DATABASE RESOURCES PRICING ABOUT US

{"id": "CVE-2019-9518", "vendorId": null, "type": "cve", "bulletinFamily": "NVD", "title": "CVE-2019-9518", "description": "Some HTTP/2 implementations are vulnerable to a flood of empty frames, potentially leading to a denial of service. The attacker sends a stream of frames with an empty payload and without the end-of-stream flag. These frames can be DATA, HEADERS, CONTINUATION and/or PUSH_PROMISE. The peer spends time processing each frame disproportionate to attack bandwidth. This can consume excess CPU.", "published": "2019-08-13T21:15:00", "modified": "2022-08-12T18:40:00", "epss": [{"cve": "CVE-2019-9518", "epss": 0.00285, "percentile": 0.64168, "modified": "2023-06-13"}], "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.8}, "severity": "HIGH", "exploitabilityScore": 10.0, "impactScore": 6.9, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "cvss3": {"cvssV3": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 3.6}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-9518", "reporter": "cert@cert.org", "references": ["https://kb.cert.org/vuls/id/605641/", "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md", "https://seclists.org/bugtraq/2019/Aug/24", "http://seclists.org/fulldisclosure/2019/Aug/16", "https://www.synology.com/security/advisory/Synology_SA_19_33", "https://support.f5.com/csp/article/K46011592", "https://lists.apache.org/thread.html/091b518265bce56a16af87b77c8cfacda902a02079e866f9fdf13b61@%3Cusers.trafficserver.apache.org%3E", "https://lists.apache.org/thread.html/2653c56545573b528f3f6352a29eccaf498bd6fb2a6a59568d81a61d@%3Cannounce.trafficserver.apache.org%3E", "https://lists.apache.org/thread.html/ff5b0821a6985159a832ff6d1a4bd311ac07ecc7db1e2d8bab619107@%3Cdev.trafficserver.apache.org%3E", "https://security.netapp.com/advisory/ntap-20190823-0005/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CMNFX5MNYRWWIMO4BTKYQCGUDMHO3AXP/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4ZQGHE3WTYLYAYJEIDJVF2FIGQTAYPMC/", "https://www.debian.org/security/2019/dsa-4520", "https://seclists.org/bugtraq/2019/Sep/18", "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00032.html", "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00031.html", "https://kc.mcafee.com/corporate/index?page=content&id=SB10296", "https://access.redhat.com/errata/RHSA-2019:2925", "https://access.redhat.com/errata/RHSA-2019:2939", "https://access.redhat.com/errata/RHSA-2019:2955", "https://support.f5.com/csp/article/K46011592?utm_source=f5support&utm_medium=RSS", "https://access.redhat.com/errata/RHSA-2019:3892", "https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe@%3Ccommits.druid.apache.org%3E", "https://access.redhat.com/errata/RHSA-2019:4352", "https://access.redhat.com/errata/RHSA-2020:0727", "https://lists.apache.org/thread.html/r99a625fb17032646d96cd23dec49603ff630e9318e44a686d63046bc@%3Ccommits.cassandra.apache.org%3E", "https://lists.apache.org/thread.html/rd31230d01fa6aad18bdadc0720acd1747e53690bd35f73a48e7a9b75@%3Ccommits.cassandra.apache.org%3E"], "cvelist": ["CVE-2019-9518"], "immutableFields": [], "lastseen": "2023-06-13T15:33:03", "viewCount": 416, "enchantments": {"dependencies": {"references": [{"type": "almalinux", "idList": ["ALSA-2019:2925"]}, {"type": "alpinelinux", "idList": ["ALPINE:CVE-2019-9518"]}, {"type": "altlinux", "idList": ["E64A79B455B5B29956A55C132E6895B7"]}, {"type": "apple", "idList": ["APPLE:B7EC2E92CBEF4481D5F2735898CA5FE4", "APPLE:HT210436"]}, {"type": "cert", "idList": ["VU:605641"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:7430089B5BD03FDE67C945B0672A675E"]}, {"type": "cve", "idList": ["CVE-2019-14992"]}, {"type": "debian", "idList": ["DEBIAN:DSA-4520-1:26CCF"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2019-9518"]}, {"type": "f5", "idList": ["F5:K01988340", "F5:K46011592", "F5:K50233772", "F5:K98053339"]}, {"type": "fedora", "idList": ["FEDORA:0C9226047329", "FEDORA:BDA8C6056EF5", "FEDORA:E5C91604A708"]}, {"type": "fortinet", "idList": ["FG-IR-19-225"]}, {"type": "freebsd", "idList": ["C97A940B-C392-11E9-BB38-000D3AB229D6"]}, {"type": "ibm", "idList": ["0417036025FD6A189EE42ABF0BD8858E873D012FB5A3D9F9BF5C94F081CDDEB5", "057F23DB71C72978E8CCF4A7BDE90605082E47A058ABF70F5C21BAD102DCB0FA", "0AF0D1ABD7511641350D2C0A10AF6B5BB4A0ABFC6C05902B5F1C5E07C1566C95", "0C931C8FB3337ADB707B8C54D7D2E65C09B2A9067AF3442FB5EDF49ED471F44A", "17167E9B7772FCC3C13341661C717A788FBA9411691E4C6CEEBFD6C6E3A96690", "23CDFC767B1F8B0922BC72249E18F4BE7A23A2D5C6AAF52840D8298A30852894", "2EA2C9FAC993C6AEC32EA8F89FBD4374B89508FE14BFE1942351C36F204DE9B5", "38B9D897011CEB670EAF1E1AB11DB01D2C8CE3AA7925078CA13A859E05628FF8", "3C024BED98983358FC2A70F4FA5AF823CC21E61763DB444AC2404D2ECDECB070", "3FC31A2CC7ABF7DA1885EE97783B9D04AD2C6EF31E7B2B06895F95DAD4550593", "413EFD2051B06CEFCDFB6A85E56D412853059B72C27BDAC4B5D06E384C0A787D", "41CB9666A88AE67D4A0558674B8CFDA62F160B6DDCBA3C10576515447887CF12", "44289E9AFA262B32B9B340C2E5063B6A6A7C857ECC454752758C62450EDDB5A1", "4BEC8E9463E4B27C09D4E3ECF5C98A9E0D6D193C06E6EFC3DEDB9F41368D7DC0", "4CE6EF5A931E1DD71173744E63FA5B598713F2EB1EFE22E55E4D35D7659268AA", "574FC031AF9B64FDFC8B0BF65E22355456EDFA4CF1ECE74E592CA6972407F30F", "582F96446333EB82A24A0C13191C208F7E940B6AE34B504E8FD5A296160793B6", "59A24344B16F41FDA29E13AC82F85E48C72A67AD619672DE0CAC8898427FEE09", "5A357128639E00EE0774B3D2597A839328E9DE84359137CFEFE888228A113067", "6333F0A32398D30524C10CF8627B6258A5C4483AF088DB24CBDE988CA4E126E6", "647A7AB345F655E164F4C0AB87C5729F0821EA62A0208C6067C65D31362414A2", "69C147CB642B39AA3250947FC1868ED542CC9C2C3BED4BA821CAD9BA0F178E84", "6A8FB2890AF2EBFB497D7D6CCC198FF3FF0E22BD184AAB460E05F9B5E0B6A4DF", "6AC8F8C50686802A05555281D5D05D5AB8997C027EADF699A3A6C4352B28516B", "71525D0BC11FF3C2AE36A5A8748786A694B3AD31C21D312B76C386103E66D0D0", "731A6DDD5325438B0FCA3D1B2CA7C8881C1A425221911E3EF5FB3283E134B7EA", "764590A4B9E47D7E86F4E1AD3CAA72AF8E48B738F1667323140B928C6A564E13", "7A8DF41BD76EC438451409A025AAD65BC78A02087B1DD7CD7F2F435E28BE86C0", "7E0744D5936EDC5F018B0850D801B665D388060D6A81B986BC7AD81C9A78C0EE", "7F8E6554F6DA398AA724606DE234AF7EF09A532D4299A3D1BE71DF4204B3FCF6", "8507B058C81047318472EE4CA22600AD2B6A70184CB90B2496F848C8119E7F48", "870BEA847DD424799963E5867DAF74D2ED3D95FA2CBB891A7AF0D330D30A7BBC", "89B069E991BD00EAC14F399834EE2BC60C62E828E55A6A24AFFA5A3369CC3023", "8EFB8A654D3536DD4481500A7680D75E0B2A04D2F63C829CAE130B12A35D7ED3", "9637EBA6484BD28F500A4FB042427C33540202FCFEE1C248C5FC5C788BB997D1", "97843D709F3A1D21B079AF090609D06C8232BD6B0AF9C686DC60FF6355F3EF04", "9A96669F651314B055987343933B2F58BB66C71D7B13E3E61735C74B9F85DCFD", "9EF402A843CFBDB359E8B74AAD869683BC0B3E2869ACDA8CA89782199936D069", "A364D6B382E97F9FDC09D590395E985715FD9927D26F193255B81A2C9A6502FE", "AA14C55AF4A5BFC3A22C9FAA8B34E0E1647B4C350DBEC1C6DC6BB8AF16DDF7F3", "AB2CF025F88364491DAD8A893B4FFE876A0EA1219780AEE35EB01D3E77543556", "AD33C8416886BAB2F73A27CEC866FC53237919C38EA90303DC32F930AE4BF0E5", "B3F4AA1A1992E6D3190AE7943B4F2C3504BE89943C73FA50CD108D6F916DEA0B", "BAA73579218EAF992EC9ED8D793E7E82890C87BD059F752A5C63A36CAA54386B", "C1504E0331CDD1C6C93994699BA298E6DF006D6E0CC8A8E4231997AD972A13FD", "E74C53C459F7FE1C89AE67FEC29B42B1B0BF95AA1A5FE3D3CA36BD71ABE75230", "E9C1563BAEC9B59E1E748133D7FABB312739ADA716F044B1BE4F21A9D985F2B8", "EDBCE2D5797575D019533793BC0DBD438D1B65A6557C755729CCDB2B49BEFFB5", "EFD802732B0A15F67815EDD8850FB1C881B714B4A10FEC7A7699E0D6FA7B59C0", "F9ED99C3F4B2D868A3826BA34135EFCC7EF1978329C535488F23E6CF98DA913D", "FAD6BCE3854669364F5857A689BDF567210D8EAE3BCE59914324E9D66B2322E2", "FF9258C84F77D90D8E35398FC8C4B88BEFE7E858980922156E5765F89E6ECCA1"]}, {"type": "kaspersky", "idList": ["KLA11534"]}, {"type": "mageia", "idList": ["MGASA-2020-0372"]}, {"type": "mscve", "idList": ["MS:CVE-2019-9518"]}, {"type": "myhack58", "idList": ["MYHACK58:62201995518"]}, {"type": "nessus", "idList": ["CENTOS8_RHSA-2019-2925.NASL", "DEBIAN_DSA-4520.NASL", "FEDORA_2019-5A6A7BC12C.NASL", "FEDORA_2019-6A2980DE56.NASL", "FREEBSD_PKG_C97A940BC39211E9BB38000D3AB229D6.NASL", "JUNIPER_JSA11167.NASL", "OPENSUSE-2019-2114.NASL", "OPENSUSE-2019-2115.NASL", "ORACLELINUX_ELSA-2019-2925.NASL", "REDHAT-RHSA-2019-2925.NASL", "SMB_NT_MS19_AUG_4511553.NASL", "SMB_NT_MS19_AUG_4512497.NASL", "SMB_NT_MS19_AUG_4512501.NASL", "SMB_NT_MS19_AUG_4512507.NASL", "SMB_NT_MS19_AUG_4512508.NASL", "SMB_NT_MS19_AUG_4512516.NASL", "SMB_NT_MS19_AUG_4512517.NASL", "SUSE_SU-2019-2254-1.NASL", "SUSE_SU-2019-2259-1.NASL", "SUSE_SU-2019-2260-1.NASL", "SUSE_SU-2020-0059-1.NASL", "WEB_APPLICATION_SCANNING_113005"]}, {"type": "nodejsblog", "idList": ["NODEJSBLOG:AUG-2019-SECURITY-RELEASES"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310704520", "OPENVAS:1361412562310815431", "OPENVAS:1361412562310815432", "OPENVAS:1361412562310815433", "OPENVAS:1361412562310815434", "OPENVAS:1361412562310815435", "OPENVAS:1361412562310815436", "OPENVAS:1361412562310815437", "OPENVAS:1361412562310852697", "OPENVAS:1361412562310852699", "OPENVAS:1361412562310876715", "OPENVAS:1361412562310876717", "OPENVAS:1361412562310877499"]}, {"type": "oraclelinux", "idList": ["ELSA-2019-2925", "ELSA-2020-0579", "ELSA-2020-1317"]}, {"type": "osv", "idList": ["OSV:DSA-4520-1"]}, {"type": "redhat", "idList": ["RHSA-2019:2925", "RHSA-2019:2939", "RHSA-2019:2955", "RHSA-2019:3892", "RHSA-2019:4352", "RHSA-2020:0727", "RHSA-2020:0922", "RHSA-2020:0983", "RHSA-2020:1445", "RHSA-2020:3196", "RHSA-2020:3197"]}, {"type": "redhatcve", "idList": ["RH:CVE-2019-9518"]}, {"type": "rocky", "idList": ["RLSA-2019:2925"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2019:2114-1", "OPENSUSE-SU-2019:2115-1"]}, {"type": "symantec", "idList": ["SMNTC-109639"]}, {"type": "talosblog", "idList": ["TALOSBLOG:F543D5FEAB2BB1C90B9699F8AE8757F4"]}, {"type": "thn", "idList": ["THN:F6202F3C31F7C788D1830F976D0B2464"]}, {"type": "threatpost", "idList": ["THREATPOST:28F667D81C6074266934A97C7BE4DE9B"]}, {"type": "ubuntu", "idList": ["USN-4866-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2019-9518"]}, {"type": "veracode", "idList": ["VERACODE:21594"]}]}, "score": {"value": 3.3, "vector": "NONE"}, "backreferences": {"references": [{"type": "almalinux", "idList": ["ALSA-2019:2925"]}, {"type": "apple", "idList": ["APPLE:B7EC2E92CBEF4481D5F2735898CA5FE4", "APPLE:HT210436"]}, {"type": "cert", "idList": ["VU:605641"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:7430089B5BD03FDE67C945B0672A675E"]}, {"type": "debian", "idList": ["DEBIAN:DSA-4520-1:26CCF"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2019-9518"]}, {"type": "f5", "idList": ["F5:K01988340", "F5:K46011592", "F5:K50233772", "F5:K98053339"]}, {"type": "fedora", "idList": ["FEDORA:0C9226047329", "FEDORA:BDA8C6056EF5", "FEDORA:E5C91604A708"]}, {"type": "fortinet", "idList": ["FG-IR-19-225"]}, {"type": "freebsd", "idList": ["C97A940B-C392-11E9-BB38-000D3AB229D6"]}, {"type": "ibm", "idList": ["057F23DB71C72978E8CCF4A7BDE90605082E47A058ABF70F5C21BAD102DCB0FA", "3C024BED98983358FC2A70F4FA5AF823CC21E61763DB444AC2404D2ECDECB070", "4CE6EF5A931E1DD71173744E63FA5B598713F2EB1EFE22E55E4D35D7659268AA"]}, {"type": "kaspersky", "idList": ["KLA11534"]}, {"type": "mscve", "idList": ["MS:CVE-2019-9518"]}, {"type": "myhack58", "idList": ["MYHACK58:62201995518"]}, {"type": "nessus", "idList": ["DEBIAN_DSA-4520.NASL", "FEDORA_2019-5A6A7BC12C.NASL", "FEDORA_2019-6A2980DE56.NASL", "FREEBSD_PKG_C97A940BC39211E9BB38000D3AB229D6.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310704520", "OPENVAS:1361412562310815431", "OPENVAS:1361412562310815432", "OPENVAS:1361412562310815433", "OPENVAS:1361412562310815434", "OPENVAS:1361412562310815435", "OPENVAS:1361412562310815436", "OPENVAS:1361412562310815437", "OPENVAS:1361412562310852697", "OPENVAS:1361412562310852699", "OPENVAS:1361412562310876715", "OPENVAS:1361412562310876717"]}, {"type": "oraclelinux", "idList": ["ELSA-2019-2925", "ELSA-2020-1317"]}, {"type": "redhat", "idList": ["RHSA-2019:2925"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2019:2114-1", "OPENSUSE-SU-2019:2115-1"]}, {"type": "symantec", "idList": ["SMNTC-109639"]}, {"type": "talosblog", "idList": ["TALOSBLOG:F543D5FEAB2BB1C90B9699F8AE8757F4"]}, {"type": "thn", "idList": ["THN:F6202F3C31F7C788D1830F976D0B2464"]}, {"type": "threatpost", "idList": ["THREATPOST:28F667D81C6074266934A97C7BE4DE9B"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2019-9518"]}]}, "exploitation": null, "epss": [{"cve": "CVE-2019-9518", "epss": 0.00285, "percentile": 0.64035, "modified": "2023-05-06"}], "vulnersScore": 3.3}, "_state": {"dependencies": 1686671287, "score": 1686670668, "affected_software_major_version": 0, "epss": 0}, "_internal": {"score_hash": "b599171ed29f7c6c71c51b51714ca3ba"}, "cna_cvss": {"cna": "CERT/CC", "cvss": {"3": {"vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "score": 7.5}}}, "cpe": ["cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/a:redhat:openshift_service_mesh:1.0", "cpe:/a:oracle:graalvm:19.2.0", "cpe:/a:apple:swiftnio:1.4.0", "cpe:/o:debian:debian_linux:9.0", "cpe:/a:nodejs:node.js:10.12.0", "cpe:/o:opensuse:leap:15.0", "cpe:/a:apache:traffic_server:6.2.3", "cpe:/o:fedoraproject:fedora:29", "cpe:/a:apache:traffic_server:7.1.6", "cpe:/o:redhat:enterprise_linux:8.0", "cpe:/o:synology:vs960hd_firmware:-", "cpe:/a:redhat:jboss_core_services:1.0", "cpe:/a:redhat:jboss_enterprise_application_platform:7.3.0", "cpe:/o:canonical:ubuntu_linux:19.04", "cpe:/a:redhat:software_collections:1.0", "cpe:/a:redhat:quay:3.0.0", "cpe:/o:fedoraproject:fedora:30", "cpe:/o:canonical:ubuntu_linux:18.04", "cpe:/a:synology:skynas:-", "cpe:/a:synology:diskstation_manager:6.2", "cpe:/a:redhat:jboss_enterprise_application_platform:7.2.0", "cpe:/a:nodejs:node.js:8.8.1", "cpe:/a:apache:traffic_server:8.0.3", "cpe:/o:debian:debian_linux:10.0", "cpe:/o:opensuse:leap:15.1"], "cpe23": ["cpe:2.3:a:redhat:quay:3.0.0:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", "cpe:2.3:a:synology:diskstation_manager:6.2:*:*:*:*:*:*:*", "cpe:2.3:a:apache:traffic_server:6.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:apache:traffic_server:7.1.6:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:software_collections:1.0:*:*:*:*:*:*:*", "cpe:2.3:a:nodejs:node.js:10.12.0:*:*:*:-:*:*:*", "cpe:2.3:a:apple:swiftnio:1.4.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:o:synology:vs960hd_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:openshift_service_mesh:1.0:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*", "cpe:2.3:a:apache:traffic_server:8.0.3:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:jboss_core_services:1.0:*:*:*:*:*:*:*", "cpe:2.3:a:synology:skynas:-:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:graalvm:19.2.0:*:*:*:enterprise:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:nodejs:node.js:8.8.1:*:*:*:-:*:*:*"], "cwe": ["CWE-770"], "affectedSoftware": [{"cpeName": "apple:swiftnio", "version": "1.4.0", "operator": "le", "name": "apple swiftnio"}, {"cpeName": "apache:traffic_server", "version": "8.0.3", "operator": "le", "name": "apache traffic server"}, {"cpeName": "apache:traffic_server", "version": "7.1.6", "operator": "le", "name": "apache traffic server"}, {"cpeName": "apache:traffic_server", "version": "6.2.3", "operator": "le", "name": "apache traffic server"}, {"cpeName": "canonical:ubuntu_linux", "version": "16.04", "operator": "eq", "name": "canonical ubuntu linux"}, {"cpeName": "canonical:ubuntu_linux", "version": "18.04", "operator": "eq", "name": "canonical ubuntu linux"}, {"cpeName": "canonical:ubuntu_linux", "version": "19.04", "operator": "eq", "name": "canonical ubuntu linux"}, {"cpeName": "debian:debian_linux", "version": "9.0", "operator": "eq", "name": "debian debian linux"}, {"cpeName": "debian:debian_linux", "version": "10.0", "operator": "eq", "name": "debian debian linux"}, {"cpeName": "synology:skynas", "version": "-", "operator": "eq", "name": "synology skynas"}, {"cpeName": "synology:diskstation_manager", "version": "6.2", "operator": "eq", "name": "synology diskstation manager"}, {"cpeName": "synology:vs960hd_firmware", "version": "-", "operator": "eq", "name": "synology vs960hd firmware"}, {"cpeName": "fedoraproject:fedora", "version": "29", "operator": "eq", "name": "fedoraproject fedora"}, {"cpeName": "fedoraproject:fedora", "version": "30", "operator": "eq", "name": "fedoraproject fedora"}, {"cpeName": "opensuse:leap", "version": "15.0", "operator": "eq", "name": "opensuse leap"}, {"cpeName": "opensuse:leap", "version": "15.1", "operator": "eq", "name": "opensuse leap"}, {"cpeName": "redhat:software_collections", "version": "1.0", "operator": "eq", "name": "redhat software collections"}, {"cpeName": "redhat:jboss_core_services", "version": "1.0", "operator": "eq", "name": "redhat jboss core services"}, {"cpeName": "redhat:enterprise_linux", "version": "8.0", "operator": "eq", "name": "redhat enterprise linux"}, {"cpeName": "redhat:jboss_enterprise_application_platform", "version": "7.2.0", "operator": "eq", "name": "redhat jboss enterprise application platform"}, {"cpeName": "redhat:quay", "version": "3.0.0", "operator": "eq", "name": "redhat quay"}, {"cpeName": "redhat:openshift_service_mesh", "version": "1.0", "operator": "eq", "name": "redhat openshift service mesh"}, {"cpeName": "redhat:jboss_enterprise_application_platform", "version": "7.3.0", "operator": "eq", "name": "redhat jboss enterprise application platform"}, {"cpeName": "oracle:graalvm", "version": "19.2.0", "operator": "eq", "name": "oracle graalvm"}, {"cpeName": "mcafee:web_gateway", "version": "7.7.2.24", "operator": "lt", "name": "mcafee web gateway"}, {"cpeName": "mcafee:web_gateway", "version": "7.8.2.13", "operator": "lt", "name": "mcafee web gateway"}, {"cpeName": "mcafee:web_gateway", "version": "8.2.0", "operator": "lt", "name": "mcafee web gateway"}, {"cpeName": "nodejs:node.js", "version": "8.8.1", "operator": "le", "name": "nodejs node.js"}, {"cpeName": "nodejs:node.js", "version": "10.12.0", "operator": "le", "name": "nodejs node.js"}, {"cpeName": "nodejs:node.js", "version": "12.8.1", "operator": "lt", "name": "nodejs node.js"}, {"cpeName": "nodejs:node.js", "version": "10.16.3", "operator": "lt", "name": "nodejs node.js"}, {"cpeName": "nodejs:node.js", "version": "8.16.1", "operator": "lt", "name": "nodejs node.js"}], "affectedConfiguration": [{"name": "apple mac os x", "cpeName": "apple:mac_os_x", "version": "*", "operator": "eq"}, {"name": "canonical ubuntu linux", "cpeName": "canonical:ubuntu_linux", "version": "*", "operator": "eq"}, {"name": "synology vs960hd", "cpeName": "synology:vs960hd", "version": "-", "operator": "eq"}], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"operator": "AND", "children": [{"operator": "OR", "children": [], "cpe_match": [{"vulnerable": true, "cpe23Uri": "cpe:2.3:a:apple:swiftnio:1.4.0:*:*:*:*:*:*:*", "versionStartIncluding": "1.0.0", "versionEndIncluding": "1.4.0", "cpe_name": []}]}, {"operator": "OR", "children": [], "cpe_match": [{"vulnerable": false, "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", "versionStartIncluding": "10.12", "cpe_name": []}, {"vulnerable": false, "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*", "versionStartIncluding": "14.04", "cpe_name": []}]}], "cpe_match": []}, {"operator": "OR", "children": [], "cpe_match": [{"vulnerable": true, "cpe23Uri": "cpe:2.3:a:apache:traffic_server:8.0.3:*:*:*:*:*:*:*", "versionStartIncluding": "8.0.0", "versionEndIncluding": "8.0.3", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:a:apache:traffic_server:7.1.6:*:*:*:*:*:*:*", "versionStartIncluding": "7.0.0", "versionEndIncluding": "7.1.6", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:a:apache:traffic_server:6.2.3:*:*:*:*:*:*:*", "versionStartIncluding": "6.0.0", "versionEndIncluding": "6.2.3", "cpe_name": []}]}, {"operator": "OR", "children": [], "cpe_match": [{"vulnerable": true, "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*", "cpe_name": []}]}, {"operator": "OR", "children": [], "cpe_match": [{"vulnerable": true, "cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "cpe_name": []}]}, {"operator": "OR", "children": [], "cpe_match": [{"vulnerable": true, "cpe23Uri": "cpe:2.3:a:synology:skynas:-:*:*:*:*:*:*:*", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:a:synology:diskstation_manager:6.2:*:*:*:*:*:*:*", "cpe_name": []}]}, {"operator": "AND", "children": [{"operator": "OR", "children": [], "cpe_match": [{"vulnerable": true, "cpe23Uri": "cpe:2.3:o:synology:vs960hd_firmware:-:*:*:*:*:*:*:*", "cpe_name": []}]}, {"operator": "OR", "children": [], "cpe_match": [{"vulnerable": false, "cpe23Uri": "cpe:2.3:h:synology:vs960hd:-:*:*:*:*:*:*:*", "cpe_name": []}]}], "cpe_match": []}, {"operator": "OR", "children": [], "cpe_match": [{"vulnerable": true, "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*", "cpe_name": []}]}, {"operator": "OR", "children": [], "cpe_match": [{"vulnerable": true, "cpe23Uri": "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", "cpe_name": []}]}, {"operator": "OR", "children": [], "cpe_match": [{"vulnerable": true, "cpe23Uri": "cpe:2.3:a:redhat:software_collections:1.0:*:*:*:*:*:*:*", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:a:redhat:jboss_core_services:1.0:*:*:*:*:*:*:*", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.2.0:*:*:*:*:*:*:*", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:a:redhat:quay:3.0.0:*:*:*:*:*:*:*", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:a:redhat:openshift_service_mesh:1.0:*:*:*:*:*:*:*", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.3.0:*:*:*:*:*:*:*", "cpe_name": []}]}, {"operator": "OR", "children": [], "cpe_match": [{"vulnerable": true, "cpe23Uri": "cpe:2.3:a:oracle:graalvm:19.2.0:*:*:*:enterprise:*:*:*", "cpe_name": []}]}, {"operator": "OR", "children": [], "cpe_match": [{"vulnerable": true, "cpe23Uri": "cpe:2.3:a:mcafee:web_gateway:7.7.2.24:*:*:*:*:*:*:*", "versionStartIncluding": "7.7.2.0", "versionEndExcluding": "7.7.2.24", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:a:mcafee:web_gateway:7.8.2.13:*:*:*:*:*:*:*", "versionStartIncluding": "7.8.2.0", "versionEndExcluding": "7.8.2.13", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:a:mcafee:web_gateway:8.2.0:*:*:*:*:*:*:*", "versionStartIncluding": "8.1.0", "versionEndExcluding": "8.2.0", "cpe_name": []}]}, {"operator": "OR", "children": [], "cpe_match": [{"vulnerable": true, "cpe23Uri": "cpe:2.3:a:nodejs:node.js:8.8.1:*:*:*:-:*:*:*", "versionStartIncluding": "8.0.0", "versionEndIncluding": "8.8.1", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:a:nodejs:node.js:10.12.0:*:*:*:-:*:*:*", "versionStartIncluding": "10.0.0", "versionEndIncluding": "10.12.0", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:a:nodejs:node.js:12.8.1:*:*:*:-:*:*:*", "versionStartIncluding": "12.0.0", "versionEndExcluding": "12.8.1", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:a:nodejs:node.js:10.16.3:*:*:*:lts:*:*:*", "versionStartIncluding": "10.13.0", "versionEndExcluding": "10.16.3", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:a:nodejs:node.js:8.16.1:*:*:*:lts:*:*:*", "versionStartIncluding": "8.9.0", "versionEndExcluding": "8.16.1", "cpe_name": []}]}]}, "extraReferences": [{"url": "https://kb.cert.org/vuls/id/605641/", "name": "VU#605641", "refsource": "CERT-VN", "tags": ["Third Party Advisory", "US Government Resource"]}, {"url": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md", "name": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md", "refsource": "MISC", "tags": ["Third Party Advisory"]}, {"url": "https://seclists.org/bugtraq/2019/Aug/24", "name": "20190814 APPLE-SA-2019-08-13-5 SwiftNIO HTTP/2 1.5.0", "refsource": "BUGTRAQ", "tags": ["Mailing List", "Third Party Advisory"]}, {"url": "http://seclists.org/fulldisclosure/2019/Aug/16", "name": "20190816 APPLE-SA-2019-08-13-5 SwiftNIO HTTP/2 1.5.0", "refsource": "FULLDISC", "tags": ["Mailing List", "Third Party Advisory"]}, {"url": "https://www.synology.com/security/advisory/Synology_SA_19_33", "name": "https://www.synology.com/security/advisory/Synology_SA_19_33", "refsource": "CONFIRM", "tags": ["Third Party Advisory"]}, {"url": "https://support.f5.com/csp/article/K46011592", "name": "https://support.f5.com/csp/article/K46011592", "refsource": "CONFIRM", "tags": ["Third Party Advisory"]}, {"url": "https://lists.apache.org/thread.html/091b518265bce56a16af87b77c8cfacda902a02079e866f9fdf13b61@%3Cusers.trafficserver.apache.org%3E", "name": "[trafficserver-users] 20190820 ATS is vulnerable to a HTTP/2 attack with empty frames", "refsource": "MLIST", "tags": ["Issue Tracking", "Third Party Advisory"]}, {"url": "https://lists.apache.org/thread.html/2653c56545573b528f3f6352a29eccaf498bd6fb2a6a59568d81a61d@%3Cannounce.trafficserver.apache.org%3E", "name": "[trafficserver-announce] 20190820 ATS is vulnerable to a HTTP/2 attack with empty frames", "refsource": "MLIST", "tags": ["Issue Tracking", "Third Party Advisory"]}, {"url": "https://lists.apache.org/thread.html/ff5b0821a6985159a832ff6d1a4bd311ac07ecc7db1e2d8bab619107@%3Cdev.trafficserver.apache.org%3E", "name": "[trafficserver-dev] 20190820 ATS is vulnerable to a HTTP/2 attack with empty frames", "refsource": "MLIST", "tags": ["Issue Tracking", "Third Party Advisory"]}, {"url": "https://security.netapp.com/advisory/ntap-20190823-0005/", "name": "https://security.netapp.com/advisory/ntap-20190823-0005/", "refsource": "CONFIRM", "tags": ["Third Party Advisory"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CMNFX5MNYRWWIMO4BTKYQCGUDMHO3AXP/", "name": "FEDORA-2019-5a6a7bc12c", "refsource": "FEDORA", "tags": ["Mailing List", "Third Party Advisory"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4ZQGHE3WTYLYAYJEIDJVF2FIGQTAYPMC/", "name": "FEDORA-2019-6a2980de56", "refsource": "FEDORA", "tags": ["Mailing List", "Third Party Advisory"]}, {"url": "https://www.debian.org/security/2019/dsa-4520", "name": "DSA-4520", "refsource": "DEBIAN", "tags": ["Third Party Advisory"]}, {"url": "https://seclists.org/bugtraq/2019/Sep/18", "name": "20190910 [SECURITY] [DSA 4520-1] trafficserver security update", "refsource": "BUGTRAQ", "tags": ["Mailing List", "Third Party Advisory"]}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00032.html", "name": "openSUSE-SU-2019:2114", "refsource": "SUSE", "tags": ["Mailing List", "Third Party Advisory"]}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00031.html", "name": "openSUSE-SU-2019:2115", "refsource": "SUSE", "tags": ["Mailing List", "Third Party Advisory"]}, {"url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10296", "name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10296", "refsource": "CONFIRM", "tags": ["Third Party Advisory"]}, {"url": "https://access.redhat.com/errata/RHSA-2019:2925", "name": "RHSA-2019:2925", "refsource": "REDHAT", "tags": ["Third Party Advisory"]}, {"url": "https://access.redhat.com/errata/RHSA-2019:2939", "name": "RHSA-2019:2939", "refsource": "REDHAT", "tags": ["Third Party Advisory"]}, {"url": "https://access.redhat.com/errata/RHSA-2019:2955", "name": "RHSA-2019:2955", "refsource": "REDHAT", "tags": ["Third Party Advisory"]}, {"url": "https://support.f5.com/csp/article/K46011592?utm_source=f5support&utm_medium=RSS", "name": "https://support.f5.com/csp/article/K46011592?utm_source=f5support&utm_medium=RSS", "refsource": "CONFIRM", "tags": ["Third Party Advisory"]}, {"url": "https://access.redhat.com/errata/RHSA-2019:3892", "name": "RHSA-2019:3892", "refsource": "REDHAT", "tags": ["Third Party Advisory"]}, {"url": "https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe@%3Ccommits.druid.apache.org%3E", "name": "[druid-commits] 20191115 [GitHub] [incubator-druid] ccaominh opened a new pull request #8878: Address security vulnerabilities", "refsource": "MLIST", "tags": ["Mailing List", "Third Party Advisory"]}, {"url": "https://access.redhat.com/errata/RHSA-2019:4352", "name": "RHSA-2019:4352", "refsource": "REDHAT", "tags": ["Third Party Advisory"]}, {"url": "https://access.redhat.com/errata/RHSA-2020:0727", "name": "RHSA-2020:0727", "refsource": "REDHAT", "tags": ["Third Party Advisory"]}, {"url": "https://lists.apache.org/thread.html/r99a625fb17032646d96cd23dec49603ff630e9318e44a686d63046bc@%3Ccommits.cassandra.apache.org%3E", "name": "[cassandra-commits] 20210526 [jira] [Created] (CASSANDRA-16698) Security vulnerability CVE-2019-9518 for Netty", "refsource": "MLIST", "tags": ["Mailing List", "Third Party Advisory"]}, {"url": "https://lists.apache.org/thread.html/rd31230d01fa6aad18bdadc0720acd1747e53690bd35f73a48e7a9b75@%3Ccommits.cassandra.apache.org%3E", "name": "[cassandra-commits] 20210526 [jira] [Updated] (CASSANDRA-16698) Security vulnerability CVE-2019-9518 for Netty", "refsource": "MLIST", "tags": ["Mailing List", "Third Party Advisory"]}], "product_info": [{"vendor": "Debian", "product": "Debian_linux"}, {"vendor": "Redhat", "product": "Software_collections"}, {"vendor": "Redhat", "product": "Openshift_service_mesh"}, {"vendor": "Apache", "product": "Traffic_server"}, {"vendor": "Redhat", "product": "Enterprise_linux"}, {"vendor": "Synology", "product": "Skynas"}, {"vendor": "Fedoraproject", "product": "Fedora"}, {"vendor": "Redhat", "product": "Jboss_enterprise_application_platform"}, {"vendor": "Redhat", "product": "Quay"}, {"vendor": "Mcafee", "product": "Web_gateway"}, {"vendor": "Canonical", "product": "Ubuntu_linux"}, {"vendor": "Synology", "product": "Diskstation_manager"}, {"vendor": "Apple", "product": "Swiftnio"}, {"vendor": "Redhat", "product": "Jboss_core_services"}, {"vendor": "Oracle", "product": "Graalvm"}, {"vendor": "Synology", "product": "Vs960hd_firmware"}, {"vendor": "Nodejs", "product": "Node.js"}, {"vendor": "Opensuse", "product": "Leap"}], "solutions": [], "workarounds": [], "impacts": [], "problemTypes": [{"descriptions": [{"cweId": "CWE-400", "description": "CWE-400 Uncontrolled Resource Consumption", "lang": "en", "type": "CWE"}]}], "exploits": [], "assigned": "1976-01-01T00:00:00"}

{"redhatcve": [{"lastseen": "2023-08-09T20:37:00", "description": "A flaw was found in HTTP/2. Using frames with an empty payload, a flood could occur that results in excessive CPU usage and starvation of other clients. The highest threat from this vulnerability is to system availability.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-04-09T10:03:54", "type": "redhatcve", "title": "CVE-2019-9518", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-9518"], "modified": "2023-08-05T06:20:57", "id": "RH:CVE-2019-9518", "href": "https://access.redhat.com/security/cve/cve-2019-9518", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "ubuntucve": [{"lastseen": "2023-07-28T04:45:03", "description": "Some HTTP/2 implementations are vulnerable to a flood of empty frames,\npotentially leading to a denial of service. The attacker sends a stream of\nframes with an empty payload and without the end-of-stream flag. These\nframes can be DATA, HEADERS, CONTINUATION and/or PUSH_PROMISE. The peer\nspends time processing each frame disproportionate to attack bandwidth.\nThis can consume excess CPU.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-08-13T00:00:00", "type": "ubuntucve", "title": "CVE-2019-9518", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-9518"], "modified": "2019-08-13T00:00:00", "id": "UB:CVE-2019-9518", "href": "https://ubuntu.com/security/CVE-2019-9518", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "symantec": [{"lastseen": "2021-06-08T19:05:55", "description": "### Description\n\nMicrosoft Windows is prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to cause the affected system to become unresponsive, resulting in a denial-of-service condition.\n\n### Technologies Affected\n\n * Apple SwiftNIO HTTP/2 1.0.0 \n * Apple SwiftNIO HTTP/2 1.1.0 \n * Apple SwiftNIO HTTP/2 1.2.0 \n * Apple SwiftNIO HTTP/2 1.3.0 \n * Apple SwiftNIO HTTP/2 1.4.0 \n * Microsoft Windows 10 Version 1607 for 32-bit Systems \n * Microsoft Windows 10 Version 1607 for x64-based Systems \n * Microsoft Windows 10 Version 1709 for ARM64-based Systems \n * Microsoft Windows 10 Version 1803 for 32-bit Systems \n * Microsoft Windows 10 Version 1803 for ARM64-based Systems \n * Microsoft Windows 10 Version 1803 for x64-based Systems \n * Microsoft Windows 10 Version 1809 for 32-bit Systems \n * Microsoft Windows 10 Version 1809 for ARM64-based Systems \n * Microsoft Windows 10 Version 1809 for x64-based Systems \n * Microsoft Windows 10 Version 1903 for 32-bit Systems \n * Microsoft Windows 10 Version 1903 for ARM64-based Systems \n * Microsoft Windows 10 Version 1903 for x64-based Systems \n * Microsoft Windows 10 for 32-bit Systems \n * Microsoft Windows 10 for x64-based Systems \n * Microsoft Windows 10 version 1703 for 32-bit Systems \n * Microsoft Windows 10 version 1703 for x64-based Systems \n * Microsoft Windows 10 version 1709 for 32-bit Systems \n * Microsoft Windows 10 version 1709 for x64-based Systems \n * Microsoft Windows Server 1803 \n * Microsoft Windows Server 1903 \n * Microsoft Windows Server 2016 \n * Microsoft Windows Server 2019 \n * RFC 7540 HTTP/2 \n\n### Recommendations\n\n**Block external access at the network boundary, unless external parties require service.** \nIf global access isn't needed, filter access to the affected computer at the network boundary. Restricting access to only trusted computers and networks might greatly reduce the likelihood of exploits.\n\n**Deploy network intrusion detection systems to monitor network traffic for malicious activity.** \nDeploy NIDS to monitor network traffic for signs of anomalous or suspicious activity. This includes unexplained incoming and outgoing traffic. This may indicate exploit attempts or activity that results from successful exploits.\n\nUpdates are available. Please see the references or vendor advisory for more information.\n", "cvss3": {}, "published": "2019-08-13T00:00:00", "type": "symantec", "title": "Microsoft Windows 'HTTP.sys' CVE-2019-9518 Denial of Service Vulnerability", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2019-9518"], "modified": "2019-08-13T00:00:00", "id": "SMNTC-109639", "href": "https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/109639", "cvss": {"score": 0.0, "vector": "NONE"}}], "veracode": [{"lastseen": "2023-04-18T13:12:42", "description": "nodejs is vulnerable to denial of service. A remote attacker is able to crash the application by flooding the server with empty frames which results in excessive resource consumption.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-10-01T00:17:28", "type": "veracode", "title": "Denial Of Service (DoS)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-9518"], "modified": "2022-08-12T20:31:40", "id": "VERACODE:21594", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-21594/summary", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "alpinelinux": [{"lastseen": "2023-06-23T11:06:41", "description": "Some HTTP/2 implementations are vulnerable to a flood of empty frames, potentially leading to a denial of service. The attacker sends a stream of frames with an empty payload and without the end-of-stream flag. These frames can be DATA, HEADERS, CONTINUATION and/or PUSH_PROMISE. The peer spends time processing each frame disproportionate to attack bandwidth. This can consume excess CPU.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-08-13T21:15:00", "type": "alpinelinux", "title": "CVE-2019-9518", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-9518"], "modified": "2022-08-12T18:40:00", "id": "ALPINE:CVE-2019-9518", "href": "https://security.alpinelinux.org/vuln/CVE-2019-9518", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "debiancve": [{"lastseen": "2023-06-13T18:14:07", "description": "Some HTTP/2 implementations are vulnerable to a flood of empty frames, potentially leading to a denial of service. The attacker sends a stream of frames with an empty payload and without the end-of-stream flag. These frames can be DATA, HEADERS, CONTINUATION and/or PUSH_PROMISE. The peer spends time processing each frame disproportionate to attack bandwidth. This can consume excess CPU.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-08-13T21:15:00", "type": "debiancve", "title": "CVE-2019-9518", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-9518"], "modified": "2019-08-13T21:15:00", "id": "DEBIANCVE:CVE-2019-9518", "href": "https://security-tracker.debian.org/tracker/CVE-2019-9518", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "mscve": [{"lastseen": "2023-08-08T19:04:53", "description": "A denial of service vulnerability exists in the HTTP/2 protocol stack (HTTP.sys) when HTTP.sys improperly parses specially crafted HTTP/2 requests. An attacker who successfully exploited the vulnerability could create a denial of service condition, causing the target system to become unresponsive.\n\nTo exploit this vulnerability, an unauthenticated attacker could send a specially crafted HTTP packet to a target system, causing the affected system to become nonresponsive.\n\nThe update addresses the vulnerability by modifying how the Windows HTTP protocol stack handles HTTP/2 requests. Note that the denial of service vulnerability would not allow an attacker to execute code or to elevate user rights.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-08-13T07:00:00", "type": "mscve", "title": "HTTP/2 Server Denial of Service Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-9518"], "modified": "2019-08-13T07:00:00", "id": "MS:CVE-2019-9518", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2019-9518", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "cve": [{"lastseen": "2022-03-23T20:43:43", "description": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2019-9518. Reason: This candidate is a reservation duplicate of CVE-2019-9518. Notes: All CVE users should reference CVE-2019-9518 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.", "cvss3": {}, "published": "2019-08-13T18:15:00", "type": "cve", "title": "CVE-2019-14992", "cwe": [], "bulletinFamily": "NVD", "cvss2": {}, "cvelist": ["CVE-2019-14992", "CVE-2019-9518"], "modified": "2019-08-13T18:15:00", "cpe": [], "id": "CVE-2019-14992", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-14992", "cvss": {"score": 0.0, "vector": "NONE"}, "cpe23": []}], "nessus": [{"lastseen": "2023-05-24T14:28:41", "description": "Several vulnerabilities were discovered in the HTTP/2 code of Apache Traffic Server, a reverse and forward proxy server, which could result in denial of service.\n\nThe fixes are too intrusive to backport to the version in the oldstable distribution (stretch). An upgrade to Debian stable (buster) is recommended instead.", "cvss3": {}, "published": "2019-09-10T00:00:00", "type": "nessus", "title": "Debian DSA-4520-1 : trafficserver - security update (Empty Frames Flood) (Ping Flood) (Reset Flood) (Settings Flood)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-9512", "CVE-2019-9514", "CVE-2019-9515", "CVE-2019-9518"], "modified": "2022-12-06T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:trafficserver", "cpe:/o:debian:debian_linux:10.0"], "id": "DEBIAN_DSA-4520.NASL", "href": "https://www.tenable.com/plugins/nessus/128621", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-4520. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(128621);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/06\");\n\n script_cve_id(\"CVE-2019-9512\", \"CVE-2019-9514\", \"CVE-2019-9515\", \"CVE-2019-9518\");\n script_xref(name:\"DSA\", value:\"4520\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0643\");\n\n script_name(english:\"Debian DSA-4520-1 : trafficserver - security update (Empty Frames Flood) (Ping Flood) (Reset Flood) (Settings Flood)\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Several vulnerabilities were discovered in the HTTP/2 code of Apache\nTraffic Server, a reverse and forward proxy server, which could result\nin denial of service.\n\nThe fixes are too intrusive to backport to the version in the\noldstable distribution (stretch). An upgrade to Debian stable (buster)\nis recommended instead.\"\n );\n # https://security-tracker.debian.org/tracker/source-package/trafficserver\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?20613153\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/buster/trafficserver\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2019/dsa-4520\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Upgrade the trafficserver packages.\n\nFor the stable distribution (buster), these problems have been fixed\nin version 8.0.2+ds-1+deb10u1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:trafficserver\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:10.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/08/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/09/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/09/10\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"10.0\", prefix:\"trafficserver\", reference:\"8.0.2+ds-1+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"trafficserver-dev\", reference:\"8.0.2+ds-1+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"trafficserver-experimental-plugins\", reference:\"8.0.2+ds-1+deb10u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:34:00", "description": "According to its self-reported version number, the instance of Jetty hosted on the remote web server is prior to < 9.4.21. It is, therefore, affected by multiple vulnerabilities:\n\n - Some HTTP/2 implementations are vulnerable to a flood of empty frames, potentially leading to a denial of service. (CVE-2019-9518)\n\n - Some HTTP/2 implementations are vulnerable to a header leak, potentially leading to a denial of service. (CVE-2019-9516)\n\n - Some HTTP/2 implementations are vulnerable to a settings flood, potentially leading to a denial of service. (CVE-2019-9515)\n\n - Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service. (CVE-2019-9514)\n\n - Some HTTP/2 implementations are vulnerable to ping floods, potentially leading to a denial of service. (CVE-2019-9512)\n\n - Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service. (CVE-2019-9511)\n\nNote that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-10-04T00:00:00", "type": "nessus", "title": "Jetty < 9.4.21 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-9511", "CVE-2019-9512", "CVE-2019-9514", "CVE-2019-9515", "CVE-2019-9516", "CVE-2019-9518"], "modified": "2023-03-14T00:00:00", "cpe": ["cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*"], "id": "WEB_APPLICATION_SCANNING_113005", "href": "https://www.tenable.com/plugins/was/113005", "sourceData": "No source data", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-25T14:27:18", "description": "Update to Node.js 10.6.13\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-08-26T00:00:00", "type": "nessus", "title": "Fedora 29 : 1:nodejs (2019-6a2980de56) (0-Length Headers Leak) (Empty Frames Flood) (Internal Data Buffering) (Ping Flood) (Reset Flood) (Resource Loop) (Settings Flood)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-9512", "CVE-2019-9513", "CVE-2019-9514", "CVE-2019-9515", "CVE-2019-9516", "CVE-2019-9517", "CVE-2019-9518"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:1:nodejs", "cpe:/o:fedoraproject:fedora:29"], "id": "FEDORA_2019-6A2980DE56.NASL", "href": "https://www.tenable.com/plugins/nessus/128133", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2019-6a2980de56.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(128133);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2019-9512\",\n \"CVE-2019-9513\",\n \"CVE-2019-9514\",\n \"CVE-2019-9515\",\n \"CVE-2019-9516\",\n \"CVE-2019-9517\",\n \"CVE-2019-9518\"\n );\n script_xref(name:\"FEDORA\", value:\"2019-6a2980de56\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0643\");\n\n script_name(english:\"Fedora 29 : 1:nodejs (2019-6a2980de56) (0-Length Headers Leak) (Empty Frames Flood) (Internal Data Buffering) (Ping Flood) (Reset Flood) (Resource Loop) (Settings Flood)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Fedora host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"Update to Node.js 10.6.13\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2019-6a2980de56\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected 1:nodejs package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/08/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/08/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/08/26\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:1:nodejs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:29\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Fedora Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^29([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 29\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC29\", reference:\"nodejs-10.16.3-1.fc29\", epoch:\"1\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"1:nodejs\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-25T14:27:55", "description": "Update to Node.js 10.6.13\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-08-26T00:00:00", "type": "nessus", "title": "Fedora 30 : 1:nodejs (2019-5a6a7bc12c) (0-Length Headers Leak) (Empty Frames Flood) (Internal Data Buffering) (Ping Flood) (Reset Flood) (Resource Loop) (Settings Flood)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-9512", "CVE-2019-9513", "CVE-2019-9514", "CVE-2019-9515", "CVE-2019-9516", "CVE-2019-9517", "CVE-2019-9518"], "modified": "2022-12-06T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:1:nodejs", "cpe:/o:fedoraproject:fedora:30"], "id": "FEDORA_2019-5A6A7BC12C.NASL", "href": "https://www.tenable.com/plugins/nessus/128131", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2019-5a6a7bc12c.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(128131);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/06\");\n\n script_cve_id(\"CVE-2019-9512\", \"CVE-2019-9513\", \"CVE-2019-9514\", \"CVE-2019-9515\", \"CVE-2019-9516\", \"CVE-2019-9517\", \"CVE-2019-9518\");\n script_xref(name:\"FEDORA\", value:\"2019-5a6a7bc12c\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0643\");\n\n script_name(english:\"Fedora 30 : 1:nodejs (2019-5a6a7bc12c) (0-Length Headers Leak) (Empty Frames Flood) (Internal Data Buffering) (Ping Flood) (Reset Flood) (Resource Loop) (Settings Flood)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Update to Node.js 10.6.13\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2019-5a6a7bc12c\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected 1:nodejs package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:1:nodejs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:30\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/08/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/08/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/08/26\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^30([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 30\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC30\", reference:\"nodejs-10.16.3-1.fc30\", epoch:\"1\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"1:nodejs\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:28:41", "description": "This update for nodejs10 to version 10.16.3 fixes the following issues :\n\nSecurity issues fixed :\n\n - CVE-2019-9511: Fixed HTTP/2 implementations that are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service (bsc#1146091).\n\n - CVE-2019-9512: Fixed HTTP/2 flood using PING frames results in unbounded memory growth (bsc#1146099).\n\n - CVE-2019-9513: Fixed HTTP/2 implementation that is vulnerable to resource loops, potentially leading to a denial of service. (bsc#1146094).\n\n - CVE-2019-9514: Fixed HTTP/2 implementation that is vulnerable to a reset flood, potentially leading to a denial of service (bsc#1146095).\n\n - CVE-2019-9515: Fixed HTTP/2 flood using SETTINGS frames results in unbounded memory growth (bsc#1146100).\n\n - CVE-2019-9516: Fixed HTTP/2 implementation that is vulnerable to a header leak, potentially leading to a denial of service (bsc#1146090).\n\n - CVE-2019-9517: Fixed HTTP/2 implementations that are vulnerable to unconstrained interal data buffering (bsc#1146097).\n\n - CVE-2019-9518: Fixed HTTP/2 implementation that is vulnerable to a flood of empty frames, potentially leading to a denial of service (bsc#1146093).\n\nThis update was imported from the SUSE:SLE-15:Update update project.", "cvss3": {}, "published": "2019-09-11T00:00:00", "type": "nessus", "title": "openSUSE Security Update : nodejs10 (openSUSE-2019-2114) (0-Length Headers Leak) (Data Dribble) (Empty Frames Flood) (Internal Data Buffering) (Ping Flood) (Reset Flood) (Resource Loop) (Settings Flood)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-9511", "CVE-2019-9512", "CVE-2019-9513", "CVE-2019-9514", "CVE-2019-9515", "CVE-2019-9516", "CVE-2019-9517", "CVE-2019-9518"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:nodejs10", "p-cpe:/a:novell:opensuse:nodejs10-debuginfo", "p-cpe:/a:novell:opensuse:nodejs10-debugsource", "p-cpe:/a:novell:opensuse:nodejs10-devel", "p-cpe:/a:novell:opensuse:npm10", "cpe:/o:novell:opensuse:15.1"], "id": "OPENSUSE-2019-2114.NASL", "href": "https://www.tenable.com/plugins/nessus/128668", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2019-2114.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(128668);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2019-9511\",\n \"CVE-2019-9512\",\n \"CVE-2019-9513\",\n \"CVE-2019-9514\",\n \"CVE-2019-9515\",\n \"CVE-2019-9516\",\n \"CVE-2019-9517\",\n \"CVE-2019-9518\"\n );\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0643\");\n\n script_name(english:\"openSUSE Security Update : nodejs10 (openSUSE-2019-2114) (0-Length Headers Leak) (Data Dribble) (Empty Frames Flood) (Internal Data Buffering) (Ping Flood) (Reset Flood) (Resource Loop) (Settings Flood)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote openSUSE host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"This update for nodejs10 to version 10.16.3 fixes the following \nissues :\n\nSecurity issues fixed :\n\n - CVE-2019-9511: Fixed HTTP/2 implementations that are\n vulnerable to window size manipulation and stream\n prioritization manipulation, potentially leading to a\n denial of service (bsc#1146091).\n\n - CVE-2019-9512: Fixed HTTP/2 flood using PING frames\n results in unbounded memory growth (bsc#1146099).\n\n - CVE-2019-9513: Fixed HTTP/2 implementation that is\n vulnerable to resource loops, potentially leading to a\n denial of service. (bsc#1146094).\n\n - CVE-2019-9514: Fixed HTTP/2 implementation that is\n vulnerable to a reset flood, potentially leading to a\n denial of service (bsc#1146095).\n\n - CVE-2019-9515: Fixed HTTP/2 flood using SETTINGS frames\n results in unbounded memory growth (bsc#1146100).\n\n - CVE-2019-9516: Fixed HTTP/2 implementation that is\n vulnerable to a header leak, potentially leading to a\n denial of service (bsc#1146090).\n\n - CVE-2019-9517: Fixed HTTP/2 implementations that are\n vulnerable to unconstrained interal data buffering\n (bsc#1146097).\n\n - CVE-2019-9518: Fixed HTTP/2 implementation that is\n vulnerable to a flood of empty frames, potentially\n leading to a denial of service (bsc#1146093).\n\nThis update was imported from the SUSE:SLE-15:Update update project.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1146090\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1146091\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1146093\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1146094\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1146095\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1146097\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1146099\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1146100\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected nodejs10 packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/08/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/09/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/09/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:nodejs10\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:nodejs10-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:nodejs10-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:nodejs10-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:npm10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.1\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.1\", reference:\"nodejs10-10.16.3-lp151.2.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"nodejs10-debuginfo-10.16.3-lp151.2.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"nodejs10-debugsource-10.16.3-lp151.2.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"nodejs10-devel-10.16.3-lp151.2.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"npm10-10.16.3-lp151.2.6.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"nodejs10 / nodejs10-debuginfo / nodejs10-debugsource / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:28:50", "description": "This update for nodejs10 to version 10.16.3 fixes the following issues :\n\nSecurity issues fixed :\n\nCVE-2019-9511: Fixed HTTP/2 implementations that are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service (bsc#1146091).\n\nCVE-2019-9512: Fixed HTTP/2 flood using PING frames results in unbounded memory growth (bsc#1146099).\n\nCVE-2019-9513: Fixed HTTP/2 implementation that is vulnerable to resource loops, potentially leading to a denial of service.\n(bsc#1146094).\n\nCVE-2019-9514: Fixed HTTP/2 implementation that is vulnerable to a reset flood, potentially leading to a denial of service (bsc#1146095).\n\nCVE-2019-9515: Fixed HTTP/2 flood using SETTINGS frames results in unbounded memory growth (bsc#1146100).\n\nCVE-2019-9516: Fixed HTTP/2 implementation that is vulnerable to a header leak, potentially leading to a denial of service (bsc#1146090).\n\nCVE-2019-9517: Fixed HTTP/2 implementations that are vulnerable to unconstrained interal data buffering (bsc#1146097).\n\nCVE-2019-9518: Fixed HTTP/2 implementation that is vulnerable to a flood of empty frames, potentially leading to a denial of service (bsc#1146093).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-09-03T00:00:00", "type": "nessus", "title": "SUSE SLES15 Security Update : nodejs10 (SUSE-SU-2019:2259-1) (0-Length Headers Leak) (Data Dribble) (Empty Frames Flood) (Internal Data Buffering) (Ping Flood) (Reset Flood) (Resource Loop) (Settings Flood)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-9511", "CVE-2019-9512", "CVE-2019-9513", "CVE-2019-9514", "CVE-2019-9515", "CVE-2019-9516", "CVE-2019-9517", "CVE-2019-9518"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:nodejs10", "p-cpe:/a:novell:suse_linux:nodejs10-debuginfo", "p-cpe:/a:novell:suse_linux:nodejs10-debugsource", "p-cpe:/a:novell:suse_linux:nodejs10-devel", "p-cpe:/a:novell:suse_linux:npm10", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2019-2259-1.NASL", "href": "https://www.tenable.com/plugins/nessus/128467", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2019:2259-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(128467);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2019-9511\",\n \"CVE-2019-9512\",\n \"CVE-2019-9513\",\n \"CVE-2019-9514\",\n \"CVE-2019-9515\",\n \"CVE-2019-9516\",\n \"CVE-2019-9517\",\n \"CVE-2019-9518\"\n );\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0643\");\n\n script_name(english:\"SUSE SLES15 Security Update : nodejs10 (SUSE-SU-2019:2259-1) (0-Length Headers Leak) (Data Dribble) (Empty Frames Flood) (Internal Data Buffering) (Ping Flood) (Reset Flood) (Resource Loop) (Settings Flood)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"This update for nodejs10 to version 10.16.3 fixes the following \nissues :\n\nSecurity issues fixed :\n\nCVE-2019-9511: Fixed HTTP/2 implementations that are vulnerable to\nwindow size manipulation and stream prioritization manipulation,\npotentially leading to a denial of service (bsc#1146091).\n\nCVE-2019-9512: Fixed HTTP/2 flood using PING frames results in\nunbounded memory growth (bsc#1146099).\n\nCVE-2019-9513: Fixed HTTP/2 implementation that is vulnerable to\nresource loops, potentially leading to a denial of service.\n(bsc#1146094).\n\nCVE-2019-9514: Fixed HTTP/2 implementation that is vulnerable to a\nreset flood, potentially leading to a denial of service (bsc#1146095).\n\nCVE-2019-9515: Fixed HTTP/2 flood using SETTINGS frames results in\nunbounded memory growth (bsc#1146100).\n\nCVE-2019-9516: Fixed HTTP/2 implementation that is vulnerable to a\nheader leak, potentially leading to a denial of service (bsc#1146090).\n\nCVE-2019-9517: Fixed HTTP/2 implementations that are vulnerable to\nunconstrained interal data buffering (bsc#1146097).\n\nCVE-2019-9518: Fixed HTTP/2 implementation that is vulnerable to a\nflood of empty frames, potentially leading to a denial of service\n(bsc#1146093).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1146090\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1146091\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1146093\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1146094\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1146095\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1146097\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1146099\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1146100\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-9511/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-9512/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-9513/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-9514/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-9515/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-9516/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-9517/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-9518/\");\n # https://www.suse.com/support/update/announcement/2019/suse-su-20192259-1/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?d4d1ab3d\");\n script_set_attribute(attribute:\"solution\", value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Module for Web Scripting 15-SP1:zypper in -t\npatch SUSE-SLE-Module-Web-Scripting-15-SP1-2019-2259=1\n\nSUSE Linux Enterprise Module for Web Scripting 15:zypper in -t patch\nSUSE-SLE-Module-Web-Scripting-15-2019-2259=1\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/08/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/09/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/09/03\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:nodejs10\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:nodejs10-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:nodejs10-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:nodejs10-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:npm10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES15\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(0|1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP0/1\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"nodejs10-10.16.3-1.12.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"nodejs10-debuginfo-10.16.3-1.12.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"nodejs10-debugsource-10.16.3-1.12.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"nodejs10-devel-10.16.3-1.12.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"npm10-10.16.3-1.12.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"nodejs10-10.16.3-1.12.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"nodejs10-debuginfo-10.16.3-1.12.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"nodejs10-debugsource-10.16.3-1.12.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"nodejs10-devel-10.16.3-1.12.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"npm10-10.16.3-1.12.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"nodejs10\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:26:57", "description": "This update for nodejs10 to version 10.16.3 fixes the following issues :\n\nSecurity issues fixed :\n\nCVE-2019-9511: Fixed HTTP/2 implementations that are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service (bsc#1146091).\n\nCVE-2019-9512: Fixed HTTP/2 flood using PING frames results in unbounded memory growth (bsc#1146099).\n\nCVE-2019-9513: Fixed HTTP/2 implementation that is vulnerable to resource loops, potentially leading to a denial of service.\n(bsc#1146094).\n\nCVE-2019-9514: Fixed HTTP/2 implementation that is vulnerable to a reset flood, potentially leading to a denial of service (bsc#1146095).\n\nCVE-2019-9515: Fixed HTTP/2 flood using SETTINGS frames results in unbounded memory growth (bsc#1146100).\n\nCVE-2019-9516: Fixed HTTP/2 implementation that is vulnerable to a header leak, potentially leading to a denial of service (bsc#1146090).\n\nCVE-2019-9517: Fixed HTTP/2 implementations that are vulnerable to unconstrained interal data buffering (bsc#1146097).\n\nCVE-2019-9518: Fixed HTTP/2 implementation that is vulnerable to a flood of empty frames, potentially leading to a denial of service (bsc#1146093).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-08-30T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : nodejs10 (SUSE-SU-2019:2254-1) (0-Length Headers Leak) (Data Dribble) (Empty Frames Flood) (Internal Data Buffering) (Ping Flood) (Reset Flood) (Resource Loop) (Settings Flood)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-9511", "CVE-2019-9512", "CVE-2019-9513", "CVE-2019-9514", "CVE-2019-9515", "CVE-2019-9516", "CVE-2019-9517", "CVE-2019-9518"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:nodejs10", "p-cpe:/a:novell:suse_linux:nodejs10-debuginfo", "p-cpe:/a:novell:suse_linux:nodejs10-debugsource", "p-cpe:/a:novell:suse_linux:nodejs10-devel", "p-cpe:/a:novell:suse_linux:npm10", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2019-2254-1.NASL", "href": "https://www.tenable.com/plugins/nessus/128411", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2019:2254-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(128411);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2019-9511\",\n \"CVE-2019-9512\",\n \"CVE-2019-9513\",\n \"CVE-2019-9514\",\n \"CVE-2019-9515\",\n \"CVE-2019-9516\",\n \"CVE-2019-9517\",\n \"CVE-2019-9518\"\n );\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0643\");\n\n script_name(english:\"SUSE SLES12 Security Update : nodejs10 (SUSE-SU-2019:2254-1) (0-Length Headers Leak) (Data Dribble) (Empty Frames Flood) (Internal Data Buffering) (Ping Flood) (Reset Flood) (Resource Loop) (Settings Flood)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"This update for nodejs10 to version 10.16.3 fixes the following \nissues :\n\nSecurity issues fixed :\n\nCVE-2019-9511: Fixed HTTP/2 implementations that are vulnerable to\nwindow size manipulation and stream prioritization manipulation,\npotentially leading to a denial of service (bsc#1146091).\n\nCVE-2019-9512: Fixed HTTP/2 flood using PING frames results in\nunbounded memory growth (bsc#1146099).\n\nCVE-2019-9513: Fixed HTTP/2 implementation that is vulnerable to\nresource loops, potentially leading to a denial of service.\n(bsc#1146094).\n\nCVE-2019-9514: Fixed HTTP/2 implementation that is vulnerable to a\nreset flood, potentially leading to a denial of service (bsc#1146095).\n\nCVE-2019-9515: Fixed HTTP/2 flood using SETTINGS frames results in\nunbounded memory growth (bsc#1146100).\n\nCVE-2019-9516: Fixed HTTP/2 implementation that is vulnerable to a\nheader leak, potentially leading to a denial of service (bsc#1146090).\n\nCVE-2019-9517: Fixed HTTP/2 implementations that are vulnerable to\nunconstrained interal data buffering (bsc#1146097).\n\nCVE-2019-9518: Fixed HTTP/2 implementation that is vulnerable to a\nflood of empty frames, potentially leading to a denial of service\n(bsc#1146093).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1146090\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1146091\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1146093\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1146094\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1146095\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1146097\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1146099\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1146100\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-9511/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-9512/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-9513/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-9514/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-9515/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-9516/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-9517/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-9518/\");\n # https://www.suse.com/support/update/announcement/2019/suse-su-20192254-1/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?c8330484\");\n script_set_attribute(attribute:\"solution\", value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Module for Web Scripting 12:zypper in -t patch\nSUSE-SLE-Module-Web-Scripting-12-2019-2254=1\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/08/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/08/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/08/30\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:nodejs10\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:nodejs10-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:nodejs10-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:nodejs10-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:npm10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP0\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"nodejs10-10.16.3-1.12.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"nodejs10-debuginfo-10.16.3-1.12.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"nodejs10-debugsource-10.16.3-1.12.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"nodejs10-devel-10.16.3-1.12.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"npm10-10.16.3-1.12.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"nodejs10\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:27:03", "description": "Node.js reports :\n\nNode.js, as well as many other implementations of HTTP/2, have been found vulnerable to Denial of Service attacks. See https://github.com/Netflix/security-bulletins/blob/master/advisories/t hird-party/2019-002.md for more information.\n\nUpdates are now available for all active Node.js release lines, including Linux ARMv6 builds for Node.js 8.x (which had been delayed).\n\nWe recommend that all Node.js users upgrade to a version listed below as soon as possible. Vulnerabilities Fixed Impact: All versions of Node.js 8 (LTS 'Carbon'), Node.js 10 (LTS 'Dubnium'), and Node.js 12 (Current) are vulnerable to the following :\n\n- CVE-2019-9511 'Data Dribble': The attacker requests a large amount of data from a specified resource over multiple streams. They manipulate window size and stream priority to force the server to queue the data in 1-byte chunks. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both, potentially leading to a denial of service.\n\n- CVE-2019-9512 'Ping Flood': The attacker sends continual pings to an HTTP/2 peer, causing the peer to build an internal queue of responses.\nDepending on how efficiently this data is queued, this can consume excess CPU, memory, or both, potentially leading to a denial of service.\n\n- CVE-2019-9513 'Resource Loop': The attacker creates multiple request streams and continually shuffles the priority of the streams in a way that causes substantial churn to the priority tree. This can consume excess CPU, potentially leading to a denial of service.\n\n- CVE-2019-9514 'Reset Flood': The attacker opens a number of streams and sends an invalid request over each stream that should solicit a stream of RST_STREAM frames from the peer. Depending on how the peer queues the RST_STREAM frames, this can consume excess memory, CPU, or both, potentially leading to a denial of service.\n\n- CVE-2019-9515 'Settings Flood': The attacker sends a stream of SETTINGS frames to the peer. Since the RFC requires that the peer reply with one acknowledgement per SETTINGS frame, an empty SETTINGS frame is almost equivalent in behavior to a ping. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both, potentially leading to a denial of service.\n\n- CVE-2019-9516 '0-Length Headers Leak': The attacker sends a stream of headers with a 0-length header name and 0-length header value, optionally Huffman encoded into 1-byte or greater headers. Some implementations allocate memory for these headers and keep the allocation alive until the session dies. This can consume excess memory, potentially leading to a denial of service.\n\n- CVE-2019-9517 'Internal Data Buffering': The attacker opens the HTTP/2 window so the peer can send without constraint; however, they leave the TCP window closed so the peer cannot actually write (many of) the bytes on the wire. The attacker then sends a stream of requests for a large response object. Depending on how the servers queue the responses, this can consume excess memory, CPU, or both, potentially leading to a denial of service.