application framework.","notes":[{"category":"summary","text":"Netty is an asynchronous, event-driven network application framework. Prior to versions 4.1.124.Final and 4.2.4.Final, Netty is vulnerable to MadeYouReset DDoS. This is a logical vulnerability in the HTTP/2 protocol, that uses malformed HTTP/2 control frames in order to break the max concurrent streams limit - which results in resource exhaustion and distributed denial of service. This issue has been patched in versions 4.1.124.Final and 4.2.4.Final."}],"cve":"CVE-2025-55163","ids":[{"system_name":"CERT/CC V Identifier ","text":"VU#767506"}],"product_status":{"known_affected":["CSAFPID-efd92876-34e3-11f1-8422-122e2785dc9f","CSAFPID-efd96ad4-34e3-11f1-8422-122e2785dc9f"],"known_not_affected":["CSAFPID-efd6d31e-34e3-11f1-8422-122e2785dc9f","CSAFPID-efd760cc-34e3-11f1-8422-122e2785dc9f","CSAFPID-efd79c22-34e3-11f1-8422-122e2785dc9f","CSAFPID-efd7d2dc-34e3-11f1-8422-122e2785dc9f","CSAFPID-efd8082e-34e3-11f1-8422-122e2785dc9f","CSAFPID-efd85446-34e3-11f1-8422-122e2785dc9f","CSAFPID-efd898e8-34e3-11f1-8422-122e2785dc9f","CSAFPID-efd8e1e0-34e3-11f1-8422-122e2785dc9f","CSAFPID-efd9add2-34e3-11f1-8422-122e2785dc9f","CSAFPID-efda38f6-34e3-11f1-8422-122e2785dc9f"]}},{"title":"In Eclipse Jetty, versions <=9.","notes":[{"category":"summary","text":"In Eclipse Jetty, versions <=9.4.57, <=10.0.25, <=11.0.25, <=12.0.21, <=12.1.0.alpha2, an HTTP/2 client may trigger the server to send RST_STREAM frames, for example by sending frames that are malformed or that should not be sent in a particular stream state, therefore forcing the server to consume resources such as CPU and memory. For example, a client can open a stream and then send WINDOW_UPDATE frames with window size increment of 0, which is illegal. Per specification https://www.rfc-editor.org/rfc/rfc9113.html#name-window_update , the server should send a RST_STREAM frame. The client can now open another stream and send another bad WINDOW_UPDATE, therefore causing the server to consume more resources than necessary, as this case does not exceed the max number of concurrent streams, yet the client is able to create an enormous amount of streams in a short period of time. The attack can be performed with other conditions (for example, a DATA frame for a closed stream) that cause the server to send a RST_STREAM frame. Links: * https://github.com/jetty/jetty.project/security/advisories/GHSA-mmxm-8w33-wc4h"}],"cve":"CVE-2025-5115","ids":[{"system_name":"CERT/CC V Identifier ","text":"VU#767506"}],"product_status":{"known_affected":["CSAFPID-efdb8148-34e3-11f1-8422-122e2785dc9f"],"known_not_affected":["CSAFPID-efdaba56-34e3-11f1-8422-122e2785dc9f","CSAFPID-efdb5790-34e3-11f1-8422-122e2785dc9f","CSAFPID-efdbd9ae-34e3-11f1-8422-122e2785dc9f","CSAFPID-efdc0d8e-34e3-11f1-8422-122e2785dc9f","CSAFPID-efdc44b6-34e3-11f1-8422-122e2785dc9f"]}},{"title":"Improper Resource Shutdown or Release vulnerability in Apache Tomcat made Tomcat vulnerable to the made you reset attack.","notes":[{"category":"summary","text":"Improper Resource Shutdown or Release vulnerability in Apache Tomcat made Tomcat vulnerable to the made you reset attack. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.9, from 10.1.0-M1 through 10.1.43 and from 9.0.0.M1 through 9.0.107. Older, EOL versions may also be affected. Users are recommended to upgrade to one of versions 11.0.10, 10.1.44 or 9.0.108 which fix the issue."