ID RHSA-2019:2775 Type redhat Reporter RedHat Modified 2019-09-17T00:27:24
Description
nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage.
Security Fix(es):
HTTP/2: large amount of data request leads to denial of service (CVE-2019-9511)
HTTP/2: flood using PRIORITY frames resulting in excessive resource consumption (CVE-2019-9513)
HTTP/2: 0-length headers leads to denial of service (CVE-2019-9516)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
{"f5": [{"lastseen": "2020-04-06T22:40:06", "bulletinFamily": "software", "cvelist": ["CVE-2019-9511", "CVE-2019-9517", "CVE-2019-9513", "CVE-2019-9516"], "description": "\nF5 Product Development has evaluated the currently supported releases for potential vulnerability, and no F5 products were found to be vulnerable.\n\nNone\n\n * [K51812227: Understanding Security Advisory versioning](<https://support.f5.com/csp/article/K51812227>)\n * [K41942608: Overview of AskF5 Security Advisory articles](<https://support.f5.com/csp/article/K41942608>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n", "edition": 1, "modified": "2019-08-20T05:41:00", "published": "2019-08-20T05:41:00", "id": "F5:K02591030", "href": "https://support.f5.com/csp/article/K02591030", "title": "HTTP/2 vulnerabilities CVE-2019-9511, CVE-2019-9513, CVE-2019-9516, and CVE-2019-9517", "type": "f5", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "cve": [{"lastseen": "2021-01-21T14:21:03", "description": "Some HTTP/2 implementations are vulnerable to resource loops, potentially leading to a denial of service. The attacker creates multiple request streams and continually shuffles the priority of the streams in a way that causes substantial churn to the priority tree. This can consume excess CPU.", "edition": 35, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2019-08-13T21:15:00", "title": "CVE-2019-9513", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-9513"], "modified": "2021-01-20T15:15:00", "cpe": ["cpe:/a:synology:diskstation_manager:6.2", "cpe:/o:opensuse:leap:15.0", "cpe:/o:canonical:ubuntu_linux:18.04", "cpe:/a:apache:traffic_server:7.1.6", "cpe:/o:debian:debian_linux:10.0", "cpe:/a:redhat:jboss_enterprise_application_platform:7.3.0", "cpe:/o:fedoraproject:fedora:29", "cpe:/o:fedoraproject:fedora:30", "cpe:/o:opensuse:leap:15.1", "cpe:/o:synology:vs960hd_firmware:-", "cpe:/a:redhat:jboss_enterprise_application_platform:7.2.0", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/a:apache:traffic_server:8.0.3", "cpe:/a:redhat:software_collections:1.0", "cpe:/a:apache:traffic_server:6.2.3", "cpe:/a:apple:swiftnio:1.4.0", "cpe:/o:canonical:ubuntu_linux:19.04", "cpe:/a:redhat:openshift_service_mesh:1.0", "cpe:/o:redhat:enterprise_linux:8.0", "cpe:/a:nginx:nginx:1.17.2", "cpe:/a:redhat:jboss_core_services:1.0", "cpe:/a:oracle:graalvm:19.2.0", "cpe:/a:synology:skynas:-", "cpe:/a:redhat:quay:3.0.0", "cpe:/o:debian:debian_linux:9.0"], "id": "CVE-2019-9513", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-9513", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}, "cpe23": ["cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:quay:3.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:apache:traffic_server:6.2.3:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*", "cpe:2.3:a:apache:traffic_server:7.1.6:*:*:*:*:*:*:*", "cpe:2.3:o:synology:vs960hd_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "cpe:2.3:a:apple:swiftnio:1.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:jboss_core_services:1.0:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.2.0:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:software_collections:1.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:graalvm:19.2.0:*:*:*:enterprise:*:*:*", "cpe:2.3:a:redhat:openshift_service_mesh:1.0:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*", "cpe:2.3:a:apache:traffic_server:8.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:synology:skynas:-:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:1.17.2:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.3.0:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "cpe:2.3:a:synology:diskstation_manager:6.2:*:*:*:*:*:*:*"]}, {"lastseen": "2021-01-21T14:21:03", "description": "Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service. The attacker requests a large amount of data from a specified resource over multiple streams. They manipulate window size and stream priority to force the server to queue the data in 1-byte chunks. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both.", "edition": 37, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2019-08-13T21:15:00", "title": "CVE-2019-9511", "type": "cve", "cwe": ["CWE-770"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-9511"], "modified": "2021-01-20T15:15:00", "cpe": ["cpe:/a:synology:diskstation_manager:6.2", "cpe:/o:opensuse:leap:15.0", "cpe:/o:canonical:ubuntu_linux:18.04", "cpe:/a:apache:traffic_server:7.1.6", "cpe:/o:debian:debian_linux:10.0", "cpe:/a:redhat:jboss_enterprise_application_platform:7.3.0", "cpe:/o:fedoraproject:fedora:29", "cpe:/o:fedoraproject:fedora:30", "cpe:/o:opensuse:leap:15.1", "cpe:/o:synology:vs960hd_firmware:-", "cpe:/a:redhat:jboss_enterprise_application_platform:7.2.0", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/a:apache:traffic_server:8.0.3", "cpe:/a:redhat:software_collections:1.0", "cpe:/a:apache:traffic_server:6.2.3", "cpe:/a:apple:swiftnio:1.4.0", "cpe:/o:canonical:ubuntu_linux:19.04", "cpe:/a:redhat:openshift_service_mesh:1.0", "cpe:/o:redhat:enterprise_linux:8.0", "cpe:/a:nginx:nginx:1.17.2", "cpe:/a:redhat:jboss_core_services:1.0", "cpe:/a:oracle:graalvm:19.2.0", "cpe:/a:synology:skynas:-", "cpe:/a:redhat:quay:3.0.0", "cpe:/o:debian:debian_linux:9.0"], "id": "CVE-2019-9511", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-9511", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}, "cpe23": ["cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:quay:3.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:apache:traffic_server:6.2.3:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*", "cpe:2.3:a:apache:traffic_server:7.1.6:*:*:*:*:*:*:*", "cpe:2.3:o:synology:vs960hd_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "cpe:2.3:a:apple:swiftnio:1.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:jboss_core_services:1.0:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.2.0:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:software_collections:1.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:graalvm:19.2.0:*:*:*:enterprise:*:*:*", "cpe:2.3:a:redhat:openshift_service_mesh:1.0:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*", "cpe:2.3:a:apache:traffic_server:8.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:synology:skynas:-:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:1.17.2:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.3.0:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "cpe:2.3:a:synology:diskstation_manager:6.2:*:*:*:*:*:*:*"]}, {"lastseen": "2021-01-16T12:48:57", "description": "Some HTTP/2 implementations are vulnerable to a header leak, potentially leading to a denial of service. The attacker sends a stream of headers with a 0-length header name and 0-length header value, optionally Huffman encoded into 1-byte or greater headers. Some implementations allocate memory for these headers and keep the allocation alive until the session dies. This can consume excess memory.", "edition": 31, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2019-08-13T21:15:00", "title": "CVE-2019-9516", "type": "cve", "cwe": ["CWE-770"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-9516"], "modified": "2021-01-16T03:15:00", "cpe": ["cpe:/a:synology:diskstation_manager:6.2", "cpe:/o:opensuse:leap:15.0", "cpe:/o:canonical:ubuntu_linux:18.04", "cpe:/a:apache:traffic_server:7.1.6", "cpe:/o:debian:debian_linux:10.0", "cpe:/a:redhat:jboss_enterprise_application_platform:7.3.0", "cpe:/o:fedoraproject:fedora:29", "cpe:/o:fedoraproject:fedora:30", "cpe:/o:opensuse:leap:15.1", "cpe:/o:synology:vs960hd_firmware:-", "cpe:/a:redhat:jboss_enterprise_application_platform:7.2.0", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/a:apache:traffic_server:8.0.3", "cpe:/a:redhat:software_collections:1.0", "cpe:/a:apache:traffic_server:6.2.3", "cpe:/a:apple:swiftnio:1.4.0", "cpe:/o:canonical:ubuntu_linux:19.04", "cpe:/a:redhat:openshift_service_mesh:1.0", "cpe:/o:redhat:enterprise_linux:8.0", "cpe:/a:nginx:nginx:1.17.2", "cpe:/a:redhat:jboss_core_services:1.0", "cpe:/a:oracle:graalvm:19.2.0", "cpe:/a:synology:skynas:-", "cpe:/a:redhat:quay:3.0.0", "cpe:/o:debian:debian_linux:9.0"], "id": "CVE-2019-9516", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-9516", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}, "cpe23": ["cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:quay:3.