\n\n- CVE-2019-9518 'Empty Frames Flood': The attacker sends a stream of frames with an empty payload and without the end-of-stream flag. These frames can be DATA, HEADERS, CONTINUATION and/or PUSH_PROMISE. The peer spends time processing each frame disproportionate to attack bandwidth. This can consume excess CPU, potentially leading to a denial of service. (Discovered by Piotr Sikora of Google)", "cvss3": {}, "published": "2019-08-21T00:00:00", "type": "nessus", "title": "FreeBSD : Node.js -- multiple vulnerabilities (c97a940b-c392-11e9-bb38-000d3ab229d6) (0-Length Headers Leak) (Data Dribble) (Empty Frames Flood) (Internal Data Buffering) (Ping Flood) (Reset Flood) (Resource Loop) (Settings Flood)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-9511", "CVE-2019-9512", "CVE-2019-9513", "CVE-2019-9514", "CVE-2019-9515", "CVE-2019-9516", "CVE-2019-9517", "CVE-2019-9518"], "modified": "2022-12-06T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:node", "p-cpe:/a:freebsd:freebsd:node10", "p-cpe:/a:freebsd:freebsd:node8", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_C97A940BC39211E9BB38000D3AB229D6.NASL", "href": "https://www.tenable.com/plugins/nessus/128043", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2022 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(128043);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/06\");\n\n script_cve_id(\"CVE-2019-9511\", \"CVE-2019-9512\", \"CVE-2019-9513\", \"CVE-2019-9514\", \"CVE-2019-9515\", \"CVE-2019-9516\", \"CVE-2019-9517\", \"CVE-2019-9518\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0643\");\n\n script_name(english:\"FreeBSD : Node.js -- multiple vulnerabilities (c97a940b-c392-11e9-bb38-000d3ab229d6) (0-Length Headers Leak) (Data Dribble) (Empty Frames Flood) (Internal Data Buffering) (Ping Flood) (Reset Flood) (Resource Loop) (Settings Flood)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Node.js reports :\n\nNode.js, as well as many other implementations of HTTP/2, have been\nfound vulnerable to Denial of Service attacks. See\nhttps://github.com/Netflix/security-bulletins/blob/master/advisories/t\nhird-party/2019-002.md for more information.\n\nUpdates are now available for all active Node.js release lines,\nincluding Linux ARMv6 builds for Node.js 8.x (which had been delayed).\n\nWe recommend that all Node.js users upgrade to a version listed below\nas soon as possible. Vulnerabilities Fixed Impact: All versions of\nNode.js 8 (LTS 'Carbon'), Node.js 10 (LTS 'Dubnium'), and Node.js 12\n(Current) are vulnerable to the following :\n\n- CVE-2019-9511 'Data Dribble': The attacker requests a large amount\nof data from a specified resource over multiple streams. They\nmanipulate window size and stream priority to force the server to\nqueue the data in 1-byte chunks. Depending on how efficiently this\ndata is queued, this can consume excess CPU, memory, or both,\npotentially leading to a denial of service.\n\n- CVE-2019-9512 'Ping Flood': The attacker sends continual pings to an\nHTTP/2 peer, causing the peer to build an internal queue of responses.\nDepending on how efficiently this data is queued, this can consume\nexcess CPU, memory, or both, potentially leading to a denial of\nservice.\n\n- CVE-2019-9513 'Resource Loop': The attacker creates multiple request\nstreams and continually shuffles the priority of the streams in a way\nthat causes substantial churn to the priority tree. This can consume\nexcess CPU, potentially leading to a denial of service.\n\n- CVE-2019-9514 'Reset Flood': The attacker opens a number of streams\nand sends an invalid request over each stream that should solicit a\nstream of RST_STREAM frames from the peer. Depending on how the peer\nqueues the RST_STREAM frames, this can consume excess memory, CPU, or\nboth, potentially leading to a denial of service.\n\n- CVE-2019-9515 'Settings Flood': The attacker sends a stream of\nSETTINGS frames to the peer. Since the RFC requires that the peer\nreply with one acknowledgement per SETTINGS frame, an empty SETTINGS\nframe is almost equivalent in behavior to a ping. Depending on how\nefficiently this data is queued, this can consume excess CPU, memory,\nor both, potentially leading to a denial of service.\n\n- CVE-2019-9516 '0-Length Headers Leak': The attacker sends a stream\nof headers with a 0-length header name and 0-length header value,\noptionally Huffman encoded into 1-byte or greater headers. Some\nimplementations allocate memory for these headers and keep the\nallocation alive until the session dies. This can consume excess\nmemory, potentially leading to a denial of service.\n\n- CVE-2019-9517 'Internal Data Buffering': The attacker opens the\nHTTP/2 window so the peer can send without constraint; however, they\nleave the TCP window closed so the peer cannot actually write (many\nof) the bytes on the wire. The attacker then sends a stream of\nrequests for a large response object. Depending on how the servers\nqueue the responses, this can consume excess memory, CPU, or both,\npotentially leading to a denial of service.\n\n- CVE-2019-9518 'Empty Frames Flood': The attacker sends a stream of\nframes with an empty payload and without the end-of-stream flag. These\nframes can be DATA, HEADERS, CONTINUATION and/or PUSH_PROMISE. The\npeer spends time processing each frame disproportionate to attack\nbandwidth. This can consume excess CPU, potentially leading to a\ndenial of service. (Discovered by Piotr Sikora of Google)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/\"\n );\n # https://vuxml.freebsd.org/freebsd/c97a940b-c392-11e9-bb38-000d3ab229d6.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?27301aed\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:node\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:node10\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:node8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/08/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/08/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/08/21\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"node<12.8.1\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"node10<10.16.3\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"node8<8.16.1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:29:34", "description": "An update for the nodejs:10 module is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nNode.js is a software development platform for building fast and scalable network applications in the JavaScript programming language.\n\nThe following packages have been upgraded to a later upstream version:\nnodejs (10.16.3).\n\nSecurity Fix(es) :\n\n* HTTP/2: large amount of data requests leads to denial of service (CVE-2019-9511)\n\n* HTTP/2: flood using PING frames results in unbounded memory growth (CVE-2019-9512)\n\n* HTTP/2: flood using PRIORITY frames results in excessive resource consumption (CVE-2019-9513)\n\n* HTTP/2: flood using HEADERS frames results in unbounded memory growth (CVE-2019-9514)\n\n* HTTP/2: flood using SETTINGS frames results in unbounded memory growth (CVE-2019-9515)\n\n* HTTP/2: 0-length headers lead to denial of service (CVE-2019-9516)\n\n* HTTP/2: request for large response leads to denial of service (CVE-2019-9517)\n\n* HTTP/2: flood using empty frames results in excessive resource consumption (CVE-2019-9518)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {}, "published": "2019-10-01T00:00:00", "type": "nessus", "title": "RHEL 8 : nodejs:10 (RHSA-2019:2925) (0-Length Headers Leak) (Data Dribble) (Empty Frames Flood) (Internal Data Buffering) (Ping Flood) (Reset Flood) (Resource Loop) (Settings Flood)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-9511", "CVE-2019-9512", "CVE-2019-9513", "CVE-2019-9514", "CVE-2019-9515", "CVE-2019-9516", "CVE-2019-9517", "CVE-2019-9518"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:nodejs", "p-cpe:/a:redhat:enterprise_linux:nodejs-debugsource", "p-cpe:/a:redhat:enterprise_linux:nodejs-devel", "p-cpe:/a:redhat:enterprise_linux:nodejs-docs", "p-cpe:/a:redhat:enterprise_linux:nodejs-nodemon", "p-cpe:/a:redhat:enterprise_linux:nodejs-packaging", "p-cpe:/a:redhat:enterprise_linux:npm", "cpe:/o:redhat:enterprise_linux:8", "cpe:/o:redhat:enterprise_linux:8.0"], "id": "REDHAT-RHSA-2019-2925.NASL", "href": "https://www.tenable.com/plugins/nessus/129480", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2019:2925. The text\n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(129480);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2019-9511\",\n \"CVE-2019-9512\",\n \"CVE-2019-9513\",\n \"CVE-2019-9514\",\n \"CVE-2019-9515\",\n \"CVE-2019-9516\",\n \"CVE-2019-9517\",\n \"CVE-2019-9518\"\n );\n script_xref(name:\"RHSA\", value:\"2019:2925\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0643\");\n\n script_name(english:\"RHEL 8 : nodejs:10 (RHSA-2019:2925) (0-Length Headers Leak) (Data Dribble) (Empty Frames Flood) (Internal Data Buffering) (Ping Flood) (Reset Flood) (Resource Loop) (Settings Flood)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update for the nodejs:10 module is now available for Red Hat\nEnterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nNode.js is a software development platform for building fast and\nscalable network applications in the JavaScript programming language.\n\nThe following packages have been upgraded to a later upstream version:\nnodejs (10.16.3).\n\nSecurity Fix(es) :\n\n* HTTP/2: large amount of data requests leads to denial of service\n(CVE-2019-9511)\n\n* HTTP/2: flood using PING frames results in unbounded memory growth\n(CVE-2019-9512)\n\n* HTTP/2: flood using PRIORITY frames results in excessive resource\nconsumption (CVE-2019-9513)\n\n* HTTP/2: flood using HEADERS frames results in unbounded memory\ngrowth (CVE-2019-9514)\n\n* HTTP/2: flood using SETTINGS frames results in unbounded memory\ngrowth (CVE-2019-9515)\n\n* HTTP/2: 0-length headers lead to denial of service (CVE-2019-9516)\n\n* HTTP/2: request for large response leads to denial of service\n(CVE-2019-9517)\n\n* HTTP/2: flood using empty frames results in excessive resource\nconsumption (CVE-2019-9518)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2019:2925\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-9511\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-9512\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-9513\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-9514\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-9515\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-9516\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-9517\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-9518\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-9511\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/08/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/09/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/10/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nodejs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nodejs-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nodejs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nodejs-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nodejs-nodemon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nodejs-packaging\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:npm\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 8.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nmodule_ver = get_kb_item('Host/RedHat/appstream/nodejs');\nif (isnull(module_ver)) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module nodejs:10');\nif ('10' >!< module_ver) audit(AUDIT_PACKAGE_NOT_AFFECTED, 'Module nodejs:' + module_ver);\n\nappstreams = {\n 'nodejs:10': [\n {'reference':'nodejs-10.16.3-2.module+el8.0.0+4214+49953fda', 'cpu':'aarch64', 'release':'8', 'epoch':'1'},\n {'reference':'nodejs-10.16.3-2.module+el8.0.0+4214+49953fda', 'cpu':'s390x', 'release':'8', 'epoch':'1'},\n {'reference':'nodejs-10.16.3-2.module+el8.0.0+4214+49953fda', 'cpu':'x86_64', 'release':'8', 'epoch':'1'},\n {'reference':'nodejs-debugsource-10.16.3-2.module+el8.0.0+4214+49953fda', 'cpu':'aarch64', 'release':'8', 'epoch':'1'},\n {'reference':'nodejs-debugsource-10.16.3-2.module+el8.0.0+4214+49953fda', 'cpu':'s390x', 'release':'8', 'epoch':'1'},\n {'reference':'nodejs-debugsource-10.16.3-2.module+el8.0.0+4214+49953fda', 'cpu':'x86_64', 'release':'8', 'epoch':'1'},\n {'reference':'nodejs-devel-10.16.3-2.module+el8.0.0+4214+49953fda', 'cpu':'aarch64', 'release':'8', 'epoch':'1'},\n {'reference':'nodejs-devel-10.16.3-2.module+el8.0.0+4214+49953fda', 'cpu':'s390x', 'release':'8', 'epoch':'1'},\n {'reference':'nodejs-devel-10.16.3-2.module+el8.0.0+4214+49953fda', 'cpu':'x86_64', 'release':'8', 'epoch':'1'},\n {'reference':'nodejs-docs-10.16.3-2.module+el8.0.0+4214+49953fda', 'release':'8', 'epoch':'1'},\n {'reference':'nodejs-nodemon-1.18.3-1.module+el8+2632+6c5111ed', 'release':'8'},\n {'reference':'nodejs-packaging-17-3.module+el8+2873+aa7dfd9a', 'release':'8'},\n {'reference':'npm-6.9.0-1.10.16.3.2.module+el8.0.0+4214+49953fda', 'cpu':'aarch64', 'release':'8', 'epoch':'1'},\n {'reference':'npm-6.9.0-1.10.16.3.2.module+el8.0.0+4214+49953fda', 'cpu':'s390x', 'release':'8', 'epoch':'1'},\n {'reference':'npm-6.9.0-1.10.16.3.2.module+el8.0.0+4214+49953fda', 'cpu':'x86_64', 'release':'8', 'epoch':'1'}\n ],\n};\n\nflag = 0;\nappstreams_found = 0;\nforeach module (keys(appstreams)) {\n appstream = NULL;\n appstream_name = NULL;\n appstream_version = NULL;\n appstream_split = split(module, sep:':', keep:FALSE);\n if (!empty_or_null(appstream_split)) {\n appstream_name = appstream_split[0];\n appstream_version = appstream_split[1];\n if (!empty_or_null(appstream_name)) appstream = get_one_kb_item('Host/RedHat/appstream/' + appstream_name);\n }\n if (!empty_or_null(appstream) && appstream_version == appstream || appstream_name == 'all') {\n appstreams_found++;\n foreach package_array ( appstreams[module] ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'RHEL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (reference && release) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n }\n }\n}\n\nif (!appstreams_found) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module nodejs:10');\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'nodejs / nodejs-debugsource / nodejs-devel / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:29:35", "description": "This update for nodejs8 to version 8.16.1 fixes the following issues :\n\nSecurity issues fixed :\n\nCVE-2019-9511: Fixed HTTP/2 implementations that are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service (bsc#1146091).\n\nCVE-2019-9512: Fixed HTTP/2 flood using PING frames results in unbounded memory growth (bsc#1146099).\n\nCVE-2019-9513: Fixed HTTP/2 implementation that is vulnerable to resource loops, potentially leading to a denial of service.\n(bsc#1146094).\n\nCVE-2019-9514: Fixed HTTP/2 implementation that is vulnerable to a reset flood, potentially leading to a denial of service (bsc#1146095).\n\nCVE-2019-9515: Fixed HTTP/2 flood using SETTINGS frames results in unbounded memory growth (bsc#1146100).\n\nCVE-2019-9516: Fixed HTTP/2 implementation that is vulnerable to a header leak, potentially leading to a denial of service (bsc#1146090).\n\nCVE-2019-9517: Fixed HTTP/2 implementations that are vulnerable to unconstrained interal data buffering (bsc#1146097).\n\nCVE-2019-9518: Fixed HTTP/2 implementation that is vulnerable to a flood of empty frames, potentially leading to a denial of service (bsc#1146093).\n\nBug fixes: Fixed that npm resolves its default config file like in all other versions, as /etc/nodejs/npmrc (bsc#1144919).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-09-03T00:00:00", "type": "nessus", "title": "SUSE SLES15 Security Update : nodejs8 (SUSE-SU-2019:2260-1) (0-Length Headers Leak) (Data Dribble) (Empty Frames Flood) (Internal Data Buffering) (Ping Flood) (Reset Flood) (Resource Loop) (Settings Flood)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-9511", "CVE-2019-9512", "CVE-2019-9513", "CVE-2019-9514", "CVE-2019-9515", "CVE-2019-9516", "CVE-2019-9517", "CVE-2019-9518"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:nodejs8", "p-cpe:/a:novell:suse_linux:nodejs8-debuginfo", "p-cpe:/a:novell:suse_linux:nodejs8-debugsource", "p-cpe:/a:novell:suse_linux:nodejs8-devel", "p-cpe:/a:novell:suse_linux:npm8", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2019-2260-1.NASL", "href": "https://www.tenable.com/plugins/nessus/128468", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2019:2260-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(128468);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2019-9511\",\n \"CVE-2019-9512\",\n \"CVE-2019-9513\",\n \"CVE-2019-9514\",\n \"CVE-2019-9515\",\n \"CVE-2019-9516\",\n \"CVE-2019-9517\",\n \"CVE-2019-9518\"\n );\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0643\");\n\n script_name(english:\"SUSE SLES15 Security Update : nodejs8 (SUSE-SU-2019:2260-1) (0-Length Headers Leak) (Data Dribble) (Empty Frames Flood) (Internal Data Buffering) (Ping Flood) (Reset Flood) (Resource Loop) (Settings Flood)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"This update for nodejs8 to version 8.16.1 fixes the following issues :\n\nSecurity issues fixed :\n\nCVE-2019-9511: Fixed HTTP/2 implementations that are vulnerable to\nwindow size manipulation and stream prioritization manipulation,\npotentially leading to a denial of service (bsc#1146091).\n\nCVE-2019-9512: Fixed HTTP/2 flood using PING frames results in\nunbounded memory growth (bsc#1146099).\n\nCVE-2019-9513: Fixed HTTP/2 implementation that is vulnerable to\nresource loops, potentially leading to a denial of service.\n(bsc#1146094).\n\nCVE-2019-9514: Fixed HTTP/2 implementation that is vulnerable to a\nreset flood, potentially leading to a denial of service (bsc#1146095).\n\nCVE-2019-9515: Fixed HTTP/2 flood using SETTINGS frames results in\nunbounded memory growth (bsc#1146100).\n\nCVE-2019-9516: Fixed HTTP/2 implementation that is vulnerable to a\nheader leak, potentially leading to a denial of service (bsc#1146090).\n\nCVE-2019-9517: Fixed HTTP/2 implementations that are vulnerable to\nunconstrained interal data buffering (bsc#1146097).\n\nCVE-2019-9518: Fixed HTTP/2 implementation that is vulnerable to a\nflood of empty frames, potentially leading to a denial of service\n(bsc#1146093).\n\nBug fixes: Fixed that npm resolves its default config file like in all\nother versions, as /etc/nodejs/npmrc (bsc#1144919).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1144919\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1146090\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1146091\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1146093\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1146094\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1146095\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1146097\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1146099\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1146100\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-9511/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-9512/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-9513/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-9514/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-9515/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-9516/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-9517/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-9518/\");\n # https://www.suse.com/support/update/announcement/2019/suse-su-20192260-1/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?e4c77b67\");\n script_set_attribute(attribute:\"solution\", value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Module for Web Scripting 15-SP1:zypper in -t\npatch SUSE-SLE-Module-Web-Scripting-15-SP1-2019-2260=1\n\nSUSE Linux Enterprise Module for Web Scripting 15:zypper in -t patch\nSUSE-SLE-Module-Web-Scripting-15-2019-2260=1\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/08/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/09/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/09/03\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:nodejs8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:nodejs8-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:nodejs8-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:nodejs8-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:npm8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES15\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(0|1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP0/1\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"nodejs8-8.16.1-3.20.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"nodejs8-debuginfo-8.16.1-3.20.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"nodejs8-debugsource-8.16.1-3.20.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"nodejs8-devel-8.16.1-3.20.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"npm8-8.16.1-3.20.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"nodejs8-8.16.1-3.20.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"nodejs8-debuginfo-8.16.1-3.20.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"nodejs8-debugsource-8.16.1-3.20.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"nodejs8-devel-8.16.1-3.20.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"npm8-8.16.1-3.20.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"nodejs8\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:28:43", "description": "This update for nodejs8 to version 8.16.1 fixes the following issues :\n\nSecurity issues fixed :\n\n - CVE-2019-9511: Fixed HTTP/2 implementations that are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service (bsc#1146091).\n\n - CVE-2019-9512: Fixed HTTP/2 flood using PING frames results in unbounded memory growth (bsc#1146099).\n\n - CVE-2019-9513: Fixed HTTP/2 implementation that is vulnerable to resource loops, potentially leading to a denial of service. (bsc#1146094).\n\n - CVE-2019-9514: Fixed HTTP/2 implementation that is vulnerable to a reset flood, potentially leading to a denial of service (bsc#1146095).\n\n - CVE-2019-9515: Fixed HTTP/2 flood using SETTINGS frames results in unbounded memory growth (bsc#1146100).\n\n - CVE-2019-9516: Fixed HTTP/2 implementation that is vulnerable to a header leak, potentially leading to a denial of service (bsc#1146090).\n\n - CVE-2019-9517: Fixed HTTP/2 implementations that are vulnerable to unconstrained interal data buffering (bsc#1146097).\n\n - CVE-2019-9518: Fixed HTTP/2 implementation that is vulnerable to a flood of empty frames, potentially leading to a denial of service (bsc#1146093).\n\nBug fixes :\n\n - Fixed that npm resolves its default config file like in all other versions, as /etc/nodejs/npmrc (bsc#1144919).\n\nThis update was imported from the SUSE:SLE-15:Update update project.", "cvss3": {}, "published": "2019-09-11T00:00:00", "type": "nessus", "title": "openSUSE Security Update : nodejs8 (openSUSE-2019-2115) (0-Length Headers Leak) (Data Dribble) (Empty Frames Flood) (Internal Data Buffering) (Ping Flood) (Reset Flood) (Resource Loop) (Settings Flood)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-9511", "CVE-2019-9512", "CVE-2019-9513", "CVE-2019-9514", "CVE-2019-9515", "CVE-2019-9516", "CVE-2019-9517", "CVE-2019-9518"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:nodejs8", "p-cpe:/a:novell:opensuse:nodejs8-debuginfo", "p-cpe:/a:novell:opensuse:nodejs8-debugsource", "p-cpe:/a:novell:opensuse:nodejs8-devel", "p-cpe:/a:novell:opensuse:npm8", "cpe:/o:novell:opensuse:15.1"], "id": "OPENSUSE-2019-2115.NASL", "href": "https://www.tenable.com/plugins/nessus/128669", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2019-2115.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(128669);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2019-9511\",\n \"CVE-2019-9512\",\n \"CVE-2019-9513\",\n \"CVE-2019-9514\",\n \"CVE-2019-9515\",\n \"CVE-2019-9516\",\n \"CVE-2019-9517\",\n \"CVE-2019-9518\"\n );\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0643\");\n\n script_name(english:\"openSUSE Security Update : nodejs8 (openSUSE-2019-2115) (0-Length Headers Leak) (Data Dribble) (Empty Frames Flood) (Internal Data Buffering) (Ping Flood) (Reset Flood) (Resource Loop) (Settings Flood)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote openSUSE host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"This update for nodejs8 to version 8.16.1 fixes the following issues :\n\nSecurity issues fixed :\n\n - CVE-2019-9511: Fixed HTTP/2 implementations that are\n vulnerable to window size manipulation and stream\n prioritization manipulation, potentially leading to a\n denial of service (bsc#1146091).\n\n - CVE-2019-9512: Fixed HTTP/2 flood using PING frames\n results in unbounded memory growth (bsc#1146099).\n\n - CVE-2019-9513: Fixed HTTP/2 implementation that is\n vulnerable to resource loops, potentially leading to a\n denial of service. (bsc#1146094).\n\n - CVE-2019-9514: Fixed HTTP/2 implementation that is\n vulnerable to a reset flood, potentially leading to a\n denial of service (bsc#1146095).\n\n - CVE-2019-9515: Fixed HTTP/2 flood using SETTINGS frames\n results in unbounded memory growth (bsc#1146100).\n\n - CVE-2019-9516: Fixed HTTP/2 implementation that is\n vulnerable to a header leak, potentially leading to a\n denial of service (bsc#1146090).\n\n - CVE-2019-9517: Fixed HTTP/2 implementations that are\n vulnerable to unconstrained interal data buffering\n (bsc#1146097).\n\n - CVE-2019-9518: Fixed HTTP/2 implementation that is\n vulnerable to a flood of empty frames, potentially\n leading to a denial of service (bsc#1146093).\n\nBug fixes :\n\n - Fixed that npm resolves its default config file like in\n all other versions, as /etc/nodejs/npmrc (bsc#1144919).\n\nThis update was imported from the SUSE:SLE-15:Update update project.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1144919\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1146090\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1146091\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1146093\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1146094\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1146095\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1146097\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1146099\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1146100\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected nodejs8 packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/08/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/09/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/09/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:nodejs8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:nodejs8-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:nodejs8-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:nodejs8-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:npm8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.1\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.1\", reference:\"nodejs8-8.16.1-lp151.2.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"nodejs8-debuginfo-8.16.1-lp151.2.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"nodejs8-debugsource-8.16.1-lp151.2.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"nodejs8-devel-8.16.1-lp151.2.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"npm8-8.16.1-lp151.2.6.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"nodejs8 / nodejs8-debuginfo / nodejs8-debugsource / nodejs8-devel / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:29:06", "description": "The version of Junos OS installed on the remote host is affected by multiple denial of service vulnerabilities as referenced in the JSA11167 advisory:\n\n - Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service. The attacker requests a large amount of data from a specified resource over multiple streams.\n They manipulate window size and stream priority to force the server to queue the data in 1-byte chunks. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both. (CVE-2019-9511) \n - Some HTTP/2 implementations are vulnerable to resource loops, potentially leading to a denial of service. The attacker creates multiple request streams and continually shuffles the priority of the streams in a way that causes substantial churn to the priority tree. This can consume excess CPU. (CVE-2019-9513)\n\n - Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service. The attacker opens a number of streams and sends an invalid request over each stream that should solicit a stream of RST_STREAM frames from the peer. Depending on how the peer queues the RST_STREAM frames, this can consume excess memory, CPU, or both. (CVE-2019-9514)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-05-26T00:00:00", "type": "nessus", "title": "Juniper Junos OS Multiple DoS Vulnerabilities (JSA11167)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-9511", "CVE-2019-9512", "CVE-2019-9513", "CVE-2019-9514", "CVE-2019-9515", "CVE-2019-9516", "CVE-2019-9517", "CVE-2019-9518"], "modified": "2022-12-06T00:00:00", "cpe": ["cpe:/o:juniper:junos"], "id": "JUNIPER_JSA11167.NASL", "href": "https://www.tenable.com/plugins/nessus/149967", "sourceData": "#TRUSTED 189bd305cb7288793968d490b5b226d84de7ddc98a015d59d27403edc4e5a23a808bc88751b4971810c3e3a3f40898bbb7fcb02fe672735a3191ec1a3422f581e86ae70c17e1e1a2eae2b6f5982bd09257abdd445902f3805004769c541ee37b6497d730bc49a1431d9447eb36cf967434aef704301f7edcc02e55128dd9f2faa89f83b53d4a525104d5705d296db525505fa6ea2b7f2fe0ff314d5c154a32fb49dd591a7c48bf51e9b8f3931512dcf4d118006a2bfe4399bd0f6f42d1d574862bb489852471ac5fe1ea865cc8fc170de596125e5ced45c6e85370c25b5fe6d5c7bd0aa067ea3603eb6d6c631ddd45ac449f8dd85ef724872f5f89536195714d2edf02f82d2e875aaff0a4f2ed0aff71788cfa77bb5adf0d8983bb36b6e378cdd64cce58e7837342ac53aaea4cd9e7d1b901f40b5fbd13e67d305bca39c1262dd97f7cca61427c0fe1561d8905f6d041502e8c3b653d128344a27c67878ce9a9bc85c8c08c2a1c11ed7d6ae36e9cf268f703a4d72ed6307bcb21c044cc65c6093d171ccceb3db278fae6905898ab318cb86f2cdfce00a10459e8a4b712148c63fea029c326497e7fa6e9d2431b885e65dbfaca1527b3882568d0d576a9f609342a36a6ac842917e0f9f859e283e1e91e4e8a1601275be7faf2822af7ff3eebbd2fa90b35a4f63eac264ec54684784b2e82520f2d376e7fe0f9cfaaa41ef60434\n#TRUST-RSA-SHA256 418d314a001dd9b2ceac85dc1f34c5932c8235cd1ae8dae62b1b60d349f704709aacb78c1d428828a750fd2e48c4d40bdb3b36b528496a7f92d8596fd9e2a4edb65e4b108ad1a74b4bba4e6544a716ad0593488655718b4b3f698805cb9f4e2e49d50bb50507a8a571d883921ed6490322815ccef1f4dc632bcdf68290222b1efab47f578b3b4fa50adae88790de0878e7588c404d2390cc2362cbae23184a0a61f31c7bbbcf8be91ca848e1aebe8d41d77fabc90cfd5ce909d29f79d7d226fbf84a02f99c8408afa5afcd1f3484f34b8762a90d669b07c260352081757ebd45493b95a56b2634df64013b5c28f17b658b8ea3ca8ac141f0c712aa09a568ba79c2f8723ac8dafb3d509f7c96f354ce83c3ad220a599ac3896b1aff20f6c40846ad1eefe649a91760226ec465720438caf46420e4629cf48e9da6876adf54f8c052ef1e8d3cf178a557a49bbaba7e1fbf71ded965b0d5141b524120c4cac8412965eabb2035ef5a08f6d3219301fae03630ba2c1fae024f8dd1d2b41ec83806223c8573458269b533f5e45159560182e0146adb28b1292feae475171f648d7182cb511778f26004aedd3aa6e3203692884cf6c07ce1d5addcbd6a5932d54668b7b539c737f29790a8e778352e6c162fdc95dc7589e68d318513b6815496d7733f0ce1a438354875f9849f9e9016c4d1b2c5b7a40043e72c8fe590a6de921ff2a0\n#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(149967);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/06\");\n\n script_cve_id(\n \"CVE-2019-9511\",\n \"CVE-2019-9512\",\n \"CVE-2019-9513\",\n \"CVE-2019-9514\",\n \"CVE-2019-9515\",\n \"CVE-2019-9516\",\n \"CVE-2019-9517\",\n \"CVE-2019-9518\"\n );\n script_xref(name:\"JSA\", value:\"JSA11167\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0643\");\n\n script_name(english:\"Juniper Junos OS Multiple DoS Vulnerabilities (JSA11167)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote device is missing a vendor-supplied security patch.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Junos OS installed on the remote host is affected by multiple denial of service vulnerabilities as referenced\nin the JSA11167 advisory:\n\n - Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially\n leading to a denial of service. The attacker requests a large amount of data from a specified resource over multiple streams.\n They manipulate window size and stream priority to force the server to queue the data in 1-byte chunks. Depending on how\n efficiently this data is queued, this can consume excess CPU, memory, or both. (CVE-2019-9511)\n \n - Some HTTP/2 implementations are vulnerable to resource loops, potentially leading to a denial of service. The attacker\n creates multiple request streams and continually shuffles the priority of the streams in a way that causes substantial churn\n to the priority tree. This can consume excess CPU. (CVE-2019-9513)\n\n - Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service. The attacker opens\n a number of streams and sends an invalid request over each stream that should solicit a stream of RST_STREAM frames from the\n peer. Depending on how the peer queues the RST_STREAM frames, this can consume excess memory, CPU, or both. (CVE-2019-9514)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported\nversion number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://kb.juniper.net/JSA11167\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply the relevant Junos software release referenced in Juniper advisory JSA11167\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-9513\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/08/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/04/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/05/26\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:juniper:junos\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Junos Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"junos_version.nasl\");\n script_require_keys(\"Host/Juniper/JUNOS/Version\");\n\n exit(0);\n}\n\ninclude('junos.inc');\ninclude('junos_kb_cmd_func.inc');\n\nvar ver = get_kb_item_or_exit('Host/Juniper/JUNOS/Version');\n\nvar vuln_ranges = [\n {'min_ver':'16.1R3', 'fixed_ver':'18.3R2-S4'},\n {'min_ver':'18.3R3', 'fixed_ver':'18.3R3-S3'},\n {'min_ver':'18.4', 'fixed_ver':'18.4R1-S8'},\n {'min_ver':'18.4R2', 'fixed_ver':'18.4R2-S5'},\n {'min_ver':'18.4R3', 'fixed_ver':'18.4R3-S4'},\n {'min_ver':'19.1', 'fixed_ver':'19.1R1-S6'},\n {'min_ver':'19.1R2', 'fixed_ver':'19.1R2-S2'},\n {'min_ver':'19.1R3', 'fixed_ver':'19.1R3-S2'},\n {'min_ver':'19.2', 'fixed_ver':'19.2R1-S5', 'fixed_display':'19.2R1-S5, 19.2R2'}\n];\n\nvar fix = junos_compare_range(target_version:ver, vuln_ranges:vuln_ranges);\nif (empty_or_null(fix)) audit(AUDIT_INST_VER_NOT_VULN, 'Junos OS', ver);\n\nvar override = TRUE;\nvar buf = junos_command_kb_item(cmd:'show configuration | display set');\nif (buf)\n{\n override = FALSE;\n if (!preg(string:buf, pattern:\"^set system services extension-service request-response grpc\", multiline:TRUE))\n audit(AUDIT_HOST_NOT, 'using a vulnerable configuration');\n}\njunos_report(ver:ver, fix:fix, override:override, severity:SECURITY_HOLE);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:30:51", "description": "From Red Hat Security Advisory 2019:2925 :\n\nAn update for the nodejs:10 module is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nNode.js is a software development platform for building fast and scalable network applications in the JavaScript programming language.\n\nThe following packages have been upgraded to a later upstream version:\nnodejs (10.16.3).\n\nSecurity Fix(es) :\n\n* HTTP/2: large amount of data requests leads to denial of service (CVE-2019-9511)\n\n* HTTP/2: flood using PING frames results in unbounded memory growth (CVE-2019-9512)\n\n* HTTP/2: flood using PRIORITY frames results in excessive resource consumption (CVE-2019-9513)\n\n* HTTP/2: flood using HEADERS frames results in unbounded memory growth (CVE-2019-9514)\n\n* HTTP/2: flood using SETTINGS frames results in unbounded memory growth (CVE-2019-9515)\n\n* HTTP/2: 0-length headers lead to denial of service (CVE-2019-9516)\n\n* HTTP/2: request for large response leads to denial of service (CVE-2019-9517)\n\n* HTTP/2: flood using empty frames results in excessive resource consumption (CVE-2019-9518)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {}, "published": "2019-10-02T00:00:00", "type": "nessus", "title": "Oracle Linux 8 : nodejs:10 (ELSA-2019-2925) (0-Length Headers Leak) (Data Dribble) (Empty Frames Flood) (Internal Data Buffering) (Ping Flood) (Reset Flood) (Resource Loop) (Settings Flood)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-9511", "CVE-2019-9512", "CVE-2019-9513", "CVE-2019-9514", "CVE-2019-9515", "CVE-2019-9516", "CVE-2019-9517", "CVE-2019-9518"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:nodejs", "p-cpe:/a:oracle:linux:nodejs-devel", "p-cpe:/a:oracle:linux:nodejs-docs", "p-cpe:/a:oracle:linux:nodejs-nodemon", "p-cpe:/a:oracle:linux:nodejs-packaging", "p-cpe:/a:oracle:linux:npm", "cpe:/o:oracle:linux:8"], "id": "ORACLELINUX_ELSA-2019-2925.NASL", "href": "https://www.tenable.com/plugins/nessus/129514", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2019:2925 and \n# Oracle Linux Security Advisory ELSA-2019-2925 respectively.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(129514);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2019-9511\",\n \"CVE-2019-9512\",\n \"CVE-2019-9513\",\n \"CVE-2019-9514\",\n \"CVE-2019-9515\",\n \"CVE-2019-9516\",\n \"CVE-2019-9517\",\n \"CVE-2019-9518\"\n );\n script_xref(name:\"RHSA\", value:\"2019:2925\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0643\");\n\n script_name(english:\"Oracle Linux 8 : nodejs:10 (ELSA-2019-2925) (0-Length Headers Leak) (Data Dribble) (Empty Frames Flood) (Internal Data Buffering) (Ping Flood) (Reset Flood) (Resource Loop) (Settings Flood)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"From Red Hat Security Advisory 2019:2925 :\n\nAn update for the nodejs:10 module is now available for Red Hat\nEnterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nNode.js is a software development platform for building fast and\nscalable network applications in the JavaScript programming language.\n\nThe following packages have been upgraded to a later upstream version:\nnodejs (10.16.3).\n\nSecurity Fix(es) :\n\n* HTTP/2: large amount of data requests leads to denial of service\n(CVE-2019-9511)\n\n* HTTP/2: flood using PING frames results in unbounded memory growth\n(CVE-2019-9512)\n\n* HTTP/2: flood using PRIORITY frames results in excessive resource\nconsumption (CVE-2019-9513)\n\n* HTTP/2: flood using HEADERS frames results in unbounded memory\ngrowth (CVE-2019-9514)\n\n* HTTP/2: flood using SETTINGS frames results in unbounded memory\ngrowth (CVE-2019-9515)\n\n* HTTP/2: 0-length headers lead to denial of service (CVE-2019-9516)\n\n* HTTP/2: request for large response leads to denial of service\n(CVE-2019-9517)\n\n* HTTP/2: flood using empty frames results in excessive resource\nconsumption (CVE-2019-9518)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://oss.oracle.com/pipermail/el-errata/2019-October/009211.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected nodejs:10 packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/08/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/10/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/10/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:nodejs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:nodejs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:nodejs-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:nodejs-nodemon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:nodejs-packaging\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:npm\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:8\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 8\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"nodejs-10.14.1-1.module+el8.0.0+5349+4d6b561f\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"nodejs-devel-10.14.1-1.module+el8.0.0+5349+4d6b561f\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"nodejs-docs-10.14.1-1.module+el8.0.0+5349+4d6b561f\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"nodejs-nodemon-1.18.3-1.module+el8.0.0+5349+4d6b561f\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"nodejs-packaging-17-3.module+el8.0.0+5349+4d6b561f\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"npm-6.4.1-1.10.14.1.1.module+el8.0.0+5349+4d6b561f\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"nodejs / nodejs-devel / nodejs-docs / nodejs-nodemon / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:23:50", "description": "The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2019:2925 advisory.\n\n - nodejs: Insufficient Slowloris fix causing DoS via server.headersTimeout bypass (CVE-2019-5737)\n\n - HTTP/2: large amount of data requests leads to denial of service (CVE-2019-9511)\n\n - HTTP/2: flood using PING frames results in unbounded memory growth (CVE-2019-9512)\n\n - HTTP/2: flood using PRIORITY frames results in excessive resource consumption (CVE-2019-9513)\n\n - HTTP/2: flood using HEADERS frames results in unbounded memory growth (CVE-2019-9514)\n\n - HTTP/2: flood using SETTINGS frames results in unbounded memory growth (CVE-2019-9515)\n\n - HTTP/2: 0-length headers lead to denial of service (CVE-2019-9516)\n\n - HTTP/2: request for large response leads to denial of service (CVE-2019-9517)\n\n - HTTP/2: flood using empty frames results in excessive resource consumption (CVE-2019-9518)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-01-29T00:00:00", "type": "nessus", "title": "CentOS 8 : nodejs:10 (CESA-2019:2925)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-5737", "CVE-2019-9511", "CVE-2019-9512", "CVE-2019-9513", "CVE-2019-9514", "CVE-2019-9515", "CVE-2019-9516", "CVE-2019-9517", "CVE-2019-9518"], "modified": "2023-02-08T00:00:00", "cpe": ["cpe:/o:centos:centos:8", "p-cpe:/a:centos:centos:nodejs", "p-cpe:/a:centos:centos:nodejs-devel", "p-cpe:/a:centos:centos:nodejs-docs", "p-cpe:/a:centos:centos:npm"], "id": "CENTOS8_RHSA-2019-2925.NASL", "href": "https://www.tenable.com/plugins/nessus/145589", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# Red Hat Security Advisory RHSA-2019:2925. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(145589);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/02/08\");\n\n script_cve_id(\n \"CVE-2019-5737\",\n \"CVE-2019-9511\",\n \"CVE-2019-9512\",\n \"CVE-2019-9513\",\n \"CVE-2019-9514\",\n \"CVE-2019-9515\",\n \"CVE-2019-9516\",\n \"CVE-2019-9517\",\n \"CVE-2019-9518\"\n );\n script_xref(name:\"RHSA\", value:\"2019:2925\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0643\");\n\n script_name(english:\"CentOS 8 : nodejs:10 (CESA-2019:2925)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote CentOS host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nCESA-2019:2925 advisory.\n\n - nodejs: Insufficient Slowloris fix causing DoS via server.headersTimeout bypass (CVE-2019-5737)\n\n - HTTP/2: large amount of data requests leads to denial of service (CVE-2019-9511)\n\n - HTTP/2: flood using PING frames results in unbounded memory growth (CVE-2019-9512)\n\n - HTTP/2: flood using PRIORITY frames results in excessive resource consumption (CVE-2019-9513)\n\n - HTTP/2: flood using HEADERS frames results in unbounded memory growth (CVE-2019-9514)\n\n - HTTP/2: flood using SETTINGS frames results in unbounded memory growth (CVE-2019-9515)\n\n - HTTP/2: 0-length headers lead to denial of service (CVE-2019-9516)\n\n - HTTP/2: request for large response leads to denial of service (CVE-2019-9517)\n\n - HTTP/2: flood using empty frames results in excessive resource consumption (CVE-2019-9518)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2019:2925\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-9518\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/02/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/09/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/01/29\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:nodejs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:nodejs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:nodejs-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:npm\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CentOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/CentOS/release');\nif (isnull(os_release) || 'CentOS' >!< os_release) audit(AUDIT_OS_NOT, 'CentOS');\nvar os_ver = pregmatch(pattern: \"CentOS(?: Stream)?(?: Linux)? release ([0-9]+)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'CentOS');\nos_ver = os_ver[1];\nif ('CentOS Stream' >< os_release) audit(AUDIT_OS_NOT, 'CentOS 8.x', 'CentOS Stream ' + os_ver);\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'CentOS 8.x', 'CentOS ' + os_ver);\n\nif (!get_kb_item('Host/CentOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'CentOS', cpu);\n\nvar module_ver = get_kb_item('Host/RedHat/appstream/nodejs');\nif (isnull(module_ver)) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module nodejs:10');\nif ('10' >!< module_ver) audit(AUDIT_PACKAGE_NOT_AFFECTED, 'Module nodejs:' + module_ver);\n\nvar appstreams = {\n 'nodejs:10': [\n {'reference':'nodejs-10.16.3-2.module_el8.0.0+186+542b25fc', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'nodejs-10.16.3-2.module_el8.0.0+186+542b25fc', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'nodejs-devel-10.16.3-2.module_el8.0.0+186+542b25fc', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'nodejs-devel-10.16.3-2.module_el8.0.0+186+542b25fc', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'nodejs-docs-10.16.3-2.module_el8.0.0+186+542b25fc', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'nodejs-docs-10.16.3-2.module_el8.0.0+186+542b25fc', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'npm-6.9.0-1.10.16.3.2.module_el8.0.0+186+542b25fc', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'npm-6.9.0-1.10.16.3.2.module_el8.0.0+186+542b25fc', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'}\n ]\n};\n\nvar flag = 0;\nappstreams_found = 0;\nforeach module (keys(appstreams)) {\n var appstream = NULL;\n var appstream_name = NULL;\n var appstream_version = NULL;\n var appstream_split = split(module, sep:':', keep:FALSE);\n if (!empty_or_null(appstream_split)) {\n appstream_name = appstream_split[0];\n appstream_version = appstream_split[1];\n if (!empty_or_null(appstream_name)) appstream = get_one_kb_item('Host/RedHat/appstream/' + appstream_name);\n }\n if (!empty_or_null(appstream) && appstream_version == appstream || appstream_name == 'all') {\n appstreams_found++;\n foreach package_array ( appstreams[module] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = 'CentOS-' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && _release) {\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n }\n}\n\nif (!appstreams_found) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module nodejs:10');\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'nodejs / nodejs-devel / nodejs-docs / npm');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:55:45", "description": "This update for nodejs12 fixes the following issues :\n\nUpdate to LTS release 12.13.0 (jsc#SLE-8947).\n\nSecurity issues fixed :\n\nCVE-2019-9511: Fixed the HTTP/2 implementation that was vulnerable to window size manipulations (bsc#1146091).\n\nCVE-2019-9512: Fixed the HTTP/2 implementation that was vulnerable to floods using PING frames (bsc#1146099).\n\nCVE-2019-9513: Fixed the HTTP/2 implementation that was vulnerable to resource loops, potentially leading to a denial of service (bsc#1146094).\n\nCVE-2019-9514: Fixed the HTTP/2 implementation that was vulnerable to a reset flood, potentially leading to a denial of service (bsc#1146095).\n\nCVE-2019-9515: Fixed the HTTP/2 implementation that was vulnerable to a SETTINGS frame flood (bsc#1146100).\n\nCVE-2019-9516: Fixed the HTTP/2 implementation that was vulnerable to a header leak, potentially leading to a denial of service (bsc#1146090).\n\nCVE-2019-9517: Fixed the HTTP/2 implementation that was vulnerable to unconstrained interal data buffering (bsc#1146097).\n\nCVE-2019-9518: Fixed the HTTP/2 implementation that was vulnerable to a flood of empty frames, potentially leading to a denial of service (bsc#1146093).\n\nCVE-2019-13173: Fixed a file overwrite in the fstream.DirWriter() function (bsc#1140290).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2020-01-10T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : nodejs12 (SUSE-SU-2020:0059-1) (0-Length Headers Leak) (Data Dribble) (Empty Frames Flood) (Internal Data Buffering) (Ping Flood) (Reset Flood) (Resource Loop) (Settings Flood)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-13173", "CVE-2019-9511", "CVE-2019-9512", "CVE-2019-9513", "CVE-2019-9514", "CVE-2019-9515", "CVE-2019-9516", "CVE-2019-9517", "CVE-2019-9518"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:nodejs12", "p-cpe:/a:novell:suse_linux:nodejs12-debuginfo", "p-cpe:/a:novell:suse_linux:nodejs12-debugsource", "p-cpe:/a:novell:suse_linux:nodejs12-devel", "p-cpe:/a:novell:suse_linux:npm12", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2020-0059-1.NASL", "href": "https://www.tenable.com/plugins/nessus/132767", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2020:0059-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(132767);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2019-13173\",\n \"CVE-2019-9511\",\n \"CVE-2019-9512\",\n \"CVE-2019-9513\",\n \"CVE-2019-9514\",\n \"CVE-2019-9515\",\n \"CVE-2019-9516\",\n \"CVE-2019-9517\",\n \"CVE-2019-9518\"\n );\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0643\");\n\n script_name(english:\"SUSE SLES12 Security Update : nodejs12 (SUSE-SU-2020:0059-1) (0-Length Headers Leak) (Data Dribble) (Empty Frames Flood) (Internal Data Buffering) (Ping Flood) (Reset Flood) (Resource Loop) (Settings Flood)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"This update for nodejs12 fixes the following issues :\n\nUpdate to LTS release 12.13.0 (jsc#SLE-8947).\n\nSecurity issues fixed :\n\nCVE-2019-9511: Fixed the HTTP/2 implementation that was vulnerable to\nwindow size manipulations (bsc#1146091).\n\nCVE-2019-9512: Fixed the HTTP/2 implementation that was vulnerable to\nfloods using PING frames (bsc#1146099).\n\nCVE-2019-9513: Fixed the HTTP/2 implementation that was vulnerable to\nresource loops, potentially leading to a denial of service\n(bsc#1146094).\n\nCVE-2019-9514: Fixed the HTTP/2 implementation that was vulnerable to\na reset flood, potentially leading to a denial of service\n(bsc#1146095).\n\nCVE-2019-9515: Fixed the HTTP/2 implementation that was vulnerable to\na SETTINGS frame flood (bsc#1146100).\n\nCVE-2019-9516: Fixed the HTTP/2 implementation that was vulnerable to\na header leak, potentially leading to a denial of service\n(bsc#1146090).\n\nCVE-2019-9517: Fixed the HTTP/2 implementation that was vulnerable to\nunconstrained interal data buffering (bsc#1146097).\n\nCVE-2019-9518: Fixed the HTTP/2 implementation that was vulnerable to\na flood of empty frames, potentially leading to a denial of service\n(bsc#1146093).\n\nCVE-2019-13173: Fixed a file overwrite in the fstream.DirWriter()\nfunction (bsc#1140290).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140290\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1146090\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1146091\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1146093\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1146094\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1146095\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1146097\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1146099\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1146100\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1149792\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-13173/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-9511/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-9512/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-9513/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-9514/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-9515/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-9516/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-9517/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-9518/\");\n # https://www.suse.com/support/update/announcement/2020/suse-su-20200059-1/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?cadca2ae\");\n script_set_attribute(attribute:\"solution\", value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Module for Web Scripting 12:zypper in -t patch\nSUSE-SLE-Module-Web-Scripting-12-2020-59=1\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-13173\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/07/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/01/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/01/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:nodejs12\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:nodejs12-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:nodejs12-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:nodejs12-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:npm12\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP0\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"nodejs12-12.13.0-1.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"nodejs12-debuginfo-12.13.0-1.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"nodejs12-debugsource-12.13.0-1.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"nodejs12-devel-12.13.0-1.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"npm12-12.13.0-1.3.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"nodejs12\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:27:13", "description": "The remote Windows host is missing security update 4512497.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC). An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the local system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2019-1162)\n\n - A security feature bypass vulnerability exists when Microsoft browsers improperly handle requests of different origins. The vulnerability allows Microsoft browsers to bypass Same-Origin Policy (SOP) restrictions, and to allow requests that should otherwise be ignored. An attacker who successfully exploited the vulnerability could force the browser to send data that would otherwise be restricted.\n (CVE-2019-1192)\n\n - An information disclosure vulnerability exists when the Microsoft Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2019-1148, CVE-2019-1153)\n\n - A denial of service vulnerability exists when the XmlLite runtime (XmlLite.dll) improperly parses XML input. An attacker who successfully exploited this vulnerability could cause a denial of service against an XML application. A remote unauthenticated attacker could exploit this vulnerability by issuing specially crafted requests to an XML application. The update addresses the vulnerability by correcting how the XmlLite runtime parses XML input. (CVE-2019-1187)\n\n - An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2019-1176)\n\n - A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2019-1139, CVE-2019-1140, CVE-2019-1197)\n\n - A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory. (CVE-2019-1146, CVE-2019-1147, CVE-2019-1155, CVE-2019-1156, CVE-2019-1157)\n\n - A denial of service vulnerability exists in the HTTP/2 protocol stack (HTTP.sys) when HTTP.sys improperly parses specially crafted HTTP/2 requests. An attacker who successfully exploited the vulnerability could create a denial of service condition, causing the target system to become unresponsive. (CVE-2019-9511, CVE-2019-9512, CVE-2019-9513, CVE-2019-9514, CVE-2019-9518)\n\n - <h1>Executive Summary</h1> Microsoft is aware of the Bluetooth BR/EDR (basic rate/enhanced data rate, known as &quot;Bluetooth Classic&quot;) key negotiation vulnerability that exists at the hardware specification level of any BR/EDR Bluetooth device. An attacker could potentially be able to negotiate the offered key length down to 1 byte of entropy, from a maximum of 16 bytes.\n (CVE-2019-9506)\n\n - An elevation of privilege exists in the p2pimsvc service where an attacker who successfully exploited the vulnerability could run arbitrary code with elevated privileges. (CVE-2019-1168)\n\n - An information disclosure vulnerability exists when the Windows Graphics component improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. An authenticated attacker could exploit this vulnerability by running a specially crafted application. The update addresses the vulnerability by correcting how the Windows Graphics Component handles objects in memory. (CVE-2019-1078)\n\n - An elevation of privilege vulnerability exists in the way that the wcmsvc.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.\n (CVE-2019-1180, CVE-2019-1186)\n\n - An elevation of privilege vulnerability exists in the way that the unistore.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.\n (CVE-2019-1179)\n\n - An elevation of privilege exists in SyncController.dll.\n An attacker who successfully exploited the vulnerability could run arbitrary code with elevated privileges.\n (CVE-2019-1198)\n\n - An elevation of privilege vulnerability exists in the way that the ssdpsrv.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.\n (CVE-2019-1178)\n\n - A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited the vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2019-1144, CVE-2019-1145, CVE-2019-1149, CVE-2019-1150, CVE-2019-1151, CVE-2019-1152)\n\n - A security feature bypass exists when Windows incorrectly validates CAB file signatures. An attacker who successfully exploited this vulnerability could inject code into a CAB file without invalidating the file's signature. (CVE-2019-1163)\n\n - An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2019-1159, CVE-2019-1164)\n\n - A remote code execution vulnerability exists in Remote Desktop Services formerly known as Terminal Services when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests.\n This vulnerability is pre-authentication and requires no user interaction. An attacker who successfully exploited this vulnerability could execute arbitrary code on the target system. An attacker could then install programs;\n view, change, or delete data; or create new accounts with full user rights. (CVE-2019-1181, CVE-2019-1182)\n\n - A memory corruption vulnerability exists in the Windows DHCP client when an attacker sends specially crafted DHCP responses to a client. An attacker who successfully exploited the vulnerability could run arbitrary code on the client machine. (CVE-2019-0736)\n\n - A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.\n (CVE-2019-1133, CVE-2019-1194)\n\n - A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2019-1183)\n\n - An elevation of privilege vulnerability exists in the way that the rpcss.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.\n (CVE-2019-1177)\n\n - A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory. The vulnerability could corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2019-1193)\n\n - An information disclosure vulnerability exists when Microsoft Edge improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2019-1030)\n\n - An information disclosure vulnerability exists in Azure Active Directory (AAD) Microsoft Account (MSA) during the login request session. An attacker who successfully exploited the vulnerability could take over a user's account. (CVE-2019-1172)\n\n - A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system. An attacker who successfully exploited the vulnerability could cause the host server to crash. (CVE-2019-0714, CVE-2019-0715, CVE-2019-0718, CVE-2019-0723)\n\n - A denial of service vulnerability exists when Windows improperly handles objects in memory. An attacker who successfully exploited the vulnerability could cause a target system to stop responding. (CVE-2019-0716)\n\n - An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise a users system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document or by convincing a user to visit an untrusted webpage.\n The update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory.\n (CVE-2019-1143, CVE-2019-1158)\n\n - A remote code execution vulnerability exists when Windows Hyper-V Network Switch on a host server fails to properly validate input from an authenticated user on a guest operating system. (CVE-2019-0720)\n\n - A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input. An attacker who successfully exploited the vulnerability could run malicious code remotely to take control of the users system. (CVE-2019-1057)", "cvss3": {}, "published": "2019-08-13T00:00:00", "type": "nessus", "title": "KB4512497: Windows 10 August 2019 Security Update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-0714", "CVE-2019-0715", "CVE-2019-0716", "CVE-2019-0718", "CVE-2019-0720", "CVE-2019-0723", "CVE-2019-0736", "CVE-2019-1030", "CVE-2019-1057", "CVE-2019-1078", "CVE-2019-1133", "CVE-2019-1139", "CVE-2019-1140", "CVE-2019-1143", "CVE-2019-1144", "CVE-2019-1145", "CVE-2019-1146", "CVE-2019-1147", "CVE-2019-1148", "CVE-2019-1149", "CVE-2019-1150", "CVE-2019-1151", "CVE-2019-1152", "CVE-2019-1153", "CVE-2019-1155", "CVE-2019-1156", "CVE-2019-1157", "CVE-2019-1158", "CVE-2019-1159", "CVE-2019-1162", "CVE-2019-1163", "CVE-2019-1164", "CVE-2019-1168", "CVE-2019-1172", "CVE-2019-1176", "CVE-2019-1177", "CVE-2019-1178", "CVE-2019-1179", "CVE-2019-1180", "CVE-2019-1181", "CVE-2019-1182", "CVE-2019-1183", "CVE-2019-1186", "CVE-2019-1187", "CVE-2019-1192", "CVE-2019-1193", "CVE-2019-1194", "CVE-2019-1197", "CVE-2019-1198", "CVE-2019-9506", "CVE-2019-9511", "CVE-2019-9512", "CVE-2019-9513", "CVE-2019-9514", "CVE-2019-9518"], "modified": "2023-02-10T00:00:00", "cpe": ["cpe:/o:microsoft:windows", "cpe:/a:microsoft:edge"], "id": "SMB_NT_MS19_AUG_4512497.NASL", "href": "https://www.tenable.com/plugins/nessus/127844", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(127844);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/02/10\");\n\n script_cve_id(\n \"CVE-2019-0714\",\n \"CVE-2019-0715\",\n \"CVE-2019-0716\",\n \"CVE-2019-0718\",\n \"CVE-2019-0720\",\n \"CVE-2019-0723\",\n \"CVE-2019-0736\",\n \"CVE-2019-1030\",\n \"CVE-2019-1057\",\n \"CVE-2019-1078\",\n \"CVE-2019-1133\",\n \"CVE-2019-1139\",\n \"CVE-2019-1140\",\n \"CVE-2019-1143\",\n \"CVE-2019-1144\",\n \"CVE-2019-1145\",\n \"CVE-2019-1146\",\n \"CVE-2019-1147\",\n \"CVE-2019-1148\",\n \"CVE-2019-1149\",\n \"CVE-2019-1150\",\n \"CVE-2019-1151\",\n \"CVE-2019-1152\",\n \"CVE-2019-1153\",\n \"CVE-2019-1155\",\n \"CVE-2019-1156\",\n \"CVE-2019-1157\",\n \"CVE-2019-1158\",\n \"CVE-2019-1159\",\n \"CVE-2019-1162\",\n \"CVE-2019-1163\",\n \"CVE-2019-1164\",\n \"CVE-2019-1168\",\n \"CVE-2019-1172\",\n \"CVE-2019-1176\",\n \"CVE-2019-1177\",\n \"CVE-2019-1178\",\n \"CVE-2019-1179\",\n \"CVE-2019-1180\",\n \"CVE-2019-1181\",\n \"CVE-2019-1182\",\n \"CVE-2019-1183\",\n \"CVE-2019-1186\",\n \"CVE-2019-1187\",\n \"CVE-2019-1192\",\n \"CVE-2019-1193\",\n \"CVE-2019-1194\",\n \"CVE-2019-1197\",\n \"CVE-2019-1198\",\n \"CVE-2019-9506\",\n \"CVE-2019-9511\",\n \"CVE-2019-9512\",\n \"CVE-2019-9513\",\n \"CVE-2019-9514\",\n \"CVE-2019-9518\"\n );\n script_xref(name:\"MSKB\", value:\"4512497\");\n script_xref(name:\"MSFT\", value:\"MS19-4512497\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0643\");\n\n script_name(english:\"KB4512497: Windows 10 August 2019 Security Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4512497.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - An elevation of privilege vulnerability exists when\n Windows improperly handles calls to Advanced Local\n Procedure Call (ALPC). An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n the security context of the local system. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n (CVE-2019-1162)\n\n - A security feature bypass vulnerability exists when\n Microsoft browsers improperly handle requests of\n different origins. The vulnerability allows Microsoft\n browsers to bypass Same-Origin Policy (SOP)\n restrictions, and to allow requests that should\n otherwise be ignored. An attacker who successfully\n exploited the vulnerability could force the browser to\n send data that would otherwise be restricted.\n (CVE-2019-1192)\n\n - An information disclosure vulnerability exists when the\n Microsoft Windows Graphics Component improperly handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could obtain information to\n further compromise the users system. (CVE-2019-1148,\n CVE-2019-1153)\n\n - A denial of service vulnerability exists when the\n XmlLite runtime (XmlLite.dll) improperly parses XML\n input. An attacker who successfully exploited this\n vulnerability could cause a denial of service against an\n XML application. A remote unauthenticated attacker could\n exploit this vulnerability by issuing specially crafted\n requests to an XML application. The update addresses the\n vulnerability by correcting how the XmlLite runtime\n parses XML input. (CVE-2019-1187)\n\n - An elevation of privilege vulnerability exists when\n DirectX improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could run arbitrary code in kernel mode. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n (CVE-2019-1176)\n\n - A remote code execution vulnerability exists in the way\n that the Chakra scripting engine handles objects in\n memory in Microsoft Edge. The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. An attacker who successfully exploited the\n vulnerability could gain the same user rights as the\n current user. (CVE-2019-1139, CVE-2019-1140,\n CVE-2019-1197)\n\n - A remote code execution vulnerability exists when the\n Windows Jet Database Engine improperly handles objects\n in memory. An attacker who successfully exploited this\n vulnerability could execute arbitrary code on a victim\n system. An attacker could exploit this vulnerability by\n enticing a victim to open a specially crafted file. The\n update addresses the vulnerability by correcting the way\n the Windows Jet Database Engine handles objects in\n memory. (CVE-2019-1146, CVE-2019-1147, CVE-2019-1155,\n CVE-2019-1156, CVE-2019-1157)\n\n - A denial of service vulnerability exists in the HTTP/2\n protocol stack (HTTP.sys) when HTTP.sys improperly\n parses specially crafted HTTP/2 requests. An attacker\n who successfully exploited the vulnerability could\n create a denial of service condition, causing the target\n system to become unresponsive. (CVE-2019-9511,\n CVE-2019-9512, CVE-2019-9513, CVE-2019-9514,\n CVE-2019-9518)\n\n - <h1>Executive Summary</h1> Microsoft is aware of the\n Bluetooth BR/EDR (basic rate/enhanced data rate, known\n as &quot;Bluetooth Classic&quot;) key negotiation\n vulnerability that exists at the hardware specification\n level of any BR/EDR Bluetooth device. An attacker could\n potentially be able to negotiate the offered key length\n down to 1 byte of entropy, from a maximum of 16 bytes.\n (CVE-2019-9506)\n\n - An elevation of privilege exists in the p2pimsvc service\n where an attacker who successfully exploited the\n vulnerability could run arbitrary code with elevated\n privileges. (CVE-2019-1168)\n\n - An information disclosure vulnerability exists when the\n Windows Graphics component improperly handles objects in\n memory. An attacker who successfully exploited this\n vulnerability could obtain information to further\n compromise the users system. An authenticated attacker\n could exploit this vulnerability by running a specially\n crafted application. The update addresses the\n vulnerability by correcting how the Windows Graphics\n Component handles objects in memory. (CVE-2019-1078)\n\n - An elevation of privilege vulnerability exists in the\n way that the wcmsvc.dll handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2019-1180, CVE-2019-1186)\n\n - An elevation of privilege vulnerability exists in the\n way that the unistore.dll handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2019-1179)\n\n - An elevation of privilege exists in SyncController.dll.\n An attacker who successfully exploited the vulnerability\n could run arbitrary code with elevated privileges.\n (CVE-2019-1198)\n\n - An elevation of privilege vulnerability exists in the\n way that the ssdpsrv.dll handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2019-1178)\n\n - A remote code execution vulnerability exists when the\n Windows font library improperly handles specially\n crafted embedded fonts. An attacker who successfully\n exploited the vulnerability could take control of the\n affected system. An attacker could then install\n programs; view, change, or delete data; or create new\n accounts with full user rights. (CVE-2019-1144,\n CVE-2019-1145, CVE-2019-1149, CVE-2019-1150,\n CVE-2019-1151, CVE-2019-1152)\n\n - A security feature bypass exists when Windows\n incorrectly validates CAB file signatures. An attacker\n who successfully exploited this vulnerability could\n inject code into a CAB file without invalidating the\n file's signature. (CVE-2019-1163)\n\n - An elevation of privilege vulnerability exists when the\n Windows kernel fails to properly handle objects in\n memory. An attacker who successfully exploited this\n vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change,\n or delete data; or create new accounts with full user\n rights. (CVE-2019-1159, CVE-2019-1164)\n\n - A remote code execution vulnerability exists in Remote\n Desktop Services formerly known as Terminal Services\n when an unauthenticated attacker connects to the target\n system using RDP and sends specially crafted requests.\n This vulnerability is pre-authentication and requires no\n user interaction. An attacker who successfully exploited\n this vulnerability could execute arbitrary code on the\n target system. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2019-1181, CVE-2019-1182)\n\n - A memory corruption vulnerability exists in the Windows\n DHCP client when an attacker sends specially crafted\n DHCP responses to a client. An attacker who successfully\n exploited the vulnerability could run arbitrary code on\n the client machine. (CVE-2019-0736)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Internet Explorer. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2019-1133, CVE-2019-1194)\n\n - A remote code execution vulnerability exists in the way\n that the VBScript engine handles objects in memory. The\n vulnerability could corrupt memory in such a way that an\n attacker could execute arbitrary code in the context of\n the current user. An attacker who successfully exploited\n the vulnerability could gain the same user rights as the\n current user. (CVE-2019-1183)\n\n - An elevation of privilege vulnerability exists in the\n way that the rpcss.dll handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2019-1177)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft browsers access objects in memory. The\n vulnerability could corrupt memory in a way that could\n allow an attacker to execute arbitrary code in the\n context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2019-1193)\n\n - An information disclosure vulnerability exists when\n Microsoft Edge improperly handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could obtain information to further compromise the users\n system. (CVE-2019-1030)\n\n - An information disclosure vulnerability exists in Azure\n Active Directory (AAD) Microsoft Account (MSA) during\n the login request session. An attacker who successfully\n exploited the vulnerability could take over a user's\n account. (CVE-2019-1172)\n\n - A denial of service vulnerability exists when Microsoft\n Hyper-V Network Switch on a host server fails to\n properly validate input from a privileged user on a\n guest operating system. An attacker who successfully\n exploited the vulnerability could cause the host server\n to crash. (CVE-2019-0714, CVE-2019-0715, CVE-2019-0718,\n CVE-2019-0723)\n\n - A denial of service vulnerability exists when Windows\n improperly handles objects in memory. An attacker who\n successfully exploited the vulnerability could cause a\n target system to stop responding. (CVE-2019-0716)\n\n - An information disclosure vulnerability exists when the\n Windows GDI component improperly discloses the contents\n of its memory. An attacker who successfully exploited\n the vulnerability could obtain information to further\n compromise a users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document\n or by convincing a user to visit an untrusted webpage.\n The update addresses the vulnerability by correcting how\n the Windows GDI component handles objects in memory.\n (CVE-2019-1143, CVE-2019-1158)\n\n - A remote code execution vulnerability exists when\n Windows Hyper-V Network Switch on a host server fails to\n properly validate input from an authenticated user on a\n guest operating system. (CVE-2019-0720)\n\n - A remote code execution vulnerability exists when the\n Microsoft XML Core Services MSXML parser processes user\n input. An attacker who successfully exploited the\n vulnerability could run malicious code remotely to take\n control of the users system. (CVE-2019-1057)\");\n # https://support.microsoft.com/en-us/help/4512497/windows-10-update-kb4512497\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?44d01258\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Cumulative Update KB4512497.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-1182\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/08/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/08/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/08/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:edge\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS19-08\";\nkbs = make_list('4512497');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"10\",\n sp:0,\n os_build:\"10240\",\n rollup_date:\"08_2019\",\n bulletin:bulletin,\n rollup_kb_list:[4512497])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:27:01", "description": "The remote Windows host is missing security update 4512517.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC). An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the local system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2019-1162)\n\n - A security feature bypass vulnerability exists when Microsoft browsers improperly handle requests of different origins. The vulnerability allows Microsoft browsers to bypass Same-Origin Policy (SOP) restrictions, and to allow requests that should otherwise be ignored. An attacker who successfully exploited the vulnerability could force the browser to send data that would otherwise be restricted.\n (CVE-2019-1192)\n\n - An information disclosure vulnerability exists when the Microsoft Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2019-1148, CVE-2019-1153)\n\n - A denial of service vulnerability exists when the XmlLite runtime (XmlLite.dll) improperly parses XML input. An attacker who successfully exploited this vulnerability could cause a denial of service against an XML application. A remote unauthenticated attacker could exploit this vulnerability by issuing specially crafted requests to an XML application. The update addresses the vulnerability by correcting how the XmlLite runtime parses XML input. (CVE-2019-1187)\n\n - An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2019-1176)\n\n - A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory. (CVE-2019-1146, CVE-2019-1147, CVE-2019-1155, CVE-2019-1156, CVE-2019-1157)\n\n - A denial of service vulnerability exists in the HTTP/2 protocol stack (HTTP.sys) when HTTP.sys improperly parses specially crafted HTTP/2 requests. An attacker who successfully exploited the vulnerability could create a denial of service condition, causing the target system to become unresponsive. (CVE-2019-9511, CVE-2019-9512, CVE-2019-9513, CVE-2019-9514, CVE-2019-9518)\n\n - <h1>Executive Summary</h1> Microsoft is aware of the Bluetooth BR/EDR (basic rate/enhanced data rate, known as &quot;Bluetooth Classic&quot;) key negotiation vulnerability that exists at the hardware specification level of any BR/EDR Bluetooth device. An attacker could potentially be able to negotiate the offered key length down to 1 byte of entropy, from a maximum of 16 bytes.\n (CVE-2019-9506)\n\n - A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2019-1139, CVE-2019-1140, CVE-2019-1195, CVE-2019-1197)\n\n - An elevation of privilege exists in the p2pimsvc service where an attacker who successfully exploited the vulnerability could run arbitrary code with elevated privileges. (CVE-2019-1168)\n\n - An information disclosure vulnerability exists when the Windows Graphics component improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. An authenticated attacker could exploit this vulnerability by running a specially crafted application. The update addresses the vulnerability by correcting how the Windows Graphics Component handles objects in memory. (CVE-2019-1078)\n\n - An elevation of privilege vulnerability exists in the way that the wcmsvc.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.\n (CVE-2019-1180, CVE-2019-1186)\n\n - A memory corruption vulnerability exists in the Windows Server DHCP service when an attacker sends specially crafted packets to a DHCP failover server. An attacker who successfully exploited the vulnerability could cause the DHCP service to become nonresponsive.\n (CVE-2019-1206)\n\n - An elevation of privilege vulnerability exists in the way that the unistore.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.\n (CVE-2019-1179)\n\n - An elevation of privilege exists in SyncController.dll.\n An attacker who successfully exploited the vulnerability could run arbitrary code with elevated privileges.\n (CVE-2019-1198)\n\n - An elevation of privilege vulnerability exists in the way that the ssdpsrv.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.\n (CVE-2019-1178)\n\n - A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited the vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2019-1144, CVE-2019-1145, CVE-2019-1149, CVE-2019-1150, CVE-2019-1151, CVE-2019-1152)\n\n - A security feature bypass exists when Windows incorrectly validates CAB file signatures. An attacker who successfully exploited this vulnerability could inject code into a CAB file without invalidating the file's signature. (CVE-2019-1163)\n\n - An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2019-1159, CVE-2019-1164)\n\n - A remote code execution vulnerability exists in Remote Desktop Services formerly known as Terminal Services when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests.\n This vulnerability is pre-authentication and requires no user interaction. An attacker who successfully exploited this vulnerability could execute arbitrary code on the target system. An attacker could then install programs;\n view, change, or delete data; or create new accounts with full user rights. (CVE-2019-1181, CVE-2019-1182)\n\n - A memory corruption vulnerability exists in the Windows DHCP client when an attacker sends specially crafted DHCP responses to a client. An attacker who successfully exploited the vulnerability could run arbitrary code on the client machine. (CVE-2019-0736)\n\n - A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.\n (CVE-2019-1133, CVE-2019-1194)\n\n - A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2019-1183)\n\n - An elevation of privilege vulnerability exists in the way that the rpcss.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.\n (CVE-2019-1177)\n\n - A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory. The vulnerability could corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2019-1193)\n\n - An information disclosure vulnerability exists when Microsoft Edge improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2019-1030)\n\n - An information disclosure vulnerability exists in Azure Active Directory (AAD) Microsoft Account (MSA) during the login request session. An attacker who successfully exploited the vulnerability could take over a user's account. (CVE-2019-1172)\n\n - A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system. An attacker who successfully exploited the vulnerability could cause the host server to crash. (CVE-2019-0714, CVE-2019-0715, CVE-2019-0718, CVE-2019-0723)\n\n - A denial of service vulnerability exists when Windows improperly handles objects in memory. An attacker who successfully exploited the vulnerability could cause a target system to stop responding. (CVE-2019-0716)\n\n - An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise a users system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document or by convincing a user to visit an untrusted webpage.\n The update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory.\n (CVE-2019-1143, CVE-2019-1158)\n\n - A remote code execution vulnerability exists when Windows Hyper-V Network Switch on a host server fails to properly validate input from an authenticated user on a guest operating system. (CVE-2019-0720)\n\n - A memory corruption vulnerability exists in the Windows Server DHCP service when processing specially crafted packets. An attacker who successfully exploited the vulnerability could cause the DHCP server service to stop responding. (CVE-2019-1212)\n\n - A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input. An attacker who successfully exploited the vulnerability could run malicious code remotely to take control of the users system. (CVE-2019-1057)", "cvss3": {}, "published": "2019-08-13T00:00:00", "type": "nessus", "title": "KB4512517: Windows 10 Version 1607 and Windows Server 2016 August 2019 Security Update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-0714", "CVE-2019-0715", "CVE-2019-0716", "CVE-2019-0718", "CVE-2019-0720", "CVE-2019-0723", "CVE-2019-0736", "CVE-2019-1030", "CVE-2019-1057", "CVE-2019-1078", "CVE-2019-1133", "CVE-2019-1139", "CVE-2019-1140", "CVE-2019-1143", "CVE-2019-1144", "CVE-2019-1145", "CVE-2019-1146", "CVE-2019-1147", "CVE-2019-1148", "CVE-2019-1149", "CVE-2019-1150", "CVE-2019-1151", "CVE-2019-1152", "CVE-2019-1153", "CVE-2019-1155", "CVE-2019-1156", "CVE-2019-1157", "CVE-2019-1158", "CVE-2019-1159", "CVE-2019-1162", "CVE-2019-1163", "CVE-2019-1164", "CVE-2019-1168", "CVE-2019-1172", "CVE-2019-1176", "CVE-2019-1177", "CVE-2019-1178", "CVE-2019-1179", "CVE-2019-1180", "CVE-2019-1181", "CVE-2019-1182", "CVE-2019-1183", "CVE-2019-1186", "CVE-2019-1187", "CVE-2019-1192", "CVE-2019-1193", "CVE-2019-1194", "CVE-2019-1195", "CVE-2019-1197", "CVE-2019-1198", "CVE-2019-1206", "CVE-2019-1212", "CVE-2019-9506", "CVE-2019-9511", "CVE-2019-9512", "CVE-2019-9513", "CVE-2019-9514", "CVE-2019-9518"], "modified": "2023-02-10T00:00:00", "cpe": ["cpe:/o:microsoft:windows", "cpe:/a:microsoft:edge"], "id": "SMB_NT_MS19_AUG_4512517.NASL", "href": "https://www.tenable.com/plugins/nessus/127850", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(127850);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/02/10\");\n\n script_cve_id(\n \"CVE-2019-0714\",\n \"CVE-2019-0715\",\n \"CVE-2019-0716\",\n \"CVE-2019-0718\",\n \"CVE-2019-0720\",\n \"CVE-2019-0723\",\n \"CVE-2019-0736\",\n \"CVE-2019-1030\",\n \"CVE-2019-1057\",\n \"CVE-2019-1078\",\n \"CVE-2019-1133\",\n \"CVE-2019-1139\",\n \"CVE-2019-1140\",\n \"CVE-2019-1143\",\n \"CVE-2019-1144\",\n \"CVE-2019-1145\",\n \"CVE-2019-1146\",\n \"CVE-2019-1147\",\n \"CVE-2019-1148\",\n \"CVE-2019-1149\",\n \"CVE-2019-1150\",\n \"CVE-2019-1151\",\n \"CVE-2019-1152\",\n \"CVE-2019-1153\",\n \"CVE-2019-1155\",\n \"CVE-2019-1156\",\n \"CVE-2019-1157\",\n \"CVE-2019-1158\",\n \"CVE-2019-1159\",\n \"CVE-2019-1162\",\n \"CVE-2019-1163\",\n \"CVE-2019-1164\",\n \"CVE-2019-1168\",\n \"CVE-2019-1172\",\n \"CVE-2019-1176\",\n \"CVE-2019-1177\",\n \"CVE-2019-1178\",\n \"CVE-2019-1179\",\n \"CVE-2019-1180\",\n \"CVE-2019-1181\",\n \"CVE-2019-1182\",\n \"CVE-2019-1183\",\n \"CVE-2019-1186\",\n \"CVE-2019-1187\",\n \"CVE-2019-1192\",\n \"CVE-2019-1193\",\n \"CVE-2019-1194\",\n \"CVE-2019-1195\",\n \"CVE-2019-1197\",\n \"CVE-2019-1198\",\n \"CVE-2019-1206\",\n \"CVE-2019-1212\",\n \"CVE-2019-9506\",\n \"CVE-2019-9511\",\n \"CVE-2019-9512\",\n \"CVE-2019-9513\",\n \"CVE-2019-9514\",\n \"CVE-2019-9518\"\n );\n script_xref(name:\"MSKB\", value:\"4512517\");\n script_xref(name:\"MSFT\", value:\"MS19-4512517\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0643\");\n\n script_name(english:\"KB4512517: Windows 10 Version 1607 and Windows Server 2016 August 2019 Security Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4512517.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - An elevation of privilege vulnerability exists when\n Windows improperly handles calls to Advanced Local\n Procedure Call (ALPC). An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n the security context of the local system. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n (CVE-2019-1162)\n\n - A security feature bypass vulnerability exists when\n Microsoft browsers improperly handle requests of\n different origins. The vulnerability allows Microsoft\n browsers to bypass Same-Origin Policy (SOP)\n restrictions, and to allow requests that should\n otherwise be ignored. An attacker who successfully\n exploited the vulnerability could force the browser to\n send data that would otherwise be restricted.\n (CVE-2019-1192)\n\n - An information disclosure vulnerability exists when the\n Microsoft Windows Graphics Component improperly handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could obtain information to\n further compromise the users system. (CVE-2019-1148,\n CVE-2019-1153)\n\n - A denial of service vulnerability exists when the\n XmlLite runtime (XmlLite.dll) improperly parses XML\n input. An attacker who successfully exploited this\n vulnerability could cause a denial of service against an\n XML application. A remote unauthenticated attacker could\n exploit this vulnerability by issuing specially crafted\n requests to an XML application. The update addresses the\n vulnerability by correcting how the XmlLite runtime\n parses XML input. (CVE-2019-1187)\n\n - An elevation of privilege vulnerability exists when\n DirectX improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could run arbitrary code in kernel mode. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n (CVE-2019-1176)\n\n - A remote code execution vulnerability exists when the\n Windows Jet Database Engine improperly handles objects\n in memory. An attacker who successfully exploited this\n vulnerability could execute arbitrary code on a victim\n system. An attacker could exploit this vulnerability by\n enticing a victim to open a specially crafted file. The\n update addresses the vulnerability by correcting the way\n the Windows Jet Database Engine handles objects in\n memory. (CVE-2019-1146, CVE-2019-1147, CVE-2019-1155,\n CVE-2019-1156, CVE-2019-1157)\n\n - A denial of service vulnerability exists in the HTTP/2\n protocol stack (HTTP.sys) when HTTP.sys improperly\n parses specially crafted HTTP/2 requests. An attacker\n who successfully exploited the vulnerability could\n create a denial of service condition, causing the target\n system to become unresponsive. (CVE-2019-9511,\n CVE-2019-9512, CVE-2019-9513, CVE-2019-9514,\n CVE-2019-9518)\n\n - <h1>Executive Summary</h1> Microsoft is aware of the\n Bluetooth BR/EDR (basic rate/enhanced data rate, known\n as &quot;Bluetooth Classic&quot;) key negotiation\n vulnerability that exists at the hardware specification\n level of any BR/EDR Bluetooth device. An attacker could\n potentially be able to negotiate the offered key length\n down to 1 byte of entropy, from a maximum of 16 bytes.\n (CVE-2019-9506)\n\n - A remote code execution vulnerability exists in the way\n that the Chakra scripting engine handles objects in\n memory in Microsoft Edge. The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. An attacker who successfully exploited the\n vulnerability could gain the same user rights as the\n current user. (CVE-2019-1139, CVE-2019-1140,\n CVE-2019-1195, CVE-2019-1197)\n\n - An elevation of privilege exists in the p2pimsvc service\n where an attacker who successfully exploited the\n vulnerability could run arbitrary code with elevated\n privileges. (CVE-2019-1168)\n\n - An information disclosure vulnerability exists when the\n Windows Graphics component improperly handles objects in\n memory. An attacker who successfully exploited this\n vulnerability could obtain information to further\n compromise the users system. An authenticated attacker\n could exploit this vulnerability by running a specially\n crafted application. The update addresses the\n vulnerability by correcting how the Windows Graphics\n Component handles objects in memory. (CVE-2019-1078)\n\n - An elevation of privilege vulnerability exists in the\n way that the wcmsvc.dll handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2019-1180, CVE-2019-1186)\n\n - A memory corruption vulnerability exists in the Windows\n Server DHCP service when an attacker sends specially\n crafted packets to a DHCP failover server. An attacker\n who successfully exploited the vulnerability could cause\n the DHCP service to become nonresponsive.\n (CVE-2019-1206)\n\n - An elevation of privilege vulnerability exists in the\n way that the unistore.dll handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2019-1179)\n\n - An elevation of privilege exists in SyncController.dll.\n An attacker who successfully exploited the vulnerability\n could run arbitrary code with elevated privileges.\n (CVE-2019-1198)\n\n - An elevation of privilege vulnerability exists in the\n way that the ssdpsrv.dll handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2019-1178)\n\n - A remote code execution vulnerability exists when the\n Windows font library improperly handles specially\n crafted embedded fonts. An attacker who successfully\n exploited the vulnerability could take control of the\n affected system. An attacker could then install\n programs; view, change, or delete data; or create new\n accounts with full user rights. (CVE-2019-1144,\n CVE-2019-1145, CVE-2019-1149, CVE-2019-1150,\n CVE-2019-1151, CVE-2019-1152)\n\n - A security feature bypass exists when Windows\n incorrectly validates CAB file signatures. An attacker\n who successfully exploited this vulnerability could\n inject code into a CAB file without invalidating the\n file's signature. (CVE-2019-1163)\n\n - An elevation of privilege vulnerability exists when the\n Windows kernel fails to properly handle objects in\n memory. An attacker who successfully exploited this\n vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change,\n or delete data; or create new accounts with full user\n rights. (CVE-2019-1159, CVE-2019-1164)\n\n - A remote code execution vulnerability exists in Remote\n Desktop Services formerly known as Terminal Services\n when an unauthenticated attacker connects to the target\n system using RDP and sends specially crafted requests.\n This vulnerability is pre-authentication and requires no\n user interaction. An attacker who successfully exploited\n this vulnerability could execute arbitrary code on the\n target system. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2019-1181, CVE-2019-1182)\n\n - A memory corruption vulnerability exists in the Windows\n DHCP client when an attacker sends specially crafted\n DHCP responses to a client. An attacker who successfully\n exploited the vulnerability could run arbitrary code on\n the client machine. (CVE-2019-0736)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Internet Explorer. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2019-1133, CVE-2019-1194)\n\n - A remote code execution vulnerability exists in the way\n that the VBScript engine handles objects in memory. The\n vulnerability could corrupt memory in such a way that an\n attacker could execute arbitrary code in the context of\n the current user. An attacker who successfully exploited\n the vulnerability could gain the same user rights as the\n current user. (CVE-2019-1183)\n\n - An elevation of privilege vulnerability exists in the\n way that the rpcss.dll handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2019-1177)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft browsers access objects in memory. The\n vulnerability could corrupt memory in a way that could\n allow an attacker to execute arbitrary code in the\n context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2019-1193)\n\n - An information disclosure vulnerability exists when\n Microsoft Edge improperly handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could obtain information to further compromise the users\n system. (CVE-2019-1030)\n\n - An information disclosure vulnerability exists in Azure\n Active Directory (AAD) Microsoft Account (MSA) during\n the login request session. An attacker who successfully\n exploited the vulnerability could take over a user's\n account. (CVE-2019-1172)\n\n - A denial of service vulnerability exists when Microsoft\n Hyper-V Network Switch on a host server fails to\n properly validate input from a privileged user on a\n guest operating system. An attacker who successfully\n exploited the vulnerability could cause the host server\n to crash. (CVE-2019-0714, CVE-2019-0715, CVE-2019-0718,\n CVE-2019-0723)\n\n - A denial of service vulnerability exists when Windows\n improperly handles objects in memory. An attacker who\n successfully exploited the vulnerability could cause a\n target system to stop responding. (CVE-2019-0716)\n\n - An information disclosure vulnerability exists when the\n Windows GDI component improperly discloses the contents\n of its memory. An attacker who successfully exploited\n the vulnerability could obtain information to further\n compromise a users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document\n or by convincing a user to visit an untrusted webpage.\n The update addresses the vulnerability by correcting how\n the Windows GDI component handles objects in memory.\n (CVE-2019-1143, CVE-2019-1158)\n\n - A remote code execution vulnerability exists when\n Windows Hyper-V Network Switch on a host server fails to\n properly validate input from an authenticated user on a\n guest operating system. (CVE-2019-0720)\n\n - A memory corruption vulnerability exists in the Windows\n Server DHCP service when processing specially crafted\n packets. An attacker who successfully exploited the\n vulnerability could cause the DHCP server service to\n stop responding. (CVE-2019-1212)\n\n - A remote code execution vulnerability exists when the\n Microsoft XML Core Services MSXML parser processes user\n input. An attacker who successfully exploited the\n vulnerability could run malicious code remotely to take\n control of the users system. (CVE-2019-1057)\");\n # https://support.microsoft.com/en-us/help/4512517/windows-10-update-kb4512517\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?4a3721c7\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Cumulative Update KB4512517.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-1182\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/08/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/08/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/08/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:edge\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS19-08\";\nkbs = make_list('4512517');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"10\",\n sp:0,\n os_build:\"14393\",\n rollup_date:\"08_2019\",\n bulletin:bulletin,\n rollup_kb_list:[4512517])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:28:06", "description": "The remote Windows host is missing security update 4512507.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC). An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the local system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2019-1162)\n\n - A security feature bypass vulnerability exists when Microsoft browsers improperly handle requests of different origins. The vulnerability allows Microsoft browsers to bypass Same-Origin Policy (SOP) restrictions, and to allow requests that should otherwise be ignored. An attacker who successfully exploited the vulnerability could force the browser to send data that would otherwise be restricted.\n (CVE-2019-1192)\n\n - An information disclosure vulnerability exists when the Microsoft Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2019-1148, CVE-2019-1153)\n\n - A denial of service vulnerability exists when the XmlLite runtime (XmlLite.dll) improperly parses XML input. An attacker who successfully exploited this vulnerability could cause a denial of service against an XML application. A remote unauthenticated attacker could exploit this vulnerability by issuing specially crafted requests to an XML application. The update addresses the vulnerability by correcting how the XmlLite runtime parses XML input. (CVE-2019-1187)\n\n - An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2019-1176)\n\n - A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory. (CVE-2019-1146, CVE-2019-1147, CVE-2019-1155, CVE-2019-1156, CVE-2019-1157)\n\n - A denial of service vulnerability exists in the HTTP/2 protocol stack (HTTP.sys) when HTTP.sys improperly parses specially crafted HTTP/2 requests. An attacker who successfully exploited the vulnerability could create a denial of service condition, causing the target system to become unresponsive. (CVE-2019-9511, CVE-2019-9512, CVE-2019-9513, CVE-2019-9514, CVE-2019-9518)\n\n - <h1>Executive Summary</h1> Microsoft is aware of the Bluetooth BR/EDR (basic rate/enhanced data rate, known as &quot;Bluetooth Classic&quot;) key negotiation vulnerability that exists at the hardware specification level of any BR/EDR Bluetooth device. An attacker could potentially be able to negotiate the offered key length down to 1 byte of entropy, from a maximum of 16 bytes.\n (CVE-2019-9506)\n\n - An elevation of privilege exists in the p2pimsvc service where an attacker who successfully exploited the vulnerability could run arbitrary code with elevated privileges. (CVE-2019-1168)\n\n - An information disclosure vulnerability exists when the Windows Graphics component improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. An authenticated attacker could exploit this vulnerability by running a specially crafted application. The update addresses the vulnerability by correcting how the Windows Graphics Component handles objects in memory. (CVE-2019-1078)\n\n - An elevation of privilege vulnerability exists in the way that the wcmsvc.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.\n (CVE-2019-1180, CVE-2019-1186)\n\n - An elevation of privilege vulnerability exists in the way that the unistore.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.\n (CVE-2019-1179)\n\n - An information disclosure vulnerability exists in SymCrypt during the OAEP decryption stage. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2019-1171)\n\n - An elevation of privilege exists in SyncController.dll.\n An attacker who successfully exploited the vulnerability could run arbitrary code with elevated privileges.\n (CVE-2019-1198)\n\n - An elevation of privilege vulnerability exists in the way that the ssdpsrv.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.\n (CVE-2019-1178)\n\n - A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited the vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2019-1144, CVE-2019-1145, CVE-2019-1149, CVE-2019-1150, CVE-2019-1151, CVE-2019-1152)\n\n - A security feature bypass exists when Windows incorrectly validates CAB file signatures. An attacker who successfully exploited this vulnerability could inject code into a CAB file without invalidating the file's signature. (CVE-2019-1163)\n\n - An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2019-1159, CVE-2019-1164)\n\n - A remote code execution vulnerability exists in Remote Desktop Services formerly known as Terminal Services when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests.\n This vulnerability is pre-authentication and requires no user interaction. An attacker who successfully exploited this vulnerability could execute arbitrary code on the target system. An attacker could then install programs;\n view, change, or delete data; or create new accounts with full user rights. (CVE-2019-1181, CVE-2019-1182)\n\n - A memory corruption vulnerability exists in the Windows DHCP client when an attacker sends specially crafted DHCP responses to a client. An attacker who successfully exploited the vulnerability could run arbitrary code on the client machine. (CVE-2019-0736)\n\n - A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.\n (CVE-2019-1133, CVE-2019-1194)\n\n - A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2019-1183)\n\n - An elevation of privilege vulnerability exists in the way that the rpcss.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.\n (CVE-2019-1177)\n\n - A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory. The vulnerability could corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2019-1193)\n\n - An information disclosure vulnerability exists when Microsoft Edge improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2019-1030)\n\n - An information disclosure vulnerability exists in Azure Active Directory (AAD) Microsoft Account (MSA) during the login request session. An attacker who successfully exploited the vulnerability could take over a user's account. (CVE-2019-1172)\n\n - A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system. An attacker who successfully exploited the vulnerability could cause the host server to crash. (CVE-2019-0714, CVE-2019-0715, CVE-2019-0718, CVE-2019-0723)\n\n - A denial of service vulnerability exists when Windows improperly handles objects in memory. An attacker who successfully exploited the vulnerability could cause a target system to stop responding. (CVE-2019-0716)\n\n - A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2019-1139, CVE-2019-1140, CVE-2019-1195, CVE-2019-1196, CVE-2019-1197)\n\n - An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise a users system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document or by convincing a user to visit an untrusted webpage.\n The update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory.\n (CVE-2019-1143, CVE-2019-1158)\n\n - A remote code execution vulnerability exists when Windows Hyper-V Network Switch on a host server fails to properly validate input from an authenticated user on a guest operating system. (CVE-2019-0720)\n\n - A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input. An attacker who successfully exploited the vulnerability could run malicious code remotely to take control of the users system. (CVE-2019-1057)", "cvss3": {}, "published": "2019-08-13T00:00:00", "type": "nessus", "title": "KB4512507: Windows 10 Version 1703 August 2019 Security Update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-0714", "CVE-2019-0715", "CVE-2019-0716", "CVE-2019-0718", "CVE-2019-0720", "CVE-2019-0723", "CVE-2019-0736", "CVE-2019-1030", "CVE-2019-1057", "CVE-2019-1078", "CVE-2019-1133", "CVE-2019-1139", "CVE-2019-1140", "CVE-2019-1143", "CVE-2019-1144", "CVE-2019-1145", "CVE-2019-1146", "CVE-2019-1147", "CVE-2019-1148", "CVE-2019-1149", "CVE-2019-1150", "CVE-2019-1151", "CVE-2019-1152", "CVE-2019-1153", "CVE-2019-1155", "CVE-2019-1156", "CVE-2019-1157", "CVE-2019-1158", "CVE-2019-1159", "CVE-2019-1162", "CVE-2019-1163", "CVE-2019-1164", "CVE-2019-1168", "CVE-2019-1171", "CVE-2019-1172", "CVE-2019-1176", "CVE-2019-1177", "CVE-2019-1178", "CVE-2019-1179", "CVE-2019-1180", "CVE-2019-1181", "CVE-2019-1182", "CVE-2019-1183", "CVE-2019-1186", "CVE-2019-1187", "CVE-2019-1192", "CVE-2019-1193", "CVE-2019-1194", "CVE-2019-1195", "CVE-2019-1196", "CVE-2019-1197", "CVE-2019-1198", "CVE-2019-9506", "CVE-2019-9511", "CVE-2019-9512", "CVE-2019-9513", "CVE-2019-9514", "CVE-2019-9518"], "modified": "2023-02-10T00:00:00", "cpe": ["cpe:/o:microsoft:windows", "cpe:/a:microsoft:edge"], "id": "SMB_NT_MS19_AUG_4512507.NASL", "href": "https://www.tenable.com/plugins/nessus/127847", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(127847);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/02/10\");\n\n script_cve_id(\n \"CVE-2019-0714\",\n \"CVE-2019-0715\",\n \"CVE-2019-0716\",\n \"CVE-2019-0718\",\n \"CVE-2019-0720\",\n \"CVE-2019-0723\",\n \"CVE-2019-0736\",\n \"CVE-2019-1030\",\n \"CVE-2019-1057\",\n \"CVE-2019-1078\",\n \"CVE-2019-1133\",\n \"CVE-2019-1139\",\n \"CVE-2019-1140\",\n \"CVE-2019-1143\",\n \"CVE-2019-1144\",\n \"CVE-2019-1145\",\n \"CVE-2019-1146\",\n \"CVE-2019-1147\",\n \"CVE-2019-1148\",\n \"CVE-2019-1149\",\n \"CVE-2019-1150\",\n \"CVE-2019-1151\",\n \"CVE-2019-1152\",\n \"CVE-2019-1153\",\n \"CVE-2019-1155\",\n \"CVE-2019-1156\",\n \"CVE-2019-1157\",\n \"CVE-2019-1158\",\n \"CVE-2019-1159\",\n \"CVE-2019-1162\",\n \"CVE-2019-1163\",\n \"CVE-2019-1164\",\n \"CVE-2019-1168\",\n \"CVE-2019-1171\",\n \"CVE-2019-1172\",\n \"CVE-2019-1176\",\n \"CVE-2019-1177\",\n \"CVE-2019-1178\",\n \"CVE-2019-1179\",\n \"CVE-2019-1180\",\n \"CVE-2019-1181\",\n \"CVE-2019-1182\",\n \"CVE-2019-1183\",\n \"CVE-2019-1186\",\n \"CVE-2019-1187\",\n \"CVE-2019-1192\",\n \"CVE-2019-1193\",\n \"CVE-2019-1194\",\n \"CVE-2019-1195\",\n \"CVE-2019-1196\",\n \"CVE-2019-1197\",\n \"CVE-2019-1198\",\n \"CVE-2019-9506\",\n \"CVE-2019-9511\",\n \"CVE-2019-9512\",\n \"CVE-2019-9513\",\n \"CVE-2019-9514\",\n \"CVE-2019-9518\"\n );\n script_xref(name:\"MSKB\", value:\"4512507\");\n script_xref(name:\"MSFT\", value:\"MS19-4512507\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0643\");\n\n script_name(english:\"KB4512507: Windows 10 Version 1703 August 2019 Security Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4512507.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - An elevation of privilege vulnerability exists when\n Windows improperly handles calls to Advanced Local\n Procedure Call (ALPC). An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n the security context of the local system. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n (CVE-2019-1162)\n\n - A security feature bypass vulnerability exists when\n Microsoft browsers improperly handle requests of\n different origins. The vulnerability allows Microsoft\n browsers to bypass Same-Origin Policy (SOP)\n restrictions, and to allow requests that should\n otherwise be ignored. An attacker who successfully\n exploited the vulnerability could force the browser to\n send data that would otherwise be restricted.\n (CVE-2019-1192)\n\n - An information disclosure vulnerability exists when the\n Microsoft Windows Graphics Component improperly handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could obtain information to\n further compromise the users system. (CVE-2019-1148,\n CVE-2019-1153)\n\n - A denial of service vulnerability exists when the\n XmlLite runtime (XmlLite.dll) improperly parses XML\n input. An attacker who successfully exploited this\n vulnerability could cause a denial of service against an\n XML application. A remote unauthenticated attacker could\n exploit this vulnerability by issuing specially crafted\n requests to an XML application. The update addresses the\n vulnerability by correcting how the XmlLite runtime\n parses XML input. (CVE-2019-1187)\n\n - An elevation of privilege vulnerability exists when\n DirectX improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could run arbitrary code in kernel mode. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n (CVE-2019-1176)\n\n - A remote code execution vulnerability exists when the\n Windows Jet Database Engine improperly handles objects\n in memory. An attacker who successfully exploited this\n vulnerability could execute arbitrary code on a victim\n system. An attacker could exploit this vulnerability by\n enticing a victim to open a specially crafted file. The\n update addresses the vulnerability by correcting the way\n the Windows Jet Database Engine handles objects in\n memory. (CVE-2019-1146, CVE-2019-1147, CVE-2019-1155,\n CVE-2019-1156, CVE-2019-1157)\n\n - A denial of service vulnerability exists in the HTTP/2\n protocol stack (HTTP.sys) when HTTP.sys improperly\n parses specially crafted HTTP/2 requests. An attacker\n who successfully exploited the vulnerability could\n create a denial of service condition, causing the target\n system to become unresponsive. (CVE-2019-9511,\n CVE-2019-9512, CVE-2019-9513, CVE-2019-9514,\n CVE-2019-9518)\n\n - <h1>Executive Summary</h1> Microsoft is aware of the\n Bluetooth BR/EDR (basic rate/enhanced data rate, known\n as &quot;Bluetooth Classic&quot;) key negotiation\n vulnerability that exists at the hardware specification\n level of any BR/EDR Bluetooth device. An attacker could\n potentially be able to negotiate the offered key length\n down to 1 byte of entropy, from a maximum of 16 bytes.\n (CVE-2019-9506)\n\n - An elevation of privilege exists in the p2pimsvc service\n where an attacker who successfully exploited the\n vulnerability could run arbitrary code with elevated\n privileges. (CVE-2019-1168)\n\n - An information disclosure vulnerability exists when the\n Windows Graphics component improperly handles objects in\n memory. An attacker who successfully exploited this\n vulnerability could obtain information to further\n compromise the users system. An authenticated attacker\n could exploit this vulnerability by running a specially\n crafted application. The update addresses the\n vulnerability by correcting how the Windows Graphics\n Component handles objects in memory. (CVE-2019-1078)\n\n - An elevation of privilege vulnerability exists in the\n way that the wcmsvc.dll handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2019-1180, CVE-2019-1186)\n\n - An elevation of privilege vulnerability exists in the\n way that the unistore.dll handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2019-1179)\n\n - An information disclosure vulnerability exists in\n SymCrypt during the OAEP decryption stage. An attacker\n who successfully exploited this vulnerability could\n obtain information to further compromise the users\n system. (CVE-2019-1171)\n\n - An elevation of privilege exists in SyncController.dll.\n An attacker who successfully exploited the vulnerability\n could run arbitrary code with elevated privileges.\n (CVE-2019-1198)\n\n - An elevation of privilege vulnerability exists in the\n way that the ssdpsrv.dll handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2019-1178)\n\n - A remote code execution vulnerability exists when the\n Windows font library improperly handles specially\n crafted embedded fonts. An attacker who successfully\n exploited the vulnerability could take control of the\n affected system. An attacker could then install\n programs; view, change, or delete data; or create new\n accounts with full user rights. (CVE-2019-1144,\n CVE-2019-1145, CVE-2019-1149, CVE-2019-1150,\n CVE-2019-1151, CVE-2019-1152)\n\n - A security feature bypass exists when Windows\n incorrectly validates CAB file signatures. An attacker\n who successfully exploited this vulnerability could\n inject code into a CAB file without invalidating the\n file's signature. (CVE-2019-1163)\n\n - An elevation of privilege vulnerability exists when the\n Windows kernel fails to properly handle objects in\n memory. An attacker who successfully exploited this\n vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change,\n or delete data; or create new accounts with full user\n rights. (CVE-2019-1159, CVE-2019-1164)\n\n - A remote code execution vulnerability exists in Remote\n Desktop Services formerly known as Terminal Services\n when an unauthenticated attacker connects to the target\n system using RDP and sends specially crafted requests.\n This vulnerability is pre-authentication and requires no\n user interaction. An attacker who successfully exploited\n this vulnerability could execute arbitrary code on the\n target system. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2019-1181, CVE-2019-1182)\n\n - A memory corruption vulnerability exists in the Windows\n DHCP client when an attacker sends specially crafted\n DHCP responses to a client. An attacker who successfully\n exploited the vulnerability could run arbitrary code on\n the client machine. (CVE-2019-0736)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Internet Explorer. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2019-1133, CVE-2019-1194)\n\n - A remote code execution vulnerability exists in the way\n that the VBScript engine handles objects in memory. The\n vulnerability could corrupt memory in such a way that an\n attacker could execute arbitrary code in the context of\n the current user. An attacker who successfully exploited\n the vulnerability could gain the same user rights as the\n current user. (CVE-2019-1183)\n\n - An elevation of privilege vulnerability exists in the\n way that the rpcss.dll handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2019-1177)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft browsers access objects in memory. The\n vulnerability could corrupt memory in a way that could\n allow an attacker to execute arbitrary code in the\n context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2019-1193)\n\n - An information disclosure vulnerability exists when\n Microsoft Edge improperly handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could obtain information to further compromise the users\n system. (CVE-2019-1030)\n\n - An information disclosure vulnerability exists in Azure\n Active Directory (AAD) Microsoft Account (MSA) during\n the login request session. An attacker who successfully\n exploited the vulnerability could take over a user's\n account. (CVE-2019-1172)\n\n - A denial of service vulnerability exists when Microsoft\n Hyper-V Network Switch on a host server fails to\n properly validate input from a privileged user on a\n guest operating system. An attacker who successfully\n exploited the vulnerability could cause the host server\n to crash. (CVE-2019-0714, CVE-2019-0715, CVE-2019-0718,\n CVE-2019-0723)\n\n - A denial of service vulnerability exists when Windows\n improperly handles objects in memory. An attacker who\n successfully exploited the vulnerability could cause a\n target system to stop responding. (CVE-2019-0716)\n\n - A remote code execution vulnerability exists in the way\n that the Chakra scripting engine handles objects in\n memory in Microsoft Edge. The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. An attacker who successfully exploited the\n vulnerability could gain the same user rights as the\n current user. (CVE-2019-1139, CVE-2019-1140,\n CVE-2019-1195, CVE-2019-1196, CVE-2019-1197)\n\n - An information disclosure vulnerability exists when the\n Windows GDI component improperly discloses the contents\n of its memory. An attacker who successfully exploited\n the vulnerability could obtain information to further\n compromise a users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document\n or by convincing a user to visit an untrusted webpage.\n The update addresses the vulnerability by correcting how\n the Windows GDI component handles objects in memory.\n (CVE-2019-1143, CVE-2019-1158)\n\n - A remote code execution vulnerability exists when\n Windows Hyper-V Network Switch on a host server fails to\n properly validate input from an authenticated user on a\n guest operating system. (CVE-2019-0720)\n\n - A remote code execution vulnerability exists when the\n Microsoft XML Core Services MSXML parser processes user\n input. An attacker who successfully exploited the\n vulnerability could run malicious code remotely to take\n control of the users system. (CVE-2019-1057)\");\n # https://support.microsoft.com/en-us/help/4512507/windows-10-update-kb4512507\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?88ec0338\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Cumulative Update KB4512507.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-1182\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/08/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/08/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/08/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:edge\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS19-08\";\nkbs = make_list('4512507');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"10\",\n sp:0,\n os_build:\"15063\",\n rollup_date:\"08_2019\",\n bulletin:bulletin,\n rollup_kb_list:[4512507])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:28:19", "description": "The remote Windows host is missing security update 4512516.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC). An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the local system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2019-1162)\n\n - A security feature bypass vulnerability exists when Microsoft browsers improperly handle requests of different origins. The vulnerability allows Microsoft browsers to bypass Same-Origin Policy (SOP) restrictions, and to allow requests that should otherwise be ignored. An attacker who successfully exploited the vulnerability could force the browser to send data that would otherwise be restricted.\n (CVE-2019-1192)\n\n - A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.\n (CVE-2019-1133, CVE-2019-1194)\n\n - A denial of service vulnerability exists when the XmlLite runtime (XmlLite.dll) improperly parses XML input. An attacker who successfully exploited this vulnerability could cause a denial of service against an XML application. A remote unauthenticated attacker could exploit this vulnerability by issuing specially crafted requests to an XML application. The update addresses the vulnerability by correcting how the XmlLite runtime parses XML input. (CVE-2019-1187)\n\n - An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2019-1176)\n\n - A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory. (CVE-2019-1146, CVE-2019-1147, CVE-2019-1155, CVE-2019-1156, CVE-2019-1157)\n\n - A denial of service vulnerability exists in the HTTP/2 protocol stack (HTTP.sys) when HTTP.sys improperly parses specially crafted HTTP/2 requests. An attacker who successfully exploited the vulnerability could create a denial of service condition, causing the target system to become unresponsive. (CVE-2019-9511, CVE-2019-9512, CVE-2019-9513, CVE-2019-9514, CVE-2019-9518)\n\n - <h1>Executive Summary</h1> Microsoft is aware of the Bluetooth BR/EDR (basic rate/enhanced data rate, known as &quot;Bluetooth Classic&quot;) key negotiation vulnerability that exists at the hardware specification level of any BR/EDR Bluetooth device. An attacker could potentially be able to negotiate the offered key length down to 1 byte of entropy, from a maximum of 16 bytes.\n (CVE-2019-9506)\n\n - A remote code execution vulnerability exists in Microsoft Windows that could allow remote code execution if a .LNK file is processed. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. (CVE-2019-1188)\n\n - An elevation of privilege exists in the p2pimsvc service where an attacker who successfully exploited the vulnerability could run arbitrary code with elevated privileges. (CVE-2019-1168)\n\n - A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system. (CVE-2019-0965)\n\n - An information disclosure vulnerability exists when the Windows Graphics component improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. An authenticated attacker could exploit this vulnerability by running a specially crafted application. The update addresses the vulnerability by correcting how the Windows Graphics Component handles objects in memory. (CVE-2019-1078)\n\n - An elevation of privilege vulnerability exists in the way that the wcmsvc.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.\n (CVE-2019-1180, CVE-2019-1186)\n\n - A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2019-1131, CVE-2019-1139, CVE-2019-1140, CVE-2019-1195, CVE-2019-1196, CVE-2019-1197)\n\n - An elevation of privilege vulnerability exists in the way that the unistore.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.\n (CVE-2019-1179)\n\n - An information disclosure vulnerability exists in SymCrypt during the OAEP decryption stage. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2019-1171)\n\n - An elevation of privilege exists in SyncController.dll.\n An attacker who successfully exploited the vulnerability could run arbitrary code with elevated privileges.\n (CVE-2019-1198)\n\n - An elevation of privilege vulnerability exists in the way that the ssdpsrv.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.\n (CVE-2019-1178)\n\n - A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited the vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2019-1144, CVE-2019-1145, CVE-2019-1149, CVE-2019-1150, CVE-2019-1151, CVE-2019-1152)\n\n - A security feature bypass exists when Windows incorrectly validates CAB file signatures. An attacker who successfully exploited this vulnerability could inject code into a CAB file without invalidating the file's signature. (CVE-2019-1163)\n\n - An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2019-1159, CVE-2019-1164)\n\n - A remote code execution vulnerability exists in Remote Desktop Services formerly known as Terminal Services when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests.\n This vulnerability is pre-authentication and requires no user interaction. An attacker who successfully exploited this vulnerability could execute arbitrary code on the target system. An attacker could then install programs;\n view, change, or delete data; or create new accounts with full user rights. (CVE-2019-1181, CVE-2019-1182)\n\n - A memory corruption vulnerability exists in the Windows DHCP client when an attacker sends specially crafted DHCP responses to a client. An attacker who successfully exploited the vulnerability could run arbitrary code on the client machine. (CVE-2019-0736)\n\n - An information disclosure vulnerability exists when the Microsoft Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2019-1148, CVE-2019-1153)\n\n - A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2019-1183)\n\n - An elevation of privilege vulnerability exists in the way that the rpcss.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.\n (CVE-2019-1177)\n\n - A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory. The vulnerability could corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2019-1193)\n\n - An information disclosure vulnerability exists when Microsoft Edge improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2019-1030)\n\n - An information disclosure vulnerability exists in Azure Active Directory (AAD) Microsoft Account (MSA) during the login request session. An attacker who successfully exploited the vulnerability could take over a user's account. (CVE-2019-1172)\n\n - A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system. An attacker who successfully exploited the vulnerability could cause the host server to crash. (CVE-2019-0714, CVE-2019-0715, CVE-2019-0718, CVE-2019-0723)\n\n - A denial of service vulnerability exists when Windows improperly handles objects in memory. An attacker who successfully exploited the vulnerability could cause a target system to stop responding. (CVE-2019-0716)\n\n - An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise a users system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document or by convincing a user to visit an untrusted webpage.\n The update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory.\n (CVE-2019-1143, CVE-2019-1158)\n\n - A remote code execution vulnerability exists when Windows Hyper-V Network Switch on a host server fails to properly validate input from an authenticated user on a guest operating system. (CVE-2019-0720)\n\n - A memory corruption vulnerability exists in the Windows Server DHCP service when processing specially crafted packets. An attacker who successfully exploited the vulnerability could cause the DHCP server service to stop responding. (CVE-2019-1212)\n\n - A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input. An attacker who successfully exploited the vulnerability could run malicious code remotely to take control of the users system. (CVE-2019-1057)\n\n - An elevation of privilege vulnerability exists in the way that the psmsrv.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.\n (CVE-2019-1175)", "cvss3": {}, "published": "2019-08-13T00:00:00", "type": "nessus", "title": "KB4512516: Windows 10 Version 1709 August 2019 Security Update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-0714", "CVE-2019-0715", "CVE-2019-0716", "CVE-2019-0718", "CVE-2019-0720", "CVE-2019-0723", "CVE-2019-0736", "CVE-2019-0965", "CVE-2019-1030", "CVE-2019-1057", "CVE-2019-1078", "CVE-2019-1131", "CVE-2019-1133", "CVE-2019-1139", "CVE-2019-1140", "CVE-2019-1143", "CVE-2019-1144", "CVE-2019-1145", "CVE-2019-1146", "CVE-2019-1147", "CVE-2019-1148", "CVE-2019-1149", "CVE-2019-1150", "CVE-2019-1151", "CVE-2019-1152", "CVE-2019-1153", "CVE-2019-1155", "CVE-2019-1156", "CVE-2019-1157", "CVE-2019-1158", "CVE-2019-1159", "CVE-2019-1162", "CVE-2019-1163", "CVE-2019-1164", "CVE-2019-1168", "CVE-2019-1171", "CVE-2019-1172", "CVE-2019-1175", "CVE-2019-1176", "CVE-2019-1177", "CVE-2019-1178", "CVE-2019-1179", "CVE-2019-1180", "CVE-2019-1181", "CVE-2019-1182", "CVE-2019-1183", "CVE-2019-1186", "CVE-2019-1187", "CVE-2019-1188", "CVE-2019-1192", "CVE-2019-1193", "CVE-2019-1194", "CVE-2019-1195", "CVE-2019-1196", "CVE-2019-1197", "CVE-2019-1198", "CVE-2019-1212", "CVE-2019-9506", "CVE-2019-9511", "CVE-2019-9512", "CVE-2019-9513", "CVE-2019-9514", "CVE-2019-9518"], "modified": "2023-02-10T00:00:00", "cpe": ["cpe:/o:microsoft:windows", "cpe:/a:microsoft:edge"], "id": "SMB_NT_MS19_AUG_4512516.NASL", "href": "https://www.tenable.com/plugins/nessus/127849", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(127849);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/02/10\");\n\n script_cve_id(\n \"CVE-2019-0714\",\n \"CVE-2019-0715\",\n \"CVE-2019-0716\",\n \"CVE-2019-0718\",\n \"CVE-2019-0720\",\n \"CVE-2019-0723\",\n \"CVE-2019-0736\",\n \"CVE-2019-0965\",\n \"CVE-2019-1030\",\n \"CVE-2019-1057\",\n \"CVE-2019-1078\",\n \"CVE-2019-1131\",\n \"CVE-2019-1133\",\n \"CVE-2019-1139\",\n \"CVE-2019-1140\",\n \"CVE-2019-1143\",\n \"CVE-2019-1144\",\n \"CVE-2019-1145\",\n \"CVE-2019-1146\",\n \"CVE-2019-1147\",\n \"CVE-2019-1148\",\n \"CVE-2019-1149\",\n \"CVE-2019-1150\",\n \"CVE-2019-1151\",\n \"CVE-2019-1152\",\n \"CVE-2019-1153\",\n \"CVE-2019-1155\",\n \"CVE-2019-1156\",\n \"CVE-2019-1157\",\n \"CVE-2019-1158\",\n \"CVE-2019-1159\",\n \"CVE-2019-1162\",\n \"CVE-2019-1163\",\n \"CVE-2019-1164\",\n \"CVE-2019-1168\",\n \"CVE-2019-1171\",\n \"CVE-2019-1172\",\n \"CVE-2019-1175\",\n \"CVE-2019-1176\",\n \"CVE-2019-1177\",\n \"CVE-2019-1178\",\n \"CVE-2019-1179\",\n \"CVE-2019-1180\",\n \"CVE-2019-1181\",\n \"CVE-2019-1182\",\n \"CVE-2019-1183\",\n \"CVE-2019-1186\",\n \"CVE-2019-1187\",\n \"CVE-2019-1188\",\n \"CVE-2019-1192\",\n \"CVE-2019-1193\",\n \"CVE-2019-1194\",\n \"CVE-2019-1195\",\n \"CVE-2019-1196\",\n \"CVE-2019-1197\",\n \"CVE-2019-1198\",\n \"CVE-2019-1212\",\n \"CVE-2019-9506\",\n \"CVE-2019-9511\",\n \"CVE-2019-9512\",\n \"CVE-2019-9513\",\n \"CVE-2019-9514\",\n \"CVE-2019-9518\"\n );\n script_xref(name:\"MSKB\", value:\"4512516\");\n script_xref(name:\"MSFT\", value:\"MS19-4512516\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0643\");\n\n script_name(english:\"KB4512516: Windows 10 Version 1709 August 2019 Security Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4512516.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - An elevation of privilege vulnerability exists when\n Windows improperly handles calls to Advanced Local\n Procedure Call (ALPC). An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n the security context of the local system. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n (CVE-2019-1162)\n\n - A security feature bypass vulnerability exists when\n Microsoft browsers improperly handle requests of\n different origins. The vulnerability allows Microsoft\n browsers to bypass Same-Origin Policy (SOP)\n restrictions, and to allow requests that should\n otherwise be ignored. An attacker who successfully\n exploited the vulnerability could force the browser to\n send data that would otherwise be restricted.\n (CVE-2019-1192)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Internet Explorer. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2019-1133, CVE-2019-1194)\n\n - A denial of service vulnerability exists when the\n XmlLite runtime (XmlLite.dll) improperly parses XML\n input. An attacker who successfully exploited this\n vulnerability could cause a denial of service against an\n XML application. A remote unauthenticated attacker could\n exploit this vulnerability by issuing specially crafted\n requests to an XML application. The update addresses the\n vulnerability by correcting how the XmlLite runtime\n parses XML input. (CVE-2019-1187)\n\n - An elevation of privilege vulnerability exists when\n DirectX improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could run arbitrary code in kernel mode. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n (CVE-2019-1176)\n\n - A remote code execution vulnerability exists when the\n Windows Jet Database Engine improperly handles objects\n in memory. An attacker who successfully exploited this\n vulnerability could execute arbitrary code on a victim\n system. An attacker could exploit this vulnerability by\n enticing a victim to open a specially crafted file. The\n update addresses the vulnerability by correcting the way\n the Windows Jet Database Engine handles objects in\n memory. (CVE-2019-1146, CVE-2019-1147, CVE-2019-1155,\n CVE-2019-1156, CVE-2019-1157)\n\n - A denial of service vulnerability exists in the HTTP/2\n protocol stack (HTTP.sys) when HTTP.sys improperly\n parses specially crafted HTTP/2 requests. An attacker\n who successfully exploited the vulnerability could\n create a denial of service condition, causing the target\n system to become unresponsive. (CVE-2019-9511,\n CVE-2019-9512, CVE-2019-9513, CVE-2019-9514,\n CVE-2019-9518)\n\n - <h1>Executive Summary</h1> Microsoft is aware of the\n Bluetooth BR/EDR (basic rate/enhanced data rate, known\n as &quot;Bluetooth Classic&quot;) key negotiation\n vulnerability that exists at the hardware specification\n level of any BR/EDR Bluetooth device. An attacker could\n potentially be able to negotiate the offered key length\n down to 1 byte of entropy, from a maximum of 16 bytes.\n (CVE-2019-9506)\n\n - A remote code execution vulnerability exists in\n Microsoft Windows that could allow remote code execution\n if a .LNK file is processed. An attacker who\n successfully exploited this vulnerability could gain the\n same user rights as the local user. (CVE-2019-1188)\n\n - An elevation of privilege exists in the p2pimsvc service\n where an attacker who successfully exploited the\n vulnerability could run arbitrary code with elevated\n privileges. (CVE-2019-1168)\n\n - A remote code execution vulnerability exists when\n Windows Hyper-V on a host server fails to properly\n validate input from an authenticated user on a guest\n operating system. (CVE-2019-0965)\n\n - An information disclosure vulnerability exists when the\n Windows Graphics component improperly handles objects in\n memory. An attacker who successfully exploited this\n vulnerability could obtain information to further\n compromise the users system. An authenticated attacker\n could exploit this vulnerability by running a specially\n crafted application. The update addresses the\n vulnerability by correcting how the Windows Graphics\n Component handles objects in memory. (CVE-2019-1078)\n\n - An elevation of privilege vulnerability exists in the\n way that the wcmsvc.dll handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2019-1180, CVE-2019-1186)\n\n - A remote code execution vulnerability exists in the way\n that the Chakra scripting engine handles objects in\n memory in Microsoft Edge. The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. An attacker who successfully exploited the\n vulnerability could gain the same user rights as the\n current user. (CVE-2019-1131, CVE-2019-1139,\n CVE-2019-1140, CVE-2019-1195, CVE-2019-1196,\n CVE-2019-1197)\n\n - An elevation of privilege vulnerability exists in the\n way that the unistore.dll handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2019-1179)\n\n - An information disclosure vulnerability exists in\n SymCrypt during the OAEP decryption stage. An attacker\n who successfully exploited this vulnerability could\n obtain information to further compromise the users\n system. (CVE-2019-1171)\n\n - An elevation of privilege exists in SyncController.dll.\n An attacker who successfully exploited the vulnerability\n could run arbitrary code with elevated privileges.\n (CVE-2019-1198)\n\n - An elevation of privilege vulnerability exists in the\n way that the ssdpsrv.dll handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2019-1178)\n\n - A remote code execution vulnerability exists when the\n Windows font library improperly handles specially\n crafted embedded fonts. An attacker who successfully\n exploited the vulnerability could take control of the\n affected system. An attacker could then install\n programs; view, change, or delete data; or create new\n accounts with full user rights. (CVE-2019-1144,\n CVE-2019-1145, CVE-2019-1149, CVE-2019-1150,\n CVE-2019-1151, CVE-2019-1152)\n\n - A security feature bypass exists when Windows\n incorrectly validates CAB file signatures. An attacker\n who successfully exploited this vulnerability could\n inject code into a CAB file without invalidating the\n file's signature. (CVE-2019-1163)\n\n - An elevation of privilege vulnerability exists when the\n Windows kernel fails to properly handle objects in\n memory. An attacker who successfully exploited this\n vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change,\n or delete data; or create new accounts with full user\n rights. (CVE-2019-1159, CVE-2019-1164)\n\n - A remote code execution vulnerability exists in Remote\n Desktop Services formerly known as Terminal Services\n when an unauthenticated attacker connects to the target\n system using RDP and sends specially crafted requests.\n This vulnerability is pre-authentication and requires no\n user interaction. An attacker who successfully exploited\n this vulnerability could execute arbitrary code on the\n target system. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2019-1181, CVE-2019-1182)\n\n - A memory corruption vulnerability exists in the Windows\n DHCP client when an attacker sends specially crafted\n DHCP responses to a client. An attacker who successfully\n exploited the vulnerability could run arbitrary code on\n the client machine. (CVE-2019-0736)\n\n - An information disclosure vulnerability exists when the\n Microsoft Windows Graphics Component improperly handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could obtain information to\n further compromise the users system. (CVE-2019-1148,\n CVE-2019-1153)\n\n - A remote code execution vulnerability exists in the way\n that the VBScript engine handles objects in memory. The\n vulnerability could corrupt memory in such a way that an\n attacker could execute arbitrary code in the context of\n the current user. An attacker who successfully exploited\n the vulnerability could gain the same user rights as the\n current user. (CVE-2019-1183)\n\n - An elevation of privilege vulnerability exists in the\n way that the rpcss.dll handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2019-1177)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft browsers access objects in memory. The\n vulnerability could corrupt memory in a way that could\n allow an attacker to execute arbitrary code in the\n context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2019-1193)\n\n - An information disclosure vulnerability exists when\n Microsoft Edge improperly handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could obtain information to further compromise the users\n system. (CVE-2019-1030)\n\n - An information disclosure vulnerability exists in Azure\n Active Directory (AAD) Microsoft Account (MSA) during\n the login request session. An attacker who successfully\n exploited the vulnerability could take over a user's\n account. (CVE-2019-1172)\n\n - A denial of service vulnerability exists when Microsoft\n Hyper-V Network Switch on a host server fails to\n properly validate input from a privileged user on a\n guest operating system. An attacker who successfully\n exploited the vulnerability could cause the host server\n to crash. (CVE-2019-0714, CVE-2019-0715, CVE-2019-0718,\n CVE-2019-0723)\n\n - A denial of service vulnerability exists when Windows\n improperly handles objects in memory. An attacker who\n successfully exploited the vulnerability could cause a\n target system to stop responding. (CVE-2019-0716)\n\n - An information disclosure vulnerability exists when the\n Windows GDI component improperly discloses the contents\n of its memory. An attacker who successfully exploited\n the vulnerability could obtain information to further\n compromise a users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document\n or by convincing a user to visit an untrusted webpage.\n The update addresses the vulnerability by correcting how\n the Windows GDI component handles objects in memory.\n (CVE-2019-1143, CVE-2019-1158)\n\n - A remote code execution vulnerability exists when\n Windows Hyper-V Network Switch on a host server fails to\n properly validate input from an authenticated user on a\n guest operating system. (CVE-2019-0720)\n\n - A memory corruption vulnerability exists in the Windows\n Server DHCP service when processing specially crafted\n packets. An attacker who successfully exploited the\n vulnerability could cause the DHCP server service to\n stop responding. (CVE-2019-1212)\n\n - A remote code execution vulnerability exists when the\n Microsoft XML Core Services MSXML parser processes user\n input. An attacker who successfully exploited the\n vulnerability could run malicious code remotely to take\n control of the users system. (CVE-2019-1057)\n\n - An elevation of privilege vulnerability exists in the\n way that the psmsrv.dll handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2019-1175)\");\n # https://support.microsoft.com/en-us/help/4512516/windows-10-update-kb4512516\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?e7cadca2\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Cumulative Update KB4512516.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-1182\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/08/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/08/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/08/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:edge\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS19-08\";\nkbs = make_list('4512516');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\nmy_os_build = get_kb_item(\"SMB/WindowsVersionBuild\");\nproductname = get_kb_item_or_exit(\"SMB/ProductName\");\n\nif (my_os_build = \"16299\" && \"enterprise\" >!< tolower(productname) && \"education\" >!< tolower(productname) && \"server\" >!< tolower(productname))\n audit(AUDIT_OS_NOT, \"a supported version of Windows\");\n\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"10\",\n sp:0,\n os_build:\"16299\",\n rollup_date:\"08_2019\",\n bulletin:bulletin,\n rollup_kb_list:[4512516])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:28:02", "description": "The remote Windows host is missing security update 4512501.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC). An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the local system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2019-1162)\n\n - A security feature bypass vulnerability exists when Microsoft browsers improperly handle requests of different origins. The vulnerability allows Microsoft browsers to bypass Same-Origin Policy (SOP) restrictions, and to allow requests that should otherwise be ignored. An attacker who successfully exploited the vulnerability could force the browser to send data that would otherwise be restricted.\n (CVE-2019-1192)\n\n - A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.