}],"cve":"CVE-2025-48989","ids":[{"system_name":"CERT/CC V Identifier ","text":"VU#767506"}],"references":[{"url":"https://tomcat.apache.org/","summary":"https://tomcat.apache.org/","category":"external"},{"url":"https://www.cve.org/CVERecord?id=CVE-2025-48989","summary":"https://www.cve.org/CVERecord?id=CVE-2025-48989","category":"external"}],"product_status":{"known_affected":["CSAFPID-efdeeff4-34e3-11f1-8422-122e2785dc9f","CSAFPID-efdf6786-34e3-11f1-8422-122e2785dc9f","CSAFPID-efe0d54e-34e3-11f1-8422-122e2785dc9f"],"known_not_affected":["CSAFPID-efdcbd24-34e3-11f1-8422-122e2785dc9f","CSAFPID-efdd3b14-34e3-11f1-8422-122e2785dc9f","CSAFPID-efdd75fc-34e3-11f1-8422-122e2785dc9f","CSAFPID-efdda770-34e3-11f1-8422-122e2785dc9f","CSAFPID-efdde758-34e3-11f1-8422-122e2785dc9f","CSAFPID-efde3ca8-34e3-11f1-8422-122e2785dc9f","CSAFPID-efde9dba-34e3-11f1-8422-122e2785dc9f","CSAFPID-efdf23f2-34e3-11f1-8422-122e2785dc9f","CSAFPID-efe06cda-34e3-11f1-8422-122e2785dc9f","CSAFPID-efe09796-34e3-11f1-8422-122e2785dc9f"]}},{"title":"A flaw was found in Undertow where malformed client requests can trigger server-side stream resets without triggering abuse counters.","notes":[{"category":"summary","text":"A flaw was found in Undertow where malformed client requests can trigger server-side stream resets without triggering abuse counters. This issue, referred to as the \"MadeYouReset\" attack, allows malicious clients to induce excessive server workload by repeatedly causing server-side stream aborts. While not a protocol bug, this highlights a common implementation weakness that can be exploited to cause a denial of service (DoS)."}],"cve":"CVE-2025-9784","ids":[{"system_name":"CERT/CC V Identifier ","text":"VU#767506"}],"product_status":{"known_affected":["CSAFPID-efe265e4-34e3-11f1-8422-122e2785dc9f"],"known_not_affected":["CSAFPID-efe14088-34e3-11f1-8422-122e2785dc9f","CSAFPID-efe1882c-34e3-11f1-8422-122e2785dc9f","CSAFPID-efe22066-34e3-11f1-8422-122e2785dc9f"]}},{"title":"A mismatch caused by client-triggered server-sent stream resets between HTTP/2 specifications and the internal architectures of some HTTP/2 implementations may result in excessive server resource consumption leading to denial-of-service (DoS).","notes":[{"category":"summary","text":"A mismatch caused by client-triggered server-sent stream resets between HTTP/2 specifications and the internal architectures of some HTTP/2 implementations may result in excessive server resource consumption leading to denial-of-service (DoS).  By opening streams and then rapidly triggering the server to reset them—using malformed frames or flow control errors—an attacker can exploit incorrect stream accounting. Streams reset by the server are considered closed at the protocol level, even though backend processing continues. This allows a client to cause the server to handle an unbounded number of concurrent streams on a single connection. This CVE will be updated as affected product details are released."}],"cve":"CVE-2025-8671","ids":[{"system_name":"CERT/CC V Identifier ","text":"VU#767506"}],"references":[{"url":"https://tomcat.apache.org/","summary":"The current development version of Tempesta FW and release 0.8.1 are not affected.","category":"external"},{"url":"https://www.cve.org/CVERecord?id=CVE-2025-48989","summary":"The current development version of Tempesta FW and release 0.8.1 are not affected.","category":"external"},{"url":"https://github.com/tempesta-tech/tempesta/issues/2439","summary":"The current development version of Tempesta FW and release 0.8.1 are not affected.","category":"external"},{"url":"https://github.com/tempesta-tech/tempesta/issues/2451","summary":"The current development version of Tempesta FW and release 0.8.1 are not affected.","category":"external"}],"product_status":{"known_affected":["CSAFPID-efe34748-34e3-11f1-8422-122e2785dc9f","CSAFPID-efe53378-34e3-11f1-8422-122e2785dc9f","CSAFPID-efe5bb68-34e3-11f1-8422-122e2785dc9f","CSAFPID-efe64e98-34e3-11f1-8422-122e2785dc9f","CSAFPID-efe67b34-34e3-11f1-8422-122e2785dc9f","CSAFPID-efe6e59c-34e3-11f1-8422-122e2785dc9f","CSAFPID-efe76972-34e3-11f1-8422-122e2785dc9f","CSAFPID-efe79b4a-34e3-11f1-8422-122e2785dc9f","CSAFPID-efe7d114-34e3-11f1-8422-122e2785dc9f","CSAFPID-efe92690-34e3-11f1-8422-122e2785dc9f","CSAFPID-efec8c4a-34e3-11f1-8422-122e2785dc9f"],"known_not_affected":["CSAFPID-efe37e3e-34e3-11f1-8422-122e2785