A malicious client could perform a DoS attack by flooding a connection with requests and basically never reading responses on the TCP connection. Depending on h2 worker dimensioning, it was possible to block those with relatively few connections.

CPENameOperatorVersion
apache httpdeq2.4.39
apache httpdeq2.4.38
apache httpdeq2.4.37
apache httpdeq2.4.35
apache httpdeq2.4.34
apache httpdeq2.4.33
apache httpdeq2.4.32
apache httpdeq2.4.29
apache httpdeq2.4.28
apache httpdeq2.4.27

Name	Operator	Version
apache httpd	eq	2.4.39
apache httpd	eq	2.4.38
apache httpd	eq	2.4.37
apache httpd	eq	2.4.35
apache httpd	eq	2.4.34
apache httpd	eq	2.4.33
apache httpd	eq	2.4.32
apache httpd	eq	2.4.29
apache httpd	eq	2.4.28
apache httpd	eq	2.4.27

Rows per page:

1-10 of 141

debiancve 1

nessus 38

prion 2

symantec 2

osv 4

redhat 13

alpinelinux 1

veracode 1

redhatcve 1

ubuntucve 1

cve 2

ibm 45

openvas 25

amazon 2

fedora 5

oraclelinux 2

f5 1

debian 2

freebsd 2

kaspersky 1

slackware 1

mageia 2

suse 3

gentoo 1

altlinux 1

ubuntu 2

nodejsblog 1

cloudfoundry 1

fortinet 1

myhack58 1

threatpost 1

almalinux 1

rocky 1

cert 1

oracle 2

debiancve

CVE-2019-9517

2019-08-13 21:15:00

nessus

RHEL 8 : httpd:2.4 (RHSA-2019:2893) (Internal Data Buffering)

2019-09-25 00:00:00

CentOS 8 : httpd:2.4 (CESA-2019:2893)

2021-01-29 00:00:00

Oracle Linux 8 : httpd:2.4 (ELSA-2019-2893) (Internal Data Buffering)

2019-09-25 00:00:00

prion

Design/Logic Flaw

2019-08-13 21:15:00

Code injection

2019-09-11 15:15:00

symantec

HTTP/2 CVE-2019-9517 Remote Denial of Service Vulnerability

2019-08-13 00:00:00

Apache HTTP Server Vulnerabilities Jan 2019 - Apr 2020

2020-06-12 20:41:37

osv

CVE-2019-9517

2019-08-13 21:15:12

apache2 - security update

2019-08-26 00:00:00

Important: nodejs:10 security update

2019-09-30 07:07:29

redhat

(RHSA-2019:2893) Important: httpd:2.4 security update

2019-09-24 13:40:44

(RHSA-2019:2950) Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.29 SP3 security update

2019-10-01 11:44:36

(RHSA-2019:2949) Important: httpd24-httpd and httpd24-nghttp2 security update

2019-10-01 11:23:22

alpinelinux

CVE-2019-9517

2019-08-13 21:15:00

veracode

Denial Of Service (DoS)

2019-10-01 00:17:28

redhatcve

CVE-2019-9517

2021-03-21 00:51:26

ubuntucve

CVE-2019-9517

2019-08-13 00:00:00

cve

CVE-2019-9517

2019-08-13 21:15:00

CVE-2019-3644

2019-09-11 15:15:00

ibm

Security Bulletin: Aspera Web Application (Faspex, Console, Orchestrator, Shares) are affected by Apache vulnerabilities (CVE-2019-9517, CVE-2019-10097)

2020-02-07 02:17:54

Security Bulletin: Multiple vulnerabilities in the IBM i HTTP Server affect IBM i.