\n (CVE-2019-1133, CVE-2019-1194)\n\n - A denial of service vulnerability exists when the XmlLite runtime (XmlLite.dll) improperly parses XML input. An attacker who successfully exploited this vulnerability could cause a denial of service against an XML application. A remote unauthenticated attacker could exploit this vulnerability by issuing specially crafted requests to an XML application. The update addresses the vulnerability by correcting how the XmlLite runtime parses XML input. (CVE-2019-1187)\n\n - An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2019-1176)\n\n - An information disclosure vulnerability exists when the Windows RDP server improperly discloses the contents of its memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the system. (CVE-2019-1224, CVE-2019-1225)\n\n - A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory. (CVE-2019-1146, CVE-2019-1147, CVE-2019-1155, CVE-2019-1156, CVE-2019-1157)\n\n - A denial of service vulnerability exists in the HTTP/2 protocol stack (HTTP.sys) when HTTP.sys improperly parses specially crafted HTTP/2 requests. An attacker who successfully exploited the vulnerability could create a denial of service condition, causing the target system to become unresponsive. (CVE-2019-9511, CVE-2019-9512, CVE-2019-9513, CVE-2019-9514, CVE-2019-9518)\n\n - <h1>Executive Summary</h1> Microsoft is aware of the Bluetooth BR/EDR (basic rate/enhanced data rate, known as &quot;Bluetooth Classic&quot;) key negotiation vulnerability that exists at the hardware specification level of any BR/EDR Bluetooth device. An attacker could potentially be able to negotiate the offered key length down to 1 byte of entropy, from a maximum of 16 bytes.\n (CVE-2019-9506)\n\n - A denial of service vulnerability exists in Remote Desktop Protocol (RDP) when an attacker connects to the target system using RDP and sends specially crafted requests. An attacker who successfully exploited this vulnerability could cause the RDP service on the target system to stop responding. (CVE-2019-1223)\n\n - An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2019-1227)\n\n - A remote code execution vulnerability exists in Microsoft Windows that could allow remote code execution if a .LNK file is processed. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. (CVE-2019-1188)\n\n - An elevation of privilege exists in the p2pimsvc service where an attacker who successfully exploited the vulnerability could run arbitrary code with elevated privileges. (CVE-2019-1168)\n\n - A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system. (CVE-2019-0965)\n\n - An information disclosure vulnerability exists when the Windows Graphics component improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. An authenticated attacker could exploit this vulnerability by running a specially crafted application. The update addresses the vulnerability by correcting how the Windows Graphics Component handles objects in memory. (CVE-2019-1078)\n\n - An elevation of privilege vulnerability exists in the way that the wcmsvc.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.\n (CVE-2019-1180, CVE-2019-1186)\n\n - A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2019-1131, CVE-2019-1139, CVE-2019-1140, CVE-2019-1195, CVE-2019-1196, CVE-2019-1197)\n\n - An elevation of privilege vulnerability exists in the way that the psmsrv.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.\n (CVE-2019-1175)\n\n - An information disclosure vulnerability exists in SymCrypt during the OAEP decryption stage. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2019-1171)\n\n - An elevation of privilege exists in SyncController.dll.\n An attacker who successfully exploited the vulnerability could run arbitrary code with elevated privileges.\n (CVE-2019-1198)\n\n - An elevation of privilege vulnerability exists in the way that the ssdpsrv.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.\n (CVE-2019-1178)\n\n - A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited the vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2019-1144, CVE-2019-1145, CVE-2019-1149, CVE-2019-1150, CVE-2019-1151, CVE-2019-1152)\n\n - A security feature bypass exists when Windows incorrectly validates CAB file signatures. An attacker who successfully exploited this vulnerability could inject code into a CAB file without invalidating the file's signature. (CVE-2019-1163)\n\n - An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2019-1159, CVE-2019-1164)\n\n - A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2019-1183)\n\n - A remote code execution vulnerability exists when Windows Hyper-V Network Switch on a host server fails to properly validate input from an authenticated user on a guest operating system. (CVE-2019-0720)\n\n - A memory corruption vulnerability exists in the Windows DHCP client when an attacker sends specially crafted DHCP responses to a client. An attacker who successfully exploited the vulnerability could run arbitrary code on the client machine. (CVE-2019-0736)\n\n - An information disclosure vulnerability exists when the Microsoft Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2019-1148, CVE-2019-1153)\n\n - A remote code execution vulnerability exists in Remote Desktop Services formerly known as Terminal Services when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests.\n This vulnerability is pre-authentication and requires no user interaction. An attacker who successfully exploited this vulnerability could execute arbitrary code on the target system. An attacker could then install programs;\n view, change, or delete data; or create new accounts with full user rights. (CVE-2019-1181, CVE-2019-1182, CVE-2019-1222, CVE-2019-1226)\n\n - An elevation of privilege vulnerability exists in the way that the rpcss.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.\n (CVE-2019-1177)\n\n - An elevation of privilege vulnerability exists in the way that the PsmServiceExtHost.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2019-1173)\n\n - A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory. The vulnerability could corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2019-1193)\n\n - An information disclosure vulnerability exists when Microsoft Edge improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2019-1030)\n\n - An information disclosure vulnerability exists in Azure Active Directory (AAD) Microsoft Account (MSA) during the login request session. An attacker who successfully exploited the vulnerability could take over a user's account. (CVE-2019-1172)\n\n - A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system. An attacker who successfully exploited the vulnerability could cause the host server to crash. (CVE-2019-0714, CVE-2019-0715, CVE-2019-0718, CVE-2019-0723)\n\n - A denial of service vulnerability exists when Windows improperly handles objects in memory. An attacker who successfully exploited the vulnerability could cause a target system to stop responding. (CVE-2019-0716)\n\n - An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise a users system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document or by convincing a user to visit an untrusted webpage.\n The update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory.\n (CVE-2019-1143, CVE-2019-1158)\n\n - An elevation of privilege vulnerability exists when Windows Core Shell COM Server Registrar improperly handles COM calls. An attacker who successfully exploited this vulnerability could potentially set certain items to run at a higher level and thereby elevate permissions. (CVE-2019-1184)\n\n - A memory corruption vulnerability exists in the Windows Server DHCP service when processing specially crafted packets. An attacker who successfully exploited the vulnerability could cause the DHCP server service to stop responding. (CVE-2019-1212)\n\n - A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input. An attacker who successfully exploited the vulnerability could run malicious code remotely to take control of the users system. (CVE-2019-1057)\n\n - An elevation of privilege vulnerability exists in the way that the unistore.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.\n (CVE-2019-1179)", "cvss3": {}, "published": "2019-08-13T00:00:00", "type": "nessus", "title": "KB4512501: Windows 10 Version 1803 August 2019 Security Update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-0714", "CVE-2019-0715", "CVE-2019-0716", "CVE-2019-0718", "CVE-2019-0720", "CVE-2019-0723", "CVE-2019-0736", "CVE-2019-0965", "CVE-2019-1030", "CVE-2019-1057", "CVE-2019-1078", "CVE-2019-1131", "CVE-2019-1133", "CVE-2019-1139", "CVE-2019-1140", "CVE-2019-1143", "CVE-2019-1144", "CVE-2019-1145", "CVE-2019-1146", "CVE-2019-1147", "CVE-2019-1148", "CVE-2019-1149", "CVE-2019-1150", "CVE-2019-1151", "CVE-2019-1152", "CVE-2019-1153", "CVE-2019-1155", "CVE-2019-1156", "CVE-2019-1157", "CVE-2019-1158", "CVE-2019-1159", "CVE-2019-1162", "CVE-2019-1163", "CVE-2019-1164", "CVE-2019-1168", "CVE-2019-1171", "CVE-2019-1172", "CVE-2019-1173", "CVE-2019-1175", "CVE-2019-1176", "CVE-2019-1177", "CVE-2019-1178", "CVE-2019-1179", "CVE-2019-1180", "CVE-2019-1181", "CVE-2019-1182", "CVE-2019-1183", "CVE-2019-1184", "CVE-2019-1186", "CVE-2019-1187", "CVE-2019-1188", "CVE-2019-1192", "CVE-2019-1193", "CVE-2019-1194", "CVE-2019-1195", "CVE-2019-1196", "CVE-2019-1197", "CVE-2019-1198", "CVE-2019-1212", "CVE-2019-1222", "CVE-2019-1223", "CVE-2019-1224", "CVE-2019-1225", "CVE-2019-1226", "CVE-2019-1227", "CVE-2019-9506", "CVE-2019-9511", "CVE-2019-9512", "CVE-2019-9513", "CVE-2019-9514", "CVE-2019-9518"], "modified": "2023-02-10T00:00:00", "cpe": ["cpe:/o:microsoft:windows", "cpe:/a:microsoft:edge"], "id": "SMB_NT_MS19_AUG_4512501.NASL", "href": "https://www.tenable.com/plugins/nessus/127845", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(127845);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/02/10\");\n\n script_cve_id(\n \"CVE-2019-0714\",\n \"CVE-2019-0715\",\n \"CVE-2019-0716\",\n \"CVE-2019-0718\",\n \"CVE-2019-0720\",\n \"CVE-2019-0723\",\n \"CVE-2019-0736\",\n \"CVE-2019-0965\",\n \"CVE-2019-1030\",\n \"CVE-2019-1057\",\n \"CVE-2019-1078\",\n \"CVE-2019-1131\",\n \"CVE-2019-1133\",\n \"CVE-2019-1139\",\n \"CVE-2019-1140\",\n \"CVE-2019-1143\",\n \"CVE-2019-1144\",\n \"CVE-2019-1145\",\n \"CVE-2019-1146\",\n \"CVE-2019-1147\",\n \"CVE-2019-1148\",\n \"CVE-2019-1149\",\n \"CVE-2019-1150\",\n \"CVE-2019-1151\",\n \"CVE-2019-1152\",\n \"CVE-2019-1153\",\n \"CVE-2019-1155\",\n \"CVE-2019-1156\",\n \"CVE-2019-1157\",\n \"CVE-2019-1158\",\n \"CVE-2019-1159\",\n \"CVE-2019-1162\",\n \"CVE-2019-1163\",\n \"CVE-2019-1164\",\n \"CVE-2019-1168\",\n \"CVE-2019-1171\",\n \"CVE-2019-1172\",\n \"CVE-2019-1173\",\n \"CVE-2019-1175\",\n \"CVE-2019-1176\",\n \"CVE-2019-1177\",\n \"CVE-2019-1178\",\n \"CVE-2019-1179\",\n \"CVE-2019-1180\",\n \"CVE-2019-1181\",\n \"CVE-2019-1182\",\n \"CVE-2019-1183\",\n \"CVE-2019-1184\",\n \"CVE-2019-1186\",\n \"CVE-2019-1187\",\n \"CVE-2019-1188\",\n \"CVE-2019-1192\",\n \"CVE-2019-1193\",\n \"CVE-2019-1194\",\n \"CVE-2019-1195\",\n \"CVE-2019-1196\",\n \"CVE-2019-1197\",\n \"CVE-2019-1198\",\n \"CVE-2019-1212\",\n \"CVE-2019-1222\",\n \"CVE-2019-1223\",\n \"CVE-2019-1224\",\n \"CVE-2019-1225\",\n \"CVE-2019-1226\",\n \"CVE-2019-1227\",\n \"CVE-2019-9506\",\n \"CVE-2019-9511\",\n \"CVE-2019-9512\",\n \"CVE-2019-9513\",\n \"CVE-2019-9514\",\n \"CVE-2019-9518\"\n );\n script_xref(name:\"MSKB\", value:\"4512501\");\n script_xref(name:\"MSFT\", value:\"MS19-4512501\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0643\");\n\n script_name(english:\"KB4512501: Windows 10 Version 1803 August 2019 Security Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4512501.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - An elevation of privilege vulnerability exists when\n Windows improperly handles calls to Advanced Local\n Procedure Call (ALPC). An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n the security context of the local system. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n (CVE-2019-1162)\n\n - A security feature bypass vulnerability exists when\n Microsoft browsers improperly handle requests of\n different origins. The vulnerability allows Microsoft\n browsers to bypass Same-Origin Policy (SOP)\n restrictions, and to allow requests that should\n otherwise be ignored. An attacker who successfully\n exploited the vulnerability could force the browser to\n send data that would otherwise be restricted.\n (CVE-2019-1192)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Internet Explorer. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2019-1133, CVE-2019-1194)\n\n - A denial of service vulnerability exists when the\n XmlLite runtime (XmlLite.dll) improperly parses XML\n input. An attacker who successfully exploited this\n vulnerability could cause a denial of service against an\n XML application. A remote unauthenticated attacker could\n exploit this vulnerability by issuing specially crafted\n requests to an XML application. The update addresses the\n vulnerability by correcting how the XmlLite runtime\n parses XML input. (CVE-2019-1187)\n\n - An elevation of privilege vulnerability exists when\n DirectX improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could run arbitrary code in kernel mode. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n (CVE-2019-1176)\n\n - An information disclosure vulnerability exists when the\n Windows RDP server improperly discloses the contents of\n its memory. An attacker who successfully exploited this\n vulnerability could obtain information to further\n compromise the system. (CVE-2019-1224, CVE-2019-1225)\n\n - A remote code execution vulnerability exists when the\n Windows Jet Database Engine improperly handles objects\n in memory. An attacker who successfully exploited this\n vulnerability could execute arbitrary code on a victim\n system. An attacker could exploit this vulnerability by\n enticing a victim to open a specially crafted file. The\n update addresses the vulnerability by correcting the way\n the Windows Jet Database Engine handles objects in\n memory. (CVE-2019-1146, CVE-2019-1147, CVE-2019-1155,\n CVE-2019-1156, CVE-2019-1157)\n\n - A denial of service vulnerability exists in the HTTP/2\n protocol stack (HTTP.sys) when HTTP.sys improperly\n parses specially crafted HTTP/2 requests. An attacker\n who successfully exploited the vulnerability could\n create a denial of service condition, causing the target\n system to become unresponsive. (CVE-2019-9511,\n CVE-2019-9512, CVE-2019-9513, CVE-2019-9514,\n CVE-2019-9518)\n\n - <h1>Executive Summary</h1> Microsoft is aware of the\n Bluetooth BR/EDR (basic rate/enhanced data rate, known\n as &quot;Bluetooth Classic&quot;) key negotiation\n vulnerability that exists at the hardware specification\n level of any BR/EDR Bluetooth device. An attacker could\n potentially be able to negotiate the offered key length\n down to 1 byte of entropy, from a maximum of 16 bytes.\n (CVE-2019-9506)\n\n - A denial of service vulnerability exists in Remote\n Desktop Protocol (RDP) when an attacker connects to the\n target system using RDP and sends specially crafted\n requests. An attacker who successfully exploited this\n vulnerability could cause the RDP service on the target\n system to stop responding. (CVE-2019-1223)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. (CVE-2019-1227)\n\n - A remote code execution vulnerability exists in\n Microsoft Windows that could allow remote code execution\n if a .LNK file is processed. An attacker who\n successfully exploited this vulnerability could gain the\n same user rights as the local user. (CVE-2019-1188)\n\n - An elevation of privilege exists in the p2pimsvc service\n where an attacker who successfully exploited the\n vulnerability could run arbitrary code with elevated\n privileges. (CVE-2019-1168)\n\n - A remote code execution vulnerability exists when\n Windows Hyper-V on a host server fails to properly\n validate input from an authenticated user on a guest\n operating system. (CVE-2019-0965)\n\n - An information disclosure vulnerability exists when the\n Windows Graphics component improperly handles objects in\n memory. An attacker who successfully exploited this\n vulnerability could obtain information to further\n compromise the users system. An authenticated attacker\n could exploit this vulnerability by running a specially\n crafted application. The update addresses the\n vulnerability by correcting how the Windows Graphics\n Component handles objects in memory. (CVE-2019-1078)\n\n - An elevation of privilege vulnerability exists in the\n way that the wcmsvc.dll handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2019-1180, CVE-2019-1186)\n\n - A remote code execution vulnerability exists in the way\n that the Chakra scripting engine handles objects in\n memory in Microsoft Edge. The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. An attacker who successfully exploited the\n vulnerability could gain the same user rights as the\n current user. (CVE-2019-1131, CVE-2019-1139,\n CVE-2019-1140, CVE-2019-1195, CVE-2019-1196,\n CVE-2019-1197)\n\n - An elevation of privilege vulnerability exists in the\n way that the psmsrv.dll handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2019-1175)\n\n - An information disclosure vulnerability exists in\n SymCrypt during the OAEP decryption stage. An attacker\n who successfully exploited this vulnerability could\n obtain information to further compromise the users\n system. (CVE-2019-1171)\n\n - An elevation of privilege exists in SyncController.dll.\n An attacker who successfully exploited the vulnerability\n could run arbitrary code with elevated privileges.\n (CVE-2019-1198)\n\n - An elevation of privilege vulnerability exists in the\n way that the ssdpsrv.dll handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2019-1178)\n\n - A remote code execution vulnerability exists when the\n Windows font library improperly handles specially\n crafted embedded fonts. An attacker who successfully\n exploited the vulnerability could take control of the\n affected system. An attacker could then install\n programs; view, change, or delete data; or create new\n accounts with full user rights. (CVE-2019-1144,\n CVE-2019-1145, CVE-2019-1149, CVE-2019-1150,\n CVE-2019-1151, CVE-2019-1152)\n\n - A security feature bypass exists when Windows\n incorrectly validates CAB file signatures. An attacker\n who successfully exploited this vulnerability could\n inject code into a CAB file without invalidating the\n file's signature. (CVE-2019-1163)\n\n - An elevation of privilege vulnerability exists when the\n Windows kernel fails to properly handle objects in\n memory. An attacker who successfully exploited this\n vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change,\n or delete data; or create new accounts with full user\n rights. (CVE-2019-1159, CVE-2019-1164)\n\n - A remote code execution vulnerability exists in the way\n that the VBScript engine handles objects in memory. The\n vulnerability could corrupt memory in such a way that an\n attacker could execute arbitrary code in the context of\n the current user. An attacker who successfully exploited\n the vulnerability could gain the same user rights as the\n current user. (CVE-2019-1183)\n\n - A remote code execution vulnerability exists when\n Windows Hyper-V Network Switch on a host server fails to\n properly validate input from an authenticated user on a\n guest operating system. (CVE-2019-0720)\n\n - A memory corruption vulnerability exists in the Windows\n DHCP client when an attacker sends specially crafted\n DHCP responses to a client. An attacker who successfully\n exploited the vulnerability could run arbitrary code on\n the client machine. (CVE-2019-0736)\n\n - An information disclosure vulnerability exists when the\n Microsoft Windows Graphics Component improperly handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could obtain information to\n further compromise the users system. (CVE-2019-1148,\n CVE-2019-1153)\n\n - A remote code execution vulnerability exists in Remote\n Desktop Services formerly known as Terminal Services\n when an unauthenticated attacker connects to the target\n system using RDP and sends specially crafted requests.\n This vulnerability is pre-authentication and requires no\n user interaction. An attacker who successfully exploited\n this vulnerability could execute arbitrary code on the\n target system. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2019-1181, CVE-2019-1182,\n CVE-2019-1222, CVE-2019-1226)\n\n - An elevation of privilege vulnerability exists in the\n way that the rpcss.dll handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2019-1177)\n\n - An elevation of privilege vulnerability exists in the\n way that the PsmServiceExtHost.dll handles objects in\n memory. An attacker who successfully exploited the\n vulnerability could execute code with elevated\n permissions. (CVE-2019-1173)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft browsers access objects in memory. The\n vulnerability could corrupt memory in a way that could\n allow an attacker to execute arbitrary code in the\n context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2019-1193)\n\n - An information disclosure vulnerability exists when\n Microsoft Edge improperly handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could obtain information to further compromise the users\n system. (CVE-2019-1030)\n\n - An information disclosure vulnerability exists in Azure\n Active Directory (AAD) Microsoft Account (MSA) during\n the login request session. An attacker who successfully\n exploited the vulnerability could take over a user's\n account. (CVE-2019-1172)\n\n - A denial of service vulnerability exists when Microsoft\n Hyper-V Network Switch on a host server fails to\n properly validate input from a privileged user on a\n guest operating system. An attacker who successfully\n exploited the vulnerability could cause the host server\n to crash. (CVE-2019-0714, CVE-2019-0715, CVE-2019-0718,\n CVE-2019-0723)\n\n - A denial of service vulnerability exists when Windows\n improperly handles objects in memory. An attacker who\n successfully exploited the vulnerability could cause a\n target system to stop responding. (CVE-2019-0716)\n\n - An information disclosure vulnerability exists when the\n Windows GDI component improperly discloses the contents\n of its memory. An attacker who successfully exploited\n the vulnerability could obtain information to further\n compromise a users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document\n or by convincing a user to visit an untrusted webpage.\n The update addresses the vulnerability by correcting how\n the Windows GDI component handles objects in memory.\n (CVE-2019-1143, CVE-2019-1158)\n\n - An elevation of privilege vulnerability exists when\n Windows Core Shell COM Server Registrar improperly\n handles COM calls. An attacker who successfully\n exploited this vulnerability could potentially set\n certain items to run at a higher level and thereby\n elevate permissions. (CVE-2019-1184)\n\n - A memory corruption vulnerability exists in the Windows\n Server DHCP service when processing specially crafted\n packets. An attacker who successfully exploited the\n vulnerability could cause the DHCP server service to\n stop responding. (CVE-2019-1212)\n\n - A remote code execution vulnerability exists when the\n Microsoft XML Core Services MSXML parser processes user\n input. An attacker who successfully exploited the\n vulnerability could run malicious code remotely to take\n control of the users system. (CVE-2019-1057)\n\n - An elevation of privilege vulnerability exists in the\n way that the unistore.dll handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2019-1179)\");\n # https://support.microsoft.com/en-us/help/4512501/august-13-2019-kb4512501-os-build-17134-942\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?39c6baa6\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Cumulative Update KB4512501.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-1226\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/08/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/08/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/08/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:edge\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS19-08\";\nkbs = make_list('4512501');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"10\",\n sp:0,\n os_build:\"17134\",\n rollup_date:\"08_2019\",\n bulletin:bulletin,\n rollup_kb_list:[4512501])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:26:58", "description": "The remote Windows host is missing security update 4512508.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - An elevation of privilege vulnerability exists in the way that the Windows kernel image handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2019-1190)\n\n - An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC). An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the local system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2019-1162)\n\n - A security feature bypass vulnerability exists when Microsoft browsers improperly handle requests of different origins. The vulnerability allows Microsoft browsers to bypass Same-Origin Policy (SOP) restrictions, and to allow requests that should otherwise be ignored. An attacker who successfully exploited the vulnerability could force the browser to send data that would otherwise be restricted.\n (CVE-2019-1192)\n\n - A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.\n (CVE-2019-1133, CVE-2019-1194)\n\n - A denial of service vulnerability exists when the XmlLite runtime (XmlLite.dll) improperly parses XML input. An attacker who successfully exploited this vulnerability could cause a denial of service against an XML application. A remote unauthenticated attacker could exploit this vulnerability by issuing specially crafted requests to an XML application. The update addresses the vulnerability by correcting how the XmlLite runtime parses XML input. (CVE-2019-1187)\n\n - An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2019-1176)\n\n - An information disclosure vulnerability exists when the Windows RDP server improperly discloses the contents of its memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the system. (CVE-2019-1224, CVE-2019-1225)\n\n - An elevation of privilege vulnerability exists when reparse points are created by sandboxed processes allowing sandbox escape. An attacker who successfully exploited the vulnerability could use the sandbox escape to elevate privileges on an affected system.\n (CVE-2019-1170)\n\n - A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory. (CVE-2019-1146, CVE-2019-1147, CVE-2019-1155, CVE-2019-1156, CVE-2019-1157)\n\n - A denial of service vulnerability exists in the HTTP/2 protocol stack (HTTP.sys) when HTTP.sys improperly parses specially crafted HTTP/2 requests. An attacker who successfully exploited the vulnerability could create a denial of service condition, causing the target system to become unresponsive. (CVE-2019-9511, CVE-2019-9512, CVE-2019-9513, CVE-2019-9514, CVE-2019-9518)\n\n - <h1>Executive Summary</h1> Microsoft is aware of the Bluetooth BR/EDR (basic rate/enhanced data rate, known as &quot;Bluetooth Classic&quot;) key negotiation vulnerability that exists at the hardware specification level of any BR/EDR Bluetooth device. An attacker could potentially be able to negotiate the offered key length down to 1 byte of entropy, from a maximum of 16 bytes.\n (CVE-2019-9506)\n\n - A denial of service vulnerability exists in Remote Desktop Protocol (RDP) when an attacker connects to the target system using RDP and sends specially crafted requests. An attacker who successfully exploited this vulnerability could cause the RDP service on the target system to stop responding. (CVE-2019-1223)\n\n - An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2019-1227)\n\n - An elevation of privilege vulnerability exists in the way that the PsmServiceExtHost.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2019-1173, CVE-2019-1174)\n\n - A remote code execution vulnerability exists in Microsoft Windows that could allow remote code execution if a .LNK file is processed. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. (CVE-2019-1188)\n\n - An elevation of privilege exists in the p2pimsvc service where an attacker who successfully exploited the vulnerability could run arbitrary code with elevated privileges. (CVE-2019-1168)\n\n - A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system. (CVE-2019-0965)\n\n - An information disclosure vulnerability exists when the Windows Graphics component improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. An authenticated attacker could exploit this vulnerability by running a specially crafted application. The update addresses the vulnerability by correcting how the Windows Graphics Component handles objects in memory. (CVE-2019-1078)\n\n - A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system. An attacker who successfully exploited the vulnerability could cause the host server to crash. (CVE-2019-0714, CVE-2019-0715, CVE-2019-0717, CVE-2019-0718, CVE-2019-0723)\n\n - An elevation of privilege vulnerability exists in the way that the wcmsvc.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.\n (CVE-2019-1180, CVE-2019-1186)\n\n - An elevation of privilege vulnerability exists in the way that the psmsrv.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.\n (CVE-2019-1175)\n\n - An information disclosure vulnerability exists in SymCrypt during the OAEP decryption stage. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2019-1171)\n\n - An elevation of privilege exists in SyncController.dll.\n An attacker who successfully exploited the vulnerability could run arbitrary code with elevated privileges.\n (CVE-2019-1198)\n\n - An elevation of privilege vulnerability exists in the way that the ssdpsrv.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.\n (CVE-2019-1178)\n\n - A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited the vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2019-1144, CVE-2019-1145, CVE-2019-1149, CVE-2019-1150, CVE-2019-1151, CVE-2019-1152)\n\n - A security feature bypass exists when Windows incorrectly validates CAB file signatures. An attacker who successfully exploited this vulnerability could inject code into a CAB file without invalidating the file's signature. (CVE-2019-1163)\n\n - An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2019-1159, CVE-2019-1164)\n\n - A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2019-1183)\n\n - An information disclosure vulnerability exists when the Microsoft Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2019-1148, CVE-2019-1153)\n\n - A remote code execution vulnerability exists in Remote Desktop Services formerly known as Terminal Services when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests.\n This vulnerability is pre-authentication and requires no user interaction. An attacker who successfully exploited this vulnerability could execute arbitrary code on the target system. An attacker could then install programs;\n view, change, or delete data; or create new accounts with full user rights. (CVE-2019-1181, CVE-2019-1182, CVE-2019-1222, CVE-2019-1226)\n\n - An elevation of privilege vulnerability exists in the way that the rpcss.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.\n (CVE-2019-1177)\n\n - An elevation of privilege vulnerability exists due to a stack corruption in Windows Subsystem for Linux. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.\n (CVE-2019-1185)\n\n - A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory. The vulnerability could corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2019-1193)\n\n - An information disclosure vulnerability exists when Microsoft Edge improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2019-1030)\n\n - An information disclosure vulnerability exists in Azure Active Directory (AAD) Microsoft Account (MSA) during the login request session. An attacker who successfully exploited the vulnerability could take over a user's account. (CVE-2019-1172)\n\n - A denial of service vulnerability exists when Windows improperly handles objects in memory. An attacker who successfully exploited the vulnerability could cause a target system to stop responding. (CVE-2019-0716)\n\n - An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise a users system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document or by convincing a user to visit an untrusted webpage.\n The update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory.\n (CVE-2019-1143, CVE-2019-1158)\n\n - An elevation of privilege vulnerability exists when Windows Core Shell COM Server Registrar improperly handles COM calls. An attacker who successfully exploited this vulnerability could potentially set certain items to run at a higher level and thereby elevate permissions. (CVE-2019-1184)\n\n - A memory corruption vulnerability exists in the Windows Server DHCP service when processing specially crafted packets. An attacker who successfully exploited the vulnerability could cause the DHCP server service to stop responding. (CVE-2019-1212)\n\n - A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input. An attacker who successfully exploited the vulnerability could run malicious code remotely to take control of the users system. (CVE-2019-1057)\n\n - An elevation of privilege vulnerability exists in the way that the unistore.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.\n (CVE-2019-1179)\n\n - A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2019-1131, CVE-2019-1139, CVE-2019-1140, CVE-2019-1141, CVE-2019-1195, CVE-2019-1196, CVE-2019-1197)", "cvss3": {}, "published": "2019-08-13T00:00:00", "type": "nessus", "title": "KB4512508: Windows 10 Version 1903 August 2019 Security Update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-0714", "CVE-2019-0715", "CVE-2019-0716", "CVE-2019-0717", "CVE-2019-0718", "CVE-2019-0723", "CVE-2019-0965", "CVE-2019-1030", "CVE-2019-1057", "CVE-2019-1078", "CVE-2019-1131", "CVE-2019-1133", "CVE-2019-1139", "CVE-2019-1140", "CVE-2019-1141", "CVE-2019-1143", "CVE-2019-1144", "CVE-2019-1145", "CVE-2019-1146", "CVE-2019-1147", "CVE-2019-1148", "CVE-2019-1149", "CVE-2019-1150", "CVE-2019-1151", "CVE-2019-1152", "CVE-2019-1153", "CVE-2019-1155", "CVE-2019-1156", "CVE-2019-1157", "CVE-2019-1158", "CVE-2019-1159", "CVE-2019-1162", "CVE-2019-1163", "CVE-2019-1164", "CVE-2019-1168", "CVE-2019-1170", "CVE-2019-1171", "CVE-2019-1172", "CVE-2019-1173", "CVE-2019-1174", "CVE-2019-1175", "CVE-2019-1176", "CVE-2019-1177", "CVE-2019-1178", "CVE-2019-1179", "CVE-2019-1180", "CVE-2019-1181", "CVE-2019-1182", "CVE-2019-1183", "CVE-2019-1184", "CVE-2019-1185", "CVE-2019-1186", "CVE-2019-1187", "CVE-2019-1188", "CVE-2019-1190", "CVE-2019-1192", "CVE-2019-1193", "CVE-2019-1194", "CVE-2019-1195", "CVE-2019-1196", "CVE-2019-1197", "CVE-2019-1198", "CVE-2019-1212", "CVE-2019-1222", "CVE-2019-1223", "CVE-2019-1224", "CVE-2019-1225", "CVE-2019-1226", "CVE-2019-1227", "CVE-2019-9506", "CVE-2019-9511", "CVE-2019-9512", "CVE-2019-9513", "CVE-2019-9514", "CVE-2019-9518"], "modified": "2023-02-10T00:00:00", "cpe": ["cpe:/o:microsoft:windows", "cpe:/a:microsoft:edge"], "id": "SMB_NT_MS19_AUG_4512508.NASL", "href": "https://www.tenable.com/plugins/nessus/127848", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(127848);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/02/10\");\n\n script_cve_id(\n \"CVE-2019-0714\",\n \"CVE-2019-0715\",\n \"CVE-2019-0716\",\n \"CVE-2019-0717\",\n \"CVE-2019-0718\",\n \"CVE-2019-0723\",\n \"CVE-2019-0965\",\n \"CVE-2019-1030\",\n \"CVE-2019-1057\",\n \"CVE-2019-1078\",\n \"CVE-2019-1131\",\n \"CVE-2019-1133\",\n \"CVE-2019-1139\",\n \"CVE-2019-1140\",\n \"CVE-2019-1141\",\n \"CVE-2019-1143\",\n \"CVE-2019-1144\",\n \"CVE-2019-1145\",\n \"CVE-2019-1146\",\n \"CVE-2019-1147\",\n \"CVE-2019-1148\",\n \"CVE-2019-1149\",\n \"CVE-2019-1150\",\n \"CVE-2019-1151\",\n \"CVE-2019-1152\",\n \"CVE-2019-1153\",\n \"CVE-2019-1155\",\n \"CVE-2019-1156\",\n \"CVE-2019-1157\",\n \"CVE-2019-1158\",\n \"CVE-2019-1159\",\n \"CVE-2019-1162\",\n \"CVE-2019-1163\",\n \"CVE-2019-1164\",\n \"CVE-2019-1168\",\n \"CVE-2019-1170\",\n \"CVE-2019-1171\",\n \"CVE-2019-1172\",\n \"CVE-2019-1173\",\n \"CVE-2019-1174\",\n \"CVE-2019-1175\",\n \"CVE-2019-1176\",\n \"CVE-2019-1177\",\n \"CVE-2019-1178\",\n \"CVE-2019-1179\",\n \"CVE-2019-1180\",\n \"CVE-2019-1181\",\n \"CVE-2019-1182\",\n \"CVE-2019-1183\",\n \"CVE-2019-1184\",\n \"CVE-2019-1185\",\n \"CVE-2019-1186\",\n \"CVE-2019-1187\",\n \"CVE-2019-1188\",\n \"CVE-2019-1190\",\n \"CVE-2019-1192\",\n \"CVE-2019-1193\",\n \"CVE-2019-1194\",\n \"CVE-2019-1195\",\n \"CVE-2019-1196\",\n \"CVE-2019-1197\",\n \"CVE-2019-1198\",\n \"CVE-2019-1212\",\n \"CVE-2019-1222\",\n \"CVE-2019-1223\",\n \"CVE-2019-1224\",\n \"CVE-2019-1225\",\n \"CVE-2019-1226\",\n \"CVE-2019-1227\",\n \"CVE-2019-9506\",\n \"CVE-2019-9511\",\n \"CVE-2019-9512\",\n \"CVE-2019-9513\",\n \"CVE-2019-9514\",\n \"CVE-2019-9518\"\n );\n script_xref(name:\"MSKB\", value:\"4512508\");\n script_xref(name:\"MSFT\", value:\"MS19-4512508\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0643\");\n\n script_name(english:\"KB4512508: Windows 10 Version 1903 August 2019 Security Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4512508.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows kernel image handles objects in\n memory. An attacker who successfully exploited the\n vulnerability could execute code with elevated\n permissions. (CVE-2019-1190)\n\n - An elevation of privilege vulnerability exists when\n Windows improperly handles calls to Advanced Local\n Procedure Call (ALPC). An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n the security context of the local system. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n (CVE-2019-1162)\n\n - A security feature bypass vulnerability exists when\n Microsoft browsers improperly handle requests of\n different origins. The vulnerability allows Microsoft\n browsers to bypass Same-Origin Policy (SOP)\n restrictions, and to allow requests that should\n otherwise be ignored. An attacker who successfully\n exploited the vulnerability could force the browser to\n send data that would otherwise be restricted.\n (CVE-2019-1192)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Internet Explorer. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2019-1133, CVE-2019-1194)\n\n - A denial of service vulnerability exists when the\n XmlLite runtime (XmlLite.dll) improperly parses XML\n input. An attacker who successfully exploited this\n vulnerability could cause a denial of service against an\n XML application. A remote unauthenticated attacker could\n exploit this vulnerability by issuing specially crafted\n requests to an XML application. The update addresses the\n vulnerability by correcting how the XmlLite runtime\n parses XML input. (CVE-2019-1187)\n\n - An elevation of privilege vulnerability exists when\n DirectX improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could run arbitrary code in kernel mode. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n (CVE-2019-1176)\n\n - An information disclosure vulnerability exists when the\n Windows RDP server improperly discloses the contents of\n its memory. An attacker who successfully exploited this\n vulnerability could obtain information to further\n compromise the system. (CVE-2019-1224, CVE-2019-1225)\n\n - An elevation of privilege vulnerability exists when\n reparse points are created by sandboxed processes\n allowing sandbox escape. An attacker who successfully\n exploited the vulnerability could use the sandbox escape\n to elevate privileges on an affected system.\n (CVE-2019-1170)\n\n - A remote code execution vulnerability exists when the\n Windows Jet Database Engine improperly handles objects\n in memory. An attacker who successfully exploited this\n vulnerability could execute arbitrary code on a victim\n system. An attacker could exploit this vulnerability by\n enticing a victim to open a specially crafted file. The\n update addresses the vulnerability by correcting the way\n the Windows Jet Database Engine handles objects in\n memory. (CVE-2019-1146, CVE-2019-1147, CVE-2019-1155,\n CVE-2019-1156, CVE-2019-1157)\n\n - A denial of service vulnerability exists in the HTTP/2\n protocol stack (HTTP.sys) when HTTP.sys improperly\n parses specially crafted HTTP/2 requests. An attacker\n who successfully exploited the vulnerability could\n create a denial of service condition, causing the target\n system to become unresponsive. (CVE-2019-9511,\n CVE-2019-9512, CVE-2019-9513, CVE-2019-9514,\n CVE-2019-9518)\n\n - <h1>Executive Summary</h1> Microsoft is aware of the\n Bluetooth BR/EDR (basic rate/enhanced data rate, known\n as &quot;Bluetooth Classic&quot;) key negotiation\n vulnerability that exists at the hardware specification\n level of any BR/EDR Bluetooth device. An attacker could\n potentially be able to negotiate the offered key length\n down to 1 byte of entropy, from a maximum of 16 bytes.\n (CVE-2019-9506)\n\n - A denial of service vulnerability exists in Remote\n Desktop Protocol (RDP) when an attacker connects to the\n target system using RDP and sends specially crafted\n requests. An attacker who successfully exploited this\n vulnerability could cause the RDP service on the target\n system to stop responding. (CVE-2019-1223)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. (CVE-2019-1227)\n\n - An elevation of privilege vulnerability exists in the\n way that the PsmServiceExtHost.dll handles objects in\n memory. An attacker who successfully exploited the\n vulnerability could execute code with elevated\n permissions. (CVE-2019-1173, CVE-2019-1174)\n\n - A remote code execution vulnerability exists in\n Microsoft Windows that could allow remote code execution\n if a .LNK file is processed. An attacker who\n successfully exploited this vulnerability could gain the\n same user rights as the local user. (CVE-2019-1188)\n\n - An elevation of privilege exists in the p2pimsvc service\n where an attacker who successfully exploited the\n vulnerability could run arbitrary code with elevated\n privileges. (CVE-2019-1168)\n\n - A remote code execution vulnerability exists when\n Windows Hyper-V on a host server fails to properly\n validate input from an authenticated user on a guest\n operating system. (CVE-2019-0965)\n\n - An information disclosure vulnerability exists when the\n Windows Graphics component improperly handles objects in\n memory. An attacker who successfully exploited this\n vulnerability could obtain information to further\n compromise the users system. An authenticated attacker\n could exploit this vulnerability by running a specially\n crafted application. The update addresses the\n vulnerability by correcting how the Windows Graphics\n Component handles objects in memory. (CVE-2019-1078)\n\n - A denial of service vulnerability exists when Microsoft\n Hyper-V Network Switch on a host server fails to\n properly validate input from a privileged user on a\n guest operating system. An attacker who successfully\n exploited the vulnerability could cause the host server\n to crash. (CVE-2019-0714, CVE-2019-0715, CVE-2019-0717,\n CVE-2019-0718, CVE-2019-0723)\n\n - An elevation of privilege vulnerability exists in the\n way that the wcmsvc.dll handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2019-1180, CVE-2019-1186)\n\n - An elevation of privilege vulnerability exists in the\n way that the psmsrv.dll handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2019-1175)\n\n - An information disclosure vulnerability exists in\n SymCrypt during the OAEP decryption stage. An attacker\n who successfully exploited this vulnerability could\n obtain information to further compromise the users\n system. (CVE-2019-1171)\n\n - An elevation of privilege exists in SyncController.dll.\n An attacker who successfully exploited the vulnerability\n could run arbitrary code with elevated privileges.\n (CVE-2019-1198)\n\n - An elevation of privilege vulnerability exists in the\n way that the ssdpsrv.dll handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2019-1178)\n\n - A remote code execution vulnerability exists when the\n Windows font library improperly handles specially\n crafted embedded fonts. An attacker who successfully\n exploited the vulnerability could take control of the\n affected system. An attacker could then install\n programs; view, change, or delete data; or create new\n accounts with full user rights. (CVE-2019-1144,\n CVE-2019-1145, CVE-2019-1149, CVE-2019-1150,\n CVE-2019-1151, CVE-2019-1152)\n\n - A security feature bypass exists when Windows\n incorrectly validates CAB file signatures. An attacker\n who successfully exploited this vulnerability could\n inject code into a CAB file without invalidating the\n file's signature. (CVE-2019-1163)\n\n - An elevation of privilege vulnerability exists when the\n Windows kernel fails to properly handle objects in\n memory. An attacker who successfully exploited this\n vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change,\n or delete data; or create new accounts with full user\n rights. (CVE-2019-1159, CVE-2019-1164)\n\n - A remote code execution vulnerability exists in the way\n that the VBScript engine handles objects in memory. The\n vulnerability could corrupt memory in such a way that an\n attacker could execute arbitrary code in the context of\n the current user. An attacker who successfully exploited\n the vulnerability could gain the same user rights as the\n current user. (CVE-2019-1183)\n\n - An information disclosure vulnerability exists when the\n Microsoft Windows Graphics Component improperly handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could obtain information to\n further compromise the users system. (CVE-2019-1148,\n CVE-2019-1153)\n\n - A remote code execution vulnerability exists in Remote\n Desktop Services formerly known as Terminal Services\n when an unauthenticated attacker connects to the target\n system using RDP and sends specially crafted requests.\n This vulnerability is pre-authentication and requires no\n user interaction. An attacker who successfully exploited\n this vulnerability could execute arbitrary code on the\n target system. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2019-1181, CVE-2019-1182,\n CVE-2019-1222, CVE-2019-1226)\n\n - An elevation of privilege vulnerability exists in the\n way that the rpcss.dll handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2019-1177)\n\n - An elevation of privilege vulnerability exists due to a\n stack corruption in Windows Subsystem for Linux. An\n attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2019-1185)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft browsers access objects in memory. The\n vulnerability could corrupt memory in a way that could\n allow an attacker to execute arbitrary code in the\n context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2019-1193)\n\n - An information disclosure vulnerability exists when\n Microsoft Edge improperly handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could obtain information to further compromise the users\n system. (CVE-2019-1030)\n\n - An information disclosure vulnerability exists in Azure\n Active Directory (AAD) Microsoft Account (MSA) during\n the login request session. An attacker who successfully\n exploited the vulnerability could take over a user's\n account. (CVE-2019-1172)\n\n - A denial of service vulnerability exists when Windows\n improperly handles objects in memory. An attacker who\n successfully exploited the vulnerability could cause a\n target system to stop responding. (CVE-2019-0716)\n\n - An information disclosure vulnerability exists when the\n Windows GDI component improperly discloses the contents\n of its memory. An attacker who successfully exploited\n the vulnerability could obtain information to further\n compromise a users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document\n or by convincing a user to visit an untrusted webpage.\n The update addresses the vulnerability by correcting how\n the Windows GDI component handles objects in memory.\n (CVE-2019-1143, CVE-2019-1158)\n\n - An elevation of privilege vulnerability exists when\n Windows Core Shell COM Server Registrar improperly\n handles COM calls. An attacker who successfully\n exploited this vulnerability could potentially set\n certain items to run at a higher level and thereby\n elevate permissions. (CVE-2019-1184)\n\n - A memory corruption vulnerability exists in the Windows\n Server DHCP service when processing specially crafted\n packets. An attacker who successfully exploited the\n vulnerability could cause the DHCP server service to\n stop responding. (CVE-2019-1212)\n\n - A remote code execution vulnerability exists when the\n Microsoft XML Core Services MSXML parser processes user\n input. An attacker who successfully exploited the\n vulnerability could run malicious code remotely to take\n control of the users system. (CVE-2019-1057)\n\n - An elevation of privilege vulnerability exists in the\n way that the unistore.dll handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2019-1179)\n\n - A remote code execution vulnerability exists in the way\n that the Chakra scripting engine handles objects in\n memory in Microsoft Edge. The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. An attacker who successfully exploited the\n vulnerability could gain the same user rights as the\n current user. (CVE-2019-1131, CVE-2019-1139,\n CVE-2019-1140, CVE-2019-1141, CVE-2019-1195,\n CVE-2019-1196, CVE-2019-1197)\");\n # https://support.microsoft.com/en-us/help/4512508/windows-10-update-kb4512508\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?26a6c137\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Cumulative Update KB4512508.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-1226\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/08/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/08/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/08/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:edge\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS19-08\";\nkbs = make_list('4512508');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"10\",\n sp:0,\n os_build:\"18362\",\n rollup_date:\"08_2019\",\n bulletin:bulletin,\n rollup_kb_list:[4512508])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:28:03", "description": "The remote Windows host is missing security update 4511553.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - An elevation of privilege vulnerability exists in the way that the Windows kernel image handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2019-1190)\n\n - An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC). An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the local system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2019-1162)\n\n - A security feature bypass vulnerability exists when Microsoft browsers improperly handle requests of different origins. The vulnerability allows Microsoft browsers to bypass Same-Origin Policy (SOP) restrictions, and to allow requests that should otherwise be ignored. An attacker who successfully exploited the vulnerability could force the browser to send data that would otherwise be restricted.\n (CVE-2019-1192)\n\n - A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.\n (CVE-2019-1133, CVE-2019-1194)\n\n - A denial of service vulnerability exists when the XmlLite runtime (XmlLite.dll) improperly parses XML input. An attacker who successfully exploited this vulnerability could cause a denial of service against an XML application. A remote unauthenticated attacker could exploit this vulnerability by issuing specially crafted requests to an XML application. The update addresses the vulnerability by correcting how the XmlLite runtime parses XML input. (CVE-2019-1187)\n\n - An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2019-1176)\n\n - An information disclosure vulnerability exists when the Windows RDP server improperly discloses the contents of its memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the system. (CVE-2019-1224, CVE-2019-1225)\n\n - An elevation of privilege vulnerability exists when reparse points are created by sandboxed processes allowing sandbox escape. An attacker who successfully exploited the vulnerability could use the sandbox escape to elevate privileges on an affected system.\n (CVE-2019-1170)\n\n - A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory. (CVE-2019-1146, CVE-2019-1147, CVE-2019-1155, CVE-2019-1156, CVE-2019-1157)\n\n - A denial of service vulnerability exists in the HTTP/2 protocol stack (HTTP.sys) when HTTP.sys improperly parses specially crafted HTTP/2 requests. An attacker who successfully exploited the vulnerability could create a denial of service condition, causing the target system to become unresponsive. (CVE-2019-9511, CVE-2019-9512, CVE-2019-9513, CVE-2019-9514, CVE-2019-9518)\n\n - <h1>Executive Summary</h1> Microsoft is aware of the Bluetooth BR/EDR (basic rate/enhanced data rate, known as &quot;Bluetooth Classic&quot;) key negotiation vulnerability that exists at the hardware specification level of any BR/EDR Bluetooth device. An attacker could potentially be able to negotiate the offered key length down to 1 byte of entropy, from a maximum of 16 bytes.\n (CVE-2019-9506)\n\n - A denial of service vulnerability exists in Remote Desktop Protocol (RDP) when an attacker connects to the target system using RDP and sends specially crafted requests. An attacker who successfully exploited this vulnerability could cause the RDP service on the target system to stop responding. (CVE-2019-1223)\n\n - An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2019-1227)\n\n - An elevation of privilege vulnerability exists in the way that the PsmServiceExtHost.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2019-1173, CVE-2019-1174)\n\n - A remote code execution vulnerability exists in Microsoft Windows that could allow remote code execution if a .LNK file is processed. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. (CVE-2019-1188)\n\n - An elevation of privilege exists in the p2pimsvc service where an attacker who successfully exploited the vulnerability could run arbitrary code with elevated privileges. (CVE-2019-1168)\n\n - A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system. (CVE-2019-0965)\n\n - An information disclosure vulnerability exists when the Windows Graphics component improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. An authenticated attacker could exploit this vulnerability by running a specially crafted application. The update addresses the vulnerability by correcting how the Windows Graphics Component handles objects in memory. (CVE-2019-1078)\n\n - A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system. An attacker who successfully exploited the vulnerability could cause the host server to crash. (CVE-2019-0714, CVE-2019-0715, CVE-2019-0717, CVE-2019-0718, CVE-2019-0723)\n\n - An elevation of privilege vulnerability exists in the way that the wcmsvc.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.\n (CVE-2019-1180, CVE-2019-1186)\n\n - A memory corruption vulnerability exists in the Windows Server DHCP service when an attacker sends specially crafted packets to a DHCP failover server. An attacker who successfully exploited the vulnerability could cause the DHCP service to become nonresponsive.\n (CVE-2019-1206)\n\n - An elevation of privilege vulnerability exists in the way that the psmsrv.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.\n (CVE-2019-1175)\n\n - An information disclosure vulnerability exists in SymCrypt during the OAEP decryption stage. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2019-1171)\n\n - An elevation of privilege exists in SyncController.dll.\n An attacker who successfully exploited the vulnerability could run arbitrary code with elevated privileges.\n (CVE-2019-1198)\n\n - An elevation of privilege vulnerability exists in the way that the ssdpsrv.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.\n (CVE-2019-1178)\n\n - A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited the vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2019-1144, CVE-2019-1145, CVE-2019-1149, CVE-2019-1150, CVE-2019-1151, CVE-2019-1152)\n\n - A security feature bypass exists when Windows incorrectly validates CAB file signatures. An attacker who successfully exploited this vulnerability could inject code into a CAB file without invalidating the file's signature. (CVE-2019-1163)\n\n - An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2019-1159, CVE-2019-1164)\n\n - A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2019-1183)\n\n - A remote code execution vulnerability exists when Windows Hyper-V Network Switch on a host server fails to properly validate input from an authenticated user on a guest operating system. (CVE-2019-0720)\n\n - An information disclosure vulnerability exists when the Microsoft Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2019-1148, CVE-2019-1153)\n\n - A remote code execution vulnerability exists in Remote Desktop Services formerly known as Terminal Services when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests.\n This vulnerability is pre-authentication and requires no user interaction. An attacker who successfully exploited this vulnerability could execute arbitrary code on the target system. An attacker could then install programs;\n view, change, or delete data; or create new accounts with full user rights. (CVE-2019-1181, CVE-2019-1182, CVE-2019-1222, CVE-2019-1226)\n\n - An elevation of privilege vulnerability exists in the way that the rpcss.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.\n (CVE-2019-1177)\n\n - A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory. The vulnerability could corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2019-1193)\n\n - An information disclosure vulnerability exists when Microsoft Edge improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2019-1030)\n\n - An information disclosure vulnerability exists in Azure Active Directory (AAD) Microsoft Account (MSA) during the login request session. An attacker who successfully exploited the vulnerability could take over a user's account. (CVE-2019-1172)\n\n - A denial of service vulnerability exists when Windows improperly handles objects in memory. An attacker who successfully exploited the vulnerability could cause a target system to stop responding. (CVE-2019-0716)\n\n - An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise a users system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document or by convincing a user to visit an untrusted webpage.\n The update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory.\n (CVE-2019-1143, CVE-2019-1158)\n\n - An elevation of privilege vulnerability exists when Windows Core Shell COM Server Registrar improperly handles COM calls. An attacker who successfully exploited this vulnerability could potentially set certain items to run at a higher level and thereby elevate permissions. (CVE-2019-1184)\n\n - A memory corruption vulnerability exists in the Windows Server DHCP service when processing specially crafted packets. An attacker who successfully exploited the vulnerability could cause the DHCP server service to stop responding. (CVE-2019-1212)\n\n - A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input. An attacker who successfully exploited the vulnerability could run malicious code remotely to take control of the users system. (CVE-2019-1057)\n\n - An elevation of privilege vulnerability exists in the way that the unistore.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.\n (CVE-2019-1179)\n\n - A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2019-1131, CVE-2019-1139, CVE-2019-1140, CVE-2019-1141, CVE-2019-1195, CVE-2019-1196, CVE-2019-1197)", "cvss3": {}, "published": "2019-08-13T00:00:00", "type": "nessus", "title": "KB4511553: Windows 10 Version 1809 and Windows Server 2019 August 2019 Security Update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-0714", "CVE-2019-0715", "CVE-2019-0716", "CVE-2019-0717", "CVE-2019-0718", "CVE-2019-0720", "CVE-2019-0723", "CVE-2019-0965", "CVE-2019-1030", "CVE-2019-1057", "CVE-2019-1078", "CVE-2019-1131", "CVE-2019-1133", "CVE-2019-1139", "CVE-2019-1140", "CVE-2019-1141", "CVE-2019-1143", "CVE-2019-1144", "CVE-2019-1145", "CVE-2019-1146", "CVE-2019-1147", "CVE-2019-1148", "CVE-2019-1149", "CVE-2019-1150", "CVE-2019-1151", "CVE-2019-1152", "CVE-2019-1153", "CVE-2019-1155", "CVE-2019-1156", "CVE-2019-1157", "CVE-2019-1158", "CVE-2019-1159", "CVE-2019-1162", "CVE-2019-1163", "CVE-2019-1164", "CVE-2019-1168", "CVE-2019-1170", "CVE-2019-1171", "CVE-2019-1172", "CVE-2019-1173", "CVE-2019-1174", "CVE-2019-1175", "CVE-2019-1176", "CVE-2019-1177", "CVE-2019-1178", "CVE-2019-1179", "CVE-2019-1180", "CVE-2019-1181", "CVE-2019-1182", "CVE-2019-1183", "CVE-2019-1184", "CVE-2019-1186", "CVE-2019-1187", "CVE-2019-1188", "CVE-2019-1190", "CVE-2019-1192", "CVE-2019-1193", "CVE-2019-1194", "CVE-2019-1195", "CVE-2019-1196", "CVE-2019-1197", "CVE-2019-1198", "CVE-2019-1206", "CVE-2019-1212", "CVE-2019-1222", "CVE-2019-1223", "CVE-2019-1224", "CVE-2019-1225", "CVE-2019-1226", "CVE-2019-1227", "CVE-2019-9506", "CVE-2019-9511", "CVE-2019-9512", "CVE-2019-9513", "CVE-2019-9514", "CVE-2019-9518"], "modified": "2023-02-10T00:00:00", "cpe": ["cpe:/o:microsoft:windows", "cpe:/a:microsoft:edge"], "id": "SMB_NT_MS19_AUG_4511553.NASL", "href": "https://www.tenable.com/plugins/nessus/127841", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(127841);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/02/10\");\n\n script_cve_id(\n \"CVE-2019-0714\",\n \"CVE-2019-0715\",\n \"CVE-2019-0716\",\n \"CVE-2019-0717\",\n \"CVE-2019-0718\",\n \"CVE-2019-0720\",\n \"CVE-2019-0723\",\n \"CVE-2019-0965\",\n \"CVE-2019-1030\",\n \"CVE-2019-1057\",\n \"CVE-2019-1078\",\n \"CVE-2019-1131\",\n \"CVE-2019-1133\",\n \"CVE-2019-1139\",\n \"CVE-2019-1140\",\n \"CVE-2019-1141\",\n \"CVE-2019-1143\",\n \"CVE-2019-1144\",\n \"CVE-2019-1145\",\n \"CVE-2019-1146\",\n \"CVE-2019-1147\",\n \"CVE-2019-1148\",\n \"CVE-2019-1149\",\n \"CVE-2019-1150\",\n \"CVE-2019-1151\",\n \"CVE-2019-1152\",\n \"CVE-2019-1153\",\n \"CVE-2019-1155\",\n \"CVE-2019-1156\",\n \"CVE-2019-1157\",\n \"CVE-2019-1158\",\n \"CVE-2019-1159\",\n \"CVE-2019-1162\",\n \"CVE-2019-1163\",\n \"CVE-2019-1164\",\n \"CVE-2019-1168\",\n \"CVE-2019-1170\",\n \"CVE-2019-1171\",\n \"CVE-2019-1172\",\n \"CVE-2019-1173\",\n \"CVE-2019-1174\",\n \"CVE-2019-1175\",\n \"CVE-2019-1176\",\n \"CVE-2019-1177\",\n \"CVE-2019-1178\",\n \"CVE-2019-1179\",\n \"CVE-2019-1180\",\n \"CVE-2019-1181\",\n \"CVE-2019-1182\",\n \"CVE-2019-1183\",\n \"CVE-2019-1184\",\n \"CVE-2019-1186\",\n \"CVE-2019-1187\",\n \"CVE-2019-1188\",\n \"CVE-2019-1190\",\n \"CVE-2019-1192\",\n \"CVE-2019-1193\",\n \"CVE-2019-1194\",\n \"CVE-2019-1195\",\n \"CVE-2019-1196\",\n \"CVE-2019-1197\",\n \"CVE-2019-1198\",\n \"CVE-2019-1206\",\n \"CVE-2019-1212\",\n \"CVE-2019-1222\",\n \"CVE-2019-1223\",\n \"CVE-2019-1224\",\n \"CVE-2019-1225\",\n \"CVE-2019-1226\",\n \"CVE-2019-1227\",\n \"CVE-2019-9506\",\n \"CVE-2019-9511\",\n \"CVE-2019-9512\",\n \"CVE-2019-9513\",\n \"CVE-2019-9514\",\n \"CVE-2019-9518\"\n );\n script_xref(name:\"MSKB\", value:\"4511553\");\n script_xref(name:\"MSFT\", value:\"MS19-4511553\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0643\");\n\n script_name(english:\"KB4511553: Windows 10 Version 1809 and Windows Server 2019 August 2019 Security Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4511553.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows kernel image handles objects in\n memory. An attacker who successfully exploited the\n vulnerability could execute code with elevated\n permissions. (CVE-2019-1190)\n\n - An elevation of privilege vulnerability exists when\n Windows improperly handles calls to Advanced Local\n Procedure Call (ALPC). An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n the security context of the local system. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n (CVE-2019-1162)\n\n - A security feature bypass vulnerability exists when\n Microsoft browsers improperly handle requests of\n different origins. The vulnerability allows Microsoft\n browsers to bypass Same-Origin Policy (SOP)\n restrictions, and to allow requests that should\n otherwise be ignored. An attacker who successfully\n exploited the vulnerability could force the browser to\n send data that would otherwise be restricted.\n (CVE-2019-1192)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Internet Explorer. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2019-1133, CVE-2019-1194)\n\n - A denial of service vulnerability exists when the\n XmlLite runtime (XmlLite.dll) improperly parses XML\n input. An attacker who successfully exploited this\n vulnerability could cause a denial of service against an\n XML application. A remote unauthenticated attacker could\n exploit this vulnerability by issuing specially crafted\n requests to an XML application. The update addresses the\n vulnerability by correcting how the XmlLite runtime\n parses XML input. (CVE-2019-1187)\n\n - An elevation of privilege vulnerability exists when\n DirectX improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could run arbitrary code in kernel mode. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n (CVE-2019-1176)\n\n - An information disclosure vulnerability exists when the\n Windows RDP server improperly discloses the contents of\n its memory. An attacker who successfully exploited this\n vulnerability could obtain information to further\n compromise the system. (CVE-2019-1224, CVE-2019-1225)\n\n - An elevation of privilege vulnerability exists when\n reparse points are created by sandboxed processes\n allowing sandbox escape. An attacker who successfully\n exploited the vulnerability could use the sandbox escape\n to elevate privileges on an affected system.\n (CVE-2019-1170)\n\n - A remote code execution vulnerability exists when the\n Windows Jet Database Engine improperly handles objects\n in memory. An attacker who successfully exploited this\n vulnerability could execute arbitrary code on a victim\n system. An attacker could exploit this vulnerability by\n enticing a victim to open a specially crafted file. The\n update addresses the vulnerability by correcting the way\n the Windows Jet Database Engine handles objects in\n memory. (CVE-2019-1146, CVE-2019-1147, CVE-2019-1155,\n CVE-2019-1156, CVE-2019-1157)\n\n - A denial of service vulnerability exists in the HTTP/2\n protocol stack (HTTP.sys) when HTTP.sys improperly\n parses specially crafted HTTP/2 requests. An attacker\n who successfully exploited the vulnerability could\n create a denial of service condition, causing the target\n system to become unresponsive. (CVE-2019-9511,\n CVE-2019-9512, CVE-2019-9513, CVE-2019-9514,\n CVE-2019-9518)\n\n - <h1>Executive Summary</h1> Microsoft is aware of the\n Bluetooth BR/EDR (basic rate/enhanced data rate, known\n as &quot;Bluetooth Classic&quot;) key negotiation\n vulnerability that exists at the hardware specification\n level of any BR/EDR Bluetooth device. An attacker could\n potentially be able to negotiate the offered key length\n down to 1 byte of entropy, from a maximum of 16 bytes.\n (CVE-2019-9506)\n\n - A denial of service vulnerability exists in Remote\n Desktop Protocol (RDP) when an attacker connects to the\n target system using RDP and sends specially crafted\n requests. An attacker who successfully exploited this\n vulnerability could cause the RDP service on the target\n system to stop responding. (CVE-2019-1223)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. (CVE-2019-1227)\n\n - An elevation of privilege vulnerability exists in the\n way that the PsmServiceExtHost.dll handles objects in\n memory. An attacker who successfully exploited the\n vulnerability could execute code with elevated\n permissions. (CVE-2019-1173, CVE-2019-1174)\n\n - A remote code execution vulnerability exists in\n Microsoft Windows that could allow remote code execution\n if a .LNK file is processed. An attacker who\n successfully exploited this vulnerability could gain the\n same user rights as the local user. (CVE-2019-1188)\n\n - An elevation of privilege exists in the p2pimsvc service\n where an attacker who successfully exploited the\n vulnerability could run arbitrary code with elevated\n privileges. (CVE-2019-1168)\n\n - A remote code execution vulnerability exists when\n Windows Hyper-V on a host server fails to properly\n validate input from an authenticated user on a guest\n operating system. (CVE-2019-0965)\n\n - An information disclosure vulnerability exists when the\n Windows Graphics component improperly handles objects in\n memory. An attacker who successfully exploited this\n vulnerability could obtain information to further\n compromise the users system. An authenticated attacker\n could exploit this vulnerability by running a specially\n crafted application. The update addresses the\n vulnerability by correcting how the Windows Graphics\n Component handles objects in memory. (CVE-2019-1078)\n\n - A denial of service vulnerability exists when Microsoft\n Hyper-V Network Switch on a host server fails to\n properly validate input from a privileged user on a\n guest operating system. An attacker who successfully\n exploited the vulnerability could cause the host server\n to crash. (CVE-2019-0714, CVE-2019-0715, CVE-2019-0717,\n CVE-2019-0718, CVE-2019-0723)\n\n - An elevation of privilege vulnerability exists in the\n way that the wcmsvc.dll handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2019-1180, CVE-2019-1186)\n\n - A memory corruption vulnerability exists in the Windows\n Server DHCP service when an attacker sends specially\n crafted packets to a DHCP failover server. An attacker\n who successfully exploited the vulnerability could cause\n the DHCP service to become nonresponsive.