dc9f","CSAFPID-efe3b926-34e3-11f1-8422-122e2785dc9f","CSAFPID-efe3eaa4-34e3-11f1-8422-122e2785dc9f","CSAFPID-efe43090-34e3-11f1-8422-122e2785dc9f","CSAFPID-efe4b056-34e3-11f1-8422-122e2785dc9f","CSAFPID-efe5042a-34e3-11f1-8422-122e2785dc9f","CSAFPID-efe57cde-34e3-11f1-8422-122e2785dc9f","CSAFPID-efe5f74a-34e3-11f1-8422-122e2785dc9f","CSAFPID-efe73466-34e3-11f1-8422-122e2785dc9f","CSAFPID-efe845fe-34e3-11f1-8422-122e2785dc9f","CSAFPID-efe87d76-34e3-11f1-8422-122e2785dc9f","CSAFPID-efe8aff8-34e3-11f1-8422-122e2785dc9f","CSAFPID-efe8ed06-34e3-11f1-8422-122e2785dc9f","CSAFPID-efe9661e-34e3-11f1-8422-122e2785dc9f","CSAFPID-efe9ab42-34e3-11f1-8422-122e2785dc9f","CSAFPID-efe9e918-34e3-11f1-8422-122e2785dc9f","CSAFPID-efea1ce4-34e3-11f1-8422-122e2785dc9f","CSAFPID-efea5fc4-34e3-11f1-8422-122e2785dc9f","CSAFPID-efea9f98-34e3-11f1-8422-122e2785dc9f","CSAFPID-efeaeaca-34e3-11f1-8422-122e2785dc9f","CSAFPID-efeb2c38-34e3-11f1-8422-122e2785dc9f","CSAFPID-efeb7cce-34e3-11f1-8422-122e2785dc9f","CSAFPID-efebc5a8-34e3-11f1-8422-122e2785dc9f","CSAFPID-efec0aa4-34e3-11f1-8422-122e2785dc9f","CSAFPID-efecc804-34e3-11f1-8422-122e2785dc9f","CSAFPID-efecfc98-34e3-11f1-8422-122e2785dc9f","CSAFPID-efed81e0-34e3-11f1-8422-122e2785dc9f","CSAFPID-efedb9d0-34e3-11f1-8422-122e2785dc9f","CSAFPID-efedf4f4-34e3-11f1-8422-122e2785dc9f"]}},{"title":"An HTTP/2 implementation flaw allows a denial-of-service (DoS) that uses malformed HTTP/2 control frames in order to break the max concurrent streams limit (HTTP/2 MadeYouReset Attack).","notes":[{"category":"summary","text":"An HTTP/2 implementation flaw allows a denial-of-service (DoS) that uses malformed HTTP/2 control frames in order to break the max concurrent streams limit (HTTP/2 MadeYouReset Attack).  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated."}],"cve":"CVE-2025-54500","ids":[{"system_name":"CERT/CC V Identifier ","text":"VU#767506"}],"product_status":{"known_not_affected":["CSAFPID-efee7f5a-34e3-11f1-8422-122e2785dc9f","CSAFPID-efeedcb6-34e3-11f1-8422-122e2785dc9f","CSAFPID-efef246e-34e3-11f1-8422-122e2785dc9f","CSAFPID-efef76e4-34e3-11f1-8422-122e2785dc9f","CSAFPID-efefab1e-34e3-11f1-8422-122e2785dc9f","CSAFPID-efefdba2-34e3-11f1-8422-122e2785dc9f","CSAFPID-eff01716-34e3-11f1-8422-122e2785dc9f","CSAFPID-eff05ba4-34e3-11f1-8422-122e2785dc9f","CSAFPID-eff09e66-34e3-11f1-8422-122e2785dc9f","CSAFPID-eff0e830-34e3-11f1-8422-122e2785dc9f","CSAFPID-eff1250c-34e3-11f1-8422-122e2785dc9f","CSAFPID-eff1e474-34e3-11f1-8422-122e2785dc9f"]}}],"product_tree":{"branches":[{"category":"vendor","name":"LiteSpeed Technologies","product":{"name":"LiteSpeed Technologies Products","product_id":"CSAFPID-efd37200-34e3-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Digi International","product":{"name":"Digi International Products","product_id":"CSAFPID-efd3c084-34e3-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Microsoft","product":{"name":"Microsoft Products","product_id":"CSAFPID-efd4013e-34e3-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Meta","product":{"name":"Meta Products","product_id":"CSAFPID-efd43c62-34e3-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Internet Systems Consortium","product":{"name":"Internet Systems Consortium Products","product_id":"CSAFPID-efd466c4-34e3-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Traefik","product":{"name":"Traefik Products","product_id":"CSAFPID-efd4ac56-34e3-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Arista Networks","product":{"name":"Arista Networks Products","product_id":"CSAFPID-efd4f274-34e3-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Akamai Technologies Inc.","product":{"name":"Akamai Technologies Inc. Products","product_id":"CSAFPID-efd5336a-34e3-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"X.org Foundation","product":{"name":"X.org Foundation Products","product_id":"CSAFPID-efd56f38-34e3-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Red