2019-12-18 14:26:38

Security Bulletin: IBM Cloud Transformation Advisor is affected by vulnerabilities in WebSphere Application Server Liberty (CVE-2019-9515, CVE-2019-9518, CVE-2019-9517, CVE-2019-9512, CVE-2019-9514, CVE-2019-9513)

2020-03-19 18:41:30

openvas

Apache HTTP Server 2.4.20 - 2.4.39 Multiple Vulnerabilities - Linux

2019-10-18 00:00:00

Apache HTTP Server 2.4.20 - 2.4.39 Multiple Vulnerabilities - Windows

2019-10-18 00:00:00

Fedora Update for mod_http2 FEDORA-2019-63ba15cc83

2019-08-31 00:00:00

amazon

Important: mod_http2

2019-10-28 17:43:00

Medium: httpd24

2019-10-18 23:22:00

fedora

[SECURITY] Fedora 30 Update: mod_http2-1.15.3-2.fc30

2019-08-30 14:21:13

[SECURITY] Fedora 29 Update: mod_http2-1.15.3-2.fc29

2019-08-30 00:51:34

[SECURITY] Fedora 30 Update: nodejs-10.19.0-1.fc30

2020-02-23 01:09:36

oraclelinux

httpd:2.4 security update

2019-09-24 00:00:00

nodejs:10 security update

2019-09-30 00:00:00

K02591030 : HTTP/2 vulnerabilities CVE-2019-9511, CVE-2019-9513, CVE-2019-9516, and CVE-2019-9517

2019-08-20 00:00:00

debian

[SECURITY] [DSA 4509-1] apache2 security update

2019-08-26 19:52:07

[SECURITY] [DSA 4509-1] apache2 security update

2019-08-26 19:52:07

freebsd

Apache -- Multiple vulnerabilities

2019-08-14 00:00:00

Node.js -- multiple vulnerabilities

2019-08-16 00:00:00

kaspersky

KLA12366 Multiple vulnerabilities in Apache HTTP Server

2019-08-14 00:00:00

slackware

[slackware-security] httpd

2020-03-31 19:45:57

mageia

Updated apache packages fix security vulnerabilities

2019-12-25 22:08:41

Updated nodejs packages fix security vulnerabilities

2020-09-27 23:06:37

suse

Security update for apache2 (important)

2019-09-02 00:00:00

Security update for nodejs8 (important)

2019-09-11 00:00:00

Security update for nodejs10 (important)

2019-09-11 00:00:00

gentoo

Apache: Multiple vulnerabilities

2019-09-06 00:00:00

altlinux

Security fix for the ALT Linux 10 package node version 10.16.3-alt1

2019-08-30 00:00:00

ubuntu

Apache HTTP Server regression

2019-09-17 00:00:00

Apache HTTP Server vulnerabilities

2019-08-29 00:00:00

nodejsblog

August 2019 Security Releases

2019-08-16 00:00:00

cloudfoundry

Various HTTP2 CVEs: Some Cloud Foundry products are impacted by HTTP denial of service attacks | Cloud Foundry

2019-12-03 00:00:00

fortinet

HTTP/2 Multiple DoS Attacks (VU#605641)

2019-09-03 00:00:00

myhack58

HTTP/2 denial of service attack vulnerability alerts-a vulnerability alert-the black bar safety net

2019-08-14 00:00:00

threatpost

HTTP Bugs Open Websites to DoS Attacks

2019-08-15 19:20:38

almalinux

Important: nodejs:10 security update

2019-09-30 07:07:29

rocky

nodejs:10 security update

2019-09-30 07:07:29

cert

HTTP/2 implementations do not robustly handle abnormal traffic and resource exhaustion

2019-08-13 00:00:00

oracle

Oracle Critical Patch Update Advisory - October 2019

2020-01-22 00:00:00

Oracle Critical Patch Update Advisory - April 2020

2020-04-14 00:00:00

Products

Security Intelligence
Non-intrusive assessment
Developers SDK
Windows scanner
Linux scanner
Perimeter control tool
MSSP

Database

Vulnerabilities
Exploits
IOC
Security News
BugBounty
Popular
Wild Exploited
Top Vulnerabilities

Tools

Linux Security Scanner
API integration
Subscriptions
Plugins
Manual Audit

Learn More

Stats
API
Docs
Api-keys
License
Pricing
Glossary
FAQ

Company

Blog
Contacts
About Us
OpenSource
EULA
Brand Guideline
Privacy Policy

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.If you are an owner of some content and want it to be removed, please contact us. Using Vulners services you are accepting Vulners services end-user license agreement

@2024 Vulners Inc

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.8 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

0.036 Low

EPSS

Percentile

91.5%

JSON

Related for HTTPD:109158785130C454EF1D1CDDD4417560