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:apache:traffic_server:6.2.3:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*", "cpe:2.3:a:apache:traffic_server:7.1.6:*:*:*:*:*:*:*", "cpe:2.3:o:synology:vs960hd_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "cpe:2.3:a:apple:swiftnio:1.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:jboss_core_services:1.0:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.2.0:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:software_collections:1.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:graalvm:19.2.0:*:*:*:enterprise:*:*:*", "cpe:2.3:a:redhat:openshift_service_mesh:1.0:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*", "cpe:2.3:a:apache:traffic_server:8.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:synology:skynas:-:*:*:*:*:*:*:*", "cpe:2.3:a:nginx:nginx:1.17.2:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.3.0:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "cpe:2.3:a:synology:diskstation_manager:6.2:*:*:*:*:*:*:*"]}], "archlinux": [{"lastseen": "2020-09-22T18:36:40", "bulletinFamily": "unix", "cvelist": ["CVE-2019-9511", "CVE-2019-9513", "CVE-2019-9516"], "description": "Arch Linux Security Advisory ASA-201908-12\n==========================================\n\nSeverity: Medium\nDate : 2019-08-16\nCVE-ID : CVE-2019-9511 CVE-2019-9513 CVE-2019-9516\nPackage : nginx-mainline\nType : denial of service\nRemote : Yes\nLink : https://security.archlinux.org/AVG-1022\n\nSummary\n=======\n\nThe package nginx-mainline before version 1.17.3-1 is vulnerable to\ndenial of service.\n\nResolution\n==========\n\nUpgrade to 1.17.3-1.\n\n# pacman -Syu \"nginx-mainline>=1.17.3-1\"\n\nThe problems have been fixed upstream in version 1.17.3.\n\nWorkaround\n==========\n\nDisable http/2 support.\n\nDescription\n===========\n\n- CVE-2019-9511 (denial of service)\n\nAn issue has been found in several HTTP/2 implementations, where the\nattacker requests a large amount of data from a specified resource over\nmultiple streams. They manipulate window size and stream priority to\nforce the server to queue the data in 1-byte chunks. Depending on how\nefficiently this data is queued, this can consume excess CPU, memory,\nor both, potentially leading to a denial of service.\n\n- CVE-2019-9513 (denial of service)\n\nAn issue has been found in several HTTP/2 implementations, where the\nattacker creates multiple request streams and continually shuffles the\npriority of the streams in a way that causes substantial churn to the\npriority tree. This can consume excess CPU, potentially leading to a\ndenial of service.\n\n- CVE-2019-9516 (denial of service)\n\nAn issue has been found in several HTTP/2 implementations, where the\nattacker sends a stream of headers with a 0-length header name and\n0-length header value, optionally Huffman encoded into 1-byte or\ngreater headers. Some implementations allocate memory for these headers\nand keep the allocation alive until the session dies. This can consume\nexcess memory, potentially leading to a denial of service.\n\nImpact\n======\n\nA remote attacker is able cause a denial of service by sending a\nspecially crafted packet.\n\nReferences\n==========\n\nhttps://mailman.nginx.org/pipermail/nginx-announce/2019/000249.html\nhttps://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md\nhttps://github.com/nginx/nginx/commit/a987f81dd19210bc30b62591db331e31d3d74089\nhttps://github.com/nginx/nginx/commit/5ae726912654da10a9a81b2c8436829f3e94f69f\nhttps://github.com/nginx/nginx/commit/6dfbc8b1c2116f362bb871efebbf9df576738e89\nhttps://security.archlinux.org/CVE-2019-9511\nhttps://security.archlinux.org/CVE-2019-9513\nhttps://security.archlinux.org/CVE-2019-9516", "modified": "2019-08-16T00:00:00", "published": "2019-08-16T00:00:00", "id": "ASA-201908-12", "href": "https://security.archlinux.org/ASA-201908-12", "type": "archlinux", "title": "[ASA-201908-12] nginx-mainline: denial of service", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-09-22T18:36:40", "bulletinFamily": "unix", "cvelist": ["CVE-2019-9511", "CVE-2019-9513", "CVE-2019-9516"], "description": "Arch Linux Security Advisory ASA-201908-13\n==========================================\n\nSeverity: Medium\nDate : 2019-08-16\nCVE-ID : CVE-2019-9511 CVE-2019-9513 CVE-2019-9516\nPackage : nginx\nType : denial of service\nRemote : Yes\nLink : https://security.archlinux.org/AVG-1023\n\nSummary\n=======\n\nThe package nginx before version 1.16.1-1 is vulnerable to denial of\nservice.\n\nResolution\n==========\n\nUpgrade to 1.16.1-1.\n\n# pacman -Syu \"nginx>=1.16.1-1\"\n\nThe problems have been fixed upstream in version 1.16.1.\n\nWorkaround\n==========\n\nDisable http/2 support.\n\nDescription\n===========\n\n- CVE-2019-9511 (denial of service)\n\nAn issue has been found in several HTTP/2 implementations, where the\nattacker requests a large amount of data from a specified resource over\nmultiple streams. They manipulate window size and stream priority to\nforce the server to queue the data in 1-byte chunks. Depending on how\nefficiently this data is queued, this can consume excess CPU, memory,\nor both, potentially leading to a denial of service.\n\n- CVE-2019-9513 (denial of service)\n\nAn issue has been found in several HTTP/2 implementations, where the\nattacker creates multiple request streams and continually shuffles the\npriority of the streams in a way that causes substantial churn to the\npriority tree. This can consume excess CPU, potentially leading to a\ndenial of service.\n\n- CVE-2019-9516 (denial of service)\n\nAn issue has been found in several HTTP/2 implementations, where the\nattacker sends a stream of headers with a 0-length header name and\n0-length header value, optionally Huffman encoded into 1-byte or\ngreater headers. Some implementations allocate memory for these headers\nand keep the allocation alive until the session dies. This can consume\nexcess memory, potentially leading to a denial of service.\n\nImpact\n======\n\nA remote attacker is able cause a denial of service by sending a\nspecially crafted packet.\n\nReferences\n==========\n\nhttps://mailman.nginx.org/pipermail/nginx-announce/2019/000249.html\nhttps://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md\nhttps://github.com/nginx/nginx/commit/a987f81dd19210bc30b62591db331e31d3d74089\nhttps://github.com/nginx/nginx/commit/5ae726912654da10a9a81b2c8436829f3e94f69f\nhttps://github.com/nginx/nginx/commit/6dfbc8b1c2116f362bb871efebbf9df576738e89\nhttps://security.archlinux.org/CVE-2019-9511\nhttps://security.archlinux.org/CVE-2019-9513\nhttps://security.archlinux.org/CVE-2019-9516", "modified": "2019-08-16T00:00:00", "published": "2019-08-16T00:00:00", "id": "ASA-201908-13", "href": "https://security.archlinux.org/ASA-201908-13", "type": "archlinux", "title": "[ASA-201908-13] nginx: denial of service", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-09-22T18:36:40", "bulletinFamily": "unix", "cvelist": ["CVE-2019-9511", "CVE-2019-9513"], "description": "Arch Linux Security Advisory ASA-201908-17\n==========================================\n\nSeverity: Medium\nDate : 2019-08-27\nCVE-ID : CVE-2019-9511 CVE-2019-9513\nPackage : libnghttp2\nType : denial of service\nRemote : Yes\nLink : https://security.archlinux.org/AVG-1024\n\nSummary\n=======\n\nThe package libnghttp2 before version 1.39.2-1 is vulnerable to denial\nof service.\n\nResolution\n==========\n\nUpgrade to 1.39.2-1.\n\n# pacman -Syu \"libnghttp2>=1.39.2-1\"\n\nThe problems have been fixed upstream in version 1.39.2.\n\nWorkaround\n==========\n\nNone.\n\nDescription\n===========\n\n- CVE-2019-9511 (denial of service)\n\nAn issue has been found in several HTTP/2 implementations, where the\nattacker requests a large amount of data from a specified resource over\nmultiple streams. They manipulate window size and stream priority to\nforce the server to queue the data in 1-byte chunks. Depending on how\nefficiently this data is queued, this can consume excess CPU, memory,\nor both, potentially leading to a denial of service.\n\n- CVE-2019-9513 (denial of service)\n\nAn issue has been found in several HTTP/2 implementations, where the\nattacker creates multiple request streams and continually shuffles the\npriority of the streams in a way that causes substantial churn to the\npriority tree. This can consume excess CPU, potentially leading to a\ndenial of service.\n\nImpact\n======\n\nA remote attacker is able to cause a denial of service by sending a\nspecially crafted packet.