Hat","product":{"name":"Red Hat Products","product_id":"CSAFPID-efd5af5c-34e3-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Fastly","product":{"name":"Fastly Products","product_id":"CSAFPID-efd5d7f2-34e3-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"eCosCentric","product":{"name":"eCosCentric Products","product_id":"CSAFPID-efd5fff2-34e3-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"SUSE Linux","product":{"name":"SUSE Linux Products","product_id":"CSAFPID-efd63580-34e3-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"LiteSpeed Technologies","product":{"name":"LiteSpeed Technologies Products","product_id":"CSAFPID-efd6d31e-34e3-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Digi International","product":{"name":"Digi International Products","product_id":"CSAFPID-efd728b4-34e3-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Microsoft","product":{"name":"Microsoft Products","product_id":"CSAFPID-efd760cc-34e3-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Meta","product":{"name":"Meta Products","product_id":"CSAFPID-efd79c22-34e3-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Internet Systems Consortium","product":{"name":"Internet Systems Consortium Products","product_id":"CSAFPID-efd7d2dc-34e3-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Traefik","product":{"name":"Traefik Products","product_id":"CSAFPID-efd8082e-34e3-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Arista Networks","product":{"name":"Arista Networks Products","product_id":"CSAFPID-efd85446-34e3-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Akamai Technologies Inc.","product":{"name":"Akamai Technologies Inc. Products","product_id":"CSAFPID-efd898e8-34e3-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"X.org Foundation","product":{"name":"X.org Foundation Products","product_id":"CSAFPID-efd8e1e0-34e3-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Red Hat","product":{"name":"Red Hat Products","product_id":"CSAFPID-efd92876-34e3-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"SUSE Linux","product":{"name":"SUSE Linux Products","product_id":"CSAFPID-efd96ad4-34e3-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"eCosCentric","product":{"name":"eCosCentric Products","product_id":"CSAFPID-efd9add2-34e3-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Tempesta","product":{"name":"Tempesta Products","product_id":"CSAFPID-efd9f490-34e3-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Fastly","product":{"name":"Fastly Products","product_id":"CSAFPID-efda38f6-34e3-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"LiteSpeed Technologies","product":{"name":"LiteSpeed Technologies Products","product_id":"CSAFPID-efdaba56-34e3-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Digi International","product":{"name":"Digi International Products","product_id":"CSAFPID-efdb0fec-34e3-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Microsoft","product":{"name":"Microsoft Products","product_id":"CSAFPID-efdb5790-34e3-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Red Hat","product":{"name":"Red Hat Products","product_id":"CSAFPID-efdb8148-34e3-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Meta","product":{"name":"Meta Products","product_id":"CSAFPID-efdbd9ae-34e3-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"eCosCentric","product":{"name":"eCosCentric Products","product_id":"CSAFPID-efdc0d8e-34e3-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Internet Systems Consortium","product":{"name":"Internet Systems Consortium Products","product_id":"CSAFPID-efdc44b6-34e3-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"LiteSpeed Technologies","product":{"name":"LiteSpeed Technologies Products","product_id":"CSAFPID-efdcbd24-34e3-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Digi International","product":{"name":"Digi International