7.8
CVE-2019-9515
- EPSS 87.81%
- Veröffentlicht 13.08.2019 21:15:12
- Zuletzt bearbeitet 14.01.2025 19:29:55
- Quelle cret@cert.org
- CVE-Watchlists
- Unerledigt
Some HTTP/2 implementations are vulnerable to a settings flood, potentially leading to a denial of service
Some HTTP/2 implementations are vulnerable to a settings flood, potentially leading to a denial of service. The attacker sends a stream of SETTINGS frames to the peer. Since the RFC requires that the peer reply with one acknowledgement per SETTINGS frame, an empty SETTINGS frame is almost equivalent in behavior to a ping. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Apache ≫ Traffic Server Version >= 6.0.0 <= 6.2.3
Apache ≫ Traffic Server Version >= 7.0.0 <= 7.1.6
Apache ≫ Traffic Server Version >= 8.0.0 <= 8.0.3
Canonical ≫ Ubuntu Linux Version16.04 SwEditionlts
Canonical ≫ Ubuntu Linux Version18.04 SwEditionlts
Canonical ≫ Ubuntu Linux Version19.04
Debian ≫ Debian Linux Version9.0
Debian ≫ Debian Linux Version10.0
Synology ≫ Diskstation Manager Version6.2
Synology ≫ Vs960hd Firmware Version-
Fedoraproject ≫ Fedora Version29
Fedoraproject ≫ Fedora Version30
Redhat ≫ Jboss Core Services Version1.0
Redhat ≫ Jboss Enterprise Application Platform Version7.2.0
Redhat ≫ Jboss Enterprise Application Platform Version7.3.0
Redhat ≫ Openshift Container Platform Version4.1
Redhat ≫ Openshift Service Mesh Version1.0
Redhat ≫ Single Sign-on Version7.3
Redhat ≫ Software Collections Version1.0
Redhat ≫ Enterprise Linux Version8.0
Mcafee ≫ Web Gateway Version >= 7.7.2.0 < 7.7.2.24
Mcafee ≫ Web Gateway Version >= 7.8.2.0 < 7.8.2.13
Mcafee ≫ Web Gateway Version >= 8.1.0 < 8.2.0
F5 ≫ Big-ip Local Traffic Manager Version >= 11.6.1 < 11.6.5.1
F5 ≫ Big-ip Local Traffic Manager Version >= 12.1.0 < 12.1.5.1
F5 ≫ Big-ip Local Traffic Manager Version >= 13.1.0 < 13.1.3.2
F5 ≫ Big-ip Local Traffic Manager Version >= 14.0.0 < 14.0.1.1
F5 ≫ Big-ip Local Traffic Manager Version >= 14.1.0 < 14.1.2.1
F5 ≫ Big-ip Local Traffic Manager Version >= 15.0.0 < 15.0.1.1
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 87.81% | 0.997 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
| nvd@nist.gov | 7.8 | 10 | 6.9 |
AV:N/AC:L/Au:N/C:N/I:N/A:C
|
| cret@cert.org | 7.5 | 3.9 | 3.6 |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
CWE-400 Uncontrolled Resource Consumption
The product does not properly control the allocation and maintenance of a limited resource.
CWE-770 Allocation of Resources Without Limits or Throttling
The product allocates a reusable resource or group of resources on behalf of an actor without imposing any intended restrictions on the size or number of resources that can be allocated.
https://access.redhat.com/errata/RHSA-2019:3892
https://access.redhat.com/errata/RHSA-2020:0727
https://access.redhat.com/errata/RHSA-2019:4352
https://usn.ubuntu.com/4308-1/
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00031.html
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00032.html
https://access.redhat.com/errata/RHSA-2019:2925
https://access.redhat.com/errata/RHSA-2019:2939
https://access.redhat.com/errata/RHSA-2019:2955
https://access.redhat.com/errata/RHSA-2019:4018
https://access.redhat.com/errata/RHSA-2019:4019
https://access.redhat.com/errata/RHSA-2019:4020
https://access.redhat.com/errata/RHSA-2019:4021
https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md
https://kb.cert.org/vuls/id/605641/
https://kc.mcafee.com/corporate/index?page=content&id=SB10296
https://security.netapp.com/advisory/ntap-20190823-0005/
https://www.synology.com/security/advisory/Synology_SA_19_33
http://seclists.org/fulldisclosure/2019/Aug/16
https://access.redhat.com/errata/RHSA-2019:2766
https://access.redhat.com/errata/RHSA-2019:2796
https://access.redhat.com/errata/RHSA-2019:2861
https://access.redhat.com/errata/RHSA-2019:4040
https://access.redhat.com/errata/RHSA-2019:4041
https://access.redhat.com/errata/RHSA-2019:4042
https://access.redhat.com/errata/RHSA-2019:4045
https://lists.apache.org/thread.html/392108390cef48af647a2e47b7fd5380e050e35ae8d1aa2030254c04%40%3Cusers.trafficserver.apache.org%3E
https://lists.apache.org/thread.html/ad3d01e767199c1aed8033bb6b3f5bf98c011c7c536f07a5d34b3c19%40%3Cannounce.trafficserver.apache.org%3E
https://lists.apache.org/thread.html/bde52309316ae798186d783a5e29f4ad1527f61c9219a289d0eee0a7%40%3Cdev.trafficserver.apache.org%3E
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4ZQGHE3WTYLYAYJEIDJVF2FIGQTAYPMC/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CMNFX5MNYRWWIMO4BTKYQCGUDMHO3AXP/
https://seclists.org/bugtraq/2019/Aug/24
https://seclists.org/bugtraq/2019/Aug/43
https://seclists.org/bugtraq/2019/Sep/18
https://www.debian.org/security/2019/dsa-4508
https://www.debian.org/security/2019/dsa-4520
https://support.f5.com/csp/article/K50233772
https://support.f5.com/csp/article/K50233772?utm_source=f5support&%3Butm_medium=RSS