9.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
7.8 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
0.821 High
EPSS
Percentile
98.3%
Multiple HTTP/2 implementations are vulnerable to a variety of denial-of-service (DoS) attacks.
The Security Considerations section of RFC7540 discusses some of the considerations needed for HTTP/2 connections as they demand more resources to operate than HTTP/1.1 connections. While it generally covers expected behavior considerations, how to mitigate abnormal behavior is left to the implementer which can leave it open to the following weaknesses.
CVE-2019-9511, also known as Data Dribble
The attacker requests a large amount of data from a specified resource over multiple streams. They manipulate window size and stream priority to force the server to queue the data in 1-byte chunks. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both, potentially leading to a denial of service.
CVE-2019-9512, also known as Ping Flood
The attacker sends continual pings to an HTTP/2 peer, causing the peer to build an internal queue of responses. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both, potentially leading to a denial of service.
CVE-2019-9513, also known as Resource Loop
The attacker creates multiple request streams and continually shuffles the priority of the streams in a way that causes substantial churn to the priority tree. This can consume excess CPU, potentially leading to a denial of service.
CVE-2019-9514, also known as Reset Flood
The attacker opens a number of streams and sends an invalid request over each stream that should solicit a stream of RST_STREAM frames from the peer. Depending on how the peer queues the RST_STREAM frames, this can consume excess memory, CPU, or both, potentially leading to a denial of service.
CVE-2019-9515, also known as Settings Flood
The attacker sends a stream of SETTINGS frames to the peer. Since the RFC requires that the peer reply with one acknowledgement per SETTINGS frame, an empty SETTINGS frame is almost equivalent in behavior to a ping. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both, potentially leading to a denial of service.
CVE-2019-9516, also known as 0-Length Headers Leak
The attacker sends a stream of headers with a 0-length header name and 0-length header value, optionally Huffman encoded into 1-byte or greater headers. Some implementations allocate memory for these headers and keep the allocation alive until the session dies. This can consume excess memory, potentially leading to a denial of service.
CVE-2019-9517, also known as Internal Data Buffering
The attacker opens the HTTP/2 window so the peer can send without constraint; however, they leave the TCP window closed so the peer cannot actually write (many of) the bytes on the wire. The attacker then sends a stream of requests for a large response object. Depending on how the servers queue the responses, this can consume excess memory, CPU, or both, potentially leading to a denial of service.
CVE-2019-9518, also known as Empty Frame Flooding
The attacker sends a stream of frames with an empty payload and without the end-of-stream flag. These frames can be DATA, HEADERS, CONTINUATION and/or PUSH_PROMISE. The peer spends time processing each frame disproportionate to attack bandwidth. This can consume excess CPU, potentially leading to a denial of service.
These attacks can consume excessive system resources, potentially enough that a single end-system could cause issues on multiple servers that may lead to Distributed DoS (DDoS) attacks.
Apply an update
Install the latest updates from HTTP/2 implementers.
Please see this matrix of affected products and vulnerabilities.
605641
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Notified: August 07, 2019 Updated: August 15, 2019
Statement Date: August 14, 2019
Affected
(Updated 8/14/2019) All customer services have been patched.
Notified: August 07, 2019 Updated: August 08, 2019
Affected
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: August 07, 2019 Updated: August 08, 2019
Affected
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: August 07, 2019 Updated: August 08, 2019
Affected
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Updated: August 14, 2019
Statement Date: August 13, 2019
Affected
Cloudflare uses NGINX for HTTP/2. Customers using Cloudflare are already protected against these attacks.
We are not aware of further vendor information regarding this vulnerability.
Updated: August 08, 2019
Affected
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Updated: August 08, 2019
Affected
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Updated: August 08, 2019
Affected
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: August 15, 2019 Updated: August 17, 2019
Statement Date: August 16, 2019
Affected
We have not received a statement from the vendor.
Fixed in:
<https://blog.litespeedtech.com/2019/08/15/litespeed-addresses-http-2-dos-advisories/>
There are no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23605641 Feedback>).
Notified: August 07, 2019 Updated: August 27, 2019
Affected
Microsoft addressed these vulnerabilities in August 2019 updates.