Products","product_id":"CSAFPID-efdcf06e-34e3-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Microsoft","product":{"name":"Microsoft Products","product_id":"CSAFPID-efdd3b14-34e3-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Meta","product":{"name":"Meta Products","product_id":"CSAFPID-efdd75fc-34e3-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Traefik","product":{"name":"Traefik Products","product_id":"CSAFPID-efdda770-34e3-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Arista Networks","product":{"name":"Arista Networks Products","product_id":"CSAFPID-efdde758-34e3-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Akamai Technologies Inc.","product":{"name":"Akamai Technologies Inc. Products","product_id":"CSAFPID-efde3ca8-34e3-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"X.org Foundation","product":{"name":"X.org Foundation Products","product_id":"CSAFPID-efde9dba-34e3-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Red Hat","product":{"name":"Red Hat Products","product_id":"CSAFPID-efdeeff4-34e3-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"eCosCentric","product":{"name":"eCosCentric Products","product_id":"CSAFPID-efdf23f2-34e3-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Apache Tomcat","product":{"name":"Apache Tomcat Products","product_id":"CSAFPID-efdf6786-34e3-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Juniper Networks","product":{"name":"Juniper Networks Products","product_id":"CSAFPID-efdf9e36-34e3-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Tempesta","product":{"name":"Tempesta Products","product_id":"CSAFPID-efdff124-34e3-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"AMD","product":{"name":"AMD Products","product_id":"CSAFPID-efe026e4-34e3-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Fastly","product":{"name":"Fastly Products","product_id":"CSAFPID-efe06cda-34e3-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Internet Systems Consortium","product":{"name":"Internet Systems Consortium Products","product_id":"CSAFPID-efe09796-34e3-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"SUSE Linux","product":{"name":"SUSE Linux Products","product_id":"CSAFPID-efe0d54e-34e3-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"eCosCentric","product":{"name":"eCosCentric Products","product_id":"CSAFPID-efe14088-34e3-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"LiteSpeed Technologies","product":{"name":"LiteSpeed Technologies Products","product_id":"CSAFPID-efe1882c-34e3-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Digi International","product":{"name":"Digi International Products","product_id":"CSAFPID-efe1d75a-34e3-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Microsoft","product":{"name":"Microsoft Products","product_id":"CSAFPID-efe22066-34e3-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Red Hat","product":{"name":"Red Hat Products","product_id":"CSAFPID-efe265e4-34e3-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Internet Systems Consortium","product":{"name":"Internet Systems Consortium Products","product_id":"CSAFPID-efe2ab76-34e3-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Apache Tomcat","product":{"name":"Apache Tomcat Products","product_id":"CSAFPID-efe34748-34e3-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Microsoft","product":{"name":"Microsoft Products","product_id":"CSAFPID-efe37e3e-34e3-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Meta","product":{"name":"Meta Products","product_id":"CSAFPID-efe3b926-34e3-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Traefik","product":{"name":"Traefik Products","product_id":"CSAFPID-efe3eaa4-34e3-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Arista Networks","product":{"name":"Arista Networks Products","product_id":"CSAFPID-efe43090-34e3-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"AMD","product":{"name":"AMD