\n\nReferences\n==========\n\nhttps://github.com/nghttp2/nghttp2/releases/tag/v1.39.2\nhttps://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md\nhttps://github.com/nginx/nginx/commit/a987f81dd19210bc30b62591db331e31d3d74089\nhttps://github.com/nginx/nginx/commit/5ae726912654da10a9a81b2c8436829f3e94f69f\nhttps://security.archlinux.org/CVE-2019-9511\nhttps://security.archlinux.org/CVE-2019-9513", "modified": "2019-08-27T00:00:00", "published": "2019-08-27T00:00:00", "id": "ASA-201908-17", "href": "https://security.archlinux.org/ASA-201908-17", "type": "archlinux", "title": "[ASA-201908-17] libnghttp2: denial of service", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "oraclelinux": [{"lastseen": "2020-12-30T19:24:09", "bulletinFamily": "unix", "cvelist": ["CVE-2019-9511", "CVE-2019-9513", "CVE-2019-9516"], "description": "[1:1.14.1-9.0.1]\n- Remove Red Hat references [Orabug: 29498217]\n[1:1.14.1-9]\n- Resolves: #1744811 - CVE-2019-9511 nginx:1.14/nginx: HTTP/2: large amount of\n data request leads to denial of service\n- Resolves: #1744325 - CVE-2019-9513 nginx:1.14/nginx: HTTP/2: flood using\n PRIORITY frames resulting in excessive resource consumption\n- Resolves: #1745094 - CVE-2019-9516 nginx:1.14/nginx: HTTP/2: 0-length\n headers leads to denial of service", "edition": 2, "modified": "2019-09-19T00:00:00", "published": "2019-09-19T00:00:00", "id": "ELSA-2019-2799", "href": "http://linux.oracle.com/errata/ELSA-2019-2799.html", "title": "nginx:1.14 security update", "type": "oraclelinux", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-09-11T02:45:43", "bulletinFamily": "unix", "cvelist": ["CVE-2019-9511", "CVE-2019-9513"], "description": "[1.33.0-1.el8_0_0.1]\n- backport security fixes from nghttp2-1.39.2 (CVE-2019-9511 and CVE-2019-9513)", "edition": 1, "modified": "2019-09-10T00:00:00", "published": "2019-09-10T00:00:00", "id": "ELSA-2019-2692", "href": "http://linux.oracle.com/errata/ELSA-2019-2692.html", "title": "nghttp2 security update", "type": "oraclelinux", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-07-06T17:28:01", "bulletinFamily": "unix", "cvelist": ["CVE-2020-11080", "CVE-2019-9511", "CVE-2019-9513"], "description": "[1.33.0-3.el8_2.1]\n- prevent DoS caused by overly large SETTINGS frames (CVE-2020-11080)\n[1.33.0-3]\n- rebuild to trigger gating (#1681044)\n[1.33.0-2]\n- backport security fixes from nghttp2-1.39.2 (CVE-2019-9511 and CVE-2019-9513)", "edition": 2, "modified": "2020-07-06T00:00:00", "published": "2020-07-06T00:00:00", "id": "ELSA-2020-2755", "href": "http://linux.oracle.com/errata/ELSA-2020-2755.html", "title": "nghttp2 security update", "type": "oraclelinux", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-12-30T19:18:10", "bulletinFamily": "unix", "cvelist": ["CVE-2019-9511", "CVE-2019-9517", "CVE-2019-9516"], "description": "httpd\n[2.4.37-12.0.1]\n- Set vstring per ORACLE_SUPPORT_PRODUCT [Orabug: 29892262]\n- Replace index.html with Oracle's index page oracle_index.html\n[2.4.37-12]\n- Resolves: #1744997 - CVE-2019-9511 httpd:2.4/mod_http2: HTTP/2: large amount\n of data request leads to denial of service\n- Resolves: #1745084 - CVE-2019-9516 httpd:2.4/mod_http2: HTTP/2: 0-length\n headers leads to denial of service\n- Resolves: #1745152 - CVE-2019-9517 httpd:2.4/mod_http2: HTTP/2: request\n for large response leads to denial of service\nmod_http2\n[1.11.3-3]\n- Resolves: #1744997 - CVE-2019-9511 httpd:2.4/mod_http2: HTTP/2: large amount\n of data request leads to denial of service\n- Resolves: #1745084 - CVE-2019-9516 httpd:2.4/mod_http2: HTTP/2: 0-length\n headers leads to denial of service\n- Resolves: #1745152 - CVE-2019-9517 httpd:2.4/mod_http2: HTTP/2: request\n for large response leads to denial of service", "edition": 2, "modified": "2019-09-24T00:00:00", "published": "2019-09-24T00:00:00", "id": "ELSA-2019-2893", "href": "http://linux.oracle.com/errata/ELSA-2019-2893.html", "title": "httpd:2.4 security update", "type": "oraclelinux", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "suse": [{"lastseen": "2019-10-06T16:28:10", "bulletinFamily": "unix", "cvelist": ["CVE-2019-9511", "CVE-2019-9513", "CVE-2019-9516"], "description": "This update for nginx fixes the following issues:\n\n Security issues fixed:\n\n - CVE-2019-9511: Fixed a denial of service by manipulating the window size\n and stream prioritization (bsc#1145579).\n - CVE-2019-9513: Fixed a denial of service caused by resource loops\n (bsc#1145580).\n - CVE-2019-9516: Fixed a denial of service caused by header leaks\n (bsc#1145582).\n\n This update was imported from the SUSE:SLE-15:Update update project.\n\n", "edition": 1, "modified": "2019-10-06T15:16:50", "published": "2019-10-06T15:16:50", "id": "OPENSUSE-SU-2019:2264-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00014.html", "title": "Security update for nginx (moderate)", "type": "suse", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-10-01T20:27:14", "bulletinFamily": "unix", "cvelist": ["CVE-2019-9511", "CVE-2019-9513"], "description": "This update for nghttp2 fixes the following issues:\n\n Security issues fixed:\n\n - CVE-2019-9513: Fixed HTTP/2 implementation that is vulnerable to\n resource loops, potentially leading to a denial of service (bsc#1146184).\n - CVE-2019-9511: Fixed HTTP/2 implementations that are vulnerable to\n window size manipulation and stream prioritization manipulation,\n potentially leading to a denial of service (bsc#11461).\n\n Bug fixes and enhancements:\n\n - Fixed mistake in spec file (bsc#1125689)\n - Fixed build issue with boost 1.70.0 (bsc#1134616)\n - Feature: Add W&S module (FATE#326776, bsc#1112438)\n\n This update was imported from the SUSE:SLE-15:Update update project.\n\n", "edition": 1, "modified": "2019-10-01T18:22:39", "published": "2019-10-01T18:22:39", "id": "OPENSUSE-SU-2019:2232-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00003.html", "title": "Security update for nghttp2 (moderate)", "type": "suse", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-10-01T22:27:43", "bulletinFamily": "unix", "cvelist": ["CVE-2019-9511", "CVE-2019-9513"], "description": "This update for nghttp2 fixes the following issues:\n\n Security issues fixed:\n\n - CVE-2019-9513: Fixed HTTP/2 implementation that is vulnerable to\n resource loops, potentially leading to a denial of service (bsc#1146184).\n - CVE-2019-9511: Fixed HTTP/2 implementations that are vulnerable to\n window size manipulation and stream prioritization manipulation,\n potentially leading to a denial of service (bsc#11461).\n\n Bug fixes and enhancements:\n\n - Fixed mistake in spec file (bsc#1125689)\n - Fixed build issue with boost 1.70.0 (bsc#1134616)\n - Feature: Add W&S module (FATE#326776, bsc#1112438)\n\n This update was imported from the SUSE:SLE-15:Update update project.\n\n", "edition": 1, "modified": "2019-10-01T21:13:42", "published": "2019-10-01T21:13:42", "id": "OPENSUSE-SU-2019:2234-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00005.html", "title": "Security update for nghttp2 (moderate)", "type": "suse", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-09-11T02:46:35", "bulletinFamily": "unix", "cvelist": ["CVE-2019-9511", "CVE-2019-9513", "CVE-2018-16843", "CVE-2018-16845", "CVE-2018-16844", "CVE-2019-9516"], "description": "This update for nginx fixes the following issues:\n\n Security issues fixed:\n\n - CVE-2019-9511: Fixed a denial of service by manipulating the window size\n and stream prioritization (bsc#1145579).\n - CVE-2019-9513: Fixed a denial of service caused by resource loops\n (bsc#1145580).\n - CVE-2019-9516: Fixed a denial of service caused by header leaks\n (bsc#1145582).\n - CVE-2018-16845: Fixed denial of service and memory disclosure via mp4\n module (bsc#1115015).\n - CVE-2018-16843: Fixed excessive memory consumption in HTTP/2\n implementation (bsc#1115022).\n - CVE-2018-16844: Fixed excessive CPU usage via flaw in HTTP/2\n implementation (bsc#1115025).\n\n This update was imported from the SUSE:SLE-15-SP1:Update update project.