\n (CVE-2019-1206)\n\n - An elevation of privilege vulnerability exists in the\n way that the psmsrv.dll handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2019-1175)\n\n - An information disclosure vulnerability exists in\n SymCrypt during the OAEP decryption stage. An attacker\n who successfully exploited this vulnerability could\n obtain information to further compromise the users\n system. (CVE-2019-1171)\n\n - An elevation of privilege exists in SyncController.dll.\n An attacker who successfully exploited the vulnerability\n could run arbitrary code with elevated privileges.\n (CVE-2019-1198)\n\n - An elevation of privilege vulnerability exists in the\n way that the ssdpsrv.dll handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2019-1178)\n\n - A remote code execution vulnerability exists when the\n Windows font library improperly handles specially\n crafted embedded fonts. An attacker who successfully\n exploited the vulnerability could take control of the\n affected system. An attacker could then install\n programs; view, change, or delete data; or create new\n accounts with full user rights. (CVE-2019-1144,\n CVE-2019-1145, CVE-2019-1149, CVE-2019-1150,\n CVE-2019-1151, CVE-2019-1152)\n\n - A security feature bypass exists when Windows\n incorrectly validates CAB file signatures. An attacker\n who successfully exploited this vulnerability could\n inject code into a CAB file without invalidating the\n file's signature. (CVE-2019-1163)\n\n - An elevation of privilege vulnerability exists when the\n Windows kernel fails to properly handle objects in\n memory. An attacker who successfully exploited this\n vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change,\n or delete data; or create new accounts with full user\n rights. (CVE-2019-1159, CVE-2019-1164)\n\n - A remote code execution vulnerability exists in the way\n that the VBScript engine handles objects in memory. The\n vulnerability could corrupt memory in such a way that an\n attacker could execute arbitrary code in the context of\n the current user. An attacker who successfully exploited\n the vulnerability could gain the same user rights as the\n current user. (CVE-2019-1183)\n\n - A remote code execution vulnerability exists when\n Windows Hyper-V Network Switch on a host server fails to\n properly validate input from an authenticated user on a\n guest operating system. (CVE-2019-0720)\n\n - An information disclosure vulnerability exists when the\n Microsoft Windows Graphics Component improperly handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could obtain information to\n further compromise the users system. (CVE-2019-1148,\n CVE-2019-1153)\n\n - A remote code execution vulnerability exists in Remote\n Desktop Services formerly known as Terminal Services\n when an unauthenticated attacker connects to the target\n system using RDP and sends specially crafted requests.\n This vulnerability is pre-authentication and requires no\n user interaction. An attacker who successfully exploited\n this vulnerability could execute arbitrary code on the\n target system. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2019-1181, CVE-2019-1182,\n CVE-2019-1222, CVE-2019-1226)\n\n - An elevation of privilege vulnerability exists in the\n way that the rpcss.dll handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2019-1177)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft browsers access objects in memory. The\n vulnerability could corrupt memory in a way that could\n allow an attacker to execute arbitrary code in the\n context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2019-1193)\n\n - An information disclosure vulnerability exists when\n Microsoft Edge improperly handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could obtain information to further compromise the users\n system. (CVE-2019-1030)\n\n - An information disclosure vulnerability exists in Azure\n Active Directory (AAD) Microsoft Account (MSA) during\n the login request session. An attacker who successfully\n exploited the vulnerability could take over a user's\n account. (CVE-2019-1172)\n\n - A denial of service vulnerability exists when Windows\n improperly handles objects in memory. An attacker who\n successfully exploited the vulnerability could cause a\n target system to stop responding. (CVE-2019-0716)\n\n - An information disclosure vulnerability exists when the\n Windows GDI component improperly discloses the contents\n of its memory. An attacker who successfully exploited\n the vulnerability could obtain information to further\n compromise a users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document\n or by convincing a user to visit an untrusted webpage.\n The update addresses the vulnerability by correcting how\n the Windows GDI component handles objects in memory.\n (CVE-2019-1143, CVE-2019-1158)\n\n - An elevation of privilege vulnerability exists when\n Windows Core Shell COM Server Registrar improperly\n handles COM calls. An attacker who successfully\n exploited this vulnerability could potentially set\n certain items to run at a higher level and thereby\n elevate permissions. (CVE-2019-1184)\n\n - A memory corruption vulnerability exists in the Windows\n Server DHCP service when processing specially crafted\n packets. An attacker who successfully exploited the\n vulnerability could cause the DHCP server service to\n stop responding. (CVE-2019-1212)\n\n - A remote code execution vulnerability exists when the\n Microsoft XML Core Services MSXML parser processes user\n input. An attacker who successfully exploited the\n vulnerability could run malicious code remotely to take\n control of the users system. (CVE-2019-1057)\n\n - An elevation of privilege vulnerability exists in the\n way that the unistore.dll handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2019-1179)\n\n - A remote code execution vulnerability exists in the way\n that the Chakra scripting engine handles objects in\n memory in Microsoft Edge. The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. An attacker who successfully exploited the\n vulnerability could gain the same user rights as the\n current user. (CVE-2019-1131, CVE-2019-1139,\n CVE-2019-1140, CVE-2019-1141, CVE-2019-1195,\n CVE-2019-1196, CVE-2019-1197)\");\n # https://support.microsoft.com/en-us/help/4511553/windows-10-update-kb4511553\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?fcb0045c\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Cumulative Update KB4511553.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-1226\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/08/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/08/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/08/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:edge\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS19-08\";\nkbs = make_list('4511553');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"10\",\n sp:0,\n os_build:\"17763\",\n rollup_date:\"08_2019\",\n bulletin:bulletin,\n rollup_kb_list:[4511553])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}], "ibm": [{"lastseen": "2023-02-27T17:46:49", "description": "## Summary\n\nVulnerabilities in Netty used by IBM Netcool Agile Service Manager have been identified. Netcool Agile Service Manager has addressed the CVE.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2019-9514](<https://vulners.com/cve/CVE-2019-9514>) \n** DESCRIPTION: **Multiple vendors are vulnerable to a denial of service, caused by a Reset Flood attack. By opening a number of streams and sending an invalid request over each stream, a remote attacker could consume excessive CPU resources. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/164640](<https://exchange.xforce.ibmcloud.com/vulnerabilities/164640>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2019-9512](<https://vulners.com/cve/CVE-2019-9512>) \n** DESCRIPTION: **Multiple vendors are vulnerable to a denial of service, caused by a Ping Flood attack. By sending continual pings to an HTTP/2 peer, a remote attacker could consume excessive CPU resources. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/164903](<https://exchange.xforce.ibmcloud.com/vulnerabilities/164903>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2019-9518](<https://vulners.com/cve/CVE-2019-9518>) \n** DESCRIPTION: **Multiple vendors are vulnerable to a denial of service, caused by a Empty Frame Flooding attack. By sending a stream of frames with an empty payload and without the end-of-stream flag, a remote attacker could consume excessive CPU resources. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/164904](<https://exchange.xforce.ibmcloud.com/vulnerabilities/164904>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2019-9515](<https://vulners.com/cve/CVE-2019-9515>) \n** DESCRIPTION: **Multiple vendors are vulnerable to a denial of service, caused by a Settings Flood attack. By sending a stream of SETTINGS frames to the peer, a remote attacker could consume excessive CPU resources. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/165181](<https://exchange.xforce.ibmcloud.com/vulnerabilities/165181>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Netcool Agile Service Manager| 1.1 \n| \n \n\n\n## Remediation/Fixes\n\nUpdate to IBM Netcool Agile Service Manager 1.1.7 which will be available on 20 March 2020. \n\nTo install Netcool\u00ae Agile Service Manager Version 1.1.7, you download the installation images from IBM\u00ae Passport Advantage\u00ae. You then follow standard installation procedures, whether you install a new instance of Agile Service Manager, or upgrade an existing version.\n\n# [Download Netcool Agile Service Manager v1.1.7 (updated 31 January 2020)](<http://www-01.ibm.com/support/docview.wss?uid=swg24043717>)\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-03-31T22:16:20", "type": "ibm", "title": "Security Bulletin: Vulnerabilities in Netty affect IBM Netcool Agile Service Manager", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-9512", "CVE-2019-9514", "CVE-2019-9515", "CVE-2019-9518"], "modified": "2020-03-31T22:16:20", "id": "9637EBA6484BD28F500A4FB042427C33540202FCFEE1C248C5FC5C788BB997D1", "href": "https://www.ibm.com/support/pages/node/6147975", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-02-24T05:44:00", "description": "## Summary\n\nNetty is used by IBM Operations Analytics Predictive Insights. IBM Operations Analytics Predictive Insights has addressed the applicable CVE. Note that the usage of Netty within IBM Operations Analytics Predictive Insights is limited to the REST Mediation utility. If you do not use that utility then you are not affected by this bulletin.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2019-9514](<https://vulners.com/cve/CVE-2019-9514>) \n** DESCRIPTION: **Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service. The attacker opens a number of streams and sends an invalid request over each stream that should solicit a stream of RST_STREAM frames from the peer. Depending on how the peer queues the RST_STREAM frames, this can consume excess memory, CPU, or both. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/164640](<https://exchange.xforce.ibmcloud.com/vulnerabilities/164640>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n \n** CVEID: **[CVE-2019-9512](<https://vulners.com/cve/CVE-2019-9512>) \n** DESCRIPTION: **Some HTTP/2 implementations are vulnerable to ping floods, potentially leading to a denial of service. The attacker sends continual pings to an HTTP/2 peer, causing the peer to build an internal queue of responses. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/164903](<https://exchange.xforce.ibmcloud.com/vulnerabilities/164903>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n \n** CVEID: **[CVE-2019-9518](<https://vulners.com/cve/CVE-2019-9518>) \n** DESCRIPTION: **Some HTTP/2 implementations are vulnerable to a flood of empty frames, potentially leading to a denial of service. The attacker sends a stream of frames with an empty payload and without the end-of-stream flag. These frames can be DATA, HEADERS, CONTINUATION and/or PUSH_PROMISE. The peer spends time processing each frame disproportionate to attack bandwidth. This can consume excess CPU. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/164904](<https://exchange.xforce.ibmcloud.com/vulnerabilities/164904>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n \n** CVEID: **[CVE-2019-9515](<https://vulners.com/cve/CVE-2019-9515>) \n** DESCRIPTION: **Some HTTP/2 implementations are vulnerable to a settings flood, potentially leading to a denial of service. The attacker sends a stream of SETTINGS frames to the peer. Since the RFC requires that the peer reply with one acknowledgement per SETTINGS frame, an empty SETTINGS frame is almost equivalent in behavior to a ping. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/165181](<https://exchange.xforce.ibmcloud.com/vulnerabilities/165181>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Operations Analytics Predictive Insights| 1.3.6 \n \n\n\n## Remediation/Fixes\n\nApply 1.3.6 Interim Fix 2 or later \n[https://www-945.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/Tivoli/IBM+SmartCloud+Analytics+-+Predictive+Insights&amp;release=1.3.6](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/Tivoli/IBM+SmartCloud+Analytics+-+Predictive+Insights&release=1.3.6>)\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-02-28T17:05:23", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in netty affect IBM Operations Analytics Predictive Insights (CVE-2019-9514, CVE-2019-9512, CVE-2019-9518, CVE-2019-9515)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-9512", "CVE-2019-9514", "CVE-2019-9515", "CVE-2019-9518"], "modified": "2020-02-28T17:05:23", "id": "2EA2C9FAC993C6AEC32EA8F89FBD4374B89508FE14BFE1942351C36F204DE9B5", "href": "https://www.ibm.com/support/pages/node/5277639", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-06-24T06:08:47", "description": "## Summary\n\nNetty denial of service vulnerabilities affect IBM Spectrum Control (formerly Tivoli Storage Productivity Center).\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2019-9514](<https://vulners.com/cve/CVE-2019-9514>) \n** DESCRIPTION: **Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service. The attacker opens a number of streams and sends an invalid request over each stream that should solicit a stream of RST_STREAM frames from the peer. Depending on how the peer queues the RST_STREAM frames, this can consume excess memory, CPU, or both. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/164640](<https://exchange.xforce.ibmcloud.com/vulnerabilities/164640>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n \n** CVEID: **[CVE-2019-9512](<https://vulners.com/cve/CVE-2019-9512>) \n** DESCRIPTION: **Some HTTP/2 implementations are vulnerable to ping floods, potentially leading to a denial of service. The attacker sends continual pings to an HTTP/2 peer, causing the peer to build an internal queue of responses. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/164903](<https://exchange.xforce.ibmcloud.com/vulnerabilities/164903>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n \n** CVEID: **[CVE-2019-9518](<https://vulners.com/cve/CVE-2019-9518>) \n** DESCRIPTION: **Some HTTP/2 implementations are vulnerable to a flood of empty frames, potentially leading to a denial of service. The attacker sends a stream of frames with an empty payload and without the end-of-stream flag. These frames can be DATA, HEADERS, CONTINUATION and/or PUSH_PROMISE. The peer spends time processing each frame disproportionate to attack bandwidth. This can consume excess CPU. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/164904](<https://exchange.xforce.ibmcloud.com/vulnerabilities/164904>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n \n** CVEID: **[CVE-2019-9515](<https://vulners.com/cve/CVE-2019-9515>) \n** DESCRIPTION: **Some HTTP/2 implementations are vulnerable to a settings flood, potentially leading to a denial of service. The attacker sends a stream of SETTINGS frames to the peer. Since the RFC requires that the peer reply with one acknowledgement per SETTINGS frame, an empty SETTINGS frame is almost equivalent in behavior to a ping. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/165181](<https://exchange.xforce.ibmcloud.com/vulnerabilities/165181>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n\n## Affected Products and Versions\n\n**Affected Product(s)**| **Version(s)** \n---|--- \nIBM Spectrum Control| 5.3.0 - 5.3.3 \n \n\n\n## Remediation/Fixes\n\nThe solution is to apply an appropriate IBM Spectrum Control fix. Click on the download link and follow the Installation Instructions. The solution should be implemented as soon as practicable. \n\nStarting with 5.2.8, Tivoli Storage Productivity Center has been renamed to IBM Spectrum Control.\n\n**Release**| \n\n**First Fixing **\n\n**VRM Level**\n\n| **Link to Fix \n** \n---|---|--- \n5.3| 5.3.4| <http://www.ibm.com/support/docview.wss?uid=swg21320822#53_0> \n \n \n\n\n**Note:** It is always recommended to have a current backup before applying any update procedure. \n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-02-22T20:10:14", "type": "ibm", "title": "Security Bulletin: Netty vulnerabilities affect IBM Spectrum Control (formerly Tivoli Storage Productivity Center) (CVE-2019-9514, CVE-2019-9512, CVE-2019-9518, CVE-2019-9515)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-9512", "CVE-2019-9514", "CVE-2019-9515", "CVE-2019-9518"], "modified": "2022-02-22T20:10:14", "id": "8507B058C81047318472EE4CA22600AD2B6A70184CB90B2496F848C8119E7F48", "href": "https://www.ibm.com/support/pages/node/1172470", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-02-24T01:38:53", "description": "## Summary\n\nThere are vulnerabilities in Netty used by IBM Transparent Cloud Tiering. IBM Transparent Cloud Tiering has addressed the applicable CVEs.\n\n## Vulnerability Details\n\n**CVEID: **[CVE-2019-9514](<https://vulners.com/cve/CVE-2019-9514>) \n**DESCRIPTION: **Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service. The attacker opens a number of streams and sends an invalid request over each stream that should solicit a stream of RST_STREAM frames from the peer. Depending on how the peer queues the RST_STREAM frames, this can consume excess memory, CPU, or both. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/164640](<https://exchange.xforce.ibmcloud.com/vulnerabilities/164640>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n\n \n**CVEID: **[CVE-2019-9512](<https://vulners.com/cve/CVE-2019-9512>) \n**DESCRIPTION: **Some HTTP/2 implementations are vulnerable to ping floods, potentially leading to a denial of service. The attacker sends continual pings to an HTTP/2 peer, causing the peer to build an internal queue of responses. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/164903](<https://exchange.xforce.ibmcloud.com/vulnerabilities/164903>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n\n \n**CVEID: **[CVE-2019-9518](<https://vulners.com/cve/CVE-2019-9518>) \n**DESCRIPTION: **Some HTTP/2 implementations are vulnerable to a flood of empty frames, potentially leading to a denial of service. The attacker sends a stream of frames with an empty payload and without the end-of-stream flag. These frames can be DATA, HEADERS, CONTINUATION and/or PUSH_PROMISE. The peer spends time processing each frame disproportionate to attack bandwidth. This can consume excess CPU. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/164904](<https://exchange.xforce.ibmcloud.com/vulnerabilities/164904>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n\n \n**CVEID: **[CVE-2019-9515](<https://vulners.com/cve/CVE-2019-9515>) \n**DESCRIPTION: **Some HTTP/2 implementations are vulnerable to a settings flood, potentially leading to a denial of service. The attacker sends a stream of SETTINGS frames to the peer. Since the RFC requires that the peer reply with one acknowledgement per SETTINGS frame, an empty SETTINGS frame is almost equivalent in behavior to a ping. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/165181](<https://exchange.xforce.ibmcloud.com/vulnerabilities/165181>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nTransparent Cloud Tiering 1.1.1.0 thru 1.1.3.10 \nTransparent Cloud Tiering 1.1.5.0 thru 1.1.7.2\n\n## Remediation/Fixes\n\nFor Transparent Cloud Tiering 1.1.1.0 thru 1.1.3.10 , apply Transparent Cloud Tiering 1.1.3.11 bundled with IBM Spectrum Scale V4.2.3.19 available from FixCentral at: \n\n[https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=Software%20defined%20storage&amp;product=ibm/StorageSoftware/IBM+Spectrum+Scale&amp;release=4.2.3&amp;platform=All&amp;function=all](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=Software%20defined%20storage&product=ibm/StorageSoftware/IBM+Spectrum+Scale&release=4.2.3&platform=All&function=all>)\n\nFor Transparent Cloud Tiering 1.1.5.0 thru 1.1.7.2, apply Transparent Cloud Tiering 1.1.7.3 bundled with IBM Spectrum Scale V5.0.4.1 available from FixCentral at:\n\n[https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=Software%20defined%20storage&amp;product=ibm/StorageSoftware/IBM+Spectrum+Scale&amp;release=5.0.4&amp;platform=All&amp;function=all](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=Software%20defined%20storage&product=ibm/StorageSoftware/IBM+Spectrum+Scale&release=5.0.3&platform=All&function=all>)\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-01-08T05:54:30", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in Netty affect IBM Transparent Cloud Tiering", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-9512", "CVE-2019-9514", "CVE-2019-9515", "CVE-2019-9518"], "modified": "2020-01-08T05:54:30", "id": "EDBCE2D5797575D019533793BC0DBD438D1B65A6557C755729CCDB2B49BEFFB5", "href": "https://www.ibm.com/support/pages/node/1109781", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-02-27T21:48:30", "description": "## Summary\n\nIBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of Netty.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2019-16869](<https://vulners.com/cve/CVE-2019-16869>) \n** DESCRIPTION: **Netty is vulnerable to HTTP request smuggling, caused by a flaw when handling unusual whitespaces before the colon in HTTP headers. By sending a specially-crafted request, an attacker could exploit this vulnerability to poison the web cache, bypass web application firewall protection, and conduct XSS attacks. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/167672](<https://exchange.xforce.ibmcloud.com/vulnerabilities/167672>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2019-9515](<https://vulners.com/cve/CVE-2019-9515>) \n** DESCRIPTION: **Multiple vendors are vulnerable to a denial of service, caused by a Settings Flood attack. By sending a stream of SETTINGS frames to the peer, a remote attacker could consume excessive CPU resources. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/165181](<https://exchange.xforce.ibmcloud.com/vulnerabilities/165181>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2019-9518](<https://vulners.com/cve/CVE-2019-9518>) \n** DESCRIPTION: **Multiple vendors are vulnerable to a denial of service, caused by a Empty Frame Flooding attack. By sending a stream of frames with an empty payload and without the end-of-stream flag, a remote attacker could consume excessive CPU resources. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/164904](<https://exchange.xforce.ibmcloud.com/vulnerabilities/164904>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2019-9512](<https://vulners.com/cve/CVE-2019-9512>) \n** DESCRIPTION: **Multiple vendors are vulnerable to a denial of service, caused by a Ping Flood attack. By sending continual pings to an HTTP/2 peer, a remote attacker could consume excessive CPU resources. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/164903](<https://exchange.xforce.ibmcloud.com/vulnerabilities/164903>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2019-9514](<https://vulners.com/cve/CVE-2019-9514>) \n** DESCRIPTION: **Multiple vendors are vulnerable to a denial of service, caused by a Reset Flood attack. By opening a number of streams and sending an invalid request over each stream, a remote attacker could consume excessive CPU resources. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/164640](<https://exchange.xforce.ibmcloud.com/vulnerabilities/164640>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nICP - Discovery| 2.0.0-2.1.4 \n \n\n\n## Remediation/Fixes\n\nUpgrade to IBM Watson Discovery 2.2.0 \n \n<https://cloud.ibm.com/docs/discovery-data?topic=discovery-data-install>\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-12-09T04:40:37", "type": "ibm", "title": "Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Netty", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-16869", "CVE-2019-9512", "CVE-2019-9514", "CVE-2019-9515", "CVE-2019-9518"], "modified": "2020-12-09T04:40:37", "id": "582F96446333EB82A24A0C13191C208F7E940B6AE34B504E8FD5A296160793B6", "href": "https://www.ibm.com/support/pages/node/6364965", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-02-24T01:38:03", "description": "## Summary\n\nSeveral issues were reported against the HTTP/2 implementation used by IBM WebSphere Application Server Liberty Profile which is used to host the IBM MQ Console and REST API.\n\n## Vulnerability Details\n\n**CVEID: **[CVE-2019-9515](<https://vulners.com/cve/CVE-2019-9515>) \n**DESCRIPTION: **Some HTTP/2 implementations are vulnerable to a settings flood, potentially leading to a denial of service. The attacker sends a stream of SETTINGS frames to the peer. Since the RFC requires that the peer reply with one acknowledgement per SETTINGS frame, an empty SETTINGS frame is almost equivalent in behavior to a ping. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/165181](<https://exchange.xforce.ibmcloud.com/vulnerabilities/165181>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n\n** CVEID: **[CVE-2019-9518](<https://vulners.com/cve/CVE-2019-9518>) \n**DESCRIPTION: **Some HTTP/2 implementations are vulnerable to a flood of empty frames, potentially leading to a denial of service. The attacker sends a stream of frames with an empty payload and without the end-of-stream flag. These frames can be DATA, HEADERS, CONTINUATION and/or PUSH_PROMISE. The peer spends time processing each frame disproportionate to attack bandwidth. This can consume excess CPU. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/164904](<https://exchange.xforce.ibmcloud.com/vulnerabilities/164904>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n\n** CVEID: **[CVE-2019-9517](<https://vulners.com/cve/CVE-2019-9517>) \n**DESCRIPTION: **Some HTTP/2 implementations are vulnerable to unconstrained interal data buffering, potentially leading to a denial of service. The attacker opens the HTTP/2 window so the peer can send without constraint; however, they leave the TCP window closed so the peer cannot actually write (many of) the bytes on the wire. The attacker then sends a stream of requests for a large response object. Depending on how the servers queue the responses, this can consume excess memory, CPU, or both. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/165183](<https://exchange.xforce.ibmcloud.com/vulnerabilities/165183>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n\n** CVEID: **[CVE-2019-9512](<https://vulners.com/cve/CVE-2019-9512>) \n**DESCRIPTION: **Some HTTP/2 implementations are vulnerable to ping floods, potentially leading to a denial of service. The attacker sends continual pings to an HTTP/2 peer, causing the peer to build an internal queue of responses. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/164903](<https://exchange.xforce.ibmcloud.com/vulnerabilities/164903>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n\n** CVEID: **[CVE-2019-9514](<https://vulners.com/cve/CVE-2019-9514>) \n**DESCRIPTION: **Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service. The attacker opens a number of streams and sends an invalid request over each stream that should solicit a stream of RST_STREAM frames from the peer. Depending on how the peer queues the RST_STREAM frames, this can consume excess memory, CPU, or both. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/164640](<https://exchange.xforce.ibmcloud.com/vulnerabilities/164640>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n\n** CVEID: **[CVE-2019-9513](<https://vulners.com/cve/CVE-2019-9513>) \n**DESCRIPTION: **Some HTTP/2 implementations are vulnerable to resource loops, potentially leading to a denial of service. The attacker creates multiple request streams and continually shuffles the priority of the streams in a way that causes substantial churn to the priority tree. This can consume excess CPU. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/164639](<https://exchange.xforce.ibmcloud.com/vulnerabilities/164639>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n\n## Affected Products and Versions\n\nAffected Product(s) | Version(s) \n---|--- \nIBM MQ Appliance | 8.0 \nIBM MQ and IBM MQ Appliance | 9.1 LTS \nIBM MQ and IBM MQ Appliance | 9.1 CD \n \n## Remediation/Fixes\n\n**IBM MQ Appliance V8** \nApply [FixPack 8.0.0.14](<https://www.ibm.com/support/pages/node/1282120>) \n \n**IBM MQ and IBM MQ Appliance V9.1 LTS** \nApply [FixPack 9.1.0.4](<https://www.ibm.com/support/pages/downloading-ibm-mq-version-9104>) \n \n**IBM MQ and IBM MQ Appliance V9.1 CD** \nUpgrade to [IBM MQ 9.1.4](<https://www.ibm.com/support/pages/downloading-ibm-mq-version-914-continuous-delivery>)\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-02-28T12:25:31", "type": "ibm", "title": "Security Bulletin: IBM MQ Console and REST API are vulnerable to multiple Denial of service attacks within HTTP/2 (CVE-2019-9515, CVE-2019-9518, CVE-2019-9517, CVE-2019-9514, CVE-2019-9512, CVE-2019-9513)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-9512", "CVE-2019-9513", "CVE-2019-9514", "CVE-2019-9515", "CVE-2019-9517", "CVE-2019-9518"], "modified": "2020-02-28T12:25:31", "id": "9A96669F651314B055987343933B2F58BB66C71D7B13E3E61735C74B9F85DCFD", "href": "https://www.ibm.com/support/pages/node/1106055", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-02-24T05:42:23", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae WebSphere Liberty ,Version 8.5.5.8 used by IBM Tivoli Application Dependency Discovery Manager (TADDM)\n\n## Vulnerability Details\n\n**CVEID: **[CVE-2019-9515](<https://vulners.com/cve/CVE-2019-9515>) \n**DESCRIPTION: **Multiple vendors are vulnerable to a denial of service, caused by a Settings Flood attack. By sending a stream of SETTINGS frames to the peer, a remote attacker could consume excessive CPU resources. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/165181](<https://exchange.xforce.ibmcloud.com/vulnerabilities/165181>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n**CVEID: **[CVE-2019-9518](<https://vulners.com/cve/CVE-2019-9518>) \n**DESCRIPTION: **Multiple vendors are vulnerable to a denial of service, caused by a Empty Frame Flooding attack. By sending a stream of frames with an empty payload and without the end-of-stream flag, a remote attacker could consume excessive CPU resources. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/164904](<https://exchange.xforce.ibmcloud.com/vulnerabilities/164904>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n**CVEID: **[CVE-2019-9517](<https://vulners.com/cve/CVE-2019-9517>) \n**DESCRIPTION: **Multiple vendors are vulnerable to a denial of service, caused by an Internal Data Buffering attack. By opening the HTTP/2 window so the peer can send without constraint and sending a stream of requests for a large response object, a remote attacker could consume excessive CPU resources. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/165183](<https://exchange.xforce.ibmcloud.com/vulnerabilities/165183>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n**CVEID: **[CVE-2019-9512](<https://vulners.com/cve/CVE-2019-9512>) \n**DESCRIPTION: **Multiple vendors are vulnerable to a denial of service, caused by a Ping Flood attack. By sending continual pings to an HTTP/2 peer, a remote attacker could consume excessive CPU resources. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/164903](<https://exchange.xforce.ibmcloud.com/vulnerabilities/164903>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n**CVEID: **[CVE-2019-9514](<https://vulners.com/cve/CVE-2019-9514>) \n**DESCRIPTION: **Multiple vendors are vulnerable to a denial of service, caused by a Reset Flood attack. By opening a number of streams and sending an invalid request over each stream, a remote attacker could consume excessive CPU resources. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/164640](<https://exchange.xforce.ibmcloud.com/vulnerabilities/164640>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n**CVEID: **[CVE-2019-9513](<https://vulners.com/cve/CVE-2019-9513>) \n**DESCRIPTION: **Multiple vendors are vulnerable to a denial of service, caused by a Resource Loop attack. By creating multiple request streams and continually shuffling the priority of the streams, a remote attacker could consume excessive CPU resources. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/164639](<https://exchange.xforce.ibmcloud.com/vulnerabilities/164639>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s) | Version(s) \n---|--- \nIBM Tivoli Application Dependency Discovery Manager | 7.3.0.5 - 7.3.0.7 \n \n## Remediation/Fixes\n\nIn order to fix this vulnerability, Liberty was upgraded from 8.5.5.8 to 20.0.0.1. This upgrade is now available as part of TADDM 7.3.0.7 (TIV-ITADDM-FP0007) release.\n\nFor download of the FixPack, please refer the below FixCentral Link : \n\nDownload Link : [FixCentral](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FTivoli%2FTivoli+Application+Dependency+Discovery+Manager&fixids=7.3-TIV-ITADDM-FP0007&source=SAR> \"FixCentral\" )\n\n**Fix** | **VRMF** | **APAR** | **How to acquire fix** \n---|---|---|--- \nefix_WLP_PSIRT_20001_FP5180802.zip | 7.3.0.5 | None | [Download eFix](<https://www.secure.ecurep.ibm.com/download/?id=VfcOQ8sCje6SJgjgz0F4lrr5GpDAaeM315TgIPim1iI>) \nefix_WLP_PSIRT_20001_FP6190313.zip | 7.3.0.6 | None | [Download eFix](<https://www.secure.ecurep.ibm.com/download/?id=QOSpQ0GKgpygaBeViFDKCQ2pltAUCGt2pQH7HYlhcVk>) \n \n**_Note:_**\n\n * Before TADDM 7.3.0.5, Java 7 was used and the upgraded Liberty version 20.0.0.1 requires Java8. Hence, no eFix can be provided for versions before 7.3.0.5\n\n * There are 4 Security Bulletins of WAS Liberty, which provide the same efix for remediation as they all require an upgrade to WAS Liberty 20.0.0.1. An efix of any of these bulletins can be applied. The bulletins for reference are as follows: \n * [Security Bulletin: Bypass security restrictions in WAS Liberty](<https://www.ibm.com/support/pages/node/5693193>)\n * [Security Bulletin: Cookie created without secure flag WAS Liberty](<https://www.ibm.com/support/pages/node/5693217>)\n * [Security Bulletin: WebSphere Liberty susceptible to HTTP2 implementation vulnerabilities](<https://www.ibm.com/support/pages/node/5691194>)\n * [Security Bulletin: Stack is displayed in WebSphere Application Server](<https://www.ibm.com/support/pages/node/5693223>)\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-05-22T17:31:17", "type": "ibm", "title": "Security Bulletin: WebSphere Liberty susceptible to HTTP2 implementation vulnerabilities", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-9512", "CVE-2019-9513", "CVE-2019-9514", "CVE-2019-9515", "CVE-2019-9517", "CVE-2019-9518"], "modified": "2020-05-22T17:31:17", "id": "B3F4AA1A1992E6D3190AE7943B4F2C3504BE89943C73FA50CD108D6F916DEA0B", "href": "https://www.ibm.com/support/pages/node/5691194", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-02-24T01:38:55", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM WebSphere Liberty that affect IBM WIoTP MessageGateway.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2019-9515](<https://vulners.com/cve/CVE-2019-9515>) \n** DESCRIPTION: **Some HTTP/2 implementations are vulnerable to a settings flood, potentially leading to a denial of service. The attacker sends a stream of SETTINGS frames to the peer. Since the RFC requires that the peer reply with one acknowledgement per SETTINGS frame, an empty SETTINGS frame is almost equivalent in behavior to a ping. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/165181](<https://exchange.xforce.ibmcloud.com/vulnerabilities/165181>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n \n** CVEID: **[CVE-2019-9518](<https://vulners.com/cve/CVE-2019-9518>) \n** DESCRIPTION: **Some HTTP/2 implementations are vulnerable to a flood of empty frames, potentially leading to a denial of service. The attacker sends a stream of frames with an empty payload and without the end-of-stream flag. These frames can be DATA, HEADERS, CONTINUATION and/or PUSH_PROMISE. The peer spends time processing each frame disproportionate to attack bandwidth. This can consume excess CPU. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/164904](<https://exchange.xforce.ibmcloud.com/vulnerabilities/164904>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n \n** CVEID: **[CVE-2019-9517](<https://vulners.com/cve/CVE-2019-9517>) \n** DESCRIPTION: **Some HTTP/2 implementations are vulnerable to unconstrained interal data buffering, potentially leading to a denial of service. The attacker opens the HTTP/2 window so the peer can send without constraint; however, they leave the TCP window closed so the peer cannot actually write (many of) the bytes on the wire. The attacker then sends a stream of requests for a large response object. Depending on how the servers queue the responses, this can consume excess memory, CPU, or both. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/165183](<https://exchange.xforce.ibmcloud.com/vulnerabilities/165183>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n \n** CVEID: **[CVE-2019-9512](<https://vulners.com/cve/CVE-2019-9512>) \n** DESCRIPTION: **Some HTTP/2 implementations are vulnerable to ping floods, potentially leading to a denial of service. The attacker sends continual pings to an HTTP/2 peer, causing the peer to build an internal queue of responses. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/164903](<https://exchange.xforce.ibmcloud.com/vulnerabilities/164903>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n \n** CVEID: **[CVE-2019-9514](<https://vulners.com/cve/CVE-2019-9514>) \n** DESCRIPTION: **Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service. The attacker opens a number of streams and sends an invalid request over each stream that should solicit a stream of RST_STREAM frames from the peer. Depending on how the peer queues the RST_STREAM frames, this can consume excess memory, CPU, or both. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/164640](<https://exchange.xforce.ibmcloud.com/vulnerabilities/164640>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n \n** CVEID: **[CVE-2019-9513](<https://vulners.com/cve/CVE-2019-9513>) \n** DESCRIPTION: **Some HTTP/2 implementations are vulnerable to resource loops, potentially leading to a denial of service. The attacker creates multiple request streams and continually shuffles the priority of the streams in a way that causes substantial churn to the priority tree. This can consume excess CPU. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/164639](<https://exchange.xforce.ibmcloud.com/vulnerabilities/164639>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM WIoTP MessageGateway| 5.0.0.1 \nIBM IoT MessageSight| 5.0.0.0 \nIBM IoT MessageSight| 2.0 \n \n\n\n## Remediation/Fixes\n\n_Product_\n\n| _VRMF_| _APAR_| _Remediation/First Fix_ \n---|---|---|--- \n_IBM WIoTP MessageGateway_| \n\n_5.0.0.2_\n\n| \n\n_IT31139_\n\n| [_5.0.0.2-IBM-IMA-IFIT31139_](<https://www.ibm.com/support/pages/node/1142656>) \n_IBM MessageSight_| \n\n_5.0.0.0_\n\n| \n\n_IT31139_\n\n| [_5.0.0.0-IBM-IMA-IFIT31139_](<https://www.ibm.com/support/pages/node/1142680>) \n_IBM MessageSight_| \n\n_2.0.0.2_\n\n| \n\n_IT31139_\n\n| [_2.0.0.2-IBM-IMA-IFIT31139_](<https://www.ibm.com/support/pages/node/1142686>) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-01-03T21:21:12", "type": "ibm", "title": "Security Bulletin: Multiple Vulnerabilities in Liberty affect IBM WIoTP MessageGateway", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-9512", "CVE-2019-9513", "CVE-2019-9514", "CVE-2019-9515", "CVE-2019-9517", "CVE-2019-9518"], "modified": "2020-01-03T21:21:12", "id": "413EFD2051B06CEFCDFB6A85E56D412853059B72C27BDAC4B5D06E384C0A787D", "href": "https://www.ibm.com/support/pages/node/1167898", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-02-24T05:43:35", "description": "## Summary\n\nThere are multiple vulnerabilities in the WebSphere Application Server Liberty HTTP/2 implementation that is used by Watson Knowledge Catalog for IBM Cloud Pak for Data. This affects various Watson Knowledge Catalog services. These vulnerabilities have been addressed.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2019-9515](<https://vulners.com/cve/CVE-2019-9515>) \n** DESCRIPTION: **Multiple vendors are vulnerable to a denial of service, caused by a Settings Flood attack. By sending a stream of SETTINGS frames to the peer, a remote attacker could consume excessive CPU resources. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/165181](<https://exchange.xforce.ibmcloud.com/vulnerabilities/165181>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2019-9518](<https://vulners.com/cve/CVE-2019-9518>) \n** DESCRIPTION: **Multiple vendors are vulnerable to a denial of service, caused by a Empty Frame Flooding attack. By sending a stream of frames with an empty payload and without the end-of-stream flag, a remote attacker could consume excessive CPU resources. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/164904](<https://exchange.xforce.ibmcloud.com/vulnerabilities/164904>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2019-9517](<https://vulners.com/cve/CVE-2019-9517>) \n** DESCRIPTION: **Multiple vendors are vulnerable to a denial of service, caused by an Internal Data Buffering attack. By opening the HTTP/2 window so the peer can send without constraint and sending a stream of requests for a large response object, a remote attacker could consume excessive CPU resources. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/165183](<https://exchange.xforce.ibmcloud.com/vulnerabilities/165183>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2019-9512](<https://vulners.com/cve/CVE-2019-9512>) \n** DESCRIPTION: **Multiple vendors are vulnerable to a denial of service, caused by a Ping Flood attack. By sending continual pings to an HTTP/2 peer, a remote attacker could consume excessive CPU resources. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/164903](<https://exchange.xforce.ibmcloud.com/vulnerabilities/164903>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2019-9514](<https://vulners.com/cve/CVE-2019-9514>) \n** DESCRIPTION: **Multiple vendors are vulnerable to a denial of service, caused by a Reset Flood attack. By opening a number of streams and sending an invalid request over each stream, a remote attacker could consume excessive CPU resources. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/164640](<https://exchange.xforce.ibmcloud.com/vulnerabilities/164640>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2019-9513](<https://vulners.com/cve/CVE-2019-9513>) \n** DESCRIPTION: **Multiple vendors are vulnerable to a denial of service, caused by a Resource Loop attack. By creating multiple request streams and continually shuffling the priority of the streams, a remote attacker could consume excessive CPU resources. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/164639](<https://exchange.xforce.ibmcloud.com/vulnerabilities/164639>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nWatson Knowledge Catalog for IBM Cloud Pak for Data| 2.5 \n \n\n\n## Remediation/Fixes\n\nInstall wkc-patch-3.0.0.3 for IBM Cloud Pak for Data. \n\nContact IBM support for more details.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-03-11T15:28:43", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in HTTP/2 implementation used by Watson Knowledge Catalog for IBM Cloud Pak for Data", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-9512", "CVE-2019-9513", "CVE-2019-9514", "CVE-2019-9515", "CVE-2019-9517", "CVE-2019-9518"], "modified": "2020-03-11T15:28:43", "id": "0AF0D1ABD7511641350D2C0A10AF6B5BB4A0ABFC6C05902B5F1C5E07C1566C95", "href": "https://www.ibm.com/support/pages/node/5695545", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-02-24T01:39:00", "description": "## Summary\n\nMultiple vulnerabilities CVE-2019-9516, CVE-2019-9515, CVE-2019-9517, CVE-2019-9518, CVE-2019-9511, CVE-2019-9513 in nginx\n\n## Vulnerability Details\n\n**CVEID: **[CVE-2019-9516](<https://vulners.com/cve/CVE-2019-9516>) \n**DESCRIPTION: **Some HTTP/2 implementations are vulnerable to a header leak, potentially leading to a denial of service. The attacker sends a stream of headers with a 0-length header name and 0-length header value, optionally Huffman encoded into 1-byte or greater headers. Some implementations allocate memory for these headers and keep the allocation alive until the session dies. This can consume excess memory. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/165182](<https://exchange.xforce.ibmcloud.com/vulnerabilities/165182>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n\n \n**CVEID: **[CVE-2019-9515](<https://vulners.com/cve/CVE-2019-9515>) \n**DESCRIPTION: **Some HTTP/2 implementations are vulnerable to a settings flood, potentially leading to a denial of service. The attacker sends a stream of SETTINGS frames to the peer. Since the RFC requires that the peer reply with one acknowledgement per SETTINGS frame, an empty SETTINGS frame is almost equivalent in behavior to a ping. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/165181](<https://exchange.xforce.ibmcloud.com/vulnerabilities/165181>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n\n \n**CVEID: **[CVE-2019-9518](<https://vulners.com/cve/CVE-2019-9518>) \n**DESCRIPTION: **Some HTTP/2 implementations are vulnerable to a flood of empty frames, potentially leading to a denial of service. The attacker sends a stream of frames with an empty payload and without the end-of-stream flag. These frames can be DATA, HEADERS, CONTINUATION and/or PUSH_PROMISE. The peer spends time processing each frame disproportionate to attack bandwidth. This can consume excess CPU. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/164904](<https://exchange.xforce.ibmcloud.com/vulnerabilities/164904>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n\n \n**CVEID: **[CVE-2019-9517](<https://vulners.com/cve/CVE-2019-9517>) \n**DESCRIPTION: **Some HTTP/2 implementations are vulnerable to unconstrained interal data buffering, potentially leading to a denial of service. The attacker opens the HTTP/2 window so the peer can send without constraint; however, they leave the TCP window closed so the peer cannot actually write (many of) the bytes on the wire. The attacker then sends a stream of requests for a large response object. Depending on how the servers queue the responses, this can consume excess memory, CPU, or both. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/165183](<https://exchange.xforce.ibmcloud.com/vulnerabilities/165183>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n\n \n**CVEID: **[CVE-2019-9511](<https://vulners.com/cve/CVE-2019-9511>) \n**DESCRIPTION: **Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service. The attacker requests a large amount of data from a specified resource over multiple streams. They manipulate window size and stream priority to force the server to queue the data in 1-byte chunks. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/164638](<https://exchange.xforce.ibmcloud.com/vulnerabilities/164638>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n\n \n**CVEID: **[CVE-2019-9513](<https://vulners.com/cve/CVE-2019-9513>) \n**DESCRIPTION: **Some HTTP/2 implementations are vulnerable to resource loops, potentially leading to a denial of service. The attacker creates multiple request streams and continually shuffles the priority of the streams in a way that causes substantial churn to the priority tree. This can consume excess CPU. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/164639](<https://exchange.xforce.ibmcloud.com/vulnerabilities/164639>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s) | Version(s) \n---|--- \nIBM PowerAI Vision | 1.1.3 \nIBM PowerAI Vision | 1.1.4 \n \n## Remediation/Fixes\n\nnginx has been upgraded in PowerAI Vision 1.1.5 to a level that addresses this vulnerability.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-01-08T18:55:26", "type": "ibm", "title": "Security Bulletin: A security vulnerability has been identified in nginx shipped with PowerAI Vision", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-9511", "CVE-2019-9513", "CVE-2019-9515", "CVE-2019-9516", "CVE-2019-9517", "CVE-2019-9518"], "modified": "2020-01-08T18:55:26", "id": "3C024BED98983358FC2A70F4FA5AF823CC21E61763DB444AC2404D2ECDECB070", "href": "https://www.ibm.com/support/pages/node/1168540", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-02-24T05:46:29", "description": "## Summary\n\nAsset Analyzer (RAA) has addressed the following Websphere Application Server vulnerabilities. \n\n## Vulnerability Details\n\n** CVEID: **[CVE-2019-9515](<https://vulners.com/cve/CVE-2019-9515>) \n** DESCRIPTION: **Some HTTP/2 implementations are vulnerable to a settings flood, potentially leading to a denial of service. The attacker sends a stream of SETTINGS frames to the peer. Since the RFC requires that the peer reply with one acknowledgement per SETTINGS frame, an empty SETTINGS frame is almost equivalent in behavior to a ping. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/165181](<https://exchange.xforce.ibmcloud.com/vulnerabilities/165181>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n \n** CVEID: **[CVE-2019-9518](<https://vulners.com/cve/CVE-2019-9518>) \n** DESCRIPTION: **Some HTTP/2 implementations are vulnerable to a flood of empty frames, potentially leading to a denial of service. The attacker sends a stream of frames with an empty payload and without the end-of-stream flag. These frames can be DATA, HEADERS, CONTINUATION and/or PUSH_PROMISE. The peer spends time processing each frame disproportionate to attack bandwidth. This can consume excess CPU. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/164904](<https://exchange.xforce.ibmcloud.com/vulnerabilities/164904>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n \n** CVEID: **[CVE-2019-9517](<https://vulners.com/cve/CVE-2019-9517>) \n** DESCRIPTION: **Some HTTP/2 implementations are vulnerable to unconstrained interal data buffering, potentially leading to a denial of service. The attacker opens the HTTP/2 window so the peer can send without constraint; however, they leave the TCP window closed so the peer cannot actually write (many of) the bytes on the wire. The attacker then sends a stream of requests for a large response object. Depending on how the servers queue the responses, this can consume excess memory, CPU, or both. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/165183](<https://exchange.xforce.ibmcloud.com/vulnerabilities/165183>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n \n** CVEID: **[CVE-2019-9512](<https://vulners.com/cve/CVE-2019-9512>) \n** DESCRIPTION: **Some HTTP/2 implementations are vulnerable to ping floods, potentially leading to a denial of service. The attacker sends continual pings to an HTTP/2 peer, causing the peer to build an internal queue of responses. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/164903](<https://exchange.xforce.ibmcloud.com/vulnerabilities/164903>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n \n** CVEID: **[CVE-2019-9514](<https://vulners.com/cve/CVE-2019-9514>) \n** DESCRIPTION: **Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service. The attacker opens a number of streams and sends an invalid request over each stream that should solicit a stream of RST_STREAM frames from the peer. Depending on how the peer queues the RST_STREAM frames, this can consume excess memory, CPU, or both. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/164640](<https://exchange.xforce.ibmcloud.com/vulnerabilities/164640>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n \n** CVEID: **[CVE-2019-9513](<https://vulners.com/cve/CVE-2019-9513>) \n** DESCRIPTION: **Some HTTP/2 implementations are vulnerable to resource loops, potentially leading to a denial of service. The attacker creates multiple request streams and continually shuffles the priority of the streams in a way that causes substantial churn to the priority tree. This can consume excess CPU. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/164639](<https://exchange.xforce.ibmcloud.com/vulnerabilities/164639>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nAsset Analyzer (RAA)| 6.0.0.0 - 6.0.0.22 \n \n\n\n## Remediation/Fixes\n\nProduct| VRMF| APAR| Remediation / First Fix \n---|---|---|--- \nRational Asset Analyzer| 6.1.0.23| None| [RAA 6.1.0.23](<https://www.ibm.com/support/pages/fix-list-rational-asset-analyzer>) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-01-31T17:16:54", "type": "ibm", "title": "Security Bulletin: Rational Asset Analyzer is affected by a WebSphere Application Server vulnerability.", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-9512", "CVE-2019-9513", "CVE-2019-9514", "CVE-2019-9515", "CVE-2019-9517", "CVE-2019-9518"], "modified": "2020-01-31T17:16:54", "id": "BAA73579218EAF992EC9ED8D793E7E82890C87BD059F752A5C63A36CAA54386B", "href": "https://www.ibm.com/support/pages/node/1288210", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-02-24T01:38:58", "description": "## Summary\n\nIBM Cloud Private is vulnerable to IBM WebSphere Application Server Liberty vulnerabilities\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2019-9515](<https://vulners.com/cve/CVE-2019-9515>) \n** DESCRIPTION: **Some HTTP/2 implementations are vulnerable to a settings flood, potentially leading to a denial of service. The attacker sends a stream of SETTINGS frames to the peer. Since the RFC requires that the peer reply with one acknowledgement per SETTINGS frame, an empty SETTINGS frame is almost equivalent in behavior to a ping. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/165181](<https://exchange.xforce.ibmcloud.com/vulnerabilities/165181>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n \n** CVEID: **[CVE-2019-9518](<https://vulners.com/cve/CVE-2019-9518>) \n** DESCRIPTION: **Some HTTP/2 implementations are vulnerable to a flood of empty frames, potentially leading to a denial of service. The attacker sends a stream of frames with an empty payload and without the end-of-stream flag. These frames can be DATA, HEADERS, CONTINUATION and/or PUSH_PROMISE. The peer spends time processing each frame disproportionate to attack bandwidth. This can consume excess CPU. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/164904](<https://exchange.xforce.ibmcloud.com/vulnerabilities/164904>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n \n** CVEID: **[CVE-2019-9517](<https://vulners.com/cve/CVE-2019-9517>) \n** DESCRIPTION: **Some HTTP/2 implementations are vulnerable to unconstrained interal data buffering, potentially leading to a denial of service. The attacker opens the HTTP/2 window so the peer can send without constraint; however, they leave the TCP window closed so the peer cannot actually write (many of) the bytes on the wire. The attacker then sends a stream of requests for a large response object. Depending on how the servers queue the responses, this can consume excess memory, CPU, or both. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/165183](<https://exchange.xforce.ibmcloud.com/vulnerabilities/165183>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n \n** CVEID: **[CVE-2019-9512](<https://vulners.com/cve/CVE-2019-9512>) \n** DESCRIPTION: **Some HTTP/2 implementations are vulnerable to ping floods, potentially leading to a denial of service. The attacker sends continual pings to an HTTP/2 peer, causing the peer to build an internal queue of responses. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/164903](<https://exchange.xforce.ibmcloud.com/vulnerabilities/164903>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n \n** CVEID: **[CVE-2019-9514](<https://vulners.com/cve/CVE-2019-9514>) \n** DESCRIPTION: **Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service. The attacker opens a number of streams and sends an invalid request over each stream that should solicit a stream of RST_STREAM frames from the peer. Depending on how the peer queues the RST_STREAM frames, this can consume excess memory, CPU, or both. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/164640](<https://exchange.xforce.ibmcloud.com/vulnerabilities/164640>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n \n** CVEID: **[CVE-2019-9513](<https://vulners.com/cve/CVE-2019-9513>) \n** DESCRIPTION: **Some HTTP/2 implementations are vulnerable to resource loops, potentially leading to a denial of service. The attacker creates multiple request streams and continually shuffles the priority of the streams in a way that causes substantial churn to the priority tree. This can consume excess CPU. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/164639](<https://exchange.xforce.ibmcloud.com/vulnerabilities/164639>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Cloud Private| 3.2.1 CD \nIBM Cloud Private| 3.2.0 CD \n \n\n\n## Remediation/Fixes\n\nProduct defect fixes and security updates are only available for the two most recent Continuous Delivery (CD) update packages \n\n * IBM Cloud Private 3.2.0\n * IBM Cloud Private 3.2.1\n\nFor IBM Cloud Private 3.2.0, apply November fix pack:\n\n * [IBM Cloud Private 3.2.0.1911 fix pack](<https://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm%2FWebSphere%2FIBM+Cloud+Private&fixids=icp-3.2.0.1911-build537047-33559&source=myna&myns=swgother&mynp=OCSSBS6K&mync=E&cm_sp=swgother-_-OCSSBS6K-_-E&function=fixId&parent=ibm/WebSphere> \"IBM Cloud Private 3.2.0.1911 fix pack\" )\n\nFor IBM Cloud Private 3.2.1, apply November fix pack:\n\n * [IBM Cloud Private 3.2.1.1911 fix pack](<https://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm%2FWebSphere%2FIBM+Cloud+Private&fixids=icp-3.2.1.1911-build537046-33560&source=myna&myns=swgother&mynp=OCSSBS6K&mync=E&cm_sp=swgother-_-OCSSBS6K-_-E&function=fixId&parent=ibm/WebSphere> \"IBM Cloud Private 3.2.1.1911 fix pack\" )\n \n\n\nFor IBM Cloud Private 3.1.0, 3.1.1, 3.1.2: \n\n * Upgrade to the latest Continuous Delivery (CD) update package, IBM Cloud Private 3.2.1. \n * If required, individual product fixes can be made available between CD update packages for resolution of problems. Contact IBM support for assistance\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-12-30T16:21:57", "type": "ibm", "title": "Security Bulletin: IBM Cloud Private is vulnerable to IBM WebSphere Application Server Liberty vulnerabilities", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-9512", "CVE-2019-9513", "CVE-2019-9514", "CVE-2019-9515", "CVE-2019-9517", "CVE-2019-9518"], "modified": "2019-12-30T16:21:57", "id": "89B069E991BD00EAC14F399834EE2BC60C62E828E55A6A24AFFA5A3369CC3023", "href": "https://www.ibm.com/support/pages/node/1165852", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-02-24T05:46:28", "description": "## Summary\n\nRational Asset Analyzer (RAA) has addressed the following WebSphere Application Server vulnerabilities.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2019-9515](<https://vulners.com/cve/CVE-2019-9515>) \n** DESCRIPTION: **Some HTTP/2 implementations are vulnerable to a settings flood, potentially leading to a denial of service. The attacker sends a stream of SETTINGS frames to the peer. Since the RFC requires that the peer reply with one acknowledgement per SETTINGS frame, an empty SETTINGS frame is almost equivalent in behavior to a ping. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/165181](<https://exchange.xforce.ibmcloud.com/vulnerabilities/165181>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n \n** CVEID: **[CVE-2019-9518](<https://vulners.com/cve/CVE-2019-9518>) \n** DESCRIPTION: **Some HTTP/2 implementations are vulnerable to a flood of empty frames, potentially leading to a denial of service. The attacker sends a stream of frames with an empty payload and without the end-of-stream flag. These frames can be DATA, HEADERS, CONTINUATION and/or PUSH_PROMISE. The peer spends time processing each frame disproportionate to attack bandwidth. This can consume excess CPU. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/164904](<https://exchange.xforce.ibmcloud.com/vulnerabilities/164904>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n \n** CVEID: **[CVE-2019-9517](<https://vulners.com/cve/CVE-2019-9517>) \n** DESCRIPTION: **Some HTTP/2 implementations are vulnerable to unconstrained interal data buffering, potentially leading to a denial of service. The attacker opens the HTTP/2 window so the peer can send without constraint; however, they leave the TCP window closed so the peer cannot actually write (many of) the bytes on the wire. The attacker then sends a stream of requests for a large response object. Depending on how the servers queue the responses, this can consume excess memory, CPU, or both. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/165183](<https://exchange.xforce.ibmcloud.com/vulnerabilities/165183>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n \n** CVEID: **[CVE-2019-9512](<https://vulners.com/cve/CVE-2019-9512>) \n** DESCRIPTION: **Some HTTP/2 implementations are vulnerable to ping floods, potentially leading to a denial of service. The attacker sends continual pings to an HTTP/2 peer, causing the peer to build an internal queue of responses. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/164903](<https://exchange.xforce.ibmcloud.com/vulnerabilities/164903>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n \n** CVEID: **[CVE-2019-9514](<https://vulners.com/cve/CVE-2019-9514>) \n** DESCRIPTION: **Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service. The attacker opens a number of streams and sends an invalid request over each stream that should solicit a stream of RST_STREAM frames from the peer. Depending on how the peer queues the RST_STREAM frames, this can consume excess memory, CPU, or both. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/164640](<https://exchange.xforce.ibmcloud.com/vulnerabilities/164640>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n \n** CVEID: **[CVE-2019-9513](<https://vulners.com/cve/CVE-2019-9513>) \n** DESCRIPTION: **Some HTTP/2 implementations are vulnerable to resource loops, potentially leading to a denial of service. The attacker creates multiple request streams and continually shuffles the priority of the streams in a way that causes substantial churn to the priority tree. This can consume excess CPU. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/164639](<https://exchange.xforce.ibmcloud.com/vulnerabilities/164639>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nAsset Analyzer (RAA)| 6.0.0.0 - 6.0.0.22 \n \n\n\n## Remediation/Fixes\n\nProduct| VRMF| APAR| Remediation / First Fix \n---|---|---|--- \nRational Asset Analyzer| 6.1.0.23| None| [RAA 6.1.0.23](<https://www.ibm.com/support/pages/fix-list-rational-asset-analyzer>) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-01-31T17:21:24", "type": "ibm", "title": "Security Bulletin: Rational Asset Analyzer (RAA) is affected by several WebSphere Application Server vulnerabilities.", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-9512", "CVE-2019-9513", "CVE-2019-9514", "CVE-2019-9515", "CVE-2019-9517", "CVE-2019-9518"], "modified": "2020-01-31T17:21:24", "id": "17167E9B7772FCC3C13341661C717A788FBA9411691E4C6CEEBFD6C6E3A96690", "href": "https://www.ibm.com/support/pages/node/1288228", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-02-24T05:44:32", "description": "## Summary\n\nIBM Worklight/MobileFoundation has addressed the following vulnerability. WebSphere Liberty susceptible to HTTP2 implementation vulnerablility.\n\n## Vulnerability Details\n\n**CVEID: **[CVE-2019-9515](<https://vulners.com/cve/CVE-2019-9515>) \n**DESCRIPTION: **Multiple vendors are vulnerable to a denial of service, caused by a Settings Flood attack. By sending a stream of SETTINGS frames to the peer, a remote attacker could consume excessive CPU resources. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/165181](<https://exchange.xforce.ibmcloud.com/vulnerabilities/165181>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n**CVEID: **[CVE-2019-9518](<https://vulners.com/cve/CVE-2019-9518>) \n**DESCRIPTION: **Multiple vendors are vulnerable to a denial of service, caused by a Empty Frame Flooding attack. By sending a stream of frames with an empty payload and without the end-of-stream flag, a remote attacker could consume excessive CPU resources. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/164904](<https://exchange.xforce.ibmcloud.com/vulnerabilities/164904>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n**CVEID: **[CVE-2019-9517](<https://vulners.com/cve/CVE-2019-9517>) \n**DESCRIPTION: **Multiple vendors are vulnerable to a denial of service, caused by an Internal Data Buffering attack. By opening the HTTP/2 window so the peer can send without constraint and sending a stream of requests for a large response object, a remote attacker could consume excessive CPU resources. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/165183](<https://exchange.xforce.ibmcloud.com/vulnerabilities/165183>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n**CVEID: **[CVE-2019-9512](<https://vulners.com/cve/CVE-2019-9512>) \n**DESCRIPTION: **Multiple vendors are vulnerable to a denial of service, caused by a Ping Flood attack. By sending continual pings to an HTTP/2 peer, a remote attacker could consume excessive CPU resources. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/164903](<https://exchange.xforce.ibmcloud.com/vulnerabilities/164903>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n**CVEID: **[CVE-2019-9514](<https://vulners.com/cve/CVE-2019-9514>) \n**DESCRIPTION: **Multiple vendors are vulnerable to a denial of service, caused by a Reset Flood attack. By opening a number of streams and sending an invalid request over each stream, a remote attacker could consume excessive CPU resources. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/164640](<https://exchange.xforce.ibmcloud.com/vulnerabilities/164640>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n**CVEID: **[CVE-2019-9513](<https://vulners.com/cve/CVE-2019-9513>) \n**DESCRIPTION: **Multiple vendors are vulnerable to a denial of service, caused by a Resource Loop attack. By creating multiple request streams and continually shuffling the priority of the streams, a remote attacker could consume excessive CPU resources. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/164639](<https://exchange.xforce.ibmcloud.com/vulnerabilities/164639>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s) | Version(s) \n---|--- \nIBM MobileFirst Platform Foundation | 7.1.0.0 - using the scripts (BYOL) \nIBM MobileFirst Foundation | 8.0.0.0 - ICP, IKS or using the scripts (BYOL) \n \n## Remediation/Fixes\n\n**Product** | **VRMF** | **Remediation/First Fix** \n---|---|--- \nIBM MobileFirst Platform Foundation | 7.1.0.0 | Download the iFix from [IBM MobileFirst Platform Foundation on FixCentral](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FOther+software%2FIBM+MobileFirst+Platform+Foundation&fixids=7.1.0.0-MFPF-IF202001091150&source=SAR> \"IBM MobileFirst Platform Foundation on FixCentral\" ) \nIBM MobileFirst Platform Foundation | 8.0.0.0 | Download the iFix from [IBM MobileFirst Platform Foundation on FixCentral](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FOther+software%2FIBM+MobileFirst+Platform+Foundation&fixids=8.0.0.0-MFPF-IF202001211306&source=SAR> \"IBM MobileFirst Platform Foundation on FixCentral\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-02-22T10:34:59", "type": "ibm", "title": "Security Bulletin: WebSphere Liberty susceptible to HTTP2 implementation vulnerablility.", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-9512", "CVE-2019-9513", "CVE-2019-9514", "CVE-2019-9515", "CVE-2019-9517", "CVE-2019-9518"], "modified": "2020-02-22T10:34:59", "id": "97843D709F3A1D21B079AF090609D06C8232BD6B0AF9C686DC60FF6355F3EF04", "href": "https://www.ibm.com/support/pages/node/3285615", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-02-23T21:42:00", "description": "## Summary\n\nMultiple Security Vulnerabilities affect IBM Cloud Private Kubernetes\n\n## Vulnerability Details\n\n**CVEID:** [CVE-2019-9513](<https://vulners.com/cve/CVE-2019-9513>) \n**DESCRIPTION:** Multiple vendors are vulnerable to a denial of service, caused by a Resource Loop attack. By creating multiple request streams and continually shuffling the priority of the streams, a remote attacker could consume excessive CPU resources. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/164639> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [CVE-2019-9511](<https://vulners.com/cve/CVE-2019-9511>) \n**DESCRIPTION:** Multiple vendors are vulnerable to a denial of service, caused by a Data Dribble attack. By sending a HTTP/2 request by the HTTP/2 protocol stack (HTTP.sys) for an overly large amount of data from a specified resource over multiple streams, a remote attacker could consume excessive CPU resources. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/164638> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [CVE-2019-9515](<https://vulners.com/cve/CVE-2019-9515>) \n**DESCRIPTION:** Multiple vendors are vulnerable to a denial of service, caused by a Settings Flood attack. By sending a stream of SETTINGS frames to the peer, a remote attacker could consume excessive CPU resources. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/165181> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [CVE-2019-9516](<https://vulners.com/cve/CVE-2019-9516>) \n**DESCRIPTION:** Multiple vendors are vulnerable to a denial of service, caused by a 0-Length Headers Leak attack. By sending a stream of headers with a 0-length header name and 0-length header value, a remote attacker could consume excessive memory resources. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/165182> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [CVE-2019-9517](<https://vulners.com/cve/CVE-2019-9517>) \n**DESCRIPTION:** Multiple vendors are vulnerable to a denial of service, caused by an Internal Data Buffering attack. By opening the HTTP/2 window so the peer can send without constraint and sending a stream of requests for a large response object, a remote attacker could consume excessive CPU resources. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/165183> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [CVE-2019-9518](<https://vulners.com/cve/CVE-2019-9518>) \n**DESCRIPTION:** Multiple vendors are vulnerable to a denial of service, caused by a Empty Frame Flooding attack. By sending a stream of frames with an empty payload and without the end-of-stream flag, a remote attacker could consume excessive CPU resources. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/164904> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nIBM Cloud Private 3.1.0, 3.1.1, 3.1.2, 3.2.0\n\n## Remediation/Fixes\n\nProduct defect fixes and security updates are only available for the two most recent Continuous Delivery (CD) update packages\n\n * IBM Cloud Private 3.2.1\n * IBM Cloud Private 3.2.0\n\nFor IBM Cloud Private 3.2.0, apply October fix pack:\n\n * [IBM Cloud Private 3.2.0.1910 fix pack](<https://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm%2FWebSphere%2FIBM+Cloud+Private&fixids=icp-3.2.0.1910-build534861-31972&source=myna&myns=swgother&mynp=OCSSBS6K&mync=E&cm_sp=swgother-_-OCSSBS6K-_-E&function=fixId&parent=ibm/WebSphere>)\n\nFor IBM Cloud Private 3.1.0, 3.1.1, 3.1.2: \n\n * Upgrade to the latest Continuous Delivery (CD) update package, IBM Cloud Private 3.2.1. \n * If required, individual product fixes can be made available between CD update packages for resolution of problems. Contact IBM support for assistance\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-11-23T16:58:10", "type": "ibm", "title": "Security Bulletin: Multiple Security Vulnerabilities affect IBM Cloud Private Kubernetes", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-9511", "CVE-2019-9513", "CVE-2019-9515", "CVE-2019-9516", "CVE-2019-9517", "CVE-2019-9518"], "modified": "2019-11-23T16:58:10", "id": "057F23DB71C72978E8CCF4A7BDE90605082E47A058ABF70F5C21BAD102DCB0FA", "href": "https://www.ibm.com/support/pages/node/1075065", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-02-27T17:47:00", "description": "## Summary\n\nWebSphere Liberty susceptible to HTTP2 implementation vulnerabilities\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2019-9515](<https://vulners.com/cve/CVE-2019-9515>) \n** DESCRIPTION: **Multiple vendors are vulnerable to a denial of service, caused by a Settings Flood attack. By sending a stream of SETTINGS frames to the peer, a remote attacker could consume excessive CPU resources. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/165181](<https://exchange.xforce.ibmcloud.com/vulnerabilities/165181>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2019-9518](<https://vulners.com/cve/CVE-2019-9518>) \n** DESCRIPTION: **Multiple vendors are vulnerable to a denial of service, caused by a Empty Frame Flooding attack. By sending a stream of frames with an empty payload and without the end-of-stream flag, a remote attacker could consume excessive CPU resources. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/164904](<https://exchange.xforce.ibmcloud.com/vulnerabilities/164904>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2019-9517](<https://vulners.com/cve/CVE-2019-9517>) \n** DESCRIPTION: **Multiple vendors are vulnerable to a denial of service, caused by an Internal Data Buffering attack. By opening the HTTP/2 window so the peer can send without constraint and sending a stream of requests for a large response object, a remote attacker could consume excessive CPU resources. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/165183](<https://exchange.xforce.ibmcloud.com/vulnerabilities/165183>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2019-9512](<https://vulners.com/cve/CVE-2019-9512>) \n** DESCRIPTION: **Multiple vendors are vulnerable to a denial of service, caused by a Ping Flood attack. By sending continual pings to an HTTP/2 peer, a remote attacker could consume excessive CPU resources. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/164903](<https://exchange.xforce.ibmcloud.com/vulnerabilities/164903>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2019-9514](<https://vulners.com/cve/CVE-2019-9514>) \n** DESCRIPTION: **Multiple vendors are vulnerable to a denial of service, caused by a Reset Flood attack. By opening a number of streams and sending an invalid request over each stream, a remote attacker could consume excessive CPU resources. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/164640](<https://exchange.xforce.ibmcloud.com/vulnerabilities/164640>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2019-9513](<https://vulners.com/cve/CVE-2019-9513>) \n** DESCRIPTION: **Multiple vendors are vulnerable to a denial of service, caused by a Resource Loop attack. By creating multiple request streams and continually shuffling the priority of the streams, a remote attacker could consume excessive CPU resources. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/164639](<https://exchange.xforce.ibmcloud.com/vulnerabilities/164639>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nNovaLink| 1.0.0.13 \nNovaLink| 1.0.0.15 \n \n\n\n## Remediation/Fixes\n\nFixes are available on latest supported Novalink version 1.0.0.16 \n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-03-26T12:19:25", "type": "ibm", "title": "Security Bulletin: WebSphere Liberty susceptible to HTTP2 implementation vulnerabilities", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-9512", "CVE-2019-9513", "CVE-2019-9514", "CVE-2019-9515", "CVE-2019-9517", "CVE-2019-9518"], "modified": "2020-03-26T12:19:25", "id": "0C931C8FB3337ADB707B8C54D7D2E65C09B2A9067AF3442FB5EDF49ED471F44A", "href": "https://www.ibm.com/support/pages/node/6120651", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-02-24T05:46:33", "description": "## Summary\n\nWebSphere Liberty susceptible to HTTP2 implementation vulnerabilities\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2019-9515](<https://vulners.com/cve/CVE-2019-9515>) \n** DESCRIPTION: **Some HTTP/2 implementations are vulnerable to a settings flood, potentially leading to a denial of service. The attacker sends a stream of SETTINGS frames to the peer. Since the RFC requires that the peer reply with one acknowledgement per SETTINGS frame, an empty SETTINGS frame is almost equivalent in behavior to a ping. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/165181](<https://exchange.xforce.ibmcloud.com/vulnerabilities/165181>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2019-9518](<https://vulners.com/cve/CVE-2019-9518>) \n** DESCRIPTION: **Some HTTP/2 implementations are vulnerable to a flood of empty frames, potentially leading to a denial of service. The attacker sends a stream of frames with an empty payload and without the end-of-stream flag. These frames can be DATA, HEADERS, CONTINUATION and/or PUSH_PROMISE. The peer spends time processing each frame disproportionate to attack bandwidth. This can consume excess CPU. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/164904](<https://exchange.xforce.ibmcloud.com/vulnerabilities/164904>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2019-9517](<https://vulners.com/cve/CVE-2019-9517>) \n** DESCRIPTION: **Some HTTP/2 implementations are vulnerable to unconstrained interal data buffering, potentially leading to a denial of service. The attacker opens the HTTP/2 window so the peer can send without constraint; however, they leave the TCP window closed so the peer cannot actually write (many of) the bytes on the wire. The attacker then sends a stream of requests for a large response object. Depending on how the servers queue the responses, this can consume excess memory, CPU, or both. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/165183](<https://exchange.xforce.ibmcloud.com/vulnerabilities/165183>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2019-9512](<https://vulners.com/cve/CVE-2019-9512>) \n** DESCRIPTION: **Some HTTP/2 implementations are vulnerable to ping floods, potentially leading to a denial of service. The attacker sends continual pings to an HTTP/2 peer, causing the peer to build an internal queue of responses. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/164903](<https://exchange.xforce.ibmcloud.com/vulnerabilities/164903>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2019-9514](<https://vulners.com/cve/CVE-2019-9514>) \n** DESCRIPTION: **Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service. The attacker opens a number of streams and sends an invalid request over each stream that should solicit a stream of RST_STREAM frames from the peer. Depending on how the peer queues the RST_STREAM frames, this can consume excess memory, CPU, or both. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/164640](<https://exchange.xforce.ibmcloud.com/vulnerabilities/164640>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2019-9513](<https://vulners.com/cve/CVE-2019-9513>) \n** DESCRIPTION: **Some HTTP/2 implementations are vulnerable to resource loops, potentially leading to a denial of service. The attacker creates multiple request streams and continually shuffles the priority of the streams in a way that causes substantial churn to the priority tree. This can consume excess CPU. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/164639](<https://exchange.xforce.ibmcloud.com/vulnerabilities/164639>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\n**Affected Product(s)**\n\n| \n\n**Version(s)** \n \n---|--- \n \nIBM Control Center\n\n| \n\n6.0.0.0 through 6.0.0.2 iFix08 \n \nIBM Control Center\n\n| \n\n6.1.0.0 through 6.1.2.1 iFix01 \n \n \n\n\n## Remediation/Fixes\n\n**Product**\n\n| \n\n**VRMF**\n\n| \n\n**iFix**\n\n| \n\n**Remediation** \n \n---|---|---|--- \n \nIBM Control Center\n\n| \n\n6.0.0.2\n\n| \n\niFix09\n\n| \n\n[Fix Central - 6.0.0.2](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EOther%20software&product=ibm/Other+software/Sterling+Control+Center&release=6.0.0.2&platform=All&function=all>) \n \nIBM Control Center\n\n| \n\n6.1.2.1\n\n| \n\niFix02\n\n| \n\n[Fix Central - 6.1.2.1](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EOther%20software&product=ibm/Other+software/Sterling+Control+Center&release=6.1.2.1&platform=All&function=all>) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-01-28T21:55:07", "type": "ibm", "title": "Security Bulletin: Multiple Websphere to HTTP2 implementation vulnerabilities affect IBM Control Center", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-9512", "CVE-2019-9513", "CVE-2019-9514", "CVE-2019-9515", "CVE-2019-9517", "CVE-2019-9518"], "modified": "2020-01-28T21:55:07", "id": "6AC8F8C50686802A05555281D5D05D5AB8997C027EADF699A3A6C4352B28516B", "href": "https://www.ibm.com/support/pages/node/1284550", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-02-27T17:47:29", "description": "## Summary\n\nIBM Cloud Transformation Advisor has addressed following vulnerabilities: CVE-2019-9515, CVE-2019-9518, CVE-2019-9517, CVE-2019-9512, CVE-2019-9514, CVE-2019-9513\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2019-9515](<https://vulners.com/cve/CVE-2019-9515>) \n** DESCRIPTION: **Multiple vendors are vulnerable to a denial of service, caused by a Settings Flood attack. By sending a stream of SETTINGS frames to the peer, a remote attacker could consume excessive CPU resources. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/165181](<https://exchange.xforce.ibmcloud.com/vulnerabilities/165181>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2019-9518](<https://vulners.com/cve/CVE-2019-9518>) \n** DESCRIPTION: **Multiple vendors are vulnerable to a denial of service, caused by a Empty Frame Flooding attack. By sending a stream of frames with an empty payload and without the end-of-stream flag, a remote attacker could consume excessive CPU resources. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/164904](<https://exchange.xforce.ibmcloud.com/vulnerabilities/164904>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2019-9517](<https://vulners.com/cve/CVE-2019-9517>) \n** DESCRIPTION: **Multiple vendors are vulnerable to a denial of service, caused by an Internal Data Buffering attack. By opening the HTTP/2 window so the peer can send without constraint and sending a stream of requests for a large response object, a remote attacker could consume excessive CPU resources. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/165183](<https://exchange.xforce.ibmcloud.com/vulnerabilities/165183>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2019-9512](<https://vulners.com/cve/CVE-2019-9512>) \n** DESCRIPTION: **Multiple vendors are vulnerable to a denial of service, caused by a Ping Flood attack. By sending continual pings to an HTTP/2 peer, a remote attacker could consume excessive CPU resources. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/164903](<https://exchange.xforce.ibmcloud.com/vulnerabilities/164903>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2019-9514](<https://vulners.com/cve/CVE-2019-9514>) \n** DESCRIPTION: **Multiple vendors are vulnerable to a denial of service, caused by a Reset Flood attack. By opening a number of streams and sending an invalid request over each stream, a remote attacker could consume excessive CPU resources. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/164640](<https://exchange.xforce.ibmcloud.com/vulnerabilities/164640>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2019-9513](<https://vulners.com/cve/CVE-2019-9513>) \n** DESCRIPTION: **Multiple vendors are vulnerable to a denial of service, caused by a Resource Loop attack. By creating multiple request streams and continually shuffling the priority of the streams, a remote attacker could consume excessive CPU resources. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/164639](<https://exchange.xforce.ibmcloud.com/vulnerabilities/164639>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Cloud Transformation Advisor| 2.0.2 \n \n\n\n## Remediation/Fixes\n\nUpgrade to 2.0.3 or later\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-03-19T18:41:30", "type": "ibm", "title": "Security Bulletin: IBM Cloud Transformation Advisor is affected by vulnerabilities in WebSphere Application Server Liberty (CVE-2019-9515, CVE-2019-9518, CVE-2019-9517, CVE-2019-9512, CVE-2019-9514, CVE-2019-9513)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-9512", "CVE-2019-9513", "CVE-2019-9514", "CVE-2019-9515", "CVE-2019-9517", "CVE-2019-9518"], "modified": "2020-03-19T18:41:30", "id": "71525D0BC11FF3C2AE36A5A8748786A694B3AD31C21D312B76C386103E66D0D0", "href": "https://www.ibm.com/support/pages/node/6100198", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-02-23T21:44:01", "description": "## Summary\n\nManaged Istio (Beta) on IBM Cloud Kubernetes Service is affected by Envoy security vulnerabilities that can result in a denial-of-service attack (CVE-2019-9512, CVE-2019-9513, CVE-2019-9514, CVE-2019-9515, CVE-2019-9518 and CVE-2019-15225).\n\n## Vulnerability Details\n\nCVE-ID: [CVE-2019-9512](<https://vulners.com/cve/CVE-2019-9512>) \nDescription: Multiple vendors are vulnerable to a denial of service, caused by a Ping Flood attack. By sending continual pings to an HTTP/2 peer, a remote attacker could consume excessive CPU resources. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: <https://exchange.xforce.ibmcloud.com/vulnerabilities/164903> for more information \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\nCVE-ID: [CVE-2019-9513](<https://vulners.com/cve/CVE-2019-9513>) \nDescription: Multiple vendors are vulnerable to a denial of service, caused by a Resource Loop attack. By creating multiple request streams and continually shuffling the priority of the streams, a remote attacker could consume excessive CPU resources. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: <https://exchange.xforce.ibmcloud.com/vulnerabilities/164639> for more information \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\nCVE-ID: [CVE-2019-9514](<https://vulners.com/cve/CVE-2019-9514>) \nDescription: Multiple vendors are vulnerable to a denial of service, caused by a Reset Flood attack. By opening a number of streams and sending an invalid request over each stream, a remote attacker could consume excessive CPU resources. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: <https://exchange.xforce.ibmcloud.com/vulnerabilities/164640> for more information \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\nCVE-ID: [CVE-2019-9515](<https://vulners.com/cve/CVE-2019-9515>) \nDescription: Multiple vendors are vulnerable to a denial of service, caused by a Settings Flood attack. By sending a stream of SETTINGS frames to the peer, a remote attacker could consume excessive CPU resources. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: <https://exchange.xforce.ibmcloud.com/vulnerabilities/165181> for more information \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\nCVE-ID: [CVE-2019-9518](<https://vulners.com/cve/CVE-2019-9518>) \nDescription: Multiple vendors are vulnerable to a denial of service, caused by a Empty Frame Flooding attack. By sending a stream of frames with an empty payload and without the end-of-stream flag, a remote attacker could consume excessive CPU resources. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: <https://exchange.xforce.ibmcloud.com/vulnerabilities/164904> for more information \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\nCVE-ID: [CVE-2019-15225](<https://vulners.com/cve/CVE-2019-15225>) \nDescription: Envoy is vulnerable to a denial of service, caused by improper input validation. By sending a specially-crafted request with long URL, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: <https://exchange.xforce.ibmcloud.com/vulnerabilities/165554> for more information \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n## Affected Products and Versions\n\nIBM Cloud Kubernetes Service 1.13 and above with Managed Istio (Beta) 1.2.4 and lower enabled.\n\n## Remediation/Fixes\n\nUpdates for the Managed Istio (Beta) add-on are available that fix these vulnerabilities. \n\n\nUse the following IBM Cloud CLI command to confirm the currently running version of Managed Istio (Beta) enabled in a cluster:\n \n \n ibmcloud ks cluster-addons <cluster-name>\n \n\nUpgrade to Managed Istio (Beta) 1.2.5 or later, by following the [Istio Update instructions](<https://cloud.ibm.com/docs/containers?topic=containers-istio#istio_update>).\n\n## Monitor IBM Cloud Status for Future Security Bulletins\n\nMonitor the [security notifications](<https://cloud.ibm.com/status?selected=security>) on the IBM Cloud Status page to be advised of future security bulletins.\n\n### References \n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Change History\n\nCreated draft bulletin for PSIRT record 142166 and 143096\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nReview the [IBM security bulletin disclaimer and definitions](<https://www.ibm.com/support/pages/node/6610583#disclaimer>) regarding your responsibilities for assessing potential impact of security vulnerabilities to your environment.\n\n[{\"Business Unit\":{\"code\":\"BU059\",\"label\":\"IBM Software w\\/o TPS\"},\"Product\":{\"code\":\"SSJTBP\",\"label\":\"IBM Cloud Kubernetes Service\"},\"Component\":\"Istio\",\"Platform\":[{\"code\":\"PF025\",\"label\":\"Platform Independent\"}],\"Version\":\"All Versions\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB21\",\"label\":\"Public Cloud Platform\"}}]", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-09-12T12:06:39", "type": "ibm", "title": "Security Bulletin: Managed Istio (Beta) on IBM Cloud Kubernetes Service is affected by Envoy security vulnerabilities (CVE-2019-9512, CVE-2019-9513, CVE-2019-9514, CVE-2019-9515, CVE-2019-9518 and CVE-2019-15225)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-15225", "CVE-2019-9512", "CVE-2019-9513", "CVE-2019-9514", "CVE-2019-9515", "CVE-2019-9518"], "modified": "2019-09-12T12:06:39", "id": "6333F0A32398D30524C10CF8627B6258A5C4483AF088DB24CBDE988CA4E126E6", "href": "https://www.ibm.com/support/pages/node/1072708", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-06-24T05:55:17", "description": "## Summary\n\nThere are multiple vulnerabilities in the HTTP/2 implementation that is used by WebSphere Application Server Liberty. This affects the servlet-4.0 and servlet-3.1 features. These vulnerabilities have been addressed.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2019-9515](<https://vulners.com/cve/CVE-2019-9515>) \n** DESCRIPTION: **Some HTTP/2 implementations are vulnerable to a settings flood, potentially leading to a denial of service. The attacker sends a stream of SETTINGS frames to the peer. Since the RFC requires that the peer reply with one acknowledgement per SETTINGS frame, an empty SETTINGS frame is almost equivalent in behavior to a ping. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/165181](<https://exchange.xforce.ibmcloud.com/vulnerabilities/165181>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n \n** CVEID: **[CVE-2019-9518](<https://vulners.com/cve/CVE-2019-9518>) \n** DESCRIPTION: **Some HTTP/2 implementations are vulnerable to a flood of empty frames, potentially leading to a denial of service. The attacker sends a stream of frames with an empty payload and without the end-of-stream flag. These frames can be DATA, HEADERS, CONTINUATION and/or PUSH_PROMISE. The peer spends time processing each frame disproportionate to attack bandwidth. This can consume excess CPU. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/164904](<https://exchange.xforce.ibmcloud.com/vulnerabilities/164904>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n \n** CVEID: **[CVE-2019-9517](<https://vulners.com/cve/CVE-2019-9517>) \n** DESCRIPTION: **Some HTTP/2 implementations are vulnerable to unconstrained interal data buffering, potentially leading to a denial of service. The attacker opens the HTTP/2 window so the peer can send without constraint; however, they leave the TCP window closed so the peer cannot actually write (many of) the bytes on the wire. The attacker then sends a stream of requests for a large response object. Depending on how the servers queue the responses, this can consume excess memory, CPU, or both. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/165183](<https://exchange.xforce.ibmcloud.com/vulnerabilities/165183>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n \n** CVEID: **[CVE-2019-9512](<https://vulners.com/cve/CVE-2019-9512>) \n** DESCRIPTION: **Some HTTP/2 implementations are vulnerable to ping floods, potentially leading to a denial of service. The attacker sends continual pings to an HTTP/2 peer, causing the peer to build an internal queue of responses. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/164903](<https://exchange.xforce.ibmcloud.com/vulnerabilities/164903>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n \n** CVEID: **[CVE-2019-9514](<https://vulners.com/cve/CVE-2019-9514>) \n** DESCRIPTION: **Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service. The attacker opens a number of streams and sends an invalid request over each stream that should solicit a stream of RST_STREAM frames from the peer. Depending on how the peer queues the RST_STREAM frames, this can consume excess memory, CPU, or both. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/164640](<https://exchange.xforce.ibmcloud.com/vulnerabilities/164640>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n \n** CVEID: **[CVE-2019-9513](<https://vulners.com/cve/CVE-2019-9513>) \n** DESCRIPTION: **Some HTTP/2 implementations are vulnerable to resource loops, potentially leading to a denial of service. The attacker creates multiple request streams and continually shuffles the priority of the streams in a way that causes substantial churn to the priority tree. This can consume excess CPU. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/164639](<https://exchange.xforce.ibmcloud.com/vulnerabilities/164639>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nLiberty for Java| 3.37 \n \n\n\n## Remediation/Fixes\n\nTo upgrade to Liberty for v3.39-20191121-1047 or higher, you must re-stage or re-push your application. \n\nTo find the current version of Liberty for Java in IBM Cloud being used, from the command-line Cloud Foundry client by running the following commands:\n\ncf ssh &lt;appname&gt; -c cat \"staging_info.yml\"\n\nLook for the following lines:\n\n{\"detected_buildpack\":\"Liberty for Java(TM) (WAR, liberty-18.0.0_3, buildpack-v3.25-20180918-1034, ibmjdk-1.8.0_20180214, env)\",\"start_command\":\".liberty/initial_startup.rb\"} \n\nTo re-stage your application using the command-line Cloud Foundry client, use the following command:\n\ncf restage &lt;appname&gt;\n\nTo re-push your application using the command-line Cloud Foundry client, use the following command:\n\ncf push &lt;appname&gt;\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-10-07T16:01:56", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in HTTP/2 implementation used by Liberty for Java for IBM Cloud", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-9512", "CVE-2019-9513", "CVE-2019-9514", "CVE-2019-9515", "CVE-2019-9517", "CVE-2019-9518"], "modified": "2022-10-07T16:01:56", "id": "59A24344B16F41FDA29E13AC82F85E48C72A67AD619672DE0CAC8898427FEE09", "href": "https://www.ibm.com/support/pages/node/1128387", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-02-23T21:42:45", "description": "## Summary\n\nThere are multiple vulnerabilities in the HTTP/2 implementation that is used by WebSphere Application Server Liberty. This affects the servlet-4.0 and servlet-3.1 features. These vulnerabilities have been addressed.\n\n## Vulnerability Details\n\n**CVEID:** [CVE-2019-9518](<https://vulners.com/cve/CVE-2019-9518>) \n**DESCRIPTION:** Multiple vendors are vulnerable to a denial of service, caused by a Empty Frame Flooding attack. By sending a stream of frames with an empty payload and without the end-of-stream flag, a remote attacker could consume excessive CPU resources. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/164904> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [CVE-2019-9517](<https://vulners.com/cve/CVE-2019-9517>) \n**DESCRIPTION:** Multiple vendors are vulnerable to a denial of service, caused by an Internal Data Buffering attack. By opening the HTTP/2 window so the peer can send without constraint and sending a stream of requests for a large response object, a remote attacker could consume excessive CPU resources. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/165183> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [CVE-2019-9515](<https://vulners.com/cve/CVE-2019-9515>) \n**DESCRIPTION:** Multiple vendors are vulnerable to a denial of service, caused by a Settings Flood attack. By sending a stream of SETTINGS frames to the peer, a remote attacker could consume excessive CPU resources. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/165181> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [CVE-2019-9514](<https://vulners.com/cve/CVE-2019-9514>) \n**DESCRIPTION:** Multiple vendors are vulnerable to a denial of service, caused by a Reset Flood attack. By opening a number of streams and sending an invalid request over each stream, a remote attacker could consume excessive CPU resources. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/164640> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [CVE-2019-9513](<https://vulners.com/cve/CVE-2019-9513>) \n**DESCRIPTION:** Multiple vendors are vulnerable to a denial of service, caused by a Resource Loop attack. By creating multiple request streams and continually shuffling the priority of the streams, a remote attacker could consume excessive CPU resources. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/164639> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [CVE-2019-9512](<https://vulners.com/cve/CVE-2019-9512>) \n**DESCRIPTION:** Multiple vendors are vulnerable to a denial of service, caused by a Ping Flood attack. By sending continual pings to an HTTP/2 peer, a remote attacker could consume excessive CPU resources. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/164903> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nThese vulnerabilities affect the following versions and releases of IBM WebSphere Application Server:\n\n * Liberty 18.0.0.2 - 19.0.0.9\n\n## Remediation/Fixes\n\nThe recommended solution is to apply the interim fix, Fix Pack or PTF containing the APAR for each named product as soon as practical.\n\n**For WebSphere Application Server Liberty** **using servlet-4.0 or servlet-3.1**** feature:**\n\n\u00b7 Upgrade to minimal fix pack levels as required by interim fix and then apply Interim Fix [PH16611 ](<https://www.ibm.com/support/pages/node/1086897>) \n\\--OR-- \n\u00b7 Apply Fix Pack 19.0.0.10 or later (targeted availability 4Q2019).\n\nAdditional interim fixes may be available and linked off the interim fix download page.\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-10-14T16:06:27", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in HTTP/2 implementation used by WebSphere Application Server Liberty", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-9512", "CVE-2019-9513", "CVE-2019-9514", "CVE-2019-9515", "CVE-2019-9517", "CVE-2019-9518"], "modified": "2019-10-14T16:06:27", "id": "A364D6B382E97F9FDC09D590395E985715FD9927D26F193255B81A2C9A6502FE", "href": "https://www.ibm.com/support/pages/node/1072860", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-05-11T15:25:15", "description": "## Summary\n\nThere are vulnerabilities in IBM WebSphere Application Server bundled with IBM Jazz Team Server based Applications that affect the following products: Collaborative Lifecycle Management (CLM), Rational DOORS Next Generation (RDNG), Rational Engineering Lifecycle Manager (RELM), Rational Team Concert (RTC), Rational Quality Manager (RQM), Rational Rhapsody Design Manager (Rhapsody DM) and IBM Rhapsody Model Manager.\n\n## Vulnerability Details\n\n**CVEID:** [CVE-2019-9518](<https://vulners.com/cve/CVE-2019-9518>) \n**DESCRIPTION:** Multiple vendors are vulnerable to a denial of service, caused by a Empty Frame Flooding attack. By sending a stream of frames with an empty payload and without the end-of-stream flag, a remote attacker could consume excessive CPU resources. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/164904> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [CVE-2019-9517](<https://vulners.com/cve/CVE-2019-9517>) \n**DESCRIPTION:** Multiple vendors are vulnerable to a denial of service, caused by an Internal Data Buffering attack. By opening the HTTP/2 window so the peer can send without constraint and sending a stream of requests for a large response object, a remote attacker could consume excessive CPU resources. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/165183> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [CVE-2019-9515](<https://vulners.com/cve/CVE-2019-9515>) \n**DESCRIPTION:** Multiple vendors are vulnerable to a denial of service, caused by a Settings Flood attack. By sending a stream of SETTINGS frames to the peer, a remote attacker could consume excessive CPU resources. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/165181> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [CVE-2019-9514](<https://vulners.com/cve/CVE-2019-9514>) \n**DESCRIPTION:** Multiple vendors are vulnerable to a denial of service, caused by a Reset Flood attack. By opening a number of streams and sending an invalid request over each stream, a remote attacker could consume excessive CPU resources. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/164640> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [CVE-2019-9513](<https://vulners.com/cve/CVE-2019-9513>) \n**DESCRIPTION:** Multiple vendors are vulnerable to a denial of service, caused by a Resource Loop attack. By creating multiple request streams and continually shuffling the priority of the streams, a remote attacker could consume excessive CPU resources. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/164639> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [CVE-2019-9512](<https://vulners.com/cve/CVE-2019-9512>) \n**DESCRIPTION:** Multiple vendors are vulnerable to a denial of service, caused by a Ping Flood attack. By sending continual pings to an HTTP/2 peer, a remote attacker could consume excessive CPU resources. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/164903> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [CVE-2019-4505](<https://vulners.com/cve/CVE-2019-4505>) \n**DESCRIPTION:** IBM WebSphere Application Server Network Deployment could allow a remote attacker to obtain sensitive information, caused by sending a specially-crafted URL. This can lead the attacker to view any file in a certain directory. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/164364> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n## Affected Products and Versions\n\nRational Collaborative Lifecycle Management 6.0 - 6.0.6.1 \nRational Quality Manager 6.0 - 6.0.6.1 \nRational Team Concert 6.0 - 6.0.6.1 \nRational DOORS Next Generation 6.0 - 6.0.6.1 \nRational Engineering Lifecycle Manager 6.0 - 6.0.6.1 \nRational Rhapsody Design Manager 6.0 - 6.0.6.1\n\nIBM Rhapsody Model Manager 6.0.5 - 6.0.6.1\n\n## Remediation/Fixes\n\nThe IBM Jazz Team Server based Applications bundle different versions of IBM WebSphere Application Server with the available versions of the products, and in addition to the bundled version some previous versions of WAS are also supported. Information about a security vulnerability affecting WAS has been published.\n\nFor CLM applications version 6.0 to 6.0.6.1 review the Security Bulletin below to determine if your WAS version is affected and the required remediation:\n\n[Security Bulletin: Information disclosure in WebSphere Application Server ND (CVE-2019-4505)](<https://www.ibm.com/support/pages/node/964766>) \n[Security Bulletin: Multiple vulnerabilities in HTTP/2 implementation used by WebSphere Application Server Liberty](<https://www.ibm.com/support/pages/node/1072860>)\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-04-28T18:35:50", "type": "ibm", "title": "Security Bulletin: Vulnerabilities in WebSphere Application Server affect IBM Rational products based on IBM Jazz technology", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-4505", "CVE-2019-9512", "CVE-2019-9513", "CVE-2019-9514", "CVE-2019-9515", "CVE-2019-9517", "CVE-2019-9518"], "modified": "2021-04-28T18:35:50", "id": "764590A4B9E47D7E86F4E1AD3CAA72AF8E48B738F1667323140B928C6A564E13", "href": "https://www.ibm.com/support/pages/node/1104951", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-02-27T17:44:53", "description": "## Summary\n\nIBM Sterilng B2B Integrator has addressed multiple security vulnerabilities in IBM WebSphere Application Server \n\n## Vulnerability Details\n\n**CVEID: **[CVE-2019-4720](<https://vulners.com/cve/CVE-2019-4720>) \n**DESCRIPTION: **IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume all available memory. IBM X-Force ID: 172125. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/172125](<https://exchange.xforce.ibmcloud.com/vulnerabilities/172125>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n**CVEID: **[CVE-2019-9515](<https://vulners.com/cve/CVE-2019-9515>) \n**DESCRIPTION: **Multiple vendors are vulnerable to a denial of service, caused by a Settings Flood attack. By sending a stream of SETTINGS frames to the peer, a remote attacker could consume excessive CPU resources. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/165181](<https://exchange.xforce.ibmcloud.com/vulnerabilities/165181>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n**CVEID: **[CVE-2019-9518](<https://vulners.com/cve/CVE-2019-9518>) \n**DESCRIPTION: **Multiple vendors are vulnerable to a denial of service, caused by a Empty Frame Flooding attack. By sending a stream of frames with an empty payload and without the end-of-stream flag, a remote attacker could consume excessive CPU resources. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/164904](<https://exchange.xforce.ibmcloud.com/vulnerabilities/164904>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n**CVEID: **[CVE-2019-9517](<https://vulners.com/cve/CVE-2019-9517>) \n**DESCRIPTION: **Multiple vendors are vulnerable to a denial of service, caused by an Internal Data Buffering attack. By opening the HTTP/2 window so the peer can send without constraint and sending a stream of requests for a large response object, a remote attacker could consume excessive CPU resources. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/165183](<https://exchange.xforce.ibmcloud.com/vulnerabilities/165183>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n**CVEID: **[CVE-2019-9512](<https://vulners.com/cve/CVE-2019-9512>) \n**DESCRIPTION: **Multiple vendors are vulnerable to a denial of service, caused by a Ping Flood attack. By sending continual pings to an HTTP/2 peer, a remote attacker could consume excessive CPU resources. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/164903](<https://exchange.xforce.ibmcloud.com/vulnerabilities/164903>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n**CVEID: **[CVE-2019-9514](<https://vulners.com/cve/CVE-2019-9514>) \n**DESCRIPTION: **Multiple vendors are vulnerable to a denial of service, caused by a Reset Flood attack. By opening a number of streams and sending an invalid request over each stream, a remote attacker could consume excessive CPU resources. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/164640](<https://exchange.xforce.ibmcloud.com/vulnerabilities/164640>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n**CVEID: **[CVE-2019-9513](<https://vulners.com/cve/CVE-2019-9513>) \n**DESCRIPTION: **Multiple vendors are vulnerable to a denial of service, caused by a Resource Loop attack. By creating multiple request streams and continually shuffling the priority of the streams, a remote attacker could consume excessive CPU resources. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/164639](<https://exchange.xforce.ibmcloud.com/vulnerabilities/164639>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s) | Version(s) \n---|--- \nIBM Sterling B2B Integrator | 5.2.6.1 - 5.2.6.5_1 \nIBM Sterling B2B Integrator | 6.0.0.0 - 6.0.3.1 \n \n## Remediation/Fixes\n\n** Product &amp; Version** | ** Remediation &amp; Fix** \n---|--- \n5.2.6.1 - 5.2.6.5_1 | Apply IBM Sterling B2B Integrator version 5.2.6.5_2 or 6.0.3.2 on [Fix Central](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Other%2Bsoftware&product=ibm/Other+software/Sterling+B2B+Integrator&release=All&platform=All&function=all>) \n6.0.0.0 - 6.0.3.1 | Apply IBM Sterling B2B Integrator version 6.0.3.2 on [Fix Central](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Other%2Bsoftware&product=ibm/Other+software/Sterling+B2B+Integrator&release=All&platform=All&function=all>) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-07-24T17:07:55", "type": "ibm", "title": "Security Bulletin: Multiple Security Vulnerabilities in IBM WebSphere Application Server Affect IBM Sterling B2B Integrator", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-4720", "CVE-2019-9512", "CVE-2019-9513", "CVE-2019-9514", "CVE-2019-9515", "CVE-2019-9517", "CVE-2019-9518"], "modified": "2020-07-24T17:07:55", "id": "7F8E6554F6DA398AA724606DE234AF7EF09A532D4299A3D1BE71DF4204B3FCF6", "href": "https://www.ibm.com/support/pages/node/6208037", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-02-24T01:38:57", "description": "## Summary\n\nAPI Connect has addressed the following vulnerabilities.\n\n## Vulnerability Details\n\n**CVEID: **[CVE-2019-9516](<https://vulners.com/cve/CVE-2019-9516>) \n**DESCRIPTION: **Some HTTP/2 implementations are vulnerable to a header leak, potentially leading to a denial of service. The attacker sends a stream of headers with a 0-length header name and 0-length header value, optionally Huffman encoded into 1-byte or greater headers. Some implementations allocate memory for these headers and keep the allocation alive until the session dies. This can consume excess memory. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/165182](<https://exchange.xforce.ibmcloud.com/vulnerabilities/165182>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID: **[CVE-2019-9515](<https://vulners.com/cve/CVE-2019-9515>) \n**DESCRIPTION: **Some HTTP/2 implementations are vulnerable to a settings flood, potentially leading to a denial of service. The attacker sends a stream of SETTINGS frames to the peer. Since the RFC requires that the peer reply with one acknowledgement per SETTINGS frame, an empty SETTINGS frame is almost equivalent in behavior to a ping. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/165181](<https://exchange.xforce.ibmcloud.com/vulnerabilities/165181>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID: **[CVE-2019-9518](<https://vulners.com/cve/CVE-2019-9518>)\n\n**DESCRIPTION: **Some HTTP/2 implementations are vulnerable to a flood of empty frames, potentially leading to a denial of service. The attacker sends a stream of frames with an empty payload and without the end-of-stream flag. These frames can be DATA, HEADERS, CONTINUATION and/or PUSH_PROMISE. The peer spends time processing each frame disproportionate to attack bandwidth. This can consume excess CPU. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/164904](<https://exchange.xforce.ibmcloud.com/vulnerabilities/164904>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID: **[CVE-2019-9517](<https://vulners.com/cve/CVE-2019-9517>) \n**DESCRIPTION: **Some HTTP/2 implementations are vulnerable to unconstrained interal data buffering, potentially leading to a denial of service. The attacker opens the HTTP/2 window so the peer can send without constraint; however, they leave the TCP window closed so the peer cannot actually write (many of) the bytes on the wire. The attacker then sends a stream of requests for a large response object. Depending on how the servers queue the responses, this can consume excess memory, CPU, or both. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/165183](<https://exchange.xforce.ibmcloud.com/vulnerabilities/165183>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID: **[CVE-2019-9512](<https://vulners.com/cve/CVE-2019-9512>)\n\n**DESCRIPTION: **Some HTTP/2 implementations are vulnerable to ping floods, potentially leading to a denial of service. The attacker sends continual pings to an HTTP/2 peer, causing the peer to build an internal queue of responses. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/164903](<https://exchange.xforce.ibmcloud.com/vulnerabilities/164903>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID: **[CVE-2019-9511](<https://vulners.com/cve/CVE-2019-9511>) \n**DESCRIPTION: **Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service. The attacker requests a large amount of data from a specified resource over multiple streams. They manipulate window size and stream priority to force the server to queue the data in 1-byte chunks. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/164638](<https://exchange.xforce.ibmcloud.com/vulnerabilities/164638>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID: **[CVE-2019-9514](<https://vulners.com/cve/CVE-2019-9514>)\n\n**DESCRIPTION: **Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service. The attacker opens a number of streams and sends an invalid request over each stream that should solicit a stream of RST_STREAM frames from the peer. Depending on how the peer queues the RST_STREAM frames, this can consume excess memory, CPU, or both. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/164640](<https://exchange.xforce.ibmcloud.com/vulnerabilities/164640>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID: **[CVE-2019-9513](<https://vulners.com/cve/CVE-2019-9513>) \n**DESCRIPTION: **Some HTTP/2 implementations are vulnerable to resource loops, potentially leading to a denial of service. The attacker creates multiple request streams and continually shuffles the priority of the streams in a way that causes substantial churn to the priority tree. This can consume excess CPU. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/164639](<https://exchange.xforce.ibmcloud.com/vulnerabilities/164639>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s) | Version(s) \n---|--- \nIBM API Connect | 2018.4.1.0-2018.4.1.8 \n \n## Remediation/Fixes\n\nAffected releases | Fixed in VRMF | APAR | Remediation / First Fix \n---|---|---|--- \nIBM API Connect V2018.4.1.0-2018.4.1.8 | \n\nv2018.4.1.9\n\n| \n\nLI81280\n\n| \n\nAddressed in IBM API Connect v2018.4.1.9.\n\nAll components are impacted.\n\nFollow this link and find the package appropriate for the form factor of your installation\n\n[http://www.ibm.com/support/fixcentral/swg/quickorder](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm%7EWebSphere&product=ibm/WebSphere/IBM+API+Connect&release=2018.4.1.8&platform=All&function=all&source=fc>) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-01-02T17:21:42", "type": "ibm", "title": "Security Bulletin: IBM API Connect is vulnerable to denial of service attacks via HTTP/2.", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-9511", "CVE-2019-9512", "CVE-2019-9513", "CVE-2019-9514", "CVE-2019-9515", "CVE-2019-9516", "CVE-2019-9517", "CVE-2019-9518"], "modified": "2020-01-02T17:21:42", "id": "23CDFC767B1F8B0922BC72249E18F4BE7A23A2D5C6AAF52840D8298A30852894", "href": "https://www.ibm.com/support/pages/node/1167160", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-02-23T21:42:01", "description": "## Summary\n\nSecurity vulnerabilities affect Cloud Foundry for IBM Cloud Private - Node.js\n\n## Vulnerability Details\n\n**CVEID:** [CVE-2019-9517](<https://vulners.com/cve/CVE-2019-9517>) \n**DESCRIPTION:** Multiple vendors are vulnerable to a denial of service, caused by an Internal Data Buffering attack. By opening the HTTP/2 window so the peer can send without constraint and sending a stream of requests for a large response object, a remote attacker could consume excessive CPU resources. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/165183> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [CVE-2019-9518](<https://vulners.com/cve/CVE-2019-9518>) \n**DESCRIPTION:** Multiple vendors are vulnerable to a denial of service, caused by a Empty Frame Flooding attack. By sending a stream of frames with an empty payload and without the end-of-stream flag, a remote attacker could consume excessive CPU resources. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/164904> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [CVE-2019-9515](<https://vulners.com/cve/CVE-2019-9515>) \n**DESCRIPTION:** Multiple vendors are vulnerable to a denial of service, caused by a Settings Flood attack. By sending a stream of SETTINGS frames to the peer, a remote attacker could consume excessive CPU resources. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/165181> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [CVE-2019-9516](<https://vulners.com/cve/CVE-2019-9516>) \n**DESCRIPTION:** Multiple vendors are vulnerable to a denial of service, caused by a 0-Length Headers Leak attack. By sending a stream of headers with a 0-length header name and 0-length header value, a remote attacker could consume excessive memory resources. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/165182> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [CVE-2019-9513](<https://vulners.com/cve/CVE-2019-9513>) \n**DESCRIPTION:** Multiple vendors are vulnerable to a denial of service, caused by a Resource Loop attack. By creating multiple request streams and continually shuffling the priority of the streams, a remote attacker could consume excessive CPU resources. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/164639> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [CVE-2019-9514](<https://vulners.com/cve/CVE-2019-9514>) \n**DESCRIPTION:** Multiple vendors are vulnerable to a denial of service, caused by a Reset Flood attack. By opening a number of streams and sending an invalid request over each stream, a remote attacker could consume excessive CPU resources. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/164640> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [CVE-2019-9511](<https://vulners.com/cve/CVE-2019-9511>) \n**DESCRIPTION:** Multiple vendors are vulnerable to a denial of service, caused by a Data Dribble attack. By sending a HTTP/2 request by the HTTP/2 protocol stack (HTTP.sys) for an overly large amount of data from a specified resource over multiple streams, a remote attacker could consume excessive CPU resources. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/164638> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [CVE-2019-9512](<https://vulners.com/cve/CVE-2019-9512>) \n**DESCRIPTION:** Multiple vendors are vulnerable to a denial of service, caused by a Ping Flood attack. By sending continual pings to an HTTP/2 peer, a remote attacker could consume excessive CPU resources. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/164903> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nCloud Foundry for IBM Cloud Private 3.2.0, 3.2.1\n\n## Remediation/Fixes\n\nProduct defect fixes and security updates are only available for the two most recent Continuous Delivery (CD) update packages\n\n * Cloud Foundry for IBM Cloud Private 3.2.0\n * Cloud Foundry for IBM Cloud Private 3.2.1\n\nFor Cloud Foundry for IBM Cloud Private 3.2.0, apply Fix Pack\n\n[Cloud Foundry for IBM Cloud Private 3.2.0 Fix Pack](<https://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm%2FWebSphere%2FIBM+Cloud+Private&fixids=icp-cf-3.2.0-build533147-32913&source=myna&myns=swgother&mynp=OCSSBS6K&mync=E&cm_sp=swgother-_-OCSSBS6K-_-E&function=fixId&parent=ibm/WebSphere>)\n\nFor Cloud Foundry for IBM Cloud Private 3.2.1, apply Fix Pack\n\n[Cloud Foundry for IBM Cloud Private 3.2.1 Fix Pack](<https://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm%2FWebSphere%2FIBM+Cloud+Private&fixids=icp-cf-3.2.1-build533149-32938&source=myna&myns=swgother&mynp=OCSSBS6K&mync=E&cm_sp=swgother-_-OCSSBS6K-_-E&function=fixId&parent=ibm/WebSphere>)\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-11-24T13:26:25", "type": "ibm", "title": "Security Bulletin: Security Vulnerabilities affect Cloud Foundry for IBM Cloud Private - Node.js", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-9511", "CVE-2019-9512", "CVE-2019-9513", "CVE-2019-9514", "CVE-2019-9515", "CVE-2019-9516", "CVE-2019-9517", "CVE-2019-9518"], "modified": "2019-11-24T13:26:25", "id": "4CE6EF5A931E1DD71173744E63FA5B598713F2EB1EFE22E55E4D35D7659268AA", "href": "https://www.ibm.com/support/pages/node/1074981", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-02-24T01:39:13", "description": "## Summary\n\nSecurity vulnerability in IBM WebSphere Application Server affects IBM Voice Gateway\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2019-4441](<https://vulners.com/cve/CVE-2019-4441>) \n** DESCRIPTION: **IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0, and Liberty could allow a remote attacker to obtain sensitive information when a stack trace is returned in the browser. IBM X-Force ID: 163177. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/163177](<https://exchange.xforce.ibmcloud.com/vulnerabilities/163177>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n \n** CVEID: **[CVE-2019-4305](<https://vulners.com/cve/CVE-2019-4305>) \n** DESCRIPTION: **IBM WebSphere Application Server Liberty could allow a remote attacker to obtain sensitive information caused by the improper setting of a cookie. IBM X-Force ID: 160951. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/160951](<https://exchange.xforce.ibmcloud.com/vulnerabilities/160951>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n \n** CVEID: **[CVE-2019-9518](<https://vulners.com/cve/CVE-2019-9518>) \n** DESCRIPTION: **Some HTTP/2 implementations are vulnerable to a flood of empty frames, potentially leading to a denial of service. The attacker sends a stream of frames with an empty payload and without the end-of-stream flag. These frames can be DATA, HEADERS, CONTINUATION and/or PUSH_PROMISE. The peer spends time processing each frame disproportionate to attack bandwidth. This can consume excess CPU. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/164904](<https://exchange.xforce.ibmcloud.com/vulnerabilities/164904>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n \n** CVEID: **[CVE-2019-9517](<https://vulners.com/cve/CVE-2019-9517>) \n** DESCRIPTION: **Some HTTP/2 implementations are vulnerable to unconstrained interal data buffering, potentially leading to a denial of service. The attacker opens the HTTP/2 window so the peer can send without constraint; however, they leave the TCP window closed so the peer cannot actually write (many of) the bytes on the wire. The attacker then sends a stream of requests for a large response object. Depending on how the servers queue the responses, this can consume excess memory, CPU, or both. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/165183](<https://exchange.xforce.ibmcloud.com/vulnerabilities/165183>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n \n** CVEID: **[CVE-2019-9515](<https://vulners.com/cve/CVE-2019-9515>) \n** DESCRIPTION: **Some HTTP/2 implementations are vulnerable to a settings flood, potentially leading to a denial of service. The attacker sends a stream of SETTINGS frames to the peer. Since the RFC requires that the peer reply with one acknowledgement per SETTINGS frame, an empty SETTINGS frame is almost equivalent in behavior to a ping. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/165181](<https://exchange.xforce.ibmcloud.com/vulnerabilities/165181>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n \n** CVEID: **[CVE-2019-9514](<https://vulners.com/cve/CVE-2019-9514>) \n** DESCRIPTION: **Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service. The attacker opens a number of streams and sends an invalid request over each stream that should solicit a stream of RST_STREAM frames from the peer. Depending on how the peer queues the RST_STREAM frames, this can consume excess memory, CPU, or both. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/164640](<https://exchange.xforce.ibmcloud.com/vulnerabilities/164640>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n \n** CVEID: **[CVE-2019-9513](<https://vulners.com/cve/CVE-2019-9513>) \n** DESCRIPTION: **Some HTTP/2 implementations are vulnerable to resource loops, potentially leading to a denial of service. The attacker creates multiple request streams and continually shuffles the priority of the streams in a way that causes substantial churn to the priority tree. This can consume excess CPU. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/164639](<https://exchange.xforce.ibmcloud.com/vulnerabilities/164639>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n \n** CVEID: **[CVE-2019-9512](<https://vulners.com/cve/CVE-2019-9512>) \n** DESCRIPTION: **Some HTTP/2 implementations are vulnerable to ping floods, potentially leading to a denial of service. The attacker sends continual pings to an HTTP/2 peer, causing the peer to build an internal queue of responses. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/164903](<https://exchange.xforce.ibmcloud.com/vulnerabilities/164903>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nVoice Gateway| 1.0.2-1.0.3 \n \n## Remediation/Fixes\n\nUpgrade to IBM Voice Gateway 1.0.4.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-12-20T08:47:33", "type": "ibm", "title": "Security Bulletin: Security vulnerability in IBM WebSphere Application Server affects IBM Voice Gateway", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-4305", "CVE-2019-4441", "CVE-2019-9512", "CVE-2019-9513", "CVE-2019-9514", "CVE-2019-9515", "CVE-2019-9517", "CVE-2019-9518"], "modified": "2019-12-20T08:47:33", "id": "AA14C55AF4A5BFC3A22C9FAA8B34E0E1647B4C350DBEC1C6DC6BB8AF16DDF7F3", "href": "https://www.ibm.com/support/pages/node/1127853", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-02-23T21:43:59", "description": "## Summary\n\nThere are multiple vulnerabilities in Node.js used by IBM Spectrum LSF Suite, IBM Spectrum LSF Suite for HPA and Spectrum LSF Explorer.\n\n## Vulnerability Details\n\n**CVE-ID:** [CVE-2019-9511](<https://vulners.com/cve/CVE-2019-9511>)\n\n**Description:** Multiple vendors are vulnerable to a denial of service, caused by a Data Dribble attack. By sending a HTTP/2 request by the HTTP/2 protocol stack (HTTP.sys) for an overly large amount of data from a specified resource over multiple streams, a remote attacker could consume excessive CPU resources. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: <https://exchange.xforce.ibmcloud.com/vulnerabilities/164638> for more information \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVE-ID:** [CVE-2019-9512](<https://vulners.com/cve/CVE-2019-9512>) \n**Description:** Multiple vendors are vulnerable to a denial of service, caused by a Ping Flood attack. By sending continual pings to an HTTP/2 peer, a remote attacker could consume excessive CPU resources. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: <https://exchange.xforce.ibmcloud.com/vulnerabilities/164903> for more information \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVE-ID:** [CVE-2019-9513](<https://vulners.com/cve/CVE-2019-9513>) \n**Description:** Multiple vendors are vulnerable to a denial of service, caused by a Resource Loop attack. By creating multiple request streams and continually shuffling the priority of the streams, a remote attacker could consume excessive CPU resources. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: <https://exchange.xforce.ibmcloud.com/vulnerabilities/164639> for more information \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVE-ID:** [CVE-2019-9514](<https://vulners.com/cve/CVE-2019-9514>) \n**Description:** Multiple vendors are vulnerable to a denial of service, caused by a Reset Flood attack. By opening a number of streams and sending an invalid request over each stream, a remote attacker could consume excessive CPU resources. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: <https://exchange.xforce.ibmcloud.com/vulnerabilities/164640> for more information \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVE-ID:** [CVE-2019-9515](<https://vulners.com/cve/CVE-2019-9515>) \n**Description:** Multiple vendors are vulnerable to a denial of service, caused by a Settings Flood attack. By sending a stream of SETTINGS frames to the peer, a remote attacker could consume excessive CPU resources. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: <https://exchange.xforce.ibmcloud.com/vulnerabilities/165181> for more information \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVE-ID:** [CVE-2019-9516](<https://vulners.com/cve/CVE-2019-9516>) \n**Description: **Multiple vendors are vulnerable to a denial of service, caused by a 0-Length Headers Leak attack. By sending a stream of headers with a 0-length header name and 0-length header value, a remote attacker could consume excessive memory resources. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: <https://exchange.xforce.ibmcloud.com/vulnerabilities/165182> for more information \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVE-ID:** [CVE-2019-9517](<https://vulners.com/cve/CVE-2019-9517>) \n**Description: **Multiple vendors are vulnerable to a denial of service, caused by an Internal Data Buffering attack. By opening the HTTP/2 window so the peer can send without constraint and sending a stream of requests for a large response object, a remote attacker could consume excessive CPU resources. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: <https://exchange.xforce.ibmcloud.com/vulnerabilities/165183> for more information \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVE-ID: **[CVE-2019-9518](<https://vulners.com/cve/CVE-2019-9518>) \n**Description:** Multiple vendors are vulnerable to a denial of service, caused by a Empty Frame Flooding attack. By sending a stream of frames with an empty payload and without the end-of-stream flag, a remote attacker could consume excessive CPU resources. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: <https://exchange.xforce.ibmcloud.com/vulnerabilities/164904> for more information \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nSpectrum LSF Suite 10.2, Spectrum LSF Suite for HPA 10.2, Spectrum LSF Explorer 10.2\n\n## Remediation/Fixes\n\nProduct | VRMF | APAR | Remediation/First Fix \n---|---|---|--- \n \nSpectrum LSF Suite\n\nSpectrum LSF Suite for HPA\n\nSpectrum LSF Explorer\n\n| 10.2 | None | 1\\. Download Node.js v8.16.1 from: https://nodejs.org/en/blog/release/v8.16.1/. (The following steps use x86_64 as an example.) \n2\\. Copy the package into the Explorer Server host. \n3\\. On the Explorer Server host, stop webgui and explorer services. \n4\\. On the Explorer Server host, extract new files and replace old files in the following directory: \n$GUI_TOP/3.0/node \n5\\. On the Explorer Server host, start webgui and explorer services on demand. \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-09-13T05:05:01", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in Node.js affect IBM Spectrum LSF Suite, IBM Spectrum LSF Suite for HPA, and Spectrum LSF Explorer", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-9511", "CVE-2019-9512", "CVE-2019-9513", "CVE-2019-9514", "CVE-2019-9515", "CVE-2019-9516", "CVE-2019-9517", "CVE-2019-9518"], "modified": "2019-09-13T05:05:01", "id": "AD33C8416886BAB2F73A27CEC866FC53237919C38EA90303DC32F930AE4BF0E5", "href": "https://www.ibm.com/support/pages/node/1071820", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-06-24T05:59:20", "description": "## Summary\n\nSecurity vulnerabilities have been reported for IBM SDK for Node.js. IBM Business Automation Workflow and IBM BPM include a stand-alone tool for editing configuration properties files that is based on IBM SDK for Node.js.\n\n## Vulnerability Details\n\n**CVEID:** [CVE-2019-9517](<https://vulners.com/cve/CVE-2019-9517>) \n**DESCRIPTION:** Multiple vendors are vulnerable to a denial of service, caused by an Internal Data Buffering attack. By opening the HTTP/2 window so the peer can send without constraint and sending a stream of requests for a large response object, a remote attacker could consume excessive CPU resources. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/165183> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [CVE-2019-9518](<https://vulners.com/cve/CVE-2019-9518>) \n**DESCRIPTION:** Multiple vendors are vulnerable to a denial of service, caused by a Empty Frame Flooding attack. By sending a stream of frames with an empty payload and without the end-of-stream flag, a remote attacker could consume excessive CPU resources. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/164904> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [CVE-2019-9515](<https://vulners.com/cve/CVE-2019-9515>) \n**DESCRIPTION:** Multiple vendors are vulnerable to a denial of service, caused by a Settings Flood attack. By sending a stream of SETTINGS frames to the peer, a remote attacker could consume excessive CPU resources. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/165181> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [CVE-2019-9516](<https://vulners.com/cve/CVE-2019-9516>) \n**DESCRIPTION:** Multiple vendors are vulnerable to a denial of service, caused by a 0-Length Headers Leak attack. By sending a stream of headers with a 0-length header name and 0-length header value, a remote attacker could consume excessive memory resources. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/165182> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [CVE-2019-9513](<https://vulners.com/cve/CVE-2019-9513>) \n**DESCRIPTION:** Multiple vendors are vulnerable to a denial of service, caused by a Resource Loop attack. By creating multiple request streams and continually shuffling the priority of the streams, a remote attacker could consume excessive CPU resources. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/164639> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [CVE-2019-9514](<https://vulners.com/cve/CVE-2019-9514>) \n**DESCRIPTION:** Multiple vendors are vulnerable to a denial of service, caused by a Reset Flood attack. By opening a number of streams and sending an invalid request over each stream, a remote attacker could consume excessive CPU resources. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/164640> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [CVE-2019-9511](<https://vulners.com/cve/CVE-2019-9511>) \n**DESCRIPTION:** Multiple vendors are vulnerable to a denial of service, caused by a Data Dribble attack. By sending a HTTP/2 request by the HTTP/2 protocol stack (HTTP.sys) for an overly large amount of data from a specified resource over multiple streams, a remote attacker could consume excessive CPU resources. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/164638> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [CVE-2019-9512](<https://vulners.com/cve/CVE-2019-9512>) \n**DESCRIPTION:** Multiple vendors are vulnerable to a denial of service, caused by a Ping Flood attack. By sending continual pings to an HTTP/2 peer, a remote attacker could consume excessive CPU resources. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/164903> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\n\\- IBM Business Automation Workflow V18.0.0.0 through V19.0.0.2\n\n\\- IBM Business Process Manager V8.6.0.0 through V8.6.0.0 Cumulative Fix 2018.03\n\n\\- IBM Business Process Manager V8.5.7.0 through V8.5.7.0 Cumulative Fix 2017.06\n\n\\- IBM Business Process Manager V8.5.6.0 through V8.5.6.0 CF2\n\n\\- IBM Business Process Manager V8.5.5.0\n\n## Remediation/Fixes\n\nInstall interim fix [JR61422](<http://www.ibm.com/support/docview.wss?uid=swg1JR61422>) as appropriate for your current IBM Business Automation Workflow or IBM BPM version.\n\n * [IBM Business Automation Workflow](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/WebSphere/IBM+Business+Automation+Workflow&release=All&platform=All&function=aparId&apars=JR61422>)\n * [IBM Business Process Manager Advanced](<http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/WebSphere/IBM+Business+Process+Manager+Advanced&release=All&platform=All&function=aparId&apars=JR61422>)\n * [IBM Business Process Manager Standard](<http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/WebSphere/IBM+Business+Process+Manager+Standard&release=All&platform=All&function=aparId&apars=JR61422>)\n * [IBM Business Process Manager Express](<http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/WebSphere/IBM+Business+Process+Manager+Express&release=All&platform=All&function=aparId&apars=JR61422>)\n\n \n**For IBM Business Automation Workflow V18.0.0.0 through V19.0.0.2** \n\u00b7 Upgrade to at least IBM Business Automation Workflow V18.0.0.1 as required by iFix and then apply iFix [JR61422](<http://www.ibm.com/support/docview.wss?uid=swg1JR61422>) \n\\--OR-- \n**\u00b7** Apply cumulative fix IBM Business Automation Workflow V19.0.0.3 (planned for end of Q4 2019) \n \n**For IBM BPM V8.6.0.0 through V8.6.0.0 CF 2018.03** \n\u00b7 Upgrade to at least IBM BPM V8.6.0.0 CF 2017.12 as required by iFix and then apply iFix [JR61422](<http://www.ibm.com/support/docview.wss?uid=swg1JR61422>) \n \n**For IBM BPM V8.5.7.0 through V8.5.7.0 CF 2017.06** \n\u00b7 Apply [Cumulative Fix 2017.06](<http://www.ibm.com/support/docview.wss?uid=swg24043591>) and then apply iFix [JR61422](<http://www.ibm.com/support/docview.wss?uid=swg1JR61422>) \n \n**For IBM BPM V8.5.6.0 through V8.5.6.0 CF2** \n\u00b7 Apply [CF2](<http://www-01.ibm.com/support/docview.wss?uid=swg24041303>) as required by iFix and then apply iFix [JR61422](<http://www.ibm.com/support/docview.wss?uid=swg1JR61422>) \n \n**For IBM BPM V8.5.5.0** \n\u00b7 Apply iFix [JR61422](<http://www.ibm.com/support/docview.wss?uid=swg1JR61422>)\n\n## Workarounds and Mitigations\n\n[IBM BPM Configuration Editor](<http://www.ibm.com/support/knowledgecenter/SSFTDH_8.5.7/com.ibm.wbpm.imuc.ebpmps.doc/topics/tcfg_edit_win_db2.html>) is a stand-alone tool for editing properties file. Use a standard text file editor instead.