Products","product_id":"CSAFPID-efe46448-34e3-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Muonics Inc.","product":{"name":"Muonics Inc. Products","product_id":"CSAFPID-efe4b056-34e3-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"X.org Foundation","product":{"name":"X.org Foundation Products","product_id":"CSAFPID-efe5042a-34e3-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"gRPC","product":{"name":"gRPC Products","product_id":"CSAFPID-efe53378-34e3-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Apache Traffic Server Project","product":{"name":"Apache Traffic Server Project Products","product_id":"CSAFPID-efe57cde-34e3-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Fastly","product":{"name":"Fastly Products","product_id":"CSAFPID-efe5bb68-34e3-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Peplink","product":{"name":"Peplink Products","product_id":"CSAFPID-efe5f74a-34e3-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"SUSE Linux","product":{"name":"SUSE Linux Products","product_id":"CSAFPID-efe64e98-34e3-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Wind River","product":{"name":"Wind River Products","product_id":"CSAFPID-efe67b34-34e3-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Broadcom","product":{"name":"Broadcom Products","product_id":"CSAFPID-efe6acda-34e3-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Netty","product":{"name":"Netty Products","product_id":"CSAFPID-efe6e59c-34e3-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Netflix Inc.","product":{"name":"Netflix Inc. Products","product_id":"CSAFPID-efe73466-34e3-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Zephyr Project","product":{"name":"Zephyr Project Products","product_id":"CSAFPID-efe76972-34e3-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Mozilla","product":{"name":"Mozilla Products","product_id":"CSAFPID-efe79b4a-34e3-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Eclipse Foundation","product":{"name":"Eclipse Foundation Products","product_id":"CSAFPID-efe7d114-34e3-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Twisted","product":{"name":"Twisted Products","product_id":"CSAFPID-efe81bba-34e3-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Akamai Technologies Inc.","product":{"name":"Akamai Technologies Inc. Products","product_id":"CSAFPID-efe845fe-34e3-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"IETF HTTP Working Group","product":{"name":"IETF HTTP Working Group Products","product_id":"CSAFPID-efe87d76-34e3-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"hyperium","product":{"name":"hyperium Products","product_id":"CSAFPID-efe8aff8-34e3-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"netsnmp","product":{"name":"netsnmp Products","product_id":"CSAFPID-efe8ed06-34e3-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"AMPHP","product":{"name":"AMPHP Products","product_id":"CSAFPID-efe92690-34e3-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Go Programming Language","product":{"name":"Go Programming Language Products","product_id":"CSAFPID-efe9661e-34e3-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Rust Security Response WG","product":{"name":"Rust Security Response WG Products","product_id":"CSAFPID-efe9ab42-34e3-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"eCosCentric","product":{"name":"eCosCentric Products","product_id":"CSAFPID-efe9e918-34e3-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Paessler","product":{"name":"Paessler Products","product_id":"CSAFPID-efea1ce4-34e3-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Node.js","product":{"name":"Node.js Products","product_id":"CSAFPID-efea5fc4-34e3-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Aruba Networks","product":{"name":"Aruba Networks Products","product_id":"CSAFPID-efea9f98-34e3-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"HAProxy","product":{"name":"HAProxy