\n\n", "edition": 1, "modified": "2019-09-11T00:19:02", "published": "2019-09-11T00:19:02", "id": "OPENSUSE-SU-2019:2120-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00035.html", "title": "Security update for nginx (important)", "type": "suse", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "ubuntu": [{"lastseen": "2020-07-02T11:38:48", "bulletinFamily": "unix", "cvelist": ["CVE-2019-9511", "CVE-2019-9513", "CVE-2019-9516"], "description": "Jonathan Looney discovered that nginx incorrectly handled the HTTP/2 \nimplementation. A remote attacker could possibly use this issue to consume \nresources, leading to a denial of service.", "edition": 3, "modified": "2019-08-15T00:00:00", "published": "2019-08-15T00:00:00", "id": "USN-4099-1", "href": "https://ubuntu.com/security/notices/USN-4099-1", "title": "nginx vulnerabilities", "type": "ubuntu", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "fedora": [{"lastseen": "2020-12-21T08:17:55", "bulletinFamily": "unix", "cvelist": ["CVE-2019-9511", "CVE-2019-9513", "CVE-2019-9516"], "description": "Nginx is a web server and a reverse proxy server for HTTP, SMTP, POP3 and IMAP protocols, with a strong focus on high concurrency, performance and low memory usage. ", "modified": "2019-08-22T01:18:25", "published": "2019-08-22T01:18:25", "id": "FEDORA:9F6F160E8891", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 30 Update: nginx-1.16.1-1.fc30", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-12-21T08:17:55", "bulletinFamily": "unix", "cvelist": ["CVE-2019-9511", "CVE-2019-9513"], "description": "This package contains the HTTP/2 client, server and proxy programs. ", "modified": "2019-08-27T18:38:08", "published": "2019-08-27T18:38:08", "id": "FEDORA:4C91D60DA5F1", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 29 Update: nghttp2-1.39.2-1.fc29", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-12-21T08:17:55", "bulletinFamily": "unix", "cvelist": ["CVE-2019-9511", "CVE-2019-9513"], "description": "This package contains the HTTP/2 client, server and proxy programs. ", "modified": "2019-08-23T01:27:34", "published": "2019-08-23T01:27:34", "id": "FEDORA:5C191605F3A1", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 30 Update: nghttp2-1.39.2-1.fc30", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-12-21T08:17:55", "bulletinFamily": "unix", "cvelist": ["CVE-2018-16843", "CVE-2018-16844", "CVE-2018-16845", "CVE-2019-9511", "CVE-2019-9513", "CVE-2019-9516"], "description": "Nginx is a web server and a reverse proxy server for HTTP, SMTP, POP3 and IMAP protocols, with a strong focus on high concurrency, performance and low memory usage. ", "modified": "2019-09-04T04:07:11", "published": "2019-09-04T04:07:11", "id": "FEDORA:B122E605D6AD", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 29 Update: nginx-1.16.1-1.fc29", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-12-21T08:17:55", "bulletinFamily": "unix", "cvelist": ["CVE-2019-9511", "CVE-2019-9516", "CVE-2019-9517"], "description": "The mod_h2 Apache httpd module implements the HTTP2 protocol (h2+h2c) on top of libnghttp2 for httpd 2.4 servers. ", "modified": "2019-08-30T14:21:13", "published": "2019-08-30T14:21:13", "id": "FEDORA:30C18641837A", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 30 Update: mod_http2-1.15.3-2.fc30", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-12-21T08:17:55", "bulletinFamily": "unix", "cvelist": ["CVE-2019-9511", "CVE-2019-9512", "CVE-2019-9513", "CVE-2019-9514", "CVE-2019-9515", "CVE-2019-9516", "CVE-2019-9517", "CVE-2019-9518"], "description": "Node.js is a platform built on Chrome's JavaScript runtime for easily building fast, scalable network applications. Node.js uses an event-driven, non-blocking I/O model that makes it lightweight and efficient, perfect for data-intensive real-time applications that run across distributed devices. ", "modified": "2020-02-23T01:09:36", "published": "2020-02-23T01:09:36", "id": "FEDORA:E5C91604A708", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 30 Update: nodejs-10.19.0-1.fc30", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "amazon": [{"lastseen": "2020-11-10T12:37:02", "bulletinFamily": "unix", "cvelist": ["CVE-2019-9511", "CVE-2019-9513", "CVE-2019-9516"], "description": "**Issue Overview:**\n\nSome HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service. The attacker requests a large amount of data from a specified resource over multiple streams. They manipulate window size and stream priority to force the server to queue the data in 1-byte chunks. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both. ([CVE-2019-9511 __](<https://access.redhat.com/security/cve/CVE-2019-9511>))\n\nSome HTTP/2 implementations are vulnerable to resource loops, potentially leading to a denial of service. The attacker creates multiple request streams and continually shuffles the priority of the streams in a way that causes substantial churn to the priority tree. This can consume excess CPU. ([CVE-2019-9513 __](<https://access.redhat.com/security/cve/CVE-2019-9513>))\n\nSome HTTP/2 implementations are vulnerable to a header leak, potentially leading to a denial of service. The attacker sends a stream of headers with a 0-length header name and 0-length header value, optionally Huffman encoded into 1-byte or greater headers. Some implementations allocate memory for these headers and keep the allocation alive until the session dies. This can consume excess memory. ([CVE-2019-9516 __](<https://access.redhat.com/security/cve/CVE-2019-9516>))\n\n \n**Affected Packages:** \n\n\nnginx\n\n \n**Issue Correction:** \nRun _yum update nginx_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n i686: \n nginx-mod-stream-1.16.1-1.37.amzn1.i686 \n nginx-all-modules-1.16.1-1.37.amzn1.i686 \n nginx-mod-http-xslt-filter-1.16.1-1.37.amzn1.i686 \n nginx-mod-http-image-filter-1.16.1-1.37.amzn1.i686 \n nginx-1.16.1-1.37.amzn1.i686 \n nginx-mod-http-geoip-1.16.1-1.37.amzn1.i686 \n nginx-mod-mail-1.16.1-1.37.amzn1.i686 \n nginx-mod-http-perl-1.16.1-1.37.amzn1.i686 \n nginx-debuginfo-1.16.1-1.37.amzn1.i686 \n \n src: \n nginx-1.16.1-1.37.amzn1.src \n \n x86_64: \n nginx-mod-http-image-filter-1.16.1-1.37.amzn1.x86_64 \n nginx-mod-mail-1.16.1-1.37.amzn1.x86_64 \n nginx-mod-stream-1.16.1-1.37.amzn1.x86_64 \n nginx-debuginfo-1.16.1-1.37.amzn1.x86_64 \n nginx-1.16.1-1.37.amzn1.x86_64 \n nginx-mod-http-perl-1.16.1-1.37.amzn1.x86_64 \n nginx-mod-http-geoip-1.16.1-1.37.amzn1.x86_64 \n nginx-all-modules-1.16.1-1.37.amzn1.x86_64 \n nginx-mod-http-xslt-filter-1.16.1-1.37.amzn1.x86_64 \n \n \n", "edition": 3, "modified": "2019-09-30T21:06:00", "published": "2019-09-30T21:06:00", "id": "ALAS-2019-1299", "href": "https://alas.aws.amazon.com/ALAS-2019-1299.html", "title": "Important: nginx", "type": "amazon", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-11-10T12:35:35", "bulletinFamily": "unix", "cvelist": ["CVE-2019-9511", "CVE-2019-9513"], "description": "**Issue Overview:**\n\nSome HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service. The attacker requests a large amount of data from a specified resource over multiple streams. They manipulate window size and stream priority to force the server to queue the data in 1-byte chunks. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both. ([CVE-2019-9511 __](<https://access.redhat.com/security/cve/CVE-2019-9511>))\n\nSome HTTP/2 implementations are vulnerable to resource loops, potentially leading to a denial of service. The attacker creates multiple request streams and continually shuffles the priority of the streams in a way that causes substantial churn to the priority tree. This can consume excess CPU. ([CVE-2019-9513 __](<https://access.redhat.com/security/cve/CVE-2019-9513>))\n\n \n**Affected Packages:** \n\n\nnghttp2\n\n \n**Issue Correction:** \nRun _yum update nghttp2_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n i686: \n libnghttp2-devel-1.31.1-2.5.amzn1.i686 \n nghttp2-debuginfo-1.31.1-2.5.amzn1.i686 \n nghttp2-1.31.1-2.5.amzn1.i686 \n libnghttp2-1.31.1-2.5.amzn1.i686 \n \n src: \n nghttp2-1.31.1-2.5.amzn1.src \n \n x86_64: \n nghttp2-1.31.1-2.5.amzn1.x86_64 \n libnghttp2-1.31.1-2.5.amzn1.x86_64 \n libnghttp2-devel-1.31.1-2.5.amzn1.x86_64 \n nghttp2-debuginfo-1.31.1-2.5.amzn1.x86_64 \n \n \n", "edition": 3, "modified": "2019-09-30T21:03:00", "published": "2019-09-30T21:03:00", "id": "ALAS-2019-1298", "href": "https://alas.aws.amazon.com/ALAS-2019-1298.html", "title": "Important: nghttp2", "type": "amazon", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-11-10T12:36:35", "bulletinFamily": "unix", "cvelist": ["CVE-2019-9511", "CVE-2019-9513"], "description": "**Issue Overview:**\n\nSome HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service. The attacker requests a large amount of data from a specified resource over multiple streams. They manipulate window size and stream priority to force the server to queue the data in 1-byte chunks. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both.([CVE-2019-9511 __](<https://access.redhat.com/security/cve/CVE-2019-9511>))\n\nSome HTTP/2 implementations are vulnerable to resource loops, potentially leading to a denial of service. The attacker creates multiple request streams and continually shuffles the priority of the streams in a way that causes substantial churn to the priority tree. This can consume excess CPU.