\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-09-14T15:02:20", "type": "ibm", "title": "Security Bulletin: Security vulnerabilities in IBM SDK for Node.js might affect the configuration editor used by IBM Business Automation Workflow and IBM Business Process Manager (BPM)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-9511", "CVE-2019-9512", "CVE-2019-9513", "CVE-2019-9514", "CVE-2019-9515", "CVE-2019-9516", "CVE-2019-9517", "CVE-2019-9518"], "modified": "2022-09-14T15:02:20", "id": "0417036025FD6A189EE42ABF0BD8858E873D012FB5A3D9F9BF5C94F081CDDEB5", "href": "https://www.ibm.com/support/pages/node/1072590", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-02-23T21:42:20", "description": "## Summary\n\nSecurity Bulletin: Version 8.15.0 of Node.js included in IBM Cloud Event Management 2.3.0 has several security vulnerabilities).\n\n## Vulnerability Details\n\nCVE-ID: CVE-2019-9516 \nDescription: Multiple vendors are vulnerable to a denial of service, caused by a 0-Length Headers Leak attack. By sending a stream of headers with a 0-length header name and 0-length header value, a remote attacker could consume excessive memory resources. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: <https://exchange.xforce.ibmcloud.com/vulnerabilities/165182> for more information \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \nCVE-ID: CVE-2019-9515 \nDescription: Multiple vendors are vulnerable to a denial of service, caused by a Settings Flood attack. By sending a stream of SETTINGS frames to the peer, a remote attacker could consume excessive CPU resources. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: <https://exchange.xforce.ibmcloud.com/vulnerabilities/165181> for more information \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \nCVE-ID: CVE-2019-9518 \nDescription: Multiple vendors are vulnerable to a denial of service, caused by a Empty Frame Flooding attack. By sending a stream of frames with an empty payload and without the end-of-stream flag, a remote attacker could consume excessive CPU resources. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: <https://exchange.xforce.ibmcloud.com/vulnerabilities/164904> for more information \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \nCVE-ID: CVE-2019-9517 \nDescription: Multiple vendors are vulnerable to a denial of service, caused by an Internal Data Buffering attack. By opening the HTTP/2 window so the peer can send without constraint and sending a stream of requests for a large response object, a remote attacker could consume excessive CPU resources. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: <https://exchange.xforce.ibmcloud.com/vulnerabilities/165183> for more information \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \nCVE-ID: CVE-2019-9512 \nDescription: Multiple vendors are vulnerable to a denial of service, caused by a Ping Flood attack. By sending continual pings to an HTTP/2 peer, a remote attacker could consume excessive CPU resources. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: <https://exchange.xforce.ibmcloud.com/vulnerabilities/164903> for more information \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \nCVE-ID: CVE-2019-9511 \nDescription: Multiple vendors are vulnerable to a denial of service, caused by a Data Dribble attack. By sending a HTTP/2 request by the HTTP/2 protocol stack (HTTP.sys) for an overly large amount of data from a specified resource over multiple streams, a remote attacker could consume excessive CPU resources. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: <https://exchange.xforce.ibmcloud.com/vulnerabilities/164638> for more information \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \nCVE-ID: CVE-2019-9514 \nDescription: Multiple vendors are vulnerable to a denial of service, caused by a Reset Flood attack. By opening a number of streams and sending an invalid request over each stream, a remote attacker could consume excessive CPU resources. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: <https://exchange.xforce.ibmcloud.com/vulnerabilities/164640> for more information \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \nCVE-ID: CVE-2019-9513 \nDescription: Multiple vendors are vulnerable to a denial of service, caused by a Resource Loop attack. By creating multiple request streams and continually shuffling the priority of the streams, a remote attacker could consume excessive CPU resources. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: <https://exchange.xforce.ibmcloud.com/vulnerabilities/164639> for more information \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nIBM Cloud Event Management on IBM Cloud Private Version 2.3.0\n\n## Remediation/Fixes\n\nIBM Cloud Event Management on IBM Cloud Private Version 2.4.0 includes the Node.js fix for this vulnerability. Please see IBM Support for IBM Cloud Event Management on IBM Cloud Private: <https://www-01.ibm.com/support/docview.wss?uid=ibm10732317>\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-10-18T05:05:02", "type": "ibm", "title": "Security Bulletin: Version 8.15.0 of Node.js included in IBM Cloud Event Management 2.3.0 has several security vulnerabilities.", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-9511", "CVE-2019-9512", "CVE-2019-9513", "CVE-2019-9514", "CVE-2019-9515", "CVE-2019-9516", "CVE-2019-9517", "CVE-2019-9518"], "modified": "2019-10-18T05:05:02", "id": "C1504E0331CDD1C6C93994699BA298E6DF006D6E0CC8A8E4231997AD972A13FD", "href": "https://www.ibm.com/support/pages/node/1078209", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-02-24T01:39:59", "description": "## Summary\n\nIBM Cloud Transformation Advisor has addressed the following vulnerabilities in Node.js (CVE-2019-9511, CVE-2019-9516, CVE-2019-9512, CVE-2019-9517, CVE-2019-9518, CVE-2019-9515, CVE-2019-9513, CVE-2019-9514)\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2019-9511](<https://vulners.com/cve/CVE-2019-9511>) \n** DESCRIPTION: **Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service. The attacker requests a large amount of data from a specified resource over multiple streams. They manipulate window size and stream priority to force the server to queue the data in 1-byte chunks. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/164638](<https://exchange.xforce.ibmcloud.com/vulnerabilities/164638>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n \n** CVEID: **[CVE-2019-9516](<https://vulners.com/cve/CVE-2019-9516>) \n** DESCRIPTION: **Some HTTP/2 implementations are vulnerable to a header leak, potentially leading to a denial of service. The attacker sends a stream of headers with a 0-length header name and 0-length header value, optionally Huffman encoded into 1-byte or greater headers. Some implementations allocate memory for these headers and keep the allocation alive until the session dies. This can consume excess memory. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/165182](<https://exchange.xforce.ibmcloud.com/vulnerabilities/165182>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n \n** CVEID: **[CVE-2019-9512](<https://vulners.com/cve/CVE-2019-9512>) \n** DESCRIPTION: **Some HTTP/2 implementations are vulnerable to ping floods, potentially leading to a denial of service. The attacker sends continual pings to an HTTP/2 peer, causing the peer to build an internal queue of responses. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/164903](<https://exchange.xforce.ibmcloud.com/vulnerabilities/164903>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n \n** CVEID: **[CVE-2019-9517](<https://vulners.com/cve/CVE-2019-9517>) \n** DESCRIPTION: **Some HTTP/2 implementations are vulnerable to unconstrained interal data buffering, potentially leading to a denial of service. The attacker opens the HTTP/2 window so the peer can send without constraint; however, they leave the TCP window closed so the peer cannot actually write (many of) the bytes on the wire. The attacker then sends a stream of requests for a large response object. Depending on how the servers queue the responses, this can consume excess memory, CPU, or both. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/165183](<https://exchange.xforce.ibmcloud.com/vulnerabilities/165183>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n \n** CVEID: **[CVE-2019-9518](<https://vulners.com/cve/CVE-2019-9518>) \n** DESCRIPTION: **Some HTTP/2 implementations are vulnerable to a flood of empty frames, potentially leading to a denial of service. The attacker sends a stream of frames with an empty payload and without the end-of-stream flag. These frames can be DATA, HEADERS, CONTINUATION and/or PUSH_PROMISE. The peer spends time processing each frame disproportionate to attack bandwidth. This can consume excess CPU. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/164904](<https://exchange.xforce.ibmcloud.com/vulnerabilities/164904>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n \n** CVEID: **[CVE-2019-9515](<https://vulners.com/cve/CVE-2019-9515>) \n** DESCRIPTION: **Some HTTP/2 implementations are vulnerable to a settings flood, potentially leading to a denial of service. The attacker sends a stream of SETTINGS frames to the peer. Since the RFC requires that the peer reply with one acknowledgement per SETTINGS frame, an empty SETTINGS frame is almost equivalent in behavior to a ping. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/165181](<https://exchange.xforce.ibmcloud.com/vulnerabilities/165181>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n \n** CVEID: **[CVE-2019-9513](<https://vulners.com/cve/CVE-2019-9513>) \n** DESCRIPTION: **Some HTTP/2 implementations are vulnerable to resource loops, potentially leading to a denial of service. The attacker creates multiple request streams and continually shuffles the priority of the streams in a way that causes substantial churn to the priority tree. This can consume excess CPU. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/164639](<https://exchange.xforce.ibmcloud.com/vulnerabilities/164639>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n \n** CVEID: **[CVE-2019-9514](<https://vulners.com/cve/CVE-2019-9514>) \n** DESCRIPTION: **Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service. The attacker opens a number of streams and sends an invalid request over each stream that should solicit a stream of RST_STREAM frames from the peer. Depending on how the peer queues the RST_STREAM frames, this can consume excess memory, CPU, or both. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/164640](<https://exchange.xforce.ibmcloud.com/vulnerabilities/164640>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Cloud Transformation Advisor| 2.0.1 \n \n\n\n## Remediation/Fixes\n\nUpgrade to 2.0.2 or later.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-12-17T14:40:53", "type": "ibm", "title": "Security Bulletin: IBM Cloud Transformation Advisor is affected by a Node.js vulnerabilities", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-9511", "CVE-2019-9512", "CVE-2019-9513", "CVE-2019-9514", "CVE-2019-9515", "CVE-2019-9516", "CVE-2019-9517", "CVE-2019-9518"], "modified": "2019-12-17T14:40:53", "id": "44289E9AFA262B32B9B340C2E5063B6A6A7C857ECC454752758C62450EDDB5A1", "href": "https://www.ibm.com/support/pages/node/1137466", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-06-07T21:42:36", "description": "## Summary\n\nThere is a vulnerability in http2-common that could allow an attacker to launch a DOS attack. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2019-9517](<https://vulners.com/cve/CVE-2019-9517>) \n** DESCRIPTION: **Multiple vendors are vulnerable to a denial of service, caused by an Internal Data Buffering attack. By opening the HTTP/2 window so the peer can send without constraint and sending a stream of requests for a large response object, a remote attacker could consume excessive CPU resources. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/165183](<https://exchange.xforce.ibmcloud.com/vulnerabilities/165183>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2019-9513](<https://vulners.com/cve/CVE-2019-9513>) \n** DESCRIPTION: **Multiple vendors are vulnerable to a denial of service, caused by a Resource Loop attack. By creating multiple request streams and continually shuffling the priority of the streams, a remote attacker could consume excessive CPU resources. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/164639](<https://exchange.xforce.ibmcloud.com/vulnerabilities/164639>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2019-9516](<https://vulners.com/cve/CVE-2019-9516>) \n** DESCRIPTION: **Multiple vendors are vulnerable to a denial of service, caused by a 0-Length Headers Leak attack. By sending a stream of headers with a 0-length header name and 0-length header value, a remote attacker could consume excessive memory resources. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/165182](<https://exchange.xforce.ibmcloud.com/vulnerabilities/165182>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2019-9512](<https://vulners.com/cve/CVE-2019-9512>) \n** DESCRIPTION: **Multiple vendors are vulnerable to a denial of service, caused by a Ping Flood attack. By sending continual pings to an HTTP/2 peer, a remote attacker could consume excessive CPU resources. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/164903](<https://exchange.xforce.ibmcloud.com/vulnerabilities/164903>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2019-9515](<https://vulners.com/cve/CVE-2019-9515>) \n** DESCRIPTION: **Multiple vendors are vulnerable to a denial of service, caused by a Settings Flood attack. By sending a stream of SETTINGS frames to the peer, a remote attacker could consume excessive CPU resources. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/165181](<https://exchange.xforce.ibmcloud.com/vulnerabilities/165181>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2019-9511](<https://vulners.com/cve/CVE-2019-9511>) \n** DESCRIPTION: **Multiple vendors are vulnerable to a denial of service, caused by a Data Dribble attack. By sending a HTTP/2 request by the HTTP/2 protocol stack (HTTP.sys) for an overly large amount of data from a specified resource over multiple streams, a remote attacker could consume excessive CPU resources. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/164638](<https://exchange.xforce.ibmcloud.com/vulnerabilities/164638>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2019-9518](<https://vulners.com/cve/CVE-2019-9518>) \n** DESCRIPTION: **Multiple vendors are vulnerable to a denial of service, caused by a Empty Frame Flooding attack. By sending a stream of frames with an empty payload and without the end-of-stream flag, a remote attacker could consume excessive CPU resources. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/164904](<https://exchange.xforce.ibmcloud.com/vulnerabilities/164904>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2019-9514](<https://vulners.com/cve/CVE-2019-9514>) \n** DESCRIPTION: **Multiple vendors are vulnerable to a denial of service, caused by a Reset Flood attack. By opening a number of streams and sending an invalid request over each stream, a remote attacker could consume excessive CPU resources. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/164640](<https://exchange.xforce.ibmcloud.com/vulnerabilities/164640>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Process Mining| 1.12.03 \n \n## Remediation/Fixes\n\n**Remediation/Fixes guidance**:\n\n**Product(s)**| **Version(s) number and/or range **| **Remediation/Fix/Instructions** \n---|---|--- \nIBM Process Mining| 1.12.0.3| \n\n**Upgrade to version [1.12.0.4](<https://www.ibm.com/support/pages/node/6518908> \"1.12.0.4\" )** \n \n1.Login to [PassPortAdvantage](<https://www-112.ibm.com/software/howtobuy/passportadvantage/homepage/paocustomer> \"\" ) \n \n2\\. Search for \n**M05JKML** Process Mining 1.12.0.4 Server Multiplatform Multilingual \n \n3\\. Download package\n\n4\\. Follow install instructions \n \n5\\. Repeat for **M05JJML** Process Mining 1.12.0.4 Client Windows Multilingual \n \n| | \n \n## Workarounds and Mitigations\n\nNone known\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2023-02-01T21:57:55", "type": "ibm", "title": "Security Bulletin: Vulnerability in http2-common affects IBM Process Mining (Multiple CVEs)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-9511", "CVE-2019-9512", "CVE-2019-9513", "CVE-2019-9514", "CVE-2019-9515", "CVE-2019-9516", "CVE-2019-9517", "CVE-2019-9518"], "modified": "2023-02-01T21:57:55", "id": "9EF402A843CFBDB359E8B74AAD869683BC0B3E2869ACDA8CA89782199936D069", "href": "https://www.ibm.com/support/pages/node/6574065", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-02-23T21:42:54", "description": "## Summary\n\nNode.js, as well as many other implementations of HTTP/2, have been found vulnerable to Denial of Service attacks. \n\n## Vulnerability Details\n\n**CVEID:** [CVE-2019-9517](<https://vulners.com/cve/CVE-2019-9517>) \n**DESCRIPTION:** Multiple vendors are vulnerable to a denial of service, caused by an Internal Data Buffering attack. By opening the HTTP/2 window so the peer can send without constraint and sending a stream of requests for a large response object, a remote attacker could consume excessive CPU resources. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/165183> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [CVE-2019-9518](<https://vulners.com/cve/CVE-2019-9518>) \n**DESCRIPTION:** Multiple vendors are vulnerable to a denial of service, caused by a Empty Frame Flooding attack. By sending a stream of frames with an empty payload and without the end-of-stream flag, a remote attacker could consume excessive CPU resources. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/164904> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [CVE-2019-9515](<https://vulners.com/cve/CVE-2019-9515>) \n**DESCRIPTION:** Multiple vendors are vulnerable to a denial of service, caused by a Settings Flood attack. By sending a stream of SETTINGS frames to the peer, a remote attacker could consume excessive CPU resources. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/165181> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [CVE-2019-9516](<https://vulners.com/cve/CVE-2019-9516>) \n**DESCRIPTION:** Multiple vendors are vulnerable to a denial of service, caused by a 0-Length Headers Leak attack. By sending a stream of headers with a 0-length header name and 0-length header value, a remote attacker could consume excessive memory resources. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/165182> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [CVE-2019-9513](<https://vulners.com/cve/CVE-2019-9513>) \n**DESCRIPTION:** Multiple vendors are vulnerable to a denial of service, caused by a Resource Loop attack. By creating multiple request streams and continually shuffling the priority of the streams, a remote attacker could consume excessive CPU resources. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/164639> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [CVE-2019-9514](<https://vulners.com/cve/CVE-2019-9514>) \n**DESCRIPTION:** Multiple vendors are vulnerable to a denial of service, caused by a Reset Flood attack. By opening a number of streams and sending an invalid request over each stream, a remote attacker could consume excessive CPU resources. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/164640> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [CVE-2019-9511](<https://vulners.com/cve/CVE-2019-9511>) \n**DESCRIPTION:** Multiple vendors are vulnerable to a denial of service, caused by a Data Dribble attack. By sending a HTTP/2 request by the HTTP/2 protocol stack (HTTP.sys) for an overly large amount of data from a specified resource over multiple streams, a remote attacker could consume excessive CPU resources. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/164638> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [CVE-2019-9512](<https://vulners.com/cve/CVE-2019-9512>) \n**DESCRIPTION:** Multiple vendors are vulnerable to a denial of service, caused by a Ping Flood attack. By sending continual pings to an HTTP/2 peer, a remote attacker could consume excessive CPU resources. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/164903> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nThese vulnerabilities affect Node.js v8.15.1 and earlier releases.\n\nThese vulnerabilities affect Node.js v10.15.2 and earlier releases. \n\nThese vulnerabilities affect Node.js v12.7.1 and earlier releases. \n \nThrough the command-line Cloud Foundry client run the following command: \n \n**cf ssh &lt;appname&gt; -c \"cat staging_info.yml\"** \n \nLook for the following lines: \n{\"detected_buildpack\":\"SDK for Node.js(TM) (node.js-xxx, buildpack-v3.xxx)\",\"start_command\":\"./vendor/initial_startup.rb\"} \n \nIf the Node.js engine version is not at least v8.16.1 or v10.16.3 or v12.8.1 your application may be vulnerable.\n\n## Remediation/Fixes\n\nThe fixes for these vulnerabilities are included in Node.js v8.16.1and subsequent releases. \nThe fixes for these vulnerabilities are included in Node.js v10.16.3 and subsequent releases.\n\nThe fixes for these vulnerabilities are included in Node.js v12.8.1 and subsequent releases. \n \nTo upgrade to the latest version of the Node.js runtime, please specify the latest Node.js runtime in your package.json file for your application:\n \n \n \"engines\": { \n \"node\": \">=8.16.1 <10.0.0\" \n }, \n or \n \"engines\": { \n \"node\": \">=10.16.3 <12.0.0\" \n }, \n \n or \n \"engines\": { \n \"node\": \">=12.8.1\" \n },\n \n You will then need to restage (or re-push) your application using the IBM SDK for Node.js Buildpack v4.0.\n\n## Workarounds and Mitigations\n\nNone.\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-10-07T14:32:39", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities affect IBM\u00ae SDK for Node.js\u2122 in IBM Cloud", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-9511", "CVE-2019-9512", "CVE-2019-9513", "CVE-2019-9514", "CVE-2019-9515", "CVE-2019-9516", "CVE-2019-9517", "CVE-2019-9518"], "modified": "2019-10-07T14:32:39", "id": "E9C1563BAEC9B59E1E748133D7FABB312739ADA716F044B1BE4F21A9D985F2B8", "href": "https://www.ibm.com/support/pages/node/1074450", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-06-24T06:09:04", "description": "## Summary\n\nNode.js denial of service vulnerabilities affect IBM Spectrum Control (formerly Tivoli Storage Productivity Center).\n\n## Vulnerability Details\n\nCVE-ID: CVE-2019-9511 \nDescription: Multiple vendors are vulnerable to a denial of service, caused by a Data Dribble attack. By sending a HTTP/2 request by the HTTP/2 protocol stack (HTTP.sys) for an overly large amount of data from a specified resource over multiple streams, a remote attacker could consume excessive CPU resources. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: <https://exchange.xforce.ibmcloud.com/vulnerabilities/164638> for more information \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\nCVE-ID: CVE-2019-9512 \nDescription: Multiple vendors are vulnerable to a denial of service, caused by a Ping Flood attack. By sending continual pings to an HTTP/2 peer, a remote attacker could consume excessive CPU resources. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: <https://exchange.xforce.ibmcloud.com/vulnerabilities/164903> for more information \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\nCVE-ID: CVE-2019-9513 \nDescription: Multiple vendors are vulnerable to a denial of service, caused by a Resource Loop attack. By creating multiple request streams and continually shuffling the priority of the streams, a remote attacker could consume excessive CPU resources. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: <https://exchange.xforce.ibmcloud.com/vulnerabilities/164639> for more information \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\nCVE-ID: CVE-2019-9514 \nDescription: Multiple vendors are vulnerable to a denial of service, caused by a Reset Flood attack. By opening a number of streams and sending an invalid request over each stream, a remote attacker could consume excessive CPU resources. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: <https://exchange.xforce.ibmcloud.com/vulnerabilities/164640> for more information \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n\n\nCVE-ID: CVE-2019-9515 \nDescription: Multiple vendors are vulnerable to a denial of service, caused by a Settings Flood attack. By sending a stream of SETTINGS frames to the peer, a remote attacker could consume excessive CPU resources. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: <https://exchange.xforce.ibmcloud.com/vulnerabilities/165181> for more information \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\nCVE-ID: CVE-2019-9516 \nDescription: Multiple vendors are vulnerable to a denial of service, caused by a 0-Length Headers Leak attack. By sending a stream of headers with a 0-length header name and 0-length header value, a remote attacker could consume excessive memory resources. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: <https://exchange.xforce.ibmcloud.com/vulnerabilities/165182> for more information \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \nCVE-ID: CVE-2019-9517 \nDescription: Multiple vendors are vulnerable to a denial of service, caused by an Internal Data Buffering attack. By opening the HTTP/2 window so the peer can send without constraint and sending a stream of requests for a large response object, a remote attacker could consume excessive CPU resources. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: <https://exchange.xforce.ibmcloud.com/vulnerabilities/165183> for more information \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \nCVE-ID: CVE-2019-9518 \nDescription: Multiple vendors are vulnerable to a denial of service, caused by a Empty Frame Flooding attack. By sending a stream of frames with an empty payload and without the end-of-stream flag, a remote attacker could consume excessive CPU resources. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: <https://exchange.xforce.ibmcloud.com/vulnerabilities/164904> for more information \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\n**Affected Product** | **Affected Versions** \n---|--- \nIBM Spectrum Control | 5.3.0 - 5.3.3 \n \nNote that the 5.2 release is not affected.\n\n## Remediation/Fixes\n\nThe solution is to apply an appropriate IBM Spectrum Control fix. Click on the download link and follow the Installation Instructions. The solution should be implemented as soon as practicable.\n\nStarting with 5.2.8, Tivoli Storage Productivity Center has been renamed to IBM Spectrum Control.\n\n**Release** | \n\n**First Fixing **\n\n**VRM Level**\n\n| **Link to Fix/Fix Availability Target** \n---|---|--- \n5.3 | 5.3.4 | <http://www.ibm.com/support/docview.wss?uid=swg21320822#53_0> \n \n**Note:** It is always recommended to have a current backup before applying any update procedure. \n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-02-22T19:59:01", "type": "ibm", "title": "Security Bulletin: Node.js vulnerabilities affect IBM Spectrum Control (formerly Tivoli Storage Productivity Center) (CVE-2019-9511, CVE-2019-9512, CVE-2019-9513, CVE-2019-9514, CVE-2019-9515, CVE-2019-9516, CVE-2019-9517, CVE-2019-9518)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-9511", "CVE-2019-9512", "CVE-2019-9513", "CVE-2019-9514", "CVE-2019-9515", "CVE-2019-9516", "CVE-2019-9517", "CVE-2019-9518"], "modified": "2022-02-22T19:59:01", "id": "AB2CF025F88364491DAD8A893B4FFE876A0EA1219780AEE35EB01D3E77543556", "href": "https://www.ibm.com/support/pages/node/1071852", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-06-24T05:54:25", "description": "## Summary\n\nNetty could provide various potential exploitable entry points icnluding weaker than expected security, netty-codec is vulnerable to a denial of service, and HTTP request smuggling\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2019-20445](<https://vulners.com/cve/CVE-2019-20445>) \n** DESCRIPTION: **Netty could provide weaker than expected security, caused by non-proper handling of Content-Length and Transfer-Encoding in the HttpObjectDecoder.java. A remote attacker could exploit this vulnerability to launch further attacks on the system. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/175486](<https://exchange.xforce.ibmcloud.com/vulnerabilities/175486>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2021-37137](<https://vulners.com/cve/CVE-2021-37137>) \n** DESCRIPTION: **Netty netty-codec is vulnerable to a denial of service, caused by not restrict the chunk length in the SnappyFrameDecoder. By sending a specially-crafted input, a remote attacker could exploit this vulnerability to cause excessive memory usage, and results in a denial of service condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211779](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211779>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2019-9518](<https://vulners.com/cve/CVE-2019-9518>) \n** DESCRIPTION: **Multiple vendors are vulnerable to a denial of service, caused by a Empty Frame Flooding attack. By sending a stream of frames with an empty payload and without the end-of-stream flag, a remote attacker could consume excessive CPU resources. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/164904](<https://exchange.xforce.ibmcloud.com/vulnerabilities/164904>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2020-11612](<https://vulners.com/cve/CVE-2020-11612>) \n** DESCRIPTION: **Netty is vulnerable to a denial of service, caused by unbounded memory allocation while decoding a ZlibEncoded byte stream in the ZlibDecoders. By sending a large ZlibEncoded byte stream, a remote attacker could exploit this vulnerability to exhaust memory resources. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/180530](<https://exchange.xforce.ibmcloud.com/vulnerabilities/180530>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2020-7238](<https://vulners.com/cve/CVE-2020-7238>) \n** DESCRIPTION: **Netty is vulnerable to HTTP request smuggling, caused by a flaw when handling Transfer-Encoding whitespace and a later Content-Length header. By sending a specially-crafted request, an attacker could exploit this vulnerability to poison the web cache, bypass web application firewall protection, and conduct XSS attacks. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/175398](<https://exchange.xforce.ibmcloud.com/vulnerabilities/175398>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2019-16869](<https://vulners.com/cve/CVE-2019-16869>) \n** DESCRIPTION: **Netty is vulnerable to HTTP request smuggling, caused by a flaw when handling unusual whitespaces before the colon in HTTP headers. By sending a specially-crafted request, an attacker could exploit this vulnerability to poison the web cache, bypass web application firewall protection, and conduct XSS attacks. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/167672](<https://exchange.xforce.ibmcloud.com/vulnerabilities/167672>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2019-20444](<https://vulners.com/cve/CVE-2019-20444>) \n** DESCRIPTION: **Netty is vulnerable to HTTP request smuggling, caused by a flaw in the HttpObjectDecoder.java. By sending a specially-crafted request, an attacker could exploit this vulnerability to poison the web cache, bypass web application firewall protection, and conduct XSS attacks. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/175487](<https://exchange.xforce.ibmcloud.com/vulnerabilities/175487>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2021-37136](<https://vulners.com/cve/CVE-2021-37136>) \n** DESCRIPTION: **Netty netty-codec is vulnerable to a denial of service, caused by not allow size restrictions for decompressed data in the Bzip2Decoder. By sending a specially-crafted input, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211777](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211777>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Sterling Order Management| 10.0 \n \n\n\n## Remediation/Fixes\n\nOrder Management on premise release notes - <https://www.ibm.com/docs/en/order-management-sw/10.0?topic=software-fixes-by-fix-pack-version>\n\nFix Central Link (**FP details URL)**: \n[http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FOther+software%2FSterling+Selling+and+Fulfillment+Foundation&amp;fixids=10.0.0.0-Sterling-SSFF-All-fp29-Installer&amp;source=SAR](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FOther+software%2FSterling+Selling+and+Fulfillment+Foundation&fixids=10.0.0.0-Sterling-SSFF-All-fp29-Installer&source=SAR>)\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2022-10-20T18:47:42", "type": "ibm", "title": "Security Bulletin: IBM Sterling Order Management Netty 4.1.34 vulnerablity", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-16869", "CVE-2019-20444", "CVE-2019-20445", "CVE-2019-9518", "CVE-2020-11612", "CVE-2020-7238", "CVE-2021-37136", "CVE-2021-37137"], "modified": "2022-10-20T18:47:42", "id": "E74C53C459F7FE1C89AE67FEC29B42B1B0BF95AA1A5FE3D3CA36BD71ABE75230", "href": "https://www.ibm.com/support/pages/node/6830983", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-02-24T01:37:48", "description": "## Summary\n\nIBM Integration Bus &amp; IBM App Connect Enterprise V11 ship with Node.js for which vulnerabilities were reported and have been addressed..Vulnerability details are listed below\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2019-9511](<https://vulners.com/cve/CVE-2019-9511>) \n** DESCRIPTION: **Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service. The attacker requests a large amount of data from a specified resource over multiple streams. They manipulate window size and stream priority to force the server to queue the data in 1-byte chunks. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/164638](<https://exchange.xforce.ibmcloud.com/vulnerabilities/164638>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n \n** CVEID: **[CVE-2019-9516](<https://vulners.com/cve/CVE-2019-9516>) \n** DESCRIPTION: **Some HTTP/2 implementations are vulnerable to a header leak, potentially leading to a denial of service. The attacker sends a stream of headers with a 0-length header name and 0-length header value, optionally Huffman encoded into 1-byte or greater headers. Some implementations allocate memory for these headers and keep the allocation alive until the session dies. This can consume excess memory. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/165182](<https://exchange.xforce.ibmcloud.com/vulnerabilities/165182>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n \n** CVEID: **[CVE-2019-9512](<https://vulners.com/cve/CVE-2019-9512>) \n** DESCRIPTION: **Some HTTP/2 implementations are vulnerable to ping floods, potentially leading to a denial of service. The attacker sends continual pings to an HTTP/2 peer, causing the peer to build an internal queue of responses. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/164903](<https://exchange.xforce.ibmcloud.com/vulnerabilities/164903>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n \n** CVEID: **[CVE-2019-9517](<https://vulners.com/cve/CVE-2019-9517>) \n** DESCRIPTION: **Some HTTP/2 implementations are vulnerable to unconstrained interal data buffering, potentially leading to a denial of service. The attacker opens the HTTP/2 window so the peer can send without constraint; however, they leave the TCP window closed so the peer cannot actually write (many of) the bytes on the wire. The attacker then sends a stream of requests for a large response object. Depending on how the servers queue the responses, this can consume excess memory, CPU, or both. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/165183](<https://exchange.xforce.ibmcloud.com/vulnerabilities/165183>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n \n** CVEID: **[CVE-2019-9518](<https://vulners.com/cve/CVE-2019-9518>) \n** DESCRIPTION: **Some HTTP/2 implementations are vulnerable to a flood of empty frames, potentially leading to a denial of service. The attacker sends a stream of frames with an empty payload and without the end-of-stream flag. These frames can be DATA, HEADERS, CONTINUATION and/or PUSH_PROMISE. The peer spends time processing each frame disproportionate to attack bandwidth. This can consume excess CPU. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/164904](<https://exchange.xforce.ibmcloud.com/vulnerabilities/164904>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n \n** CVEID: **[CVE-2019-9515](<https://vulners.com/cve/CVE-2019-9515>) \n** DESCRIPTION: **Some HTTP/2 implementations are vulnerable to a settings flood, potentially leading to a denial of service. The attacker sends a stream of SETTINGS frames to the peer. Since the RFC requires that the peer reply with one acknowledgement per SETTINGS frame, an empty SETTINGS frame is almost equivalent in behavior to a ping. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/165181](<https://exchange.xforce.ibmcloud.com/vulnerabilities/165181>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n \n** CVEID: **[CVE-2019-9513](<https://vulners.com/cve/CVE-2019-9513>) \n** DESCRIPTION: **Some HTTP/2 implementations are vulnerable to resource loops, potentially leading to a denial of service. The attacker creates multiple request streams and continually shuffles the priority of the streams in a way that causes substantial churn to the priority tree. This can consume excess CPU. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/164639](<https://exchange.xforce.ibmcloud.com/vulnerabilities/164639>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n \n** CVEID: **[CVE-2019-9514](<https://vulners.com/cve/CVE-2019-9514>) \n** DESCRIPTION: **Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service. The attacker opens a number of streams and sends an invalid request over each stream that should solicit a stream of RST_STREAM frames from the peer. Depending on how the peer queues the RST_STREAM frames, this can consume excess memory, CPU, or both. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/164640](<https://exchange.xforce.ibmcloud.com/vulnerabilities/164640>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n\n## Affected Products and Versions\n\nIBM Integration Bus V10.0.0 - V10.0.0.17\n\nIBM App connect Enterprise V11 , V11.0.0.0 - V11.0.0.5\n\n \n\n\n## Remediation/Fixes\n\n**Product**\n\n| \n\n**VRMF**\n\n| APAR| \n\n**Remediation / Fix** \n \n---|---|---|--- \nIBM App Connect| V11.0.0.0-V11.0.0.5| IT30356| \n\nThe APAR is available in fix pack 11.0.0.6\n\n[IBM App Connect Enterprise Version V11-Fix Pack 11.0.0.6](<https://www.ibm.com/support/pages/ibm-app-connect-enterprise-v110-fix-pack-11006> \"IBM App Connect Enterprise Version V11-Fix Pack 11.0.0.6\" ) \n \nIBM Integration Bus| V10.0.0.0 - V10.0.0.17| IT30356| \n\nThe APAR is available in fix pack 10.0.0.18\n\n[IBM Integration Bus V10.0 - Fix Pack 10.0.0.18](<https://www.ibm.com/support/pages/node/1073752> \"IBM Integration Bus V10.0 - Fix Pack 10.0.0.18\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-03-23T20:41:52", "type": "ibm", "title": "Security Bulletin: Vulnerability in Node.js affects IBM Integration Bus & IBM App Connect Enterprise V11", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-9511", "CVE-2019-9512", "CVE-2019-9513", "CVE-2019-9514", "CVE-2019-9515", "CVE-2019-9516", "CVE-2019-9517", "CVE-2019-9518"], "modified": "2020-03-23T20:41:52", "id": "5A357128639E00EE0774B3D2597A839328E9DE84359137CFEFE888228A113067", "href": "https://www.ibm.com/support/pages/node/1150960", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-02-24T01:40:36", "description": "## Summary\n\nThere are vulnerabilities in Node.js used by IBM\u00ae Cloud App Management. IBM\u00ae Cloud App Management has addressed the applicable CVEs in a later version.\n\n## Vulnerability Details\n\n**CVEID:** [CVE-2019-9513](<https://vulners.com/cve/CVE-2019-9513>) \n**DESCRIPTION:** Multiple vendors are vulnerable to a denial of service, caused by a Resource Loop attack. By creating multiple request streams and continually shuffling the priority of the streams, a remote attacker could consume excessive CPU resources. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/164639> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [CVE-2019-9514](<https://vulners.com/cve/CVE-2019-9514>) \n**DESCRIPTION:** Multiple vendors are vulnerable to a denial of service, caused by a Reset Flood attack. By opening a number of streams and sending an invalid request over each stream, a remote attacker could consume excessive CPU resources. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/164640> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [CVE-2019-9511](<https://vulners.com/cve/CVE-2019-9511>) \n**DESCRIPTION:** Multiple vendors are vulnerable to a denial of service, caused by a Data Dribble attack. By sending a HTTP/2 request by the HTTP/2 protocol stack (HTTP.sys) for an overly large amount of data from a specified resource over multiple streams, a remote attacker could consume excessive CPU resources. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/164638> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [CVE-2019-9512](<https://vulners.com/cve/CVE-2019-9512>) \n**DESCRIPTION:** Multiple vendors are vulnerable to a denial of service, caused by a Ping Flood attack. By sending continual pings to an HTTP/2 peer, a remote attacker could consume excessive CPU resources. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/164903> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [CVE-2019-9515](<https://vulners.com/cve/CVE-2019-9515>) \n**DESCRIPTION:** Multiple vendors are vulnerable to a denial of service, caused by a Settings Flood attack. By sending a stream of SETTINGS frames to the peer, a remote attacker could consume excessive CPU resources. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/165181> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [CVE-2019-9516](<https://vulners.com/cve/CVE-2019-9516>) \n**DESCRIPTION:** Multiple vendors are vulnerable to a denial of service, caused by a 0-Length Headers Leak attack. By sending a stream of headers with a 0-length header name and 0-length header value, a remote attacker could consume excessive memory resources. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/165182> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [CVE-2019-9517](<https://vulners.com/cve/CVE-2019-9517>) \n**DESCRIPTION:** Multiple vendors are vulnerable to a denial of service, caused by an Internal Data Buffering attack. By opening the HTTP/2 window so the peer can send without constraint and sending a stream of requests for a large response object, a remote attacker could consume excessive CPU resources. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/165183> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [CVE-2019-9518](<https://vulners.com/cve/CVE-2019-9518>) \n**DESCRIPTION:** Multiple vendors are vulnerable to a denial of service, caused by a Empty Frame Flooding attack. By sending a stream of frames with an empty payload and without the end-of-stream flag, a remote attacker could consume excessive CPU resources. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/164904> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nIBM Cloud App Management V2019.2.0\n\nIBM Cloud App Management V2019.2.1\n\n## Remediation/Fixes\n\nIBM Cloud App Management was updated to use a later version of Node.js. Install or upgrade to IBM Cloud App Management 2019.3.0 to address these security vulnerabilities. Later versions of IBM Cloud App Management are available on [IBM Passport Advantage](<https://www.ibm.com/software/passportadvantage/index.html>).\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-10-24T11:44:14", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in Node.js affect IBM Cloud App Management", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-9511", "CVE-2019-9512", "CVE-2019-9513", "CVE-2019-9514", "CVE-2019-9515", "CVE-2019-9516", "CVE-2019-9517", "CVE-2019-9518"], "modified": "2019-10-24T11:44:14", "id": "FAD6BCE3854669364F5857A689BDF567210D8EAE3BCE59914324E9D66B2322E2", "href": "https://www.ibm.com/support/pages/node/1097553", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-02-24T01:40:37", "description": "## Summary\n\nThere are vulnerabilities in Node.js used by IBM\u00ae Cloud App Management. IBM\u00ae Cloud App Management has addressed the applicable CVEs in a later version.\n\n## Vulnerability Details\n\n**CVEID:** [CVE-2019-9517](<https://vulners.com/cve/CVE-2019-9517>) \n**DESCRIPTION:** Multiple vendors are vulnerable to a denial of service, caused by an Internal Data Buffering attack. By opening the HTTP/2 window so the peer can send without constraint and sending a stream of requests for a large response object, a remote attacker could consume excessive CPU resources. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/165183> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [CVE-2019-9518](<https://vulners.com/cve/CVE-2019-9518>) \n**DESCRIPTION:** Multiple vendors are vulnerable to a denial of service, caused by a Empty Frame Flooding attack. By sending a stream of frames with an empty payload and without the end-of-stream flag, a remote attacker could consume excessive CPU resources. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/164904> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [CVE-2019-9515](<https://vulners.com/cve/CVE-2019-9515>) \n**DESCRIPTION:** Multiple vendors are vulnerable to a denial of service, caused by a Settings Flood attack. By sending a stream of SETTINGS frames to the peer, a remote attacker could consume excessive CPU resources. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/165181> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [CVE-2019-9516](<https://vulners.com/cve/CVE-2019-9516>) \n**DESCRIPTION:** Multiple vendors are vulnerable to a denial of service, caused by a 0-Length Headers Leak attack. By sending a stream of headers with a 0-length header name and 0-length header value, a remote attacker could consume excessive memory resources. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/165182> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [CVE-2019-9513](<https://vulners.com/cve/CVE-2019-9513>) \n**DESCRIPTION:** Multiple vendors are vulnerable to a denial of service, caused by a Resource Loop attack. By creating multiple request streams and continually shuffling the priority of the streams, a remote attacker could consume excessive CPU resources. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/164639> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [CVE-2019-9514](<https://vulners.com/cve/CVE-2019-9514>) \n**DESCRIPTION:** Multiple vendors are vulnerable to a denial of service, caused by a Reset Flood attack. By opening a number of streams and sending an invalid request over each stream, a remote attacker could consume excessive CPU resources. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/164640> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [CVE-2019-9511](<https://vulners.com/cve/CVE-2019-9511>) \n**DESCRIPTION:** Multiple vendors are vulnerable to a denial of service, caused by a Data Dribble attack. By sending a HTTP/2 request by the HTTP/2 protocol stack (HTTP.sys) for an overly large amount of data from a specified resource over multiple streams, a remote attacker could consume excessive CPU resources. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/164638> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [CVE-2019-9512](<https://vulners.com/cve/CVE-2019-9512>) \n**DESCRIPTION:** Multiple vendors are vulnerable to a denial of service, caused by a Ping Flood attack. By sending continual pings to an HTTP/2 peer, a remote attacker could consume excessive CPU resources. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/164903> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nIBM Cloud App Management V2019.2.1\n\n## Remediation/Fixes\n\nIBM Cloud App Management was updated to use a later version of Node.js. Install or upgrade to IBM Cloud App Management 2019.3.0 to address these security vulnerabilities. Later versions of IBM Cloud App Management are available on [IBM Passport Advantage](<https://www.ibm.com/software/passportadvantage/index.html>).\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-10-24T11:45:39", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in Node.js affect IBM Cloud App Management", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-9511", "CVE-2019-9512", "CVE-2019-9513", "CVE-2019-9514", "CVE-2019-9515", "CVE-2019-9516", "CVE-2019-9517", "CVE-2019-9518"], "modified": "2019-10-24T11:45:39", "id": "38B9D897011CEB670EAF1E1AB11DB01D2C8CE3AA7925078CA13A859E05628FF8", "href": "https://www.ibm.com/support/pages/node/1097535", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-02-24T01:39:02", "description": "## Summary\n\nMultiple Security Vulnerabilities in IBM WebSphere Application Server Liberty, used by IBM License Key Server Administration &amp; Reporting Tool and Agent, has been published. IBM License Key Server Administration &amp; Reporting Tool and Agent team has come up with a remediation.\n\n## Vulnerability Details\n\n**CVEID:** [CVE-2019-4304](<https://vulners.com/cve/CVE-2019-4304>) \n**DESCRIPTION:** IBM WebSphere Application Server - Liberty could allow a remote attacker to bypass security restrictions caused by improper session validation. \nCVSS Base Score: 6.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/160950> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L)\n\n**CVEID:** [CVE-2019-4441](<https://vulners.com/cve/CVE-2019-4441>) \n**DESCRIPTION:** IBM WebSphere Application Server could allow a remote attacker to obtain sensitive information when a stack trace is returned in the browser. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/163177> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID: **[CVE-2019-9512](<https://vulners.com/cve/CVE-2019-9512>) \n**DESCRIPTION: **Some HTTP/2 implementations are vulnerable to ping floods, potentially leading to a denial of service. The attacker sends continual pings to an HTTP/2 peer, causing the peer to build an internal queue of responses. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/164903](<https://exchange.xforce.ibmcloud.com/vulnerabilities/164903>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID: **[CVE-2019-9513](<https://vulners.com/cve/CVE-2019-9513>) \n**DESCRIPTION: **Some HTTP/2 implementations are vulnerable to resource loops, potentially leading to a denial of service. The attacker creates multiple request streams and continually shuffles the priority of the streams in a way that causes substantial churn to the priority tree. This can consume excess CPU. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/164639](<https://exchange.xforce.ibmcloud.com/vulnerabilities/164639>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID: **[CVE-2019-9514](<https://vulners.com/cve/CVE-2019-9514>) \n**DESCRIPTION: **Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service. The attacker opens a number of streams and sends an invalid request over each stream that should solicit a stream of RST_STREAM frames from the peer. Depending on how the peer queues the RST_STREAM frames, this can consume excess memory, CPU, or both. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/164640](<https://exchange.xforce.ibmcloud.com/vulnerabilities/164640>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID: **[CVE-2019-9515](<https://vulners.com/cve/CVE-2019-9515>) \n**DESCRIPTION: **Some HTTP/2 implementations are vulnerable to a settings flood, potentially leading to a denial of service. The attacker sends a stream of SETTINGS frames to the peer. Since the RFC requires that the peer reply with one acknowledgement per SETTINGS frame, an empty SETTINGS frame is almost equivalent in behavior to a ping. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/165181](<https://exchange.xforce.ibmcloud.com/vulnerabilities/165181>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID: **[CVE-2019-9517](<https://vulners.com/cve/CVE-2019-9517>) \n**DESCRIPTION: **Some HTTP/2 implementations are vulnerable to unconstrained interal data buffering, potentially leading to a denial of service. The attacker opens the HTTP/2 window so the peer can send without constraint; however, they leave the TCP window closed so the peer cannot actually write (many of) the bytes on the wire. The attacker then sends a stream of requests for a large response object. Depending on how the servers queue the responses, this can consume excess memory, CPU, or both. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/165183](<https://exchange.xforce.ibmcloud.com/vulnerabilities/165183>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID: **[CVE-2019-9518](<https://vulners.com/cve/CVE-2019-9518>) \n**DESCRIPTION: **Some HTTP/2 implementations are vulnerable to a flood of empty frames, potentially leading to a denial of service. The attacker sends a stream of frames with an empty payload and without the end-of-stream flag. These frames can be DATA, HEADERS, CONTINUATION and/or PUSH_PROMISE. The peer spends time processing each frame disproportionate to attack bandwidth. This can consume excess CPU. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/164904](<https://exchange.xforce.ibmcloud.com/vulnerabilities/164904>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [CVE-2014-3603](<https://vulners.com/cve/CVE-2014-3603>) \n**DESCRIPTION:** Shibboleth Identity Provider (IdP) and OpenSAML Java could allow a remote attacker to conduct spoofing attacks, caused by the failure to verify that the server hostname matches a domain name in the subject''s Common Name (CN) or subjectAltName field of the X.509 certificate. A man-in-the-middle attacker could exploit this vulnerability using an arbitrary valid certificate.to spoof SSL servers. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/164271> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N)\n\n## Affected Products and Versions\n\n * IBM License Key Server Administration &amp; Reporting Tool version 8.1.5\n * IBM License Key Server Administration &amp; Reporting Tool version 8.1.5.1\n * IBM License Key Server Administration &amp; Reporting Tool version 8.1.5.2\n * IBM License Key Server Administration &amp; Reporting Tool version 8.1.5.3\n * IBM License Key Server Administration &amp; Reporting Tool version 8.1.5.4\n * IBM License Key Server Administration &amp; Reporting Tool version 8.1.5.5\n * IBM License Key Server Administration &amp; Reporting Tool version 8.1.5.6\n * IBM License Key Server Administration &amp; Reporting Tool version 8.1.6\n * IBM License Key Server Administration &amp; Reporting Tool version 8.1.6.1\n * IBM License Key Server Administration &amp; Reporting Tool version 8.1.6.2\n\n * IBM License Key Server Administration Agent version 8.1.5\n * IBM License Key Server Administration Agent version 8.1.5.1\n * IBM License Key Server Administration Agent version 8.1.5.2\n * IBM License Key Server Administration Agent version 8.1.5.3\n * IBM License Key Server Administration Agent version 8.1.5.4\n * IBM License Key Server Administration Agent version 8.1.5.5\n * IBM License Key Server Administration Agent version 8.1.5.6\n * IBM License Key Server Administration Agent version 8.1.6\n * IBM License Key Server Administration Agent version 8.1.6.1\n * IBM License Key Server Administration Agent version 8.1.6.2\n\n## Remediation/Fixes\n\nUpgrade to the version 8.1.6.3 for both IBM License Key Server Administration and Reporting Tool (ART) and Agent. Refer to the [Release Notes](<https://www.ibm.com/support/pages/node/1108011>) for download and upgrade instructions.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-12-21T05:05:02", "type": "ibm", "title": "Security Bulletin: Multiple Security Vulnerabilities in IBM WebSphere Application Server Liberty affect IBM License Key Server Administration & Reporting Tool and Agent", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3603", "CVE-2019-4304", "CVE-2019-4441", "CVE-2019-9512", "CVE-2019-9513", "CVE-2019-9514", "CVE-2019-9515", "CVE-2019-9517", "CVE-2019-9518"], "modified": "2019-12-21T05:05:02", "id": "3FC31A2CC7ABF7DA1885EE97783B9D04AD2C6EF31E7B2B06895F95DAD4550593", "href": "https://www.ibm.com/support/pages/node/1138306", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-06-24T06:08:47", "description": "## Summary\n\nMultiple vulnerabilities in IBM WebSphere Application Server Liberty affect IBM Spectrum Control (formerly Tivoli Storage Productivity Center). IBM Spectrum Control has addressed the applicable CVEs. \n\n## Vulnerability Details\n\n** CVEID: **[CVE-2019-4304](<https://vulners.com/cve/CVE-2019-4304>) \n** DESCRIPTION: **IBM WebSphere Application Server - Liberty could allow a remote attacker to bypass security restrictions caused by improper session validation. IBM X-Force ID: 160950. \nCVSS Base score: 6.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/160950](<https://exchange.xforce.ibmcloud.com/vulnerabilities/160950>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L)\n\n** CVEID: **[CVE-2019-4441](<https://vulners.com/cve/CVE-2019-4441>) \n** DESCRIPTION: **IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0, and Liberty could allow a remote attacker to obtain sensitive information when a stack trace is returned in the browser. IBM X-Force ID: 163177. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/163177](<https://exchange.xforce.ibmcloud.com/vulnerabilities/163177>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n** CVEID: **[CVE-2019-4305](<https://vulners.com/cve/CVE-2019-4305>) \n** DESCRIPTION: **IBM WebSphere Application Server Liberty could allow a remote attacker to obtain sensitive information caused by the improper setting of a cookie. IBM X-Force ID: 160951. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/160951](<https://exchange.xforce.ibmcloud.com/vulnerabilities/160951>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n** CVEID: **[CVE-2019-9518](<https://vulners.com/cve/CVE-2019-9518>) \n** DESCRIPTION: **Some HTTP/2 implementations are vulnerable to a flood of empty frames, potentially leading to a denial of service. The attacker sends a stream of frames with an empty payload and without the end-of-stream flag. These frames can be DATA, HEADERS, CONTINUATION and/or PUSH_PROMISE. The peer spends time processing each frame disproportionate to attack bandwidth. This can consume excess CPU. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/164904](<https://exchange.xforce.ibmcloud.com/vulnerabilities/164904>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n** CVEID: **[CVE-2019-9517](<https://vulners.com/cve/CVE-2019-9517>) \n** DESCRIPTION: **Some HTTP/2 implementations are vulnerable to unconstrained interal data buffering, potentially leading to a denial of service. The attacker opens the HTTP/2 window so the peer can send without constraint; however, they leave the TCP window closed so the peer cannot actually write (many of) the bytes on the wire. The attacker then sends a stream of requests for a large response object. Depending on how the servers queue the responses, this can consume excess memory, CPU, or both. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/165183](<https://exchange.xforce.ibmcloud.com/vulnerabilities/165183>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n** CVEID: **[CVE-2019-9515](<https://vulners.com/cve/CVE-2019-9515>) \n** DESCRIPTION: **Some HTTP/2 implementations are vulnerable to a settings flood, potentially leading to a denial of service. The attacker sends a stream of SETTINGS frames to the peer. Since the RFC requires that the peer reply with one acknowledgement per SETTINGS frame, an empty SETTINGS frame is almost equivalent in behavior to a ping. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/165181](<https://exchange.xforce.ibmcloud.com/vulnerabilities/165181>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n** CVEID: **[CVE-2019-9514](<https://vulners.com/cve/CVE-2019-9514>) \n** DESCRIPTION: **Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service. The attacker opens a number of streams and sends an invalid request over each stream that should solicit a stream of RST_STREAM frames from the peer. Depending on how the peer queues the RST_STREAM frames, this can consume excess memory, CPU, or both. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/164640](<https://exchange.xforce.ibmcloud.com/vulnerabilities/164640>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n** CVEID: **[CVE-2019-9513](<https://vulners.com/cve/CVE-2019-9513>) \n** DESCRIPTION: **Some HTTP/2 implementations are vulnerable to resource loops, potentially leading to a denial of service. The attacker creates multiple request streams and continually shuffles the priority of the streams in a way that causes substantial churn to the priority tree. This can consume excess CPU. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/164639](<https://exchange.xforce.ibmcloud.com/vulnerabilities/164639>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n** CVEID: **[CVE-2019-9512](<https://vulners.com/cve/CVE-2019-9512>) \n** DESCRIPTION: **Some HTTP/2 implementations are vulnerable to ping floods, potentially leading to a denial of service. The attacker sends continual pings to an HTTP/2 peer, causing the peer to build an internal queue of responses. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/164903](<https://exchange.xforce.ibmcloud.com/vulnerabilities/164903>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nSpectrum Control| 5.3.0 - 5.3.4 \n \n\n\n## Remediation/Fixes\n\nThe solution is to apply an appropriate IBM Spectrum Control fix. Click on the download link and follow the Installation Instructions. The solution should be implemented as soon as practicable. \n\nStarting with 5.2.8, Tivoli Storage Productivity Center has been renamed to IBM Spectrum Control.\n\nRelease| First Fixing \nVRM Level| Link to Fix/Fix Availability Target \n---|---|--- \n5.3| 5.3.5| <http://www.ibm.com/support/docview.wss?uid=swg21320822#53_0> \n \n**Note:** It is always recommended to have a current backup before applying any update procedure.\n\n## Workarounds and Mitigations\n\nThe solution is to apply an appropriate IBM Spectrum Control fix. Click on the download link and follow the Installation Instructions. The solution should be implemented as soon as practicable. \n\nStarting with 5.2.8, Tivoli Storage Productivity Center has been renamed to IBM Spectrum Control. \n\nRelease| First Fixing \nVRM Level| Link to Fix/Fix Availability Target \n---|---|--- \n5.3| 5.3.5| <http://www.ibm.com/support/docview.wss?uid=swg21320822#53_0> \n \n**Note:** It is always recommended to have a current backup before applying any update procedure.\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-02-22T20:10:14", "type": "ibm", "title": "Security Bulletin: WebSphere Application Server Liberty vulnerabilities affect IBM Spectrum Control (formerly Tivoli Storage Productivity Center)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-4304", "CVE-2019-4305", "CVE-2019-4441", "CVE-2019-9512", "CVE-2019-9513", "CVE-2019-9514", "CVE-2019-9515", "CVE-2019-9517", "CVE-2019-9518"], "modified": "2022-02-22T20:10:14", "id": "870BEA847DD424799963E5867DAF74D2ED3D95FA2CBB891A7AF0D330D30A7BBC", "href": "https://www.ibm.com/support/pages/node/1104747", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-08-01T21:48:55", "description": "## Summary\n\nIBM Storage Protect Server uses the http2-server and http2-common components and may be vulnerable to these attacks.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2019-9511](<https://exchange.xforce.ibmcloud.com/vulnerabilities/164638>) \n** DESCRIPTION: **Multiple vendors are vulnerable to a denial of service, caused by a Data Dribble attack. By sending a HTTP/2 request by the HTTP/2 protocol stack (HTTP.sys) for an overly large amount of data from a specified resource over multiple streams, a remote attacker could consume excessive CPU resources. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/164638](<https://exchange.xforce.ibmcloud.com/vulnerabilities/164638>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2018-12545](<https://exchange.xforce.ibmcloud.com/vulnerabilities/161491>) \n** DESCRIPTION: **Eclipse Jetty is vulnerable to a denial of service, caused by the additional CPU and memory allocations required to handle changed settings. By sending either large SETTINGs frames container containing many settings, or many small SETTINGs frames, a remote attacker could exploit this vulnerability to cause a denial of service. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/161491](<https://exchange.xforce.ibmcloud.com/vulnerabilities/161491>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2019-9518](<https://exchange.xforce.ibmcloud.com/vulnerabilities/164904>) \n** DESCRIPTION: **Multiple vendors are vulnerable to a denial of service, caused by a Empty Frame Flooding attack. By sending a stream of frames with an empty payload and without the end-of-stream flag, a remote attacker could consume excessive CPU resources. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/164904](<https://exchange.xforce.ibmcloud.com/vulnerabilities/164904>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2019-9514](<https://exchange.xforce.ibmcloud.com/vulnerabilities/164640>) \n** DESCRIPTION: **Multiple vendors are vulnerable to a denial of service, caused by a Reset Flood attack. By opening a number of streams and sending an invalid request over each stream, a remote attacker could consume excessive CPU resources. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/164640](<https://exchange.xforce.ibmcloud.com/vulnerabilities/164640>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2019-9517](<https://exchange.xforce.ibmcloud.com/vulnerabilities/165183>) \n** DESCRIPTION: **Multiple vendors are vulnerable to a denial of service, caused by an Internal Data Buffering attack. By opening the HTTP/2 window so the peer can send without constraint and sending a stream of requests for a large response object, a remote attacker could consume excessive CPU resources. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/165183](<https://exchange.xforce.ibmcloud.com/vulnerabilities/165183>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2019-9513](<https://exchange.xforce.ibmcloud.com/vulnerabilities/164639>) \n** DESCRIPTION: **Multiple vendors are vulnerable to a denial of service, caused by a Resource Loop attack. By creating multiple request streams and continually shuffling the priority of the streams, a remote attacker could consume excessive CPU resources. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/164639](<https://exchange.xforce.ibmcloud.com/vulnerabilities/164639>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2019-9516](<https://exchange.xforce.ibmcloud.com/vulnerabilities/165182>) \n** DESCRIPTION: **Multiple vendors are vulnerable to a denial of service, caused by a 0-Length Headers Leak attack. By sending a stream of headers with a 0-length header name and 0-length header value, a remote attacker could consume excessive memory resources. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/165182](<https://exchange.xforce.ibmcloud.com/vulnerabilities/165182>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2019-9515](<https://exchange.xforce.ibmcloud.com/vulnerabilities/165181>) \n** DESCRIPTION: **Multiple vendors are vulnerable to a denial of service, caused by a Settings Flood attack. By sending a stream of SETTINGS frames to the peer, a remote attacker could consume excessive CPU resources. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/165181](<https://exchange.xforce.ibmcloud.com/vulnerabilities/165181>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2019-9512](<https://exchange.xforce.ibmcloud.com/vulnerabilities/164903>) \n** DESCRIPTION: **Multiple vendors are vulnerable to a denial of service, caused by a Ping Flood attack. By sending continual pings to an HTTP/2 peer, a remote attacker could consume excessive CPU resources. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/164903](<https://exchange.xforce.ibmcloud.com/vulnerabilities/164903>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2022-2048](<https://exchange.xforce.ibmcloud.com/vulnerabilities/230670>) \n** DESCRIPTION: **Eclipse Jetty is vulnerable to a denial of service, caused by a flaw in the error handling of an invalid HTTP/2 request. By sending specially-crafted HTTP/2 requests, a remote attacker could exploit this vulnerability to cause the server to become unresponsive, and results in a denial of service condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/230670](<https://exchange.xforce.ibmcloud.com/vulnerabilities/230670>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\n**Affected Product(s)**| **Version(s)** \n---|--- \nIBM Storage Protect Server| 8.1 \n \n## Remediation/Fixes\n\n**IBM Storage Protect Server Affected Versions**| **Fixing Level**| **Platform**| **Link to Fix and Instructions** \n---|---|---|--- \n8.1.0.000 - 8.1.18.xxx| 8.1.19| AIX Linux Windows| <https://www.ibm.com/support/pages/node/6988821> \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2023-06-21T18:13:20", "type": "ibm", "title": "Security Bulletin: IBM Storage Protect is vulnerable to multiple attacks due to http2-server and http2-common", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-12545", "CVE-2019-9511", "CVE-2019-9512", "CVE-2019-9513", "CVE-2019-9514", "CVE-2019-9515", "CVE-2019-9516", "CVE-2019-9517", "CVE-2019-9518", "CVE-2022-2048"], "modified": "2023-06-21T18:13:20", "id": "591A0AD8CB54D32EC9250B0DD40A9F9E798705A44AA0E9193BA5A4A75A315DD6", "href": "https://www.ibm.com/support/pages/node/7005933", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-02-27T21:54:52", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM WebSphere Application Server Liberty that affect IBM Spectrum Protect Operations Center and Client Management Service. Vulnerabilities include spoofing attacks, security bypass, denial of service, and information disclosure. \n\n## Vulnerability Details\n\n** CVEID: **[CVE-2014-3603](<https://vulners.com/cve/CVE-2014-3603>) \n** DESCRIPTION: **Shibboleth Identity Provider (IdP) and OpenSAML Java could allow a remote attacker to conduct spoofing attacks, caused by the failure to verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate. A man-in-the-middle attacker could exploit this vulnerability using an arbitrary valid certificate.to spoof SSL servers. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/164271](<https://exchange.xforce.ibmcloud.com/vulnerabilities/164271>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N) \n \n** CVEID: **[CVE-2019-4305](<https://vulners.com/cve/CVE-2019-4305>) \n** DESCRIPTION: **IBM WebSphere Application Server Liberty could allow a remote attacker to obtain sensitive information caused by the improper setting of a cookie. IBM X-Force ID: 160951. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/160951](<https://exchange.xforce.ibmcloud.com/vulnerabilities/160951>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2019-4441](<https://vulners.com/cve/CVE-2019-4441>) \n** DESCRIPTION: **IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0, and Liberty could allow a remote attacker to obtain sensitive information when a stack trace is returned in the browser. IBM X-Force ID: 163177. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/163177](<https://exchange.xforce.ibmcloud.com/vulnerabilities/163177>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2019-9515](<https://vulners.com/cve/CVE-2019-9515>) \n** DESCRIPTION: **Multiple vendors are vulnerable to a denial of service, caused by a Settings Flood attack. By sending a stream of SETTINGS frames to the peer, a remote attacker could consume excessive CPU resources. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/165181](<https://exchange.xforce.ibmcloud.com/vulnerabilities/165181>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2019-9518](<https://vulners.com/cve/CVE-2019-9518>) \n** DESCRIPTION: **Multiple vendors are vulnerable to a denial of service, caused by a Empty Frame Flooding attack. By sending a stream of frames with an empty payload and without the end-of-stream flag, a remote attacker could consume excessive CPU resources. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/164904](<https://exchange.xforce.ibmcloud.com/vulnerabilities/164904>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2019-9517](<https://vulners.com/cve/CVE-2019-9517>) \n** DESCRIPTION: **Multiple vendors are vulnerable to a denial of service, caused by an Internal Data Buffering attack. By opening the HTTP/2 window so the peer can send without constraint and sending a stream of requests for a large response object, a remote attacker could consume excessive CPU resources. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/165183](<https://exchange.xforce.ibmcloud.com/vulnerabilities/165183>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2019-9512](<https://vulners.com/cve/CVE-2019-9512>) \n** DESCRIPTION: **Multiple vendors are vulnerable to a denial of service, caused by a Ping Flood attack. By sending continual pings to an HTTP/2 peer, a remote attacker could consume excessive CPU resources. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/164903](<https://exchange.xforce.ibmcloud.com/vulnerabilities/164903>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2019-9514](<https://vulners.com/cve/CVE-2019-9514>) \n** DESCRIPTION: **Multiple vendors are vulnerable to a denial of service, caused by a Reset Flood attack. By opening a number of streams and sending an invalid request over each stream, a remote attacker could consume excessive CPU resources. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/164640](<https://exchange.xforce.ibmcloud.com/vulnerabilities/164640>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2019-9513](<https://vulners.com/cve/CVE-2019-9513>) \n** DESCRIPTION: **Multiple vendors are vulnerable to a denial of service, caused by a Resource Loop attack. By creating multiple request streams and continually shuffling the priority of the streams, a remote attacker could consume excessive CPU resources. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/164639](<https://exchange.xforce.ibmcloud.com/vulnerabilities/164639>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2019-4304](<https://vulners.com/cve/CVE-2019-4304>) \n** DESCRIPTION: **IBM WebSphere Application Server - Liberty could allow a remote attacker to bypass security restrictions caused by improper session validation. IBM X-Force ID: 160950. \nCVSS Base score: 6.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/160950](<https://exchange.xforce.ibmcloud.com/vulnerabilities/160950>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L)\n\n## Affected Products and Versions\n\n**Affected Product(s)**| **Version(s)** \n---|--- \nIBM Spectrum Protect Operations Center| 8.1.0.000-8.1.9.000 \n7.1.0.000-7.1.9.300 \nIBM Spectrum Protect Client Management Service (CMS)| 8.1.0.000-8.1.9.000 \n7.1.0.000-7.1.9.300 \n \n## Remediation/Fixes\n\n**Spectrum Protect** \n**Operations Center Release**| **First Fixing** \n**VRM Level**| **Platform**| **Link to Fix** \n---|---|---|--- \n8.1| 8.1.10.000| AIX \nLinux \nWindows| <http://www.ibm.com/support/pages/node/6229104> \n7.1| 7.1.10.000| AIX \nLinux \nWindows| \n\n<https://www.ibm.com/support/pages/node/6150825> \n \n**Spectrum Protect** \n**Client Management Service Release**| **First Fixing** \n**VRM Level**| **Platform**| **Link to Fix** \n---|---|---|--- \n8.1| 8.1.10.000| Linux \nWindows| <https://public.dhe.ibm.com/storage/tivoli-storage-management/maintenance/cms/v8r1/> \n7.1| 7.1.10.000| Linux \nWindows| <https://public.dhe.ibm.com/storage/tivoli-storage-management/maintenance/cms/v7r1/> \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-06-12T23:00:04", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM WebSphere Application Server Liberty affect IBM Spectrum Protect Operations Center and Client Management Service", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3603", "CVE-2019-4304", "CVE-2019-4305", "CVE-2019-4441", "CVE-2019-9512", "CVE-2019-9513", "CVE-2019-9514", "CVE-2019-9515", "CVE-2019-9517", "CVE-2019-9518"], "modified": "2020-06-12T23:00:04", "id": "FF9258C84F77D90D8E35398FC8C4B88BEFE7E858980922156E5765F89E6ECCA1", "href": "https://www.ibm.com/support/pages/node/6221658", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-02-23T21:42:17", "description": "## Summary\n\nSecurity Vulnerabilities affect IBM Cloud Private for Data - OpenSSL (CVE-2019-1543), Kubernetes (CVE-2019-1002100), Kubernetes (CVE-2019-9511), Kubernetes (CVE-2019-9512), Kubernetes (CVE-2019-9513), Kubernetes (CVE-2019-9514), Kubernetes (CVE-2019-9515), Kubernetes (CVE-2019-9516), Kubernetes (CVE-2019-9517), Kubernetes (CVE-2019-9518)\n\n## Vulnerability Details\n\n**CVEID:** [CVE-2019-1543](<https://vulners.com/cve/CVE-2019-1543>) \n**DESCRIPTION:** OpenSSL could allow a remote attacker to obtain sensitive information, caused by an error in the ChaCha20-Poly1305 AEAD cipher. By sending a message encrypted using a reused overly long nonce, an attacker could exploit this vulnerability to conduct serious confidentiality and integrity attacks. \nCVSS Base Score: 4.8 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/157841> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N)\n\n**CVEID:** [CVE - CVE-2019-1002100](<https://vulners.com/cve/CVE-2019-1002100>) \n**DESCRIPTION:** The Kubernetes API server is vulnerable to a denial of service. By sending a specially crafted patch of type \"json-patch\" requests, a remote authenticated attacker could exploit this vulnerability to consume an excessive amount of resources. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/157685> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID**: [CVE-2019-9516](<https://vulners.com/cve/CVE-2019-9516>) \n**DESCRIPTION**: Multiple vendors are vulnerable to a denial of service, caused by a 0-Length Headers Leak attack. By sending a stream of headers with a 0-length header name and 0-length header value, a remote attacker could consume excessive memory resources. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: <https://exchange.xforce.ibmcloud.com/vulnerabilities/165182> for more information \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n**CVEID**: [CVE-2019-9515](<https://vulners.com/cve/CVE-2019-9515>) \n**DESCRIPTION**: Multiple vendors are vulnerable to a denial of service, caused by a Settings Flood attack. By sending a stream of SETTINGS frames to the peer, a remote attacker could consume excessive CPU resources. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: <https://exchange.xforce.ibmcloud.com/vulnerabilities/165181> for more information \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n**CVEID**: [CVE-2019-9518](<https://vulners.com/cve/CVE-2019-9518>) \n**DESCRIPTION**: Multiple vendors are vulnerable to a denial of service, caused by a Empty Frame Flooding attack. By sending a stream of frames with an empty payload and without the end-of-stream flag, a remote attacker could consume excessive CPU resources. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: <https://exchange.xforce.ibmcloud.com/vulnerabilities/164904> for more information \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n**CVEID**: [CVE-2019-9517](<https://vulners.com/cve/CVE-2019-9517>) \n**DESCRIPTION**: Multiple vendors are vulnerable to a denial of service, caused by an Internal Data Buffering attack. By opening the HTTP/2 window so the peer can send without constraint and sending a stream of requests for a large response object, a remote attacker could consume excessive CPU resources. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: <https://exchange.xforce.ibmcloud.com/vulnerabilities/165183> for more information \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n**CVEID**: [CVE-2019-9511](<https://vulners.com/cve/CVE-2019-9511>) \n**DESCRIPTION**: Multiple vendors are vulnerable to a denial of service, caused by a Data Dribble attack. By sending a HTTP/2 request by the HTTP/2 protocol stack (HTTP.sys) for an overly large amount of data from a specified resource over multiple streams, a remote attacker could consume excessive CPU resources. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: <https://exchange.xforce.ibmcloud.com/vulnerabilities/164638> for more information \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [CVE-2019-9512](<https://vulners.com/cve/CVE-2019-9512>) \n**DESCRIPTION:** Multiple vendors are vulnerable to a denial of service, caused by a Ping Flood attack. By sending continual pings to an HTTP/2 peer, a remote attacker could consume excessive CPU resources. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: <https://exchange.xforce.ibmcloud.com/vulnerabilities/164903> for more information \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n**CVEID**: [CVE-2019-9513](<https://vulners.com/cve/CVE-2019-9513>) \n**DESCRIPTION**: Multiple vendors are vulnerable to a denial of service, caused by a Resource Loop attack. By creating multiple request streams and continually shuffling the priority of the streams, a remote attacker could consume excessive CPU resources. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: <https://exchange.xforce.ibmcloud.com/vulnerabilities/164639> for more information \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID**: [CVE-2019-9514](<https://vulners.com/cve/CVE-2019-9514>) \n**DESCRIPTION**: Multiple vendors are vulnerable to a denial of service, caused by a Reset Flood attack. By opening a number of streams and sending an invalid request over each stream, a remote attacker could consume excessive CPU resources. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: <https://exchange.xforce.ibmcloud.com/vulnerabilities/164640> for more information \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nIBM Cloud Private for Data V1.1.0, V1.2.0, V1.2.1, V2.1.0\n\n## Remediation/Fixes\n\nUsers of IBM Cloud Private for Data V1.1.0, V1.2.0, and V1.2.1 are advised to:\n\n * Upgrade to IBM Cloud Pak for Data V2.1.0.1\n * Upgrade to IBM Cloud Private V3.1.2\n * Apply IBM Cloud Pak for Data V2.1.0.1 FP1\n * Apply fix packs for IBM Cloud Private V3.2.2\n\nUsers of IBM Cloud Private for Data V2.1.0 are advised to:\n\n * Apply IBM Cloud Pak for Data V2.1.0.2\n * Apply fix packs for IBM Cloud Private V3.2.2\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-10-23T14:47:11", "type": "ibm", "title": "Security Bulletin: Security Vulnerabilities affect IBM Cloud Private for Data - OpenSSL (CVE-2019-1543), Kubernetes (CVE-2019-1002100, CVE-2019-9511, CVE-2019-9512, CVE-2019-9513, CVE-2019-9514, CVE-2019-9515, CVE-2019-9516, CVE-2019-9517, CVE-2019-9518)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-1002100", "CVE-2019-1543", "CVE-2019-9511", "CVE-2019-9512", "CVE-2019-9513", "CVE-2019-9514", "CVE-2019-9515", "CVE-2019-9516", "CVE-2019-9517", "CVE-2019-9518"], "modified": "2019-10-23T14:47:11", "id": "EFD802732B0A15F67815EDD8850FB1C881B714B4A10FEC7A7699E0D6FA7B59C0", "href": "https://www.ibm.com/support/pages/node/958771", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-02-27T21:55:39", "description": "## Summary\n\nMultiple vulnerabilities in WebSphere Application Server Liberty that is used by IBM InfoSphere Information Server were addressed. \n\n## Vulnerability Details\n\n**CVEID: **[CVE-2019-9515](<https://vulners.com/cve/CVE-2019-9515>) \n**DESCRIPTION: **Multiple vendors are vulnerable to a denial of service, caused by a Settings Flood attack. By sending a stream of SETTINGS frames to the peer, a remote attacker could consume excessive CPU resources. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/165181](<https://exchange.xforce.ibmcloud.com/vulnerabilities/165181>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n**CVEID: **[CVE-2019-9518](<https://vulners.com/cve/CVE-2019-9518>) \n**DESCRIPTION: **Multiple vendors are vulnerable to a denial of service, caused by a Empty Frame Flooding attack. By sending a stream of frames with an empty payload and without the end-of-stream flag, a remote attacker could consume excessive CPU resources. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/164904](<https://exchange.xforce.ibmcloud.com/vulnerabilities/164904>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n**CVEID: **[CVE-2019-9517](<https://vulners.com/cve/CVE-2019-9517>) \n**DESCRIPTION: **Multiple vendors are vulnerable to a denial of service, caused by an Internal Data Buffering attack. By opening the HTTP/2 window so the peer can send without constraint and sending a stream of requests for a large response object, a remote attacker could consume excessive CPU resources. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/165183](<https://exchange.xforce.ibmcloud.com/vulnerabilities/165183>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n**CVEID: **[CVE-2019-9512](<https://vulners.com/cve/CVE-2019-9512>) \n**DESCRIPTION: **Multiple vendors are vulnerable to a denial of service, caused by a Ping Flood attack. By sending continual pings to an HTTP/2 peer, a remote attacker could consume excessive CPU resources. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/164903](<https://exchange.xforce.ibmcloud.com/vulnerabilities/164903>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n**CVEID: **[CVE-2019-9514](<https://vulners.com/cve/CVE-2019-9514>) \n**DESCRIPTION: **Multiple vendors are vulnerable to a denial of service, caused by a Reset Flood attack. By opening a number of streams and sending an invalid request over each stream, a remote attacker could consume excessive CPU resources. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/164640](<https://exchange.xforce.ibmcloud.com/vulnerabilities/164640>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n**CVEID: **[CVE-2019-9513](<https://vulners.com/cve/CVE-2019-9513>) \n**DESCRIPTION: **Multiple vendors are vulnerable to a denial of service, caused by a Resource Loop attack. By creating multiple request streams and continually shuffling the priority of the streams, a remote attacker could consume excessive CPU resources. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/164639](<https://exchange.xforce.ibmcloud.com/vulnerabilities/164639>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n**CVEID: **[CVE-2019-4720](<https://vulners.com/cve/CVE-2019-4720>) \n**DESCRIPTION: **IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume all available memory. IBM X-Force ID: 172125. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/172125](<https://exchange.xforce.ibmcloud.com/vulnerabilities/172125>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n**CVEID: **[CVE-2019-12406](<https://vulners.com/cve/CVE-2019-12406>) \n**DESCRIPTION: **Apache CXF is vulnerable to a denial of service, caused by the failure to restrict the number of message attachments present in a given message. By sending a specially-crafted message containing an overly large number of message attachments, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/170974](<https://exchange.xforce.ibmcloud.com/vulnerabilities/170974>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n**CVEID: **[CVE-2019-4663](<https://vulners.com/cve/CVE-2019-4663>) \n**DESCRIPTION: **IBM WebSphere Application Server - Liberty is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 171245. \nCVSS Base score: 5.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/171245](<https://exchange.xforce.ibmcloud.com/vulnerabilities/171245>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N) \n \n**CVEID: **[CVE-2019-17495](<https://vulners.com/cve/CVE-2019-17495>) \n**DESCRIPTION: **Swagger UI could allow a remote attacker to obtain sensitive information, caused by a CSS injection flaw. By using the relative path overwrite (RPO) attack technique, an attacker could exploit this vulnerability to obtain sensitive information. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/169050](<https://exchange.xforce.ibmcloud.com/vulnerabilities/169050>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n## Affected Products and Versions\n\nAffected Product(s) | Version(s) \n---|--- \nInfoSphere Information Server, Information Server on Cloud | 11.7 \n \n## Remediation/Fixes\n\n_Product_\n\n| \n\n_VRMF_\n\n| \n\n_APAR_\n\n| \n\n_Remediation/First Fix_ \n \n---|---|---|--- \n \nInfoSphere Information Server, Information Server on Cloud\n\n| \n\n11.7\n\n| \n\n[JR61915](<http://www.ibm.com/support/docview.wss?uid=swg1JR61915> \"JR61915\" )\n\n| \n\n\\--Apply IBM InfoSphere Information Server version [11.7.1.0](<https://www.ibm.com/support/docview.wss?uid=ibm10878310> \"11.7.1.0\" ) \n\\--Apply IBM InfoSphere Information Server [11.7.1 Fix Pack 1](<https://www.ibm.com/support/pages/node/6209196> \"11.7.1.1\" ) \n \n \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-05-18T20:22:25", "type": "ibm", "title": "Security Bulletin: IBM InfoSphere Information Server is affected by multiple vulnerabilities in WebSphere Application Server Liberty", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-12406", "CVE-2019-17495", "CVE-2019-4663", "CVE-2019-4720", "CVE-2019-9512", "CVE-2019-9513", "CVE-2019-9514", "CVE-2019-9515", "CVE-2019-9517", "CVE-2019-9518"], "modified": "2020-05-18T20:22:25", "id": "574FC031AF9B64FDFC8B0BF65E22355456EDFA4CF1ECE74E592CA6972407F30F", "href": "https://www.ibm.com/support/pages/node/6207100", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-02-27T17:46:53", "description": "## Summary\n\nThere are multiple vulnerabilities in Node.js that affect IBM Spectrum Protect Plus.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2019-15606](<https://vulners.com/cve/CVE-2019-15606>) \n** DESCRIPTION: **Node.js could allow a remote attacker to bypass security restrictions, caused by an issue when HTTP header values do not have trailing OWS trimmed. By sending a specially-crafted request, an attacker could exploit this vulnerability to bypass authorization based on header value comparisons. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/175914](<https://exchange.xforce.ibmcloud.com/vulnerabilities/175914>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2019-15604](<https://vulners.com/cve/CVE-2019-15604>) \n** DESCRIPTION: **Node.js is vulnerable to a denial of service, caused by improper certificate validation. By sending a specially-crafted X.509 certificate, a remote attacker could exploit this vulnerability to cause the process to abort. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/175912](<https://exchange.xforce.ibmcloud.com/vulnerabilities/175912>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2019-15605](<https://vulners.com/cve/CVE-2019-15605>) \n** DESCRIPTION: **Node.js is vulnerable to HTTP request smuggling, caused by a flaw when handling unusual Transfer-Encoding HTTP header. By sending a specially-crafted request, an attacker could exploit this vulnerability to poison the web cache, bypass web application firewall protection, and conduct XSS attacks. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/175913](<https://exchange.xforce.ibmcloud.com/vulnerabilities/175913>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2019-9511](<https://vulners.com/cve/CVE-2019-9511>) \n** DESCRIPTION: **Multiple vendors are vulnerable to a denial of service, caused by a Data Dribble attack. By sending a HTTP/2 request by the HTTP/2 protocol stack (HTTP.sys) for an overly large amount of data from a specified resource over multiple streams, a remote attacker could consume excessive CPU resources. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/164638](<https://exchange.xforce.ibmcloud.com/vulnerabilities/164638>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2019-9516](<https://vulners.com/cve/CVE-2019-9516>) \n** DESCRIPTION: **Multiple vendors are vulnerable to a denial of service, caused by a 0-Length Headers Leak attack. By sending a stream of headers with a 0-length header name and 0-length header value, a remote attacker could consume excessive memory resources. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/165182](<https://exchange.xforce.ibmcloud.com/vulnerabilities/165182>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2019-9512](<https://vulners.com/cve/CVE-2019-9512>) \n** DESCRIPTION: **Multiple vendors are vulnerable to a denial of service, caused by a Ping Flood attack. By sending continual pings to an HTTP/2 peer, a remote attacker could consume excessive CPU resources. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/164903](<https://exchange.xforce.ibmcloud.com/vulnerabilities/164903>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2019-9517](<https://vulners.com/cve/CVE-2019-9517>) \n** DESCRIPTION: **Multiple vendors are vulnerable to a denial of service, caused by an Internal Data Buffering attack. By opening the HTTP/2 window so the peer can send without constraint and sending a stream of requests for a large response object, a remote attacker could consume excessive CPU resources. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/165183](<https://exchange.xforce.ibmcloud.com/vulnerabilities/165183>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2019-9518](<https://vulners.com/cve/CVE-2019-9518>) \n** DESCRIPTION: **Multiple vendors are vulnerable to a denial of service, caused by a Empty Frame Flooding attack. By sending a stream of frames with an empty payload and without the end-of-stream flag, a remote attacker could consume excessive CPU resources. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/164904](<https://exchange.xforce.ibmcloud.com/vulnerabilities/164904>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2019-9515](<https://vulners.com/cve/CVE-2019-9515>) \n** DESCRIPTION: **Multiple vendors are vulnerable to a denial of service, caused by a Settings Flood attack. By sending a stream of SETTINGS frames to the peer, a remote attacker could consume excessive CPU resources. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/165181](<https://exchange.xforce.ibmcloud.com/vulnerabilities/165181>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2019-9513](<https://vulners.com/cve/CVE-2019-9513>) \n** DESCRIPTION: **Multiple vendors are vulnerable to a denial of service, caused by a Resource Loop attack. By creating multiple request streams and continually shuffling the priority of the streams, a remote attacker could consume excessive CPU resources. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/164639](<https://exchange.xforce.ibmcloud.com/vulnerabilities/164639>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2019-9514](<https://vulners.com/cve/CVE-2019-9514>) \n** DESCRIPTION: **Multiple vendors are vulnerable to a denial of service, caused by a Reset Flood attack. By opening a number of streams and sending an invalid request over each stream, a remote attacker could consume excessive CPU resources. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/164640](<https://exchange.xforce.ibmcloud.com/vulnerabilities/164640>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\n**Affected Product(s)**| **Version(s)** \n---|--- \nIBM Spectrum Protect Plus| 10.1.0-10.1.5 \n \n## Remediation/Fixes\n\n**Spectrum Protect** \n**Plus Release**| **First Fixing** \n**VRM Level**| **Platform**| **Link to Fix** \n---|---|---|--- \n10.1| 10.1.5.2199| Linux| <https://www.ibm.com/support/pages/node/1135035> \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-03-30T22:17:08", "type": "ibm", "title": "Security Bulletin: Vulnerabilities in Node.js affect IBM Spectrum Protect Plus (CVE-2019-15606, CVE-2019-15604, CVE-2019-15605, CVE-2019-9511, CVE-2019-9516, CVE-2019-9512, CVE-2019-9517, CVE-2019-9518, CVE-2019-9515, CVE-2019-9513, CVE-2019-9514)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-15604", "CVE-2019-15605", "CVE-2019-15606", "CVE-2019-9511", "CVE-2019-9512", "CVE-2019-9513", "CVE-2019-9514", "CVE-2019-9515", "CVE-2019-9516", "CVE-2019-9517", "CVE-2019-9518"], "modified": "2020-03-30T22:17:08", "id": "647A7AB345F655E164F4C0AB87C5729F0821EA62A0208C6067C65D31362414A2", "href": "https://www.ibm.com/support/pages/node/6114238", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-02-27T21:51:24", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM WebSphere Application Server Liberty that may affect IBM Spectrum Protect Plus.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2019-17573](<https://vulners.com/cve/CVE-2019-17573>) \n** DESCRIPTION: **Apache CXF is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the services listing page. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. \nCVSS Base score: 6.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/174689](<https://exchange.xforce.ibmcloud.com/vulnerabilities/174689>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2019-9515](<https://vulners.com/cve/CVE-2019-9515>) \n** DESCRIPTION: **Multiple vendors are vulnerable to a denial of service, caused by a Settings Flood attack. By sending a stream of SETTINGS frames to the peer, a remote attacker could consume excessive CPU resources. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/165181](<https://exchange.xforce.ibmcloud.com/vulnerabilities/165181>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2019-9518](<https://vulners.com/cve/CVE-2019-9518>) \n** DESCRIPTION: **Multiple vendors are vulnerable to a denial of service, caused by a Empty Frame Flooding attack. By sending a stream of frames with an empty payload and without the end-of-stream flag, a remote attacker could consume excessive CPU resources. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/164904](<https://exchange.xforce.ibmcloud.com/vulnerabilities/164904>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2019-9517](<https://vulners.com/cve/CVE-2019-9517>) \n** DESCRIPTION: **Multiple vendors are vulnerable to a denial of service, caused by an Internal Data Buffering attack. By opening the HTTP/2 window so the peer can send without constraint and sending a stream of requests for a large response object, a remote attacker could consume excessive CPU resources. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/165183](<https://exchange.xforce.ibmcloud.com/vulnerabilities/165183>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2019-9512](<https://vulners.com/cve/CVE-2019-9512>) \n** DESCRIPTION: **Multiple vendors are vulnerable to a denial of service, caused by a Ping Flood attack. By sending continual pings to an HTTP/2 peer, a remote attacker could consume excessive CPU resources. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/164903](<https://exchange.xforce.ibmcloud.com/vulnerabilities/164903>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2019-9514](<https://vulners.com/cve/CVE-2019-9514>) \n** DESCRIPTION: **Multiple vendors are vulnerable to a denial of service, caused by a Reset Flood attack. By opening a number of streams and sending an invalid request over each stream, a remote attacker could consume excessive CPU resources. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/164640](<https://exchange.xforce.ibmcloud.com/vulnerabilities/164640>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2019-9513](<https://vulners.com/cve/CVE-2019-9513>) \n** DESCRIPTION: **Multiple vendors are vulnerable to a denial of service, caused by a Resource Loop attack. By creating multiple request streams and continually shuffling the priority of the streams, a remote attacker could consume excessive CPU resources. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/164639](<https://exchange.xforce.ibmcloud.com/vulnerabilities/164639>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2019-4663](<https://vulners.com/cve/CVE-2019-4663>) \n** DESCRIPTION: **IBM WebSphere Application Server - Liberty is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 171245. \nCVSS Base score: 5.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/171245](<https://exchange.xforce.ibmcloud.com/vulnerabilities/171245>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2014-3603](<https://vulners.com/cve/CVE-2014-3603>) \n** DESCRIPTION: **Shibboleth Identity Provider (IdP) and OpenSAML Java could allow a remote attacker to conduct spoofing attacks, caused by the failure to verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate. A man-in-the-middle attacker could exploit this vulnerability using an arbitrary valid certificate.to spoof SSL servers. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/164271](<https://exchange.xforce.ibmcloud.com/vulnerabilities/164271>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N) \n \n** CVEID: **[CVE-2019-12406](<https://vulners.com/cve/CVE-2019-12406>) \n** DESCRIPTION: **Apache CXF is vulnerable to a denial of service, caused by the failure to restrict the number of message attachments present in a given message. By sending a specially-crafted message containing an overly large number of message attachments, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/170974](<https://exchange.xforce.ibmcloud.com/vulnerabilities/170974>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2020-4303](<https://vulners.com/cve/CVE-2020-4303>) \n** DESCRIPTION: **IBM WebSphere Application Server - Liberty 17.0.0.3 through 20.0.0.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 176668. \nCVSS Base score: 6.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/176668](<https://exchange.xforce.ibmcloud.com/vulnerabilities/176668>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2020-4304](<https://vulners.com/cve/CVE-2020-4304>) \n** DESCRIPTION: **IBM WebSphere Application Server - Liberty 17.0.0.3 through 20.0.0.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 176670. \nCVSS Base score: 6.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/176670](<https://exchange.xforce.ibmcloud.com/vulnerabilities/176670>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2019-12402](<https://vulners.com/cve/CVE-2019-12402>) \n** DESCRIPTION: **Apache Commons Compress is vulnerable to a denial of service, caused by an error in the internal file name encoding algorithm. By choosing the file names inside of a specially crafted archive, a remote attacker could exploit this vulnerability to cause the application to enter into an infinite loop. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/165956](<https://exchange.xforce.ibmcloud.com/vulnerabilities/165956>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2019-17495](<https://vulners.com/cve/CVE-2019-17495>) \n** DESCRIPTION: **Swagger UI could allow a remote attacker to obtain sensitive information, caused by a CSS injection flaw. By using the relative path overwrite (RPO) attack technique, an attacker could exploit this vulnerability to obtain sensitive information. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/169050](<https://exchange.xforce.ibmcloud.com/vulnerabilities/169050>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2019-4720](<https://vulners.com/cve/CVE-2019-4720>) \n** DESCRIPTION: **IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume all available memory. IBM X-Force ID: 172125. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/172125](<https://exchange.xforce.ibmcloud.com/vulnerabilities/172125>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\n**Affected Product(s)**| **Version(s)** \n---|--- \nIBM Spectrum Protect Plus| 10.1.0-10.1.6 \n \n## Remediation/Fixes\n\n**Spectrum Protect** \n**Plus Release**| **First Fixing** \n**VRM Level**| **Platform**| **Link to Fix** \n---|---|---|--- \n10.1| 10.1.6 ifix3| Linux| **<https://www.ibm.com/support/pages/node/6254732>** \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-08-31T19:36:55", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM WebSphere Application Server Liberty affect IBM Spectrum Protect Plus", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3603", "CVE-2019-12402", "CVE-2019-12406", "CVE-2019-17495", "CVE-2019-17573", "CVE-2019-4663", "CVE-2019-4720", "CVE-2019-9512", "CVE-2019-9513", "CVE-2019-9514", "CVE-2019-9515", "CVE-2019-9517", "CVE-2019-9518", "CVE-2020-4303", "CVE-2020-4304"], "modified": "2020-08-31T19:36:55", "id": "4BEC8E9463E4B27C09D4E3ECF5C98A9E0D6D193C06E6EFC3DEDB9F41368D7DC0", "href": "https://www.ibm.com/support/pages/node/6324799", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-02-24T05:47:29", "description": "## Summary\n\nMultiple Vulnerabilities in Kubernetes affects IBM Watson Studio Local\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2019-5736](<https://vulners.com/cve/CVE-2019-5736>) \n** DESCRIPTION: **runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types of containers: (1) a new container with an attacker-controlled image, or (2) an existing container, to which the attacker previously had write access, that can be attached with docker exec. This occurs because of file-descriptor mishandling, related to /proc/self/exe. \nCVSS Base score: 7.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/156819](<https://exchange.xforce.ibmcloud.com/vulnerabilities/156819>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)\n\n \n** CVEID: **[CVE-2018-1002105](<https://vulners.com/cve/CVE-2018-1002105>) \n** DESCRIPTION: **In all Kubernetes versions prior to v1.10.11, v1.11.5, and v1.12.3, incorrect handling of error responses to proxied upgrade requests in the kube-apiserver allowed specially crafted requests to establish a connection through the Kubernetes API server to backend servers, then send arbitrary requests over the same connection directly to the backend, authenticated with the Kubernetes API server's TLS credentials used to establish the backend connection. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/153638](<https://exchange.xforce.ibmcloud.com/vulnerabilities/153638>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n \n** CVEID: **[CVE-2019-9946](<https://vulners.com/cve/CVE-2019-9946>) \n** DESCRIPTION: **Cloud Native Computing Foundation (CNCF) CNI (Container Networking Interface) 0.7.4 has a network firewall misconfiguration which affects Kubernetes. The CNI 'portmap' plugin, used to setup HostPorts for CNI, inserts rules at the front of the iptables nat chains; which take precedence over the KUBE- SERVICES chain. Because of this, the HostPort/portmap rule could match incoming traffic even if there were better fitting, more specific service definition rules like NodePorts later in the chain. The issue is fixed in CNI 0.7.5 and Kubernetes 1.11.9, 1.12.7, 1.13.5, and 1.14.0. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/158803](<https://exchange.xforce.ibmcloud.com/vulnerabilities/158803>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n \n** CVEID: **[CVE-2019-11250](<https://vulners.com/cve/CVE-2019-11250>) \n** DESCRIPTION: **The Kubernetes client-go library logs request headers at verbosity levels of 7 or higher. This can disclose credentials to unauthorized users via logs or command output. Kubernetes components (such as kube-apiserver) prior to v1.16.0, which make use of basic or bearer token authentication, and run at high verbosity levels, are affected. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/166710](<https://exchange.xforce.ibmcloud.com/vulnerabilities/166710>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)\n\n \n** CVEID: **[CVE-2019-9513](<https://vulners.com/cve/CVE-2019-9513>) \n** DESCRIPTION: **Some HTTP/2 implementations are vulnerable to resource loops, potentially leading to a denial of service. The attacker creates multiple request streams and continually shuffles the priority of the streams in a way that causes substantial churn to the priority tree. This can consume excess CPU. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/164639](<https://exchange.xforce.ibmcloud.com/vulnerabilities/164639>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n \n** CVEID: **[CVE-2019-9511](<https://vulners.com/cve/CVE-2019-9511>) \n** DESCRIPTION: **Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service. The attacker requests a large amount of data from a specified resource over multiple streams. They manipulate window size and stream priority to force the server to queue the data in 1-byte chunks. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/164638](<https://exchange.xforce.ibmcloud.com/vulnerabilities/164638>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n \n** CVEID: **[CVE-2019-9515](<https://vulners.com/cve/CVE-2019-9515>) \n** DESCRIPTION: **Some HTTP/2 implementations are vulnerable to a settings flood, potentially leading to a denial of service. The attacker sends a stream of SETTINGS frames to the peer. Since the RFC requires that the peer reply with one acknowledgement per SETTINGS frame, an empty SETTINGS frame is almost equivalent in behavior to a ping. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/165181](<https://exchange.xforce.ibmcloud.com/vulnerabilities/165181>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n \n** CVEID: **[CVE-2019-9516](<https://vulners.com/cve/CVE-2019-9516>) \n** DESCRIPTION: **Some HTTP/2 implementations are vulnerable to a header leak, potentially leading to a denial of service. The attacker sends a stream of headers with a 0-length header name and 0-length header value, optionally Huffman encoded into 1-byte or greater headers. Some implementations allocate memory for these headers and keep the allocation alive until the session dies. This can consume excess memory. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/165182](<https://exchange.xforce.ibmcloud.com/vulnerabilities/165182>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n \n** CVEID: **[CVE-2019-9517](<https://vulners.com/cve/CVE-2019-9517>) \n** DESCRIPTION: **Some HTTP/2 implementations are vulnerable to unconstrained interal data buffering, potentially leading to a denial of service. The attacker opens the HTTP/2 window so the peer can send without constraint; however, they leave the TCP window closed so the peer cannot actually write (many of) the bytes on the wire. The attacker then sends a stream of requests for a large response object. Depending on how the servers queue the responses, this can consume excess memory, CPU, or both. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/165183](<https://exchange.xforce.ibmcloud.com/vulnerabilities/165183>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n \n** CVEID: **[CVE-2019-9518](<https://vulners.com/cve/CVE-2019-9518>) \n** DESCRIPTION: **Some HTTP/2 implementations are vulnerable to a flood of empty frames, potentially leading to a denial of service. The attacker sends a stream of frames with an empty payload and without the end-of-stream flag. These frames can be DATA, HEADERS, CONTINUATION and/or PUSH_PROMISE. The peer spends time processing each frame disproportionate to attack bandwidth. This can consume excess CPU. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/164904](<https://exchange.xforce.ibmcloud.com/vulnerabilities/164904>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n \n** CVEID: **[CVE-2019-11251](<https://vulners.com/cve/CVE-2019-11251>) \n** DESCRIPTION: **Kubernetes could allow a remote attacker to gain unauthorized access to the system, caused by an error in &amp;#96;kubectl cp&amp;#96; that allows a combination of two symlinks to copy a file outside of its destination directory. An attacker could exploit this vulnerability to write arbitrary files outside of the destination tree. \nCVSS Base score: 5.9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/168617](<https://exchange.xforce.ibmcloud.com/vulnerabilities/168617>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N)\n\n \n** CVEID: **[CVE-2019-11253](<https://vulners.com/cve/CVE-2019-11253>) \n** DESCRIPTION: **Improper input validation in the Kubernetes API server in versions v1.0-1.12 and versions prior to v1.13.12, v1.14.8, v1.15.5, and v1.16.2 allows authorized users to send malicious YAML or JSON payloads, causing the API server to consume excessive CPU or memory, potentially crashing and becoming unavailable. Prior to v1.14.0, default RBAC policy authorized anonymous users to submit requests that could trigger this vulnerability. Clusters upgraded from a version prior to v1.14.0 keep the more permissive policy by default for backwards compatibility. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/168618](<https://exchange.xforce.ibmcloud.com/vulnerabilities/168618>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n \n** CVEID: **[CVE-2019-10223](<https://vulners.com/cve/CVE-2019-10223>) \n** DESCRIPTION: **A security issue was discovered in the kube-state-metrics versions v1.7.0 and v1.7.1. An experimental feature was added to the v1.7.0 release that enabled annotations to be exposed as metrics. By default, the kube-state-metrics metrics only expose metadata about Secrets. However, a combination of the default `kubectl` behavior and this new feature can cause the entire secret content to end up in metric labels thus inadvertently exposing the secret content in metrics. This feature has been reverted and released as the v1.7.2 release. If you are running the v1.7.0 or v1.7.1 release, please upgrade to the v1.7.2 release as soon as possible. \nCVSS Base score: 5.9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/165077](<https://exchange.xforce.ibmcloud.com/vulnerabilities/165077>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)\n\n \n** CVEID: **[CVE-2019-17110](<https://vulners.com/cve/CVE-2019-17110>) \n** DESCRIPTION: **** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2019-10223. Reason: This candidate is a duplicate of CVE-2019-10223. Notes: All CVE users should reference CVE-2019-10223 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/168365](<https://exchange.xforce.ibmcloud.com/vulnerabilities/168365>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)\n\n \n** CVEID: **[CVE-2019-11248](<https://vulners.com/cve/CVE-2019-11248>) \n** DESCRIPTION: **The debugging endpoint /debug/pprof is exposed over the unauthenticated Kubelet healthz port. The go pprof endpoint is exposed over the Kubelet's healthz port. This debugging endpoint can potentially leak sensitive information such as internal Kubelet memory addresses and configuration, or for limited denial of service. Versions prior to 1.15.0, 1.14.4, 1.13.8, and 1.12.10 are affected. The issue is of medium severity, but not exposed by the default configuration. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/164836](<https://exchange.xforce.ibmcloud.com/vulnerabilities/164836>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L)\n\n \n** CVEID: **[CVE-2019-11246](<https://vulners.com/cve/CVE-2019-11246>) \n** DESCRIPTION: **The kubectl cp command allows copying files between containers and the user machine. To copy files from a container, Kubernetes runs tar inside the container to create a tar archive, copies it over the network, and kubectl unpacks it on the user?s machine. If the tar binary in the container is malicious, it could run any code and output unexpected, malicious results. An attacker could use this to write files to any path on the user?s machine when kubectl cp is called, limited only by the system permissions of the local user. Kubernetes affected versions include versions prior to 1.12.9, versions prior to 1.13.6, versions prior to 1.14.2, and versions 1.1, 1.2, 1.4, 1.4, 1.5, 1.6, 1.7, 1.8, 1.9, 1.10, 1.11. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/162892](<https://exchange.xforce.ibmcloud.com/vulnerabilities/162892>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N) \n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Watson Studio - Local| 1.2.3 \n \n\n\n## Remediation/Fixes\n\nProduct| VRMF| Remediation/First Fix \n---|---|--- \nIBM Watson Studio Local| 2.1| <https://www.ibm.com/software/passportadvantage/pao_customer.html> \nIBM Cloud Pak for Data| 2.5| <https://www.ibm.com/software/passportadvantage/pao_customer.html> \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-12-20T13:53:35", "type": "ibm", "title": "Security Bulletin: Multiple Vulnerabilities in Kubernetes affects IBM Watson Studio Local", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-1002105", "CVE-2019-10223", "CVE-2019-11246", "CVE-2019-11248", "CVE-2019-11250", "CVE-2019-11251", "CVE-2019-11253", "CVE-2019-17110", "CVE-2019-5736", "CVE-2019-9511", "CVE-2019-9513", "CVE-2019-9515", "CVE-2019-9516", "CVE-2019-9517", "CVE-2019-9518", "CVE-2019-9946"], "modified": "2019-12-20T13:53:35", "id": "731A6DDD5325438B0FCA3D1B2CA7C8881C1A425221911E3EF5FB3283E134B7EA", "href": "https://www.ibm.com/support/pages/node/1143454", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-27T21:44:38", "description": "## Summary\n\nMuiltiple vulnerabilities in Kubernetes that is used by IBM InfoSphere Information Server were addressed.\n\n## Vulnerability Details\n\n**CVEID: **[CVE-2019-9512](<https://vulners.com/cve/CVE-2019-9512>) \n**DESCRIPTION: **Multiple vendors are vulnerable to a denial of service, caused by a Ping Flood attack. By sending continual pings to an HTTP/2 peer, a remote attacker could consume excessive CPU resources. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/164903](<https://exchange.xforce.ibmcloud.com/vulnerabilities/164903>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n**CVEID: **[CVE-2019-9514](<https://vulners.com/cve/CVE-2019-9514>) \n**DESCRIPTION: **Multiple vendors are vulnerable to a denial of service, caused by a Reset Flood attack. By opening a number of streams and sending an invalid request over each stream, a remote attacker could consume excessive CPU resources. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/164640](<https://exchange.xforce.ibmcloud.com/vulnerabilities/164640>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n**CVEID: **[CVE-2019-11249](<https://vulners.com/cve/CVE-2019-11249>) \n**DESCRIPTION: **Kubernetes could allow a remote authenticated attacker to traverse directories on the system, caused by an incomplete fix for CVE-2019-1002101 and CVE-2019-11246. By persuading a victim to use the kubectl cp command with a malicious container, an attacker could replace or create arbitrary files on a user\u2019s workstation. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/164768](<https://exchange.xforce.ibmcloud.com/vulnerabilities/164768>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N) \n \n**CVEID: **[CVE-2019-11247](<https://vulners.com/cve/CVE-2019-11247>) \n**DESCRIPTION: **Kubernetes could allow a remote authenticated attacker to gain unauthorized access to the system, caused by an error in the API server. By sending a specially crafted request using the wrong scope, an attacker could exploit this vulnerability to create, view, update or delete the cluster-scoped resource. \nCVSS Base score: 8.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/164767](<https://exchange.xforce.ibmcloud.com/vulnerabilities/164767>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N) \n \n**CVEID: **[CVE-2019-11254](<https://vulners.com/cve/CVE-2019-11254>) \n**DESCRIPTION: **Kubernetes is vulnerable to a denial of service, caused by a flaw in kube-apiserver. By sending a specially-crafted request using YAML payloads, a remote authenticated attacker could exploit this vulnerability to consume excessive CPU cycles. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/178935](<https://exchange.xforce.ibmcloud.com/vulnerabilities/178935>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n**CVEID: **[CVE-2019-11253](<https://vulners.com/cve/CVE-2019-11253>) \n**DESCRIPTION: **The Kubernetes API server is vulnerable to a denial of service, caused by a billion laughs attack, caused by an error when parsing YAML manifests. A remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/168618](<https://exchange.xforce.ibmcloud.com/vulnerabilities/168618>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n**CVEID: **[CVE-2019-9516](<https://vulners.com/cve/CVE-2019-9516>) \n**DESCRIPTION: **Multiple vendors are vulnerable to a denial of service, caused by a 0-Length Headers Leak attack. By sending a stream of headers with a 0-length header name and 0-length header value, a remote attacker could consume excessive memory resources. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/165182](<https://exchange.xforce.ibmcloud.com/vulnerabilities/165182>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n**CVEID: **[CVE-2019-9515](<https://vulners.com/cve/CVE-2019-9515>) \n**DESCRIPTION: **Multiple vendors are vulnerable to a denial of service, caused by a Settings Flood attack. By sending a stream of SETTINGS frames to the peer, a remote attacker could consume excessive CPU resources. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/165181](<https://exchange.xforce.ibmcloud.com/vulnerabilities/165181>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n**CVEID: **[CVE-2019-9518](<https://vulners.com/cve/CVE-2019-9518>) \n**DESCRIPTION: **Multiple vendors are vulnerable to a denial of service, caused by a Empty Frame Flooding attack. By sending a stream of frames with an empty payload and without the end-of-stream flag, a remote attacker could consume excessive CPU resources. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/164904](<https://exchange.xforce.ibmcloud.com/vulnerabilities/164904>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n**CVEID: **[CVE-2019-9517](<https://vulners.com/cve/CVE-2019-9517>) \n**DESCRIPTION: **Multiple vendors are vulnerable to a denial of service, caused by an Internal Data Buffering attack. By opening the HTTP/2 window so the peer can send without constraint and sending a stream of requests for a large response object, a remote attacker could consume excessive CPU resources. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/165183](<https://exchange.xforce.ibmcloud.com/vulnerabilities/165183>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n**CVEID: **[CVE-2019-9511](<https://vulners.com/cve/CVE-2019-9511>) \n**DESCRIPTION: **Multiple vendors are vulnerable to a denial of service, caused by a Data Dribble attack. By sending a HTTP/2 request by the HTTP/2 protocol stack (HTTP.sys) for an overly large amount of data from a specified resource over multiple streams, a remote attacker could consume excessive CPU resources. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/164638](<https://exchange.xforce.ibmcloud.com/vulnerabilities/164638>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n**CVEID: **[CVE-2019-9513](<https://vulners.com/cve/CVE-2019-9513>) \n**DESCRIPTION: **Multiple vendors are vulnerable to a denial of service, caused by a Resource Loop attack. By creating multiple request streams and continually shuffling the priority of the streams, a remote attacker could consume excessive CPU resources. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/164639](<https://exchange.xforce.ibmcloud.com/vulnerabilities/164639>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n**CVEID: **[CVE-2019-11248](<https://vulners.com/cve/CVE-2019-11248>) \n**DESCRIPTION: **Kubernetes could allow a remote attacker to obtain sensitive information, caused by the exposure of the debugging endpoint /debug/pprof by default on Kubelet healthz port. An attacker could exploit this vulnerability to obtain internal Kubelet memory addresses and configuration or cause a denial of service. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/164836](<https://exchange.xforce.ibmcloud.com/vulnerabilities/164836>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L) \n \n**CVEID: **[CVE-2019-11250](<https://vulners.com/cve/CVE-2019-11250>) \n**DESCRIPTION: **Kubernetes could allow a remote attacker to obtain sensitive information, caused by storing credentials in the log by the client-go library. By sending a specially-crafted command, a remote attacker could exploit this vulnerability to obtain sensitive information and use this information to launch further attacks against the affected system. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/166710](<https://exchange.xforce.ibmcloud.com/vulnerabilities/166710>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) \n \n**CVEID: **[CVE-2019-11251](<https://vulners.com/cve/CVE-2019-11251>) \n**DESCRIPTION: **Kubernetes could allow a remote attacker to gain unauthorized access to the system, caused by an error in `kubectl cp` that allows a combination of two symlinks to copy a file outside of its destination directory. An attacker could exploit this vulnerability to write arbitrary files outside of the destination tree. \nCVSS Base score: 5.9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/168617](<https://exchange.xforce.ibmcloud.com/vulnerabilities/168617>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N)\n\n## Affected Products and Versions\n\nAffected Product(s) | Version(s) \n---|--- \nInfoSphere Information Server with a microservices tier | 11.7 \n \n## Remediation/Fixes\n\n_Product_ | _VRMF_ | _APAR_ | _Remediation/First Fix_ \n---|---|---|--- \nInfoSphere Information Server, Information Server on Cloud | 11.7 | [JR63311](<http://www.ibm.com/support/docview.wss?uid=swg1JR63311> \"JR63311\" ) | \\--Apply IBM InfoSphere Information Server version [11.7.1.0](<https://www.ibm.com/support/pages/node/878310>) \n\\--Apply IBM InfoSphere Information Server version [11.7.1.1](<https://www.ibm.com/support/pages/node/6209196> \"11.7.1.1\" ) \n\\--Apply IBM Information Server version [11.7.1.1 Service Pack 1](<https://www.ibm.com/support/pages/node/6438057> \"11.7.1.1 Service Pack 1\" ) \n \n \nFor Red Hat 8 installations contact IBM Customer support \n \n \n \n**Contact Technical Support:**\n\nIn the United States and Canada dial **1-800-IBM-SERV** \nView the support [contacts for other countries](<http://www.ibm.com/planetwide/> \"contacts for other countries\" ) outside of the United States. \nElectronically [open a Service Request](<http://www.ibm.com/software/support/probsub.html> \"open a Service Request\" ) with Information Server Technical Support.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 8.2, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 4.2}, "published": "2021-04-01T21:05:42", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in Kubernetes affect IBM InfoSphere Information Server", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-1002101", "CVE-2019-11246", "CVE-2019-11247", "CVE-2019-11248", "CVE-2019-11249", "CVE-2019-11250", "CVE-2019-11251", "CVE-2019-11253", "CVE-2019-11254", "CVE-2019-9511", "CVE-2019-9512", "CVE-2019-9513", "CVE-2019-9514", "CVE-2019-9515", "CVE-2019-9516", "CVE-2019-9517", "CVE-2019-9518"], "modified": "2021-04-01T21:05:42", "id": "7A8DF41BD76EC438451409A025AAD65BC78A02087B1DD7CD7F2F435E28BE86C0", "href": "https://www.ibm.com/support/pages/node/6436613", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-02-27T17:43:29", "description": "## Summary\n\nMultiple vulnerabilities in dependent libraries affect IBM\u00ae Db2\u00ae leading to denial of service or privilege escalation.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2019-9512](<https://vulners.com/cve/CVE-2019-9512>) \n** DESCRIPTION: **Multiple vendors are vulnerable to a denial of service, caused by a Ping Flood attack. By sending continual pings to an HTTP/2 peer, a remote attacker could consume excessive CPU resources. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/164903](<https://exchange.xforce.ibmcloud.com/vulnerabilities/164903>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2019-9514](<https://vulners.com/cve/CVE-2019-9514>) \n** DESCRIPTION: **Multiple vendors are vulnerable to a denial of service, caused by a Reset Flood attack. By opening a number of streams and sending an invalid request over each stream, a remote attacker could consume excessive CPU resources. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/164640](<https://exchange.xforce.ibmcloud.com/vulnerabilities/164640>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2019-9515](<https://vulners.com/cve/CVE-2019-9515>) \n** DESCRIPTION: **Multiple vendors are vulnerable to a denial of service, caused by a Settings Flood attack. By sending a stream of SETTINGS frames to the peer, a remote attacker could consume excessive CPU resources. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/165181](<https://exchange.xforce.ibmcloud.com/vulnerabilities/165181>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2019-9518](<https://vulners.com/cve/CVE-2019-9518>) \n** DESCRIPTION: **Multiple vendors are vulnerable to a denial of service, caused by a Empty Frame Flooding attack. By sending a stream of frames with an empty payload and without the end-of-stream flag, a remote attacker could consume excessive CPU resources. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/164904](<https://exchange.xforce.ibmcloud.com/vulnerabilities/164904>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2014-0114](<https://vulners.com/cve/CVE-2014-0114>) \n** DESCRIPTION: **Apache Struts could allow a remote attacker to execute arbitrary code on the system, caused by the failure to restrict the setting of Class Loader attributes. An attacker could exploit this vulnerability using the class parameter of an ActionForm object to manipulate the ClassLoader and execute arbitrary code on the system. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/92889](<https://exchange.xforce.ibmcloud.com/vulnerabilities/92889>) for the current score. \nCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P) \n \n** CVEID: **[CVE-2019-10086](<https://vulners.com/cve/CVE-2019-10086>) \n** DESCRIPTION: **Apache Commons Beanutils could allow a remote attacker to gain unauthorized access to the system, caused by the failure to suppresses the class property in bean introspection by default. An attacker could exploit this vulnerability to gain unauthorized access to the classloader. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/166353](<https://exchange.xforce.ibmcloud.com/vulnerabilities/166353>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2019-10202](<https://vulners.com/cve/CVE-2019-10202>) \n** DESCRIPTION: **Red Hat JBoss Enterprise Application Platform (EAP) could allow a remote attacker to execute arbitrary code on the system, caused by improper deserialization in Codehaus. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/168251](<https://exchange.xforce.ibmcloud.com/vulnerabilities/168251>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2019-10172](<https://vulners.com/cve/CVE-2019-10172>) \n** DESCRIPTION: **Jackson-mapper-asl could allow a remote attacker to obtain sensitive information, caused by an XML external entity (XXE) error when processing XML data. By sending a specially-crafted XML data, a remote attacker could exploit this vulnerability to obtain sensitive information. \nCVSS Base score: 5.9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/172436](<https://exchange.xforce.ibmcloud.com/vulnerabilities/172436>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N) \n \n** CVEID: **[CVE-2019-17571](<https://vulners.com/cve/CVE-2019-17571>) \n** DESCRIPTION: **Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by improper deserialization of untrusted data in SocketServer. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/173314](<https://exchange.xforce.ibmcloud.com/vulnerabilities/173314>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2019-12402](<https://vulners.com/cve/CVE-2019-12402>) \n** DESCRIPTION: **Apache Commons Compress is vulnerable to a denial of service, caused by an error in the internal file name encoding algorithm. By choosing the file names inside of a specially crafted archive, a remote attacker could exploit this vulnerability to cause the application to enter into an infinite loop. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/165956](<https://exchange.xforce.ibmcloud.com/vulnerabilities/165956>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2017-3734](<https://vulners.com/cve/CVE-2017-3734>) \n** DESCRIPTION: **Apache Commons Compress is vulnerable to a denial of service, caused by an error in the internal file name encoding algorithm. By choosing the file names inside of a specially crafted archive, a remote attacker could exploit this vulnerability to cause the application to enter into an infinite loop. \nCVSS Base score: 0 \nCVSS Vector: \n \n** CVEID: **[CVE-2019-16869](<https://vulners.com/cve/CVE-2019-16869>) \n** DESCRIPTION: **Netty is vulnerable to HTTP request smuggling, caused by a flaw when handling unusual whitespaces before the colon in HTTP headers. By sending a specially-crafted request, an attacker could exploit this vulnerability to poison the web cache, bypass web application firewall protection, and conduct XSS attacks. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/167672](<https://exchange.xforce.ibmcloud.com/vulnerabilities/167672>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2019-17195](<https://vulners.com/cve/CVE-2019-17195>) \n** DESCRIPTION: **Connect2id Nimbus JOSE+JWT is vulnerable to a denial of service, caused by the throwing of various uncaught exceptions while parsing a JWT. An attacker could exploit this vulnerability to crash the application or obtain sensitive information. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/169514](<https://exchange.xforce.ibmcloud.com/vulnerabilities/169514>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L) \n \n** CVEID: **[CVE-2017-18640](<https://vulners.com/cve/CVE-2017-18640>) \n** DESCRIPTION: **SnakeYAML is vulnerable to a denial of service, caused by an entity expansion in Alias feature during a load operation. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/174331](<https://exchange.xforce.ibmcloud.com/vulnerabilities/174331>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2019-0201](<https://vulners.com/cve/CVE-2019-0201>) \n** DESCRIPTION: **Apache ZooKeeper could allow a remote attacker to obtain sensitive information, caused by the failure to check permissions by the getACL() command. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to obtain sensitive information. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/161303](<https://exchange.xforce.ibmcloud.com/vulnerabilities/161303>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2014-3488](<https://vulners.com/cve/CVE-2014-3488>) \n** DESCRIPTION: **Netty is vulnerable to a denial of service, caused by an error in SslHandler. A remote attacker could exploit this vulnerability using a specially-crafted SSLv2Hello message to exhaust all available CPU resources and cause the application to enter into an infinite loop. \nCVSS Base score: 5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/95285](<https://exchange.xforce.ibmcloud.com/vulnerabilities/95285>) for the current score. \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n \n** CVEID: **[CVE-2015-2156](<https://vulners.com/cve/CVE-2015-2156>) \n** DESCRIPTION: **Netty could allow a remote attacker to bypass restrictions, caused by the improper validation of characters in a cookie name by the cookie parsing code. An attacker could exploit this vulnerability to bypass the HttpOnly flag in all Play applications and gain access to the system. \nCVSS Base score: 6.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/103239](<https://exchange.xforce.ibmcloud.com/vulnerabilities/103239>) for the current score. \nCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:N) \n \n** CVEID: **[CVE-2014-0193](<https://vulners.com/cve/CVE-2014-0193>) \n** DESCRIPTION: **Netty is vulnerable to a denial of service, caused by an error in the WebSocket08FrameDecoder implementation. A remote attacker could exploit this vulnerability to exhaust all available memory resources. \nCVSS Base score: 5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/93006](<https://exchange.xforce.ibmcloud.com/vulnerabilities/93006>) for the current score. \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n \n** CVEID: **[CVE-2017-12974](<https://vulners.com/cve/CVE-2017-12974>) \n** DESCRIPTION: **Connect2id Nimbus JOSE+JWT could provide weaker than expected security, caused by proceeding with ECKey construction without ensuring that the public x and y coordinates are on the specified curve. A remote attacker could exploit this vulnerability to conduct an Invalid Curve Attack. \nCVSS Base score: 7.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/130788](<https://exchange.xforce.ibmcloud.com/vulnerabilities/130788>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) \n \n** CVEID: **[CVE-2017-12973](<https://vulners.com/cve/CVE-2017-12973>) \n** DESCRIPTION: **Connect2id Nimbus JOSE+JWT could provide weaker than expected security, caused by proceeding improperly after detection of an invalid HMAC in authenticated AES-CBC decryption. A remote attacker could exploit this vulnerability to conduct a padding oracle attack. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/130789](<https://exchange.xforce.ibmcloud.com/vulnerabilities/130789>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2017-12972](<https://vulners.com/cve/CVE-2017-12972>) \n** DESCRIPTION: **Connect2id Nimbus JOSE+JWT could provide weaker than expected security, caused by the lack of integer-overflow check when converting length values from bytes to bits. A remote attacker could exploit this vulnerability to conduct a HMAC bypass attack. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/130790](<https://exchange.xforce.ibmcloud.com/vulnerabilities/130790>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2018-8012](<https://vulners.com/cve/CVE-2018-8012>) \n** DESCRIPTION: **Apache Zookeeper could allow a remote attacker to bypass security restrictions, caused by the failure to enforce authentication or authorization when a server attempts to join a quorum. An attacker could exploit this vulnerability to join the cluster and begin propagating counterfeit changes to the leader. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/143565](<https://exchange.xforce.ibmcloud.com/vulnerabilities/143565>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N) \n \n** CVEID: **[CVE-2017-5637](<https://vulners.com/cve/CVE-2017-5637>) \n** DESCRIPTION: **Apache Zookeeper is vulnerable to a denial of service, caused by the improper handling of the wchp command. By sending a specially-crafted wchp command, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/121602](<https://exchange.xforce.ibmcloud.com/vulnerabilities/121602>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2018-11771](<https://vulners.com/cve/CVE-2018-11771>) \n** DESCRIPTION: **Apache Commons Compress is vulnerable to a denial of service, caused by the failure to return the correct EOF indication after the end of the stream has been reached by the ZipArchiveInputStream method. By reading a specially crafted ZIP archive, a remote attacker could exploit this vulnerability to cause the application to enter into an infinite loop. \nCVSS Base score: 3.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/148429](<https://exchange.xforce.ibmcloud.com/vulnerabilities/148429>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2018-10237](<https://vulners.com/cve/CVE-2018-10237>) \n** DESCRIPTION: **Google Guava is vulnerable to a denial of service, caused by improper eager allocation checks in the AtomicDoubleArray and CompoundOrdering class. By sending a specially-crafted data, a remote attacker could exp