Products","product_id":"CSAFPID-efeaeaca-34e3-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"GitHub","product":{"name":"GitHub Products","product_id":"CSAFPID-efeb2c38-34e3-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Internet Systems Consortium","product":{"name":"Internet Systems Consortium Products","product_id":"CSAFPID-efeb7cce-34e3-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Apache HTTP Server Project","product":{"name":"Apache HTTP Server Project Products","product_id":"CSAFPID-efebc5a8-34e3-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"lighttpd","product":{"name":"lighttpd Products","product_id":"CSAFPID-efec0aa4-34e3-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Tempesta","product":{"name":"Tempesta Products","product_id":"CSAFPID-efec5220-34e3-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Varnish Software","product":{"name":"Varnish Software Products","product_id":"CSAFPID-efec8c4a-34e3-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"LiteSpeed Technologies","product":{"name":"LiteSpeed Technologies Products","product_id":"CSAFPID-efecc804-34e3-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Juniper Networks","product":{"name":"Juniper Networks Products","product_id":"CSAFPID-efecfc98-34e3-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Cisco","product":{"name":"Cisco Products","product_id":"CSAFPID-efed3c76-34e3-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Envoy","product":{"name":"Envoy Products","product_id":"CSAFPID-efed81e0-34e3-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Digi International","product":{"name":"Digi International Products","product_id":"CSAFPID-efedb9d0-34e3-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Red Hat","product":{"name":"Red Hat Products","product_id":"CSAFPID-efedf4f4-34e3-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"LiteSpeed Technologies","product":{"name":"LiteSpeed Technologies Products","product_id":"CSAFPID-efee7f5a-34e3-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Digi International","product":{"name":"Digi International Products","product_id":"CSAFPID-efeedcb6-34e3-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Microsoft","product":{"name":"Microsoft Products","product_id":"CSAFPID-efef246e-34e3-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Meta","product":{"name":"Meta Products","product_id":"CSAFPID-efef76e4-34e3-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Internet Systems Consortium","product":{"name":"Internet Systems Consortium Products","product_id":"CSAFPID-efefab1e-34e3-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Traefik","product":{"name":"Traefik Products","product_id":"CSAFPID-efefdba2-34e3-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Arista Networks","product":{"name":"Arista Networks Products","product_id":"CSAFPID-eff01716-34e3-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Akamai Technologies Inc.","product":{"name":"Akamai Technologies Inc. Products","product_id":"CSAFPID-eff05ba4-34e3-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"X.org Foundation","product":{"name":"X.org Foundation Products","product_id":"CSAFPID-eff09e66-34e3-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Red Hat","product":{"name":"Red Hat Products","product_id":"CSAFPID-eff0e830-34e3-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"SUSE Linux","product":{"name":"SUSE Linux Products","product_id":"CSAFPID-eff1250c-34e3-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Tempesta","product":{"name":"Tempesta Products","product_id":"CSAFPID-eff1613e-34e3-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Fastly","product":{"name":"Fastly Products","product_id":"CSAFPID-eff1a1c6-34e3-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"eCosCentric","product":{"name":"eCosCentric Products","product_id":"CSAFPID-eff1e474-34e3-11f1-8422-122e2785dc9f"}}]}}