([CVE-2019-9513 __](<https://access.redhat.com/security/cve/CVE-2019-9513>))\n\n \n**Affected Packages:** \n\n\nnghttp2\n\n \n**Issue Correction:** \nRun _yum update nghttp2_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n aarch64: \n nghttp2-1.39.2-1.amzn2.aarch64 \n libnghttp2-1.39.2-1.amzn2.aarch64 \n libnghttp2-devel-1.39.2-1.amzn2.aarch64 \n nghttp2-debuginfo-1.39.2-1.amzn2.aarch64 \n \n i686: \n nghttp2-1.39.2-1.amzn2.i686 \n libnghttp2-1.39.2-1.amzn2.i686 \n libnghttp2-devel-1.39.2-1.amzn2.i686 \n nghttp2-debuginfo-1.39.2-1.amzn2.i686 \n \n src: \n nghttp2-1.39.2-1.amzn2.src \n \n x86_64: \n nghttp2-1.39.2-1.amzn2.x86_64 \n libnghttp2-1.39.2-1.amzn2.x86_64 \n libnghttp2-devel-1.39.2-1.amzn2.x86_64 \n nghttp2-debuginfo-1.39.2-1.amzn2.x86_64 \n \n \n", "edition": 1, "modified": "2019-10-08T21:43:00", "published": "2019-10-08T21:43:00", "id": "ALAS2-2019-1298", "href": "https://alas.aws.amazon.com/AL2/ALAS-2019-1298.html", "title": "Important: nghttp2", "type": "amazon", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-11-10T12:35:34", "bulletinFamily": "unix", "cvelist": ["CVE-2019-9511", "CVE-2019-9517", "CVE-2019-9516"], "description": "**Issue Overview:**\n\nSome HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service. The attacker requests a large amount of data from a specified resource over multiple streams. They manipulate window size and stream priority to force the server to queue the data in 1-byte chunks. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both.([CVE-2019-9511 __](<https://access.redhat.com/security/cve/CVE-2019-9511>))\n\nSome HTTP/2 implementations are vulnerable to a header leak, potentially leading to a denial of service. The attacker sends a stream of headers with a 0-length header name and 0-length header value, optionally Huffman encoded into 1-byte or greater headers. Some implementations allocate memory for these headers and keep the allocation alive until the session dies. This can consume excess memory.([CVE-2019-9516 __](<https://access.redhat.com/security/cve/CVE-2019-9516>))\n\nSome HTTP/2 implementations are vulnerable to unconstrained interal data buffering, potentially leading to a denial of service. The attacker opens the HTTP/2 window so the peer can send without constraint; however, they leave the TCP window closed so the peer cannot actually write (many of) the bytes on the wire. The attacker then sends a stream of requests for a large response object. Depending on how the servers queue the responses, this can consume excess memory, CPU, or both.([CVE-2019-9517 __](<https://access.redhat.com/security/cve/CVE-2019-9517>))\n\n \n**Affected Packages:** \n\n\nmod_http2\n\n \n**Issue Correction:** \nRun _yum update mod_http2_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n aarch64: \n mod_http2-1.15.3-2.amzn2.aarch64 \n mod_http2-debuginfo-1.15.3-2.amzn2.aarch64 \n \n i686: \n mod_http2-1.15.3-2.amzn2.i686 \n mod_http2-debuginfo-1.15.3-2.amzn2.i686 \n \n src: \n mod_http2-1.15.3-2.amzn2.src \n \n x86_64: \n mod_http2-1.15.3-2.amzn2.x86_64 \n mod_http2-debuginfo-1.15.3-2.amzn2.x86_64 \n \n \n", "edition": 1, "modified": "2019-10-28T17:43:00", "published": "2019-10-28T17:43:00", "id": "ALAS2-2019-1342", "href": "https://alas.aws.amazon.com/AL2/ALAS-2019-1342.html", "title": "Important: mod_http2", "type": "amazon", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "freebsd": [{"lastseen": "2019-08-24T11:39:45", "bulletinFamily": "unix", "cvelist": ["CVE-2019-9511", "CVE-2019-9513", "CVE-2019-9516"], "description": "\nNGINX Team reports:\n\nSeveral security issues were identified in nginx HTTP/2\n\t implementation which might cause excessive memory consumption\n\t and CPU usage (CVE-2019-9511, CVE-2019-9513, CVE-2019-9516).\n\t The issues affect nginx compiled with the ngx_http_v2_module (not\n\t compiled by default) if the http2 option of the listen directive\n\t is used in a configuration file.\n\n", "edition": 3, "modified": "2019-08-14T00:00:00", "published": "2019-08-13T00:00:00", "id": "87679FCB-BE60-11E9-9051-4C72B94353B5", "href": "https://vuxml.freebsd.org/freebsd/87679fcb-be60-11e9-9051-4c72b94353b5.html", "title": "NGINX -- Multiple vulnerabilities", "type": "freebsd", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-08-24T11:39:45", "bulletinFamily": "unix", "cvelist": ["CVE-2019-9511", "CVE-2019-9513"], "description": "\nnghttp2 GitHub releases:\n\nThis release fixes CVE-2019-9511 \"Data Dribble\" and CVE-2019-9513\n\t \"Resource Loop\" vulnerability in nghttpx and nghttpd. Specially crafted\n\t HTTP/2 frames cause Denial of Service by consuming CPU time. Check out\n\t https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md\n\t for details. For nghttpx, additionally limiting inbound traffic by\n\t --read-rate and --read-burst options is quite effective against this\n\t kind of attack.\nCVE-2019-9511 \"Data Dribble\": The attacker requests a large amount of\n\t data from a specified resource over multiple streams. They manipulate\n\t window size and stream priority to force the server to queue the data in\n\t 1-byte chunks. Depending on how efficiently this data is queued, this\n\t can consume excess CPU, memory, or both, potentially leading to a\n\t denial of service.\nCVE-2019-9513 \"Ping Flood\": The attacker sends continual pings to an\n\t HTTP/2 peer, causing the peer to build an internal queue of responses.\n\t Depending on how efficiently this data is queued, this can consume\n\t excess CPU, memory, or both, potentially leading to a denial of service.\n\n", "edition": 2, "modified": "2019-08-13T00:00:00", "published": "2019-08-13T00:00:00", "id": "121FEC01-C042-11E9-A73F-B36F5969F162", "href": "https://vuxml.freebsd.org/freebsd/121fec01-c042-11e9-a73f-b36f5969f162.html", "title": "nghttp2 -- multiple vulnerabilities", "type": "freebsd", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "debian": [{"lastseen": "2020-08-12T00:59:59", "bulletinFamily": "unix", "cvelist": ["CVE-2019-9511", "CVE-2019-9513", "CVE-2019-9516"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-4505-1 security@debian.org\nhttps://www.debian.org/security/ Moritz Muehlenhoff\nAugust 22, 2019 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : nginx\nCVE ID : CVE-2019-9511 CVE-2019-9513 CVE-2019-9516\n\nThree vulnerabilities were discovered in the HTTP/2 code of Nginx, a\nhigh-performance web and reverse proxy server, which could result in\ndenial of service.\n\nFor the oldstable distribution (stretch), these problems have been fixed\nin version 1.10.3-1+deb9u3.\n\nFor the stable distribution (buster), these problems have been fixed in\nversion 1.14.2-2+deb10u1.\n\nWe recommend that you upgrade your nginx packages.\n\nFor the detailed security status of nginx please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/nginx\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 12, "modified": "2019-08-22T19:38:40", "published": "2019-08-22T19:38:40", "id": "DEBIAN:DSA-4505-1:2F1F2", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2019/msg00153.html", "title": "[SECURITY] [DSA 4505-1] nginx security update", "type": "debian", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-08-12T01:10:16", "bulletinFamily": "unix", "cvelist": ["CVE-2019-9511", "CVE-2019-9513"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-4511-1 security@debian.org\nhttps://www.debian.org/security/ Moritz Muehlenhoff\nSeptember 01, 2019 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : nghttp2\nCVE ID : CVE-2019-9511 CVE-2019-9513\n\nTwo vulnerabilities were discovered in the HTTP/2 code of the nghttp2\nHTTP server, which could result in denial of service.\n\nFor the oldstable distribution (stretch), these problems have been fixed\nin version 1.18.1-1+deb9u1.\n\nFor the stable distribution (buster), these problems have been fixed in\nversion 1.36.0-2+deb10u1.\n\nWe recommend that you upgrade your nghttp2 packages.\n\nFor the detailed security status of nghttp2 please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/nghttp2\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 10, "modified": "2019-09-01T21:08:24", "published": "2019-09-01T21:08:24", "id": "DEBIAN:DSA-4511-1:15C61", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2019/msg00159.html", "title": "[SECURITY] [DSA 4511-1] nghttp2 security update", "type": "debian", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "nessus": [{"lastseen": "2021-01-01T06:51:59", "description": "Jonathan Looney discovered that nginx incorrectly handled the HTTP/2\nimplementation. A remote attacker could possibly use this issue to\nconsume resources, leading to a denial of service.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 17, "cvss3": {"score": 7.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2019-08-20T00:00:00", "title": "Ubuntu 16.04 LTS / 18.04 LTS / 19.04 : nginx vulnerabilities (USN-4099-1) (0-Length Headers Leak) (Data Dribble) (Resource Loop)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-9511", "CVE-2019-9513", "CVE-2019-9516"], "modified": "2021-01-02T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:nginx-core", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/o:canonical:ubuntu_linux:18.