[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248392

 
 

909

 
 

195452

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2019-9514Date: (C)2019-08-15   (M)2024-04-17


Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service. The attacker opens a number of streams and sends an invalid request over each stream that should solicit a stream of RST_STREAM frames from the peer. Depending on how the peer queues the RST_STREAM frames, this can consume excess memory, CPU, or both.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V3 Severity:CVSS V2 Severity:
CVSS Score : 7.5CVSS Score : 7.8
Exploit Score: 3.9Exploit Score: 10.0
Impact Score: 3.6Impact Score: 6.9
 
CVSS V3 Metrics:CVSS V2 Metrics:
Attack Vector: NETWORKAccess Vector: NETWORK
Attack Complexity: LOWAccess Complexity: LOW
Privileges Required: NONEAuthentication: NONE
User Interaction: NONEConfidentiality: NONE
Scope: UNCHANGEDIntegrity: NONE
Confidentiality: NONEAvailability: COMPLETE
Integrity: NONE 
Availability: HIGH 
  
Reference:
https://seclists.org/bugtraq/2019/Aug/24
http://seclists.org/fulldisclosure/2019/Aug/16
https://seclists.org/bugtraq/2019/Aug/31
https://seclists.org/bugtraq/2019/Aug/43
https://seclists.org/bugtraq/2019/Sep/18
DSA-4503
DSA-4508
DSA-4520
DSA-4669
FEDORA-2019-55d101a740
FEDORA-2019-5a6a7bc12c
FEDORA-2019-65db7ad6c7
FEDORA-2019-6a2980de56
RHSA-2019:2594
RHSA-2019:2661
RHSA-2019:2682
RHSA-2019:2690
RHSA-2019:2726
RHSA-2019:2766
RHSA-2019:2769
RHSA-2019:2796
RHSA-2019:2861
RHSA-2019:2925
RHSA-2019:2939
RHSA-2019:2955
RHSA-2019:2966
RHSA-2019:3131
RHSA-2019:3245
RHSA-2019:3265
RHSA-2019:3892
RHSA-2019:3906
RHSA-2019:4018
RHSA-2019:4019
RHSA-2019:4020
RHSA-2019:4021
RHSA-2019:4040
RHSA-2019:4041
RHSA-2019:4042
RHSA-2019:4045
RHSA-2019:4269
RHSA-2019:4273
RHSA-2019:4352
RHSA-2020:0406
RHSA-2020:0727
USN-4308-1
VU#605641
https://lists.debian.org/debian-lts-announce/2020/12/msg00011.html
http://www.openwall.com/lists/oss-security/2019/08/20/1
http://www.openwall.com/lists/oss-security/2023/10/18/8
https://lists.apache.org/thread.html/ad3d01e767199c1aed8033bb6b3f5bf98c011c7c536f07a5d34b3c19%40%3Cannounce.trafficserver.apache.org%3E
https://lists.apache.org/thread.html/bde52309316ae798186d783a5e29f4ad1527f61c9219a289d0eee0a7%40%3Cdev.trafficserver.apache.org%3E
https://lists.apache.org/thread.html/392108390cef48af647a2e47b7fd5380e050e35ae8d1aa2030254c04%40%3Cusers.trafficserver.apache.org%3E
https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md
https://kc.mcafee.com/corporate/index?page=content&id=SB10296
https://security.netapp.com/advisory/ntap-20190823-0001/
https://security.netapp.com/advisory/ntap-20190823-0004/
https://security.netapp.com/advisory/ntap-20190823-0005/
https://support.f5.com/csp/article/K01988340
https://support.f5.com/csp/article/K01988340?utm_source=f5support&%3Butm_medium=RSS
https://www.synology.com/security/advisory/Synology_SA_19_33
openSUSE-SU-2019:2000
openSUSE-SU-2019:2056
openSUSE-SU-2019:2072
openSUSE-SU-2019:2085
openSUSE-SU-2019:2114
openSUSE-SU-2019:2115
openSUSE-SU-2019:2130

CPE    7
cpe:/o:debian:debian_linux:9.0
cpe:/o:canonical:ubuntu_linux:16.04::~~lts~~~
cpe:/o:redhat:enterprise_linux_workstation:7.0
cpe:/o:apple:mac_os_x
...
CWE    1
CWE-770
OVAL    48
oval:org.secpod.oval:def:69745
oval:org.secpod.oval:def:57954
oval:org.secpod.oval:def:69755
oval:org.secpod.oval:def:604506
...

© SecPod Technologies