Lucene search

K
cveCertccCVE-2019-9518
HistoryAug 13, 2019 - 9:15 p.m.

CVE-2019-9518

2019-08-1321:15:13
CWE-770
CWE-400
certcc
web.nvd.nist.gov
465
http/2
vulnerability
denial of service
cve-2019-9518
nvd

CVSS2

7.8

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

7.5

Confidence

High

EPSS

0.012

Percentile

85.3%

Some HTTP/2 implementations are vulnerable to a flood of empty frames, potentially leading to a denial of service. The attacker sends a stream of frames with an empty payload and without the end-of-stream flag. These frames can be DATA, HEADERS, CONTINUATION and/or PUSH_PROMISE. The peer spends time processing each frame disproportionate to attack bandwidth. This can consume excess CPU.

Affected configurations

Nvd
Node
appleswiftnioRange1.0.01.4.0
AND
applemac_os_xRange10.12
OR
canonicalubuntu_linuxRange14.04
Node
apachetraffic_serverRange6.0.06.2.3
OR
apachetraffic_serverRange7.0.07.1.6
OR
apachetraffic_serverRange8.0.08.0.3
Node
canonicalubuntu_linuxMatch16.04lts
OR
canonicalubuntu_linuxMatch18.04lts
OR
canonicalubuntu_linuxMatch19.04
Node
debiandebian_linuxMatch9.0
OR
debiandebian_linuxMatch10.0
Node
synologydiskstation_managerMatch6.2
OR
synologyskynasMatch-
Node
synologyvs960hd_firmwareMatch-
AND
synologyvs960hdMatch-
Node
fedoraprojectfedoraMatch29
OR
fedoraprojectfedoraMatch30
Node
opensuseleapMatch15.0
OR
opensuseleapMatch15.1
Node
redhatjboss_core_servicesMatch1.0
OR
redhatjboss_enterprise_application_platformMatch7.2.0
OR
redhatjboss_enterprise_application_platformMatch7.3.0
OR
redhatopenshift_service_meshMatch1.0
OR
redhatquayMatch3.0.0
OR
redhatsoftware_collectionsMatch1.0
OR
redhatenterprise_linuxMatch8.0
Node
oraclegraalvmMatch19.2.0enterprise
Node
mcafeeweb_gatewayRange7.7.2.07.7.2.24
OR
mcafeeweb_gatewayRange7.8.2.07.8.2.13
OR
mcafeeweb_gatewayRange8.1.08.2.0
Node
nodejsnode.jsRange8.0.08.8.1-
OR
nodejsnode.jsRange8.9.08.16.1lts
OR
nodejsnode.jsRange10.0.010.12.0-
OR
nodejsnode.jsRange10.13.010.16.3lts
OR
nodejsnode.jsRange12.0.012.8.1-
VendorProductVersionCPE
appleswiftnio*cpe:2.3:a:apple:swiftnio:*:*:*:*:*:*:*:*
applemac_os_x*cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
canonicalubuntu_linux*cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*
apachetraffic_server*cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:*
canonicalubuntu_linux16.04cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
canonicalubuntu_linux18.04cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
canonicalubuntu_linux19.04cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*
debiandebian_linux9.0cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
debiandebian_linux10.0cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
synologydiskstation_manager6.2cpe:2.3:a:synology:diskstation_manager:6.2:*:*:*:*:*:*:*
Rows per page:
1-10 of 281

References

CVSS2

7.8

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

7.5

Confidence

High

EPSS

0.012

Percentile

85.3%