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:nginx-extras", "cpe:/o:canonical:ubuntu_linux:19.04", "p-cpe:/a:canonical:ubuntu_linux:nginx-common", "p-cpe:/a:canonical:ubuntu_linux:nginx-full", "p-cpe:/a:canonical:ubuntu_linux:nginx-light"], "id": "UBUNTU_USN-4099-1.NASL", "href": "https://www.tenable.com/plugins/nessus/128024", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-4099-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(128024);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2020/01/02\");\n\n script_cve_id(\"CVE-2019-9511\", \"CVE-2019-9513\", \"CVE-2019-9516\");\n script_xref(name:\"USN\", value:\"4099-1\");\n\n script_name(english:\"Ubuntu 16.04 LTS / 18.04 LTS / 19.04 : nginx vulnerabilities (USN-4099-1) (0-Length Headers Leak) (Data Dribble) (Resource Loop)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Jonathan Looney discovered that nginx incorrectly handled the HTTP/2\nimplementation. A remote attacker could possibly use this issue to\nconsume resources, leading to a denial of service.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/4099-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:nginx-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:nginx-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:nginx-extras\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:nginx-full\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:nginx-light\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:19.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/08/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/08/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/08/20\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2019-2020 Canonical, Inc. / NASL script (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(16\\.04|18\\.04|19\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 16.04 / 18.04 / 19.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"16.04\", pkgname:\"nginx-common\", pkgver:\"1.10.3-0ubuntu0.16.04.4\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"nginx-core\", pkgver:\"1.10.3-0ubuntu0.16.04.4\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"nginx-extras\", pkgver:\"1.10.3-0ubuntu0.16.04.4\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"nginx-full\", pkgver:\"1.10.3-0ubuntu0.16.04.4\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"nginx-light\", pkgver:\"1.10.3-0ubuntu0.16.04.4\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"nginx-common\", pkgver:\"1.14.0-0ubuntu1.4\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"nginx-core\", pkgver:\"1.14.0-0ubuntu1.4\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"nginx-extras\", pkgver:\"1.14.0-0ubuntu1.4\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"nginx-full\", pkgver:\"1.14.0-0ubuntu1.4\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"nginx-light\", pkgver:\"1.14.0-0ubuntu1.4\")) flag++;\nif (ubuntu_check(osver:\"19.04\", pkgname:\"nginx-common\", pkgver:\"1.15.9-0ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"19.04\", pkgname:\"nginx-core\", pkgver:\"1.15.9-0ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"19.04\", pkgname:\"nginx-extras\", pkgver:\"1.15.9-0ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"19.04\", pkgname:\"nginx-full\", pkgver:\"1.15.9-0ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"19.04\", pkgname:\"nginx-light\", pkgver:\"1.15.9-0ubuntu1.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"nginx-common / nginx-core / nginx-extras / nginx-full / nginx-light\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-01-20T12:49:02", "description": "This update for nginx fixes the following issues :\n\nSecurity issues fixed :\n\n - CVE-2019-9511: Fixed a denial of service by manipulating\n the window size and stream prioritization (bsc#1145579).\n\n - CVE-2019-9513: Fixed a denial of service caused by\n resource loops (bsc#1145580).\n\n - CVE-2019-9516: Fixed a denial of service caused by\n header leaks (bsc#1145582).\n\nThis update was imported from the SUSE:SLE-15:Update update project.", "edition": 15, "cvss3": {"score": 7.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2019-10-07T00:00:00", "title": "openSUSE Security Update : nginx (openSUSE-2019-2264) (0-Length Headers Leak) (Data Dribble) (Resource Loop)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-9511", "CVE-2019-9513", "CVE-2019-9516"], "modified": "2019-10-07T00:00:00", "cpe": ["cpe:/o:novell:opensuse:15.0", "p-cpe:/a:novell:opensuse:nginx-debuginfo", "p-cpe:/a:novell:opensuse:vim-plugin-nginx", "p-cpe:/a:novell:opensuse:nginx-debugsource", "p-cpe:/a:novell:opensuse:nginx"], "id": "OPENSUSE-2019-2264.NASL", "href": "https://www.tenable.com/plugins/nessus/129667", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2019-2264.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(129667);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2019-9511\", \"CVE-2019-9513\", \"CVE-2019-9516\");\n\n script_name(english:\"openSUSE Security Update : nginx (openSUSE-2019-2264) (0-Length Headers Leak) (Data Dribble) (Resource Loop)\");\n script_summary(english:\"Check for the openSUSE-2019-2264 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for nginx fixes the following issues :\n\nSecurity issues fixed :\n\n - CVE-2019-9511: Fixed a denial of service by manipulating\n the window size and stream prioritization (bsc#1145579).\n\n - CVE-2019-9513: Fixed a denial of service caused by\n resource loops (bsc#1145580).\n\n - CVE-2019-9516: Fixed a denial of service caused by\n header leaks (bsc#1145582).\n\nThis update was imported from the SUSE:SLE-15:Update update project.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1145579\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1145580\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1145582\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected nginx packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:nginx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:nginx-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:nginx-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:vim-plugin-nginx\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/08/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/10/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/10/07\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.0)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.0\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(x86_64)$\") audit(AUDIT_ARCH_NOT, \"x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.0\", reference:\"nginx-1.14.2-lp150.2.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"nginx-debuginfo-1.14.2-lp150.2.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"nginx-debugsource-1.14.2-lp150.2.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"vim-plugin-nginx-1.14.2-lp150.2.11.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"nginx / nginx-debuginfo / nginx-debugsource / vim-plugin-nginx\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-01-01T06:20:07", "description": "This update for nginx fixes the following issues :\n\nSecurity issues fixed :\n\nCVE-2019-9511: Fixed a denial of service by manipulating the window\nsize and stream prioritization (bsc#1145579).\n\nCVE-2019-9513: Fixed a denial of service caused by resource loops\n(bsc#1145580).\n\nCVE-2019-9516: Fixed a denial of service caused by header leaks\n(bsc#1145582).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 17, "cvss3": {"score": 7.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2019-10-07T00:00:00", "title": "SUSE SLES15 Security Update : nginx (SUSE-SU-2019:2559-1) (0-Length Headers Leak) (Data Dribble) (Resource Loop)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-9511", "CVE-2019-9513", "CVE-2019-9516"], "modified": "2021-01-02T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:nginx", "cpe:/o:novell:suse_linux:15", "p-cpe:/a:novell:suse_linux:nginx-debugsource", "p-cpe:/a:novell:suse_linux:nginx-debuginfo"], "id": "SUSE_SU-2019-2559-1.NASL", "href": "https://www.tenable.com/plugins/nessus/129675", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2019:2559-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(129675);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2019/12/19\");\n\n script_cve_id(\"CVE-2019-9511\", \"CVE-2019-9513\", \"CVE-2019-9516\");\n\n script_name(english:\"SUSE SLES15 Security Update : nginx (SUSE-SU-2019:2559-1) (0-Length Headers Leak) (Data Dribble) (Resource Loop)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for nginx fixes the following issues :\n\nSecurity issues fixed :\n\nCVE-2019-9511: Fixed a denial of service by manipulating the window\nsize and stream prioritization (bsc#1145579).\n\nCVE-2019-9513: Fixed a denial of service caused by resource loops\n(bsc#1145580).\n\nCVE-2019-9516: Fixed a denial of service caused by header leaks\n(bsc#1145582).