Read Time:22 Second

Two remotely exploitable security vulnerabilities were discovered in Jetty 9, a
Java based web server and servlet engine. The HTTP/2 protocol implementation
did not sufficiently verify if HPACK header values exceed their size limit.
Furthermore the HTTP/2 protocol allowed a denial of service (server resource
consumption) because request cancellation can reset many streams quickly. This
problem is also known as Rapid Reset Attack.

https://security-tracker.debian.org/tracker/DSA-5540-1

Read More