GCVE - cpe:2.3:a:akka:http_server:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:akka:http_server:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	Akka (`697d5654-43c5-5a2e-89b0-0ba978d87420`)
Product	Http Server (`ad3bf3ee-7e5c-590f-b01b-ce0e33ea01db`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from purl2cpe mapping

PURL mappings

PURL	Source	Last updated
`pkg:github/akka/akka-http`	purl2cpe	2026-06-01 10:12:22.284849
`pkg:maven/com.typesafe.akka/akka-http-bom`	purl2cpe	2026-06-01 10:12:22.284850

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2023-44487`	vulnerable	2026-06-08 06:12:41.267009	Details available The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. Published: 2023-10-10T00:00:00.000Z Updated: 2026-05-12T10:52:23.784Z Open on db.gcve.eu Reference links https://github.com/dotnet/core/blob/e4613450ea0da7fd2fc6b61dfb2c1c1dec1ce9ec/release-notes/6.0/6.0.23/6.0.23.md?plain=1#L73 https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack/ https://aws.amazon.com/security/security-bulletins/AWS-2023-011/ https://cloud.google.com/blog/products/identity-security/how-it-works-the-novel-http2-rapid-reset-ddos-attack https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2021-42697`	vulnerable	2026-06-08 05:35:22.447146	Details available Akka HTTP 10.1.x before 10.1.15 and 10.2.x before 10.2.7 can encounter stack exhaustion while parsing HTTP headers, which allows a remote attacker to conduct a Denial of Service attack by sending a User-Agent header with deeply nested comments. Published: 2021-11-02T21:44:54.000Z Updated: 2024-08-04T03:38:50.142Z Open on db.gcve.eu Reference links https://akka.io/blog/ https://doc.akka.io/docs/akka-http/current/security/2021-CVE-2021-42697-stack-overflow-parsing-user-agent.html https://akka.io/blog/news/2021/11/02/akka-http-10.2.7-released https://akka.io/blog/news/2021/11/22/akka-http-10.1.15-released http://packetstormsecurity.com/files/167018/Akka-HTTP-10.1.14-Denial-Of-Service.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2017-1000118`	vulnerable	2026-06-08 05:08:34.081962	Details available Akka HTTP versions <= 10.0.5 Illegal Media Range in Accept Header Causes StackOverflowError Leading to Denial of Service Published: 2017-10-04T01:00:00.000Z Updated: 2024-09-16T23:46:56.456Z Open on db.gcve.eu Reference links https://doc.akka.io/docs/akka-http/10.0.6/security/2017-05-03-illegal-media-range-in-accept-header-causes-stackoverflowerror.html	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.