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1145579\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1145580\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1145582\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-9511/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-9513/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-9516/\"\n );\n # https://www.suse.com/support/update/announcement/2019/suse-su-20192559-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?4473d146\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Module for Server Applications 15:zypper in -t\npatch SUSE-SLE-Module-Server-Applications-15-2019-2559=1\n\nSUSE Linux Enterprise Module for Open Buildservice Development Tools\n15:zypper in -t patch\nSUSE-SLE-Module-Development-Tools-OBS-15-2019-2559=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:nginx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:nginx-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:nginx-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/08/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/10/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/10/07\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES15\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP0\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"nginx-1.14.2-3.6.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"nginx-debuginfo-1.14.2-3.6.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"nginx-debugsource-1.14.2-3.6.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"nginx\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-01-01T04:46:42", "description": "From Red Hat Security Advisory 2019:2799 :\n\nAn update for the nginx:1.14 module is now available for Red Hat\nEnterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nNginx is a web server and a reverse proxy server for HTTP, SMTP, POP3\n(Post Office Protocol 3) and IMAP protocols, with a focus on high\nconcurrency, performance and low memory usage.\n\nSecurity Fix(es) :\n\n* HTTP/2: large amount of data request leads to denial of service\n(CVE-2019-9511)\n\n* HTTP/2: flood using PRIORITY frames resulting in excessive resource\nconsumption (CVE-2019-9513)\n\n* HTTP/2: 0-length headers leads to denial of service (CVE-2019-9516)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.", "edition": 17, "cvss3": {"score": 7.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2019-09-20T00:00:00", "title": "Oracle Linux 8 : nginx:1.14 (ELSA-2019-2799) (0-Length Headers Leak) (Data Dribble) (Resource Loop)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-9511", "CVE-2019-9513", "CVE-2019-9516"], "modified": "2021-01-02T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:nginx", "p-cpe:/a:oracle:linux:nginx-mod-http-perl", "p-cpe:/a:oracle:linux:nginx-mod-http-xslt-filter", "cpe:/o:oracle:linux:8", "p-cpe:/a:oracle:linux:nginx-mod-mail", "p-cpe:/a:oracle:linux:nginx-mod-stream", "p-cpe:/a:oracle:linux:nginx-mod-http-image-filter", "p-cpe:/a:oracle:linux:nginx-all-modules", "p-cpe:/a:oracle:linux:nginx-filesystem"], "id": "ORACLELINUX_ELSA-2019-2799.NASL", "href": "https://www.tenable.com/plugins/nessus/129087", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2019:2799 and \n# Oracle Linux Security Advisory ELSA-2019-2799 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(129087);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2019/12/27\");\n\n script_cve_id(\"CVE-2019-9511\", \"CVE-2019-9513\", \"CVE-2019-9516\");\n script_xref(name:\"RHSA\", value:\"2019:2799\");\n\n script_name(english:\"Oracle Linux 8 : nginx:1.14 (ELSA-2019-2799) (0-Length Headers Leak) (Data Dribble) (Resource Loop)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2019:2799 :\n\nAn update for the nginx:1.14 module is now available for Red Hat\nEnterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nNginx is a web server and a reverse proxy server for HTTP, SMTP, POP3\n(Post Office Protocol 3) and IMAP protocols, with a focus on high\nconcurrency, performance and low memory usage.\n\nSecurity Fix(es) :\n\n* HTTP/2: large amount of data request leads to denial of service\n(CVE-2019-9511)\n\n* HTTP/2: flood using PRIORITY frames resulting in excessive resource\nconsumption (CVE-2019-9513)\n\n* HTTP/2: 0-length headers leads to denial of service (CVE-2019-9516)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2019-September/009184.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected nginx:1.14 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:nginx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:nginx-all-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:nginx-filesystem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:nginx-mod-http-image-filter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:nginx-mod-http-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:nginx-mod-http-xslt-filter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:nginx-mod-mail\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:nginx-mod-stream\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:8\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/08/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/09/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/09/20\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 8\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"nginx-1.14.1-9.0.1.module+el8.0.0+5347+9282027e\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"nginx-all-modules-1.14.1-9.0.1.module+el8.0.0+5347+9282027e\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"nginx-filesystem-1.14.1-9.0.1.module+el8.0.0+5347+9282027e\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"nginx-mod-http-image-filter-1.14.1-9.0.1.module+el8.0.0+5347+9282027e\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"nginx-mod-http-perl-1.14.1-9.0.1.module+el8.0.0+5347+9282027e\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"nginx-mod-http-xslt-filter-1.14.1-9.0.1.module+el8.0.0+5347+9282027e\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"nginx-mod-mail-1.14.1-9.0.1.module+el8.0.0+5347+9282027e\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"nginx-mod-stream-1.14.1-9.0.1.module+el8.0.0+5347+9282027e\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"nginx / nginx-all-modules / nginx-filesystem / etc\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-01-07T09:06:56", "description": "According to the versions of the nginx package installed, the EulerOS\ninstallation on the remote host is affected by the following\nvulnerabilities :\n\n - Some HTTP/2 implementations are vulnerable to window\n size manipulation and stream prioritization\n manipulation, potentially leading to a denial of\n service. The attacker requests a large amount of data\n from a specified resource over multiple streams. They\n manipulate window size and stream priority to force the\n server to queue the data in 1-byte chunks. Depending on\n how efficiently this data is queued, this can consume\n excess CPU, memory, or both.(CVE-2019-9511)\n\n - Some HTTP/2 implementations are vulnerable to resource\n loops, potentially leading to a denial of service. The\n attacker creates multiple request streams and\n continually shuffles the priority of the streams in a\n way that causes substantial churn to the priority tree.\n This can consume excess CPU.(CVE-2019-9513)\n\n - Some HTTP/2 implementations are vulnerable to a header\n leak, potentially leading to a denial of service. The\n attacker sends a stream of headers with a 0-length\n header name and 0-length header value, optionally\n Huffman encoded into 1-byte or greater headers. Some\n implementations allocate memory for these headers and\n keep the allocation alive until the session dies. This\n can consume excess memory.(CVE-2019-9516)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 4, "cvss3": {"score": 7.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2020-11-03T00:00:00", "title": "EulerOS 2.0 SP2 : nginx (EulerOS-SA-2020-2372)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-9511", "CVE-2019-9513", "CVE-2019-9516"], "modified": "2020-11-03T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:nginx", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2020-2372.NASL", "href": "https://www.tenable.com/plugins/nessus/142242", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(142242);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2019-9511\",\n \"CVE-2019-9513\",\n \"CVE-2019-9516\"\n );\n\n script_name(english:\"EulerOS 2.0 SP2 : nginx (EulerOS-SA-2020-2372)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the nginx package installed, the EulerOS\ninstallation on the remote host is affected by the following\nvulnerabilities :\n\n - Some HTTP/2 implementations are vulnerable to window\n size manipulation and stream prioritization\n manipulation, potentially leading to a denial of\n service. The attacker requests a large amount of data\n from a specified resource over multiple streams. They\n manipulate window size and stream priority to force the\n server to queue the data in 1-byte chunks. Depending on\n how efficiently this data is queued, this can consume\n excess CPU, memory, or both.