CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2024-2758: CVE-2024-2758

Description

Tempesta FW rate limits are not enabled by default. They are either set too large to capture empty CONTINUATION frames attacks or too small to handle normal HTTP requests appropriately.

Classification

CVE ID: CVE-2024-2758

Affected Products

Vendor: Tempesta

Product: Tempesta FW

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.05% (probability of being exploited)

EPSS Percentile: 18.39% (scored less or equal to compared to others)

EPSS Date: 2025-03-14 (when was this score calculated)

References

https://github.com/tempesta-tech/tempesta/security/advisories/GHSA-3xwj-5ch3-q9p4
https://www.kb.cert.org/vuls/id/421644
http://www.openwall.com/lists/oss-security/2024/04/03/16

Timeline

2025-02-14 00:31:43 UTC
CVE

CVE-2024-2758