In addition, CVE-2019-9015 was addressed in February 2019 with the following KB article:
<https://support.microsoft.com/en-us/help/4491420>: Define thresholds on the number of HTTP/2 Settings parameters exchanged over a connection.
Updated: August 08, 2019
Affected
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: August 07, 2019 Updated: August 08, 2019
Affected
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: August 07, 2019 Updated: August 14, 2019
Statement Date: August 14, 2019
Affected
Affected.
Updated: August 08, 2019
Affected
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: August 07, 2019 Updated: August 08, 2019
Affected
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Updated: August 08, 2019
Affected
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Updated: August 08, 2019
Affected
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Updated: August 08, 2019
Affected
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Updated: August 20, 2019
Statement Date: August 20, 2019
Not Affected
We have verified that HAProxy is not vulnerable to these attacks. Willy Tarreau has issued a statement to the HAProxy mailing list: https://www.mail-archive.com/[email protected]/msg34717.html
Notified: August 07, 2019 Updated: August 09, 2019
Statement Date: August 07, 2019
Not Affected
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: August 07, 2019 Updated: September 03, 2019
Statement Date: September 03, 2019
Not Affected
LANCOM Systems confirms that no LANCOM product is affected.
We are not aware of further vendor information regarding this vulnerability.
Notified: August 07, 2019 Updated: August 09, 2019
Statement Date: August 08, 2019
Not Affected
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: August 07, 2019 Updated: August 07, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: August 07, 2019 Updated: August 07, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: August 07, 2019 Updated: August 07, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: August 07, 2019 Updated: August 07, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: August 07, 2019 Updated: August 07, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: August 07, 2019 Updated: August 07, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: August 07, 2019 Updated: August 07, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: August 07, 2019 Updated: August 07, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: August 07, 2019 Updated: August 07, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: August 07, 2019 Updated: August 07, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: August 07, 2019 Updated: August 07, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: August 07, 2019 Updated: August 07, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: August 07, 2019 Updated: August 07, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: August 07, 2019 Updated: August 07, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: August 07, 2019 Updated: August 07, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: August 07, 2019 Updated: August 07, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: August 07, 2019 Updated: August 07, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: August 07, 2019 Updated: August 07, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: August 07, 2019 Updated: August 07, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: August 07, 2019 Updated: August 07, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: August 07, 2019 Updated: August 07, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: August 07, 2019 Updated: August 07, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: August 07, 2019 Updated: August 07, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: August 07, 2019 Updated: August 07, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: August 07, 2019 Updated: August 07, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: August 07, 2019 Updated: August 07, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: August 07, 2019 Updated: August 07, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: August 07, 2019 Updated: August 07, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: August 07, 2019 Updated: August 07, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: August 07, 2019 Updated: August 07, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: August 07, 2019 Updated: August 07, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: August 07, 2019 Updated: August 07, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: August 07, 2019 Updated: August 07, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: August 07, 2019 Updated: August 07, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: August 07, 2019 Updated: August 07, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: August 07, 2019 Updated: August 07, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: August 07, 2019 Updated: August 07, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: August 07, 2019 Updated: August 07, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: August 07, 2019 Updated: August 07, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: August 07, 2019 Updated: August 07, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: August 07, 2019 Updated: August 07, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: August 07, 2019 Updated: August 07, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: August 07, 2019 Updated: August 07, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: August 07, 2019 Updated: August 07, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: August 07, 2019 Updated: August 07, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: August 07, 2019 Updated: August 07, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: August 07, 2019 Updated: August 07, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: August 07, 2019 Updated: August 07, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: August 07, 2019 Updated: August 07, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: August 07, 2019 Updated: August 07, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: August 07, 2019 Updated: August 07, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: August 07, 2019 Updated: August 07, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: August 07, 2019 Updated: August 07, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: August 07, 2019 Updated: August 07, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: August 07, 2019 Updated: August 07, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: August 07, 2019 Updated: August 07, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: August 07, 2019 Updated: August 07, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: August 07, 2019 Updated: August 07, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: August 07, 2019 Updated: August 07, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: August 07, 2019 Updated: August 07, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: August 07, 2019 Updated: August 07, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: August 07, 2019 Updated: August 07, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: August 07, 2019 Updated: August 07, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: August 07, 2019 Updated: August 07, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: August 07, 2019 Updated: August 07, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: August 07, 2019 Updated: August 07, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: August 07, 2019 Updated: August 07, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: August 07, 2019 Updated: August 07, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: August 07, 2019 Updated: August 07, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: August 07, 2019 Updated: August 07, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: August 07, 2019 Updated: August 07, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: August 07, 2019 Updated: August 07, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: August 07, 2019 Updated: August 07, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: August 07, 2019 Updated: August 07, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: August 07, 2019 Updated: August 07, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: August 07, 2019 Updated: August 07, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: August 07, 2019 Updated: August 07, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: August 07, 2019 Updated: August 07, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: August 07, 2019 Updated: August 07, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: August 07, 2019 Updated: August 07, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: July 22, 2019 Updated: July 22, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: August 07, 2019 Updated: August 07, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: August 07, 2019 Updated: August 07, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: August 07, 2019 Updated: August 07, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: August 07, 2019 Updated: August 07, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: August 07, 2019 Updated: August 07, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: August 07, 2019 Updated: August 07, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: August 07, 2019 Updated: August 07, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: August 07, 2019 Updated: August 07, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: August 07, 2019 Updated: August 07, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: August 07, 2019 Updated: August 07, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: August 07, 2019 Updated: August 07, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: August 07, 2019 Updated: August 07, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: August 07, 2019 Updated: August 07, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: August 07, 2019 Updated: August 07, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: August 07, 2019 Updated: August 07, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: August 07, 2019 Updated: August 07, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: August 07, 2019 Updated: August 07, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: August 07, 2019 Updated: August 07, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: August 07, 2019 Updated: August 07, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: August 07, 2019 Updated: August 07, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: August 07, 2019 Updated: August 07, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: August 07, 2019 Updated: August 07, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: August 07, 2019 Updated: August 07, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: August 07, 2019 Updated: August 07, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: August 07, 2019 Updated: August 07, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: August 07, 2019 Updated: August 07, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: August 07, 2019 Updated: August 07, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: August 07, 2019 Updated: August 07, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: August 07, 2019 Updated: August 07, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: August 07, 2019 Updated: August 07, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: August 07, 2019 Updated: August 07, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: August 07, 2019 Updated: August 07, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: August 07, 2019 Updated: August 07, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: August 07, 2019 Updated: August 07, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: August 07, 2019 Updated: August 07, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: August 07, 2019 Updated: August 07, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: August 07, 2019 Updated: August 07, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: August 07, 2019 Updated: August 07, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: August 07, 2019 Updated: August 07, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: August 07, 2019 Updated: August 07, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: August 07, 2019 Updated: August 07, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: August 07, 2019 Updated: August 07, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: August 07, 2019 Updated: August 07, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: August 07, 2019 Updated: August 07, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: August 07, 2019 Updated: August 07, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: July 22, 2019 Updated: July 22, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: August 07, 2019 Updated: August 07, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: August 07, 2019 Updated: August 07, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: August 07, 2019 Updated: August 07, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: August 07, 2019 Updated: August 07, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: August 07, 2019 Updated: August 07, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: August 07, 2019 Updated: August 07, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: August 07, 2019 Updated: August 07, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: August 07, 2019 Updated: August 07, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: August 07, 2019 Updated: August 07, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: August 07, 2019 Updated: August 07, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: August 07, 2019 Updated: August 07, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: August 07, 2019 Updated: August 07, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: August 07, 2019 Updated: August 07, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: August 07, 2019 Updated: August 07, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: August 07, 2019 Updated: August 07, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: August 07, 2019 Updated: August 07, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: August 07, 2019 Updated: August 07, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: August 07, 2019 Updated: August 07, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: July 22, 2019 Updated: July 22, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: August 07, 2019 Updated: August 07, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: August 07, 2019 Updated: August 07, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: August 07, 2019 Updated: August 07, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: August 07, 2019 Updated: August 07, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: August 07, 2019 Updated: August 07, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: August 07, 2019 Updated: August 07, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: August 07, 2019 Updated: August 07, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: August 07, 2019 Updated: August 07, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: August 07, 2019 Updated: August 07, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: August 07, 2019 Updated: August 07, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: August 07, 2019 Updated: August 07, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: August 07, 2019 Updated: August 07, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: August 07, 2019 Updated: August 07, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: August 07, 2019 Updated: August 07, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: August 07, 2019 Updated: August 07, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: August 07, 2019 Updated: August 07, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: August 07, 2019 Updated: August 07, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: August 07, 2019 Updated: August 07, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: August 07, 2019 Updated: August 07, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: August 07, 2019 Updated: August 07, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: August 07, 2019 Updated: August 07, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: August 07, 2019 Updated: August 07, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: August 07, 2019 Updated: August 07, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: August 07, 2019 Updated: August 07, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: August 07, 2019 Updated: August 07, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: August 07, 2019 Updated: August 07, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: August 07, 2019 Updated: August 07, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: August 07, 2019 Updated: August 07, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: August 07, 2019 Updated: August 07, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: August 07, 2019 Updated: August 07, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: August 07, 2019 Updated: August 07, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: August 07, 2019 Updated: August 07, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: August 07, 2019 Updated: August 07, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: August 07, 2019 Updated: August 07, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: August 07, 2019 Updated: August 07, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: August 07, 2019 Updated: August 07, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: August 07, 2019 Updated: August 07, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: August 07, 2019 Updated: August 07, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: August 07, 2019 Updated: August 07, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: August 07, 2019 Updated: August 07, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: August 07, 2019 Updated: August 07, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: August 07, 2019 Updated: August 07, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: August 07, 2019 Updated: August 07, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: August 07, 2019 Updated: August 07, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: August 07, 2019 Updated: August 07, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: August 07, 2019 Updated: August 07, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: August 07, 2019 Updated: August 07, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: August 07, 2019 Updated: August 07, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: August 07, 2019 Updated: August 07, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: August 07, 2019 Updated: August 07, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: August 07, 2019 Updated: August 07, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: August 07, 2019 Updated: August 07, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: August 07, 2019 Updated: August 07, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: August 07, 2019 Updated: August 07, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: August 07, 2019 Updated: August 07, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: August 07, 2019 Updated: August 07, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: August 07, 2019 Updated: August 07, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: August 07, 2019 Updated: August 07, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: August 07, 2019 Updated: August 07, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: August 07, 2019 Updated: August 07, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: August 07, 2019 Updated: August 07, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: August 07, 2019 Updated: August 07, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: August 07, 2019 Updated: August 07, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: August 07, 2019 Updated: August 07, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: August 07, 2019 Updated: August 07, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: August 07, 2019 Updated: August 07, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: August 07, 2019 Updated: August 07, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: August 07, 2019 Updated: August 07, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
View all 236 vendors __View less vendors __
Group | Score | Vector |
---|---|---|
Base | 5 | AV:N/AC:L/Au:N/C:N/I:–/A:P |
Temporal | 3.9 | E:POC/RL:OF/RC:C |
Environmental | 6.3 | CDP:LM/TD:H/CR:ND/IR:ND/AR:H |
Thanks to Jonathan Looney of Netflix for reporting CVE-2019-9511, CVE-2019-9512, CVE-2019-9513, CVE-2019-9514, CVE-2019-9515, CVE-2019-9516, and CVE-2019-9517.
Thanks to Piotr Sikora of Google, Envoy Security Team, for reporting CVE-2019-9518.
This document was written by Madison Oliver.
CVE IDs: | CVE-2019-9511, CVE-2019-9512, CVE-2019-9513, CVE-2019-9514, CVE-2019-9515, CVE-2019-9516, CVE-2019-9517, CVE-2019-9518 |
---|---|
Date Public: | 2019-08-13 Date First Published: |
blog.cloudflare.com/on-the-recent-http-2-dos-attacks/
blogs.akamai.com/sitr/2019/08/http2-vulnerabilities.html
github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md
tools.ietf.org/html/rfc7540
tools.ietf.org/html/rfc7541
vuls.cert.org/confluence/pages/viewpage.action?pageId=56393752
9.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
7.8 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
0.821 High
EPSS
Percentile
98.3%