(CVE-2019-9511)\n\n - Some HTTP/2 implementations are vulnerable to resource\n loops, potentially leading to a denial of service. The\n attacker creates multiple request streams and\n continually shuffles the priority of the streams in a\n way that causes substantial churn to the priority tree.\n This can consume excess CPU.(CVE-2019-9513)\n\n - Some HTTP/2 implementations are vulnerable to a header\n leak, potentially leading to a denial of service. The\n attacker sends a stream of headers with a 0-length\n header name and 0-length header value, optionally\n Huffman encoded into 1-byte or greater headers. Some\n implementations allocate memory for these headers and\n keep the allocation alive until the session dies. This\n can consume excess memory.(CVE-2019-9516)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-2372\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?7a1939b0\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected nginx packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/11/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/11/03\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:nginx\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(2)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"nginx-1.13.3-1.h5\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"2\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"nginx\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-01-01T01:20:25", "description": "Some HTTP/2 implementations are vulnerable to window size manipulation\nand stream prioritization manipulation, potentially leading to a\ndenial of service. The attacker requests a large amount of data from a\nspecified resource over multiple streams. They manipulate window size\nand stream priority to force the server to queue the data in 1-byte\nchunks. Depending on how efficiently this data is queued, this can\nconsume excess CPU, memory, or both. (CVE-2019-9511)\n\nSome HTTP/2 implementations are vulnerable to resource loops,\npotentially leading to a denial of service. The attacker creates\nmultiple request streams and continually shuffles the priority of the\nstreams in a way that causes substantial churn to the priority tree.\nThis can consume excess CPU. (CVE-2019-9513)\n\nSome HTTP/2 implementations are vulnerable to a header leak,\npotentially leading to a denial of service. The attacker sends a\nstream of headers with a 0-length header name and 0-length header\nvalue, optionally Huffman encoded into 1-byte or greater headers. Some\nimplementations allocate memory for these headers and keep the\nallocation alive until the session dies. This can consume excess\nmemory. (CVE-2019-9516)", "edition": 17, "cvss3": {"score": 7.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2019-10-04T00:00:00", "title": "Amazon Linux AMI : nginx (ALAS-2019-1299) (0-Length Headers Leak) (Data Dribble) (Resource Loop)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-9511", "CVE-2019-9513", "CVE-2019-9516"], "modified": "2021-01-02T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:nginx-all-modules", "p-cpe:/a:amazon:linux:nginx-mod-http-perl", "p-cpe:/a:amazon:linux:nginx-mod-mail", "p-cpe:/a:amazon:linux:nginx-mod-stream", "p-cpe:/a:amazon:linux:nginx", "p-cpe:/a:amazon:linux:nginx-debuginfo", "p-cpe:/a:amazon:linux:nginx-mod-http-image-filter", "p-cpe:/a:amazon:linux:nginx-mod-http-xslt-filter", "cpe:/o:amazon:linux", "p-cpe:/a:amazon:linux:nginx-mod-http-geoip"], "id": "ALA_ALAS-2019-1299.NASL", "href": "https://www.tenable.com/plugins/nessus/129569", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2019-1299.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(129569);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2019/12/23\");\n\n script_cve_id(\"CVE-2019-9511\", \"CVE-2019-9513\", \"CVE-2019-9516\");\n script_xref(name:\"ALAS\", value:\"2019-1299\");\n\n script_name(english:\"Amazon Linux AMI : nginx (ALAS-2019-1299) (0-Length Headers Leak) (Data Dribble) (Resource Loop)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Some HTTP/2 implementations are vulnerable to window size manipulation\nand stream prioritization manipulation, potentially leading to a\ndenial of service. The attacker requests a large amount of data from a\nspecified resource over multiple streams. They manipulate window size\nand stream priority to force the server to queue the data in 1-byte\nchunks. Depending on how efficiently this data is queued, this can\nconsume excess CPU, memory, or both. (CVE-2019-9511)\n\nSome HTTP/2 implementations are vulnerable to resource loops,\npotentially leading to a denial of service. The attacker creates\nmultiple request streams and continually shuffles the priority of the\nstreams in a way that causes substantial churn to the priority tree.\nThis can consume excess CPU. (CVE-2019-9513)\n\nSome HTTP/2 implementations are vulnerable to a header leak,\npotentially leading to a denial of service. The attacker sends a\nstream of headers with a 0-length header name and 0-length header\nvalue, optionally Huffman encoded into 1-byte or greater headers. Some\nimplementations allocate memory for these headers and keep the\nallocation alive until the session dies. This can consume excess\nmemory. (CVE-2019-9516)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2019-1299.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update nginx' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:nginx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:nginx-all-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:nginx-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:nginx-mod-http-geoip\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:nginx-mod-http-image-filter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:nginx-mod-http-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:nginx-mod-http-xslt-filter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:nginx-mod-mail\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:nginx-mod-stream\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/08/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/10/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/10/04\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"nginx-1.16.1-1.37.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"nginx-all-modules-1.16.1-1.37.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"nginx-debuginfo-1.16.1-1.37.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"nginx-mod-http-geoip-1.16.1-1.37.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"nginx-mod-http-image-filter-1.16.1-1.37.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"nginx-mod-http-perl-1.16.1-1.37.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"nginx-mod-http-xslt-filter-1.16.1-1.37.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"nginx-mod-mail-1.16.1-1.37.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"nginx-mod-stream-1.16.1-1.37.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"nginx / nginx-all-modules / nginx-debuginfo / nginx-mod-http-geoip / etc\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-01-01T01:51:29", "description": "Three vulnerabilities were discovered in the HTTP/2 code of Nginx, a\nhigh-performance web and reverse proxy server, which could result in\ndenial of service.", "edition": 17, "cvss3": {"score": 7.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2019-08-23T00:00:00", "title": "Debian DSA-4505-1 : nginx - security update (0-Length Headers Leak) (Data Dribble) (Resource Loop)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-9511", "CVE-2019-9513", "CVE-2019-9516"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/o:debian:debian_linux:10.0", "p-cpe:/a:debian:debian_linux:nginx", "cpe:/o:debian:debian_linux:9.0"], "id": "DEBIAN_DSA-4505.NASL", "href": "https://www.tenable.com/plugins/nessus/128083", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-4505. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(128083);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2020/01/02\");\n\n script_cve_id(\"CVE-2019-9511\", \"CVE-2019-9513\", \"CVE-2019-9516\");\n script_xref(name:\"DSA\", value:\"4505\");\n\n script_name(english:\"Debian DSA-4505-1 : nginx - security update (0-Length Headers Leak) (Data Dribble) (Resource Loop)\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Three vulnerabilities were discovered in the HTTP/2 code of Nginx, a\nhigh-performance web and reverse proxy server, which could result in\ndenial of service.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/source-package/nginx\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/stretch/nginx\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/buster/nginx\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2019/dsa-4505\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the nginx packages.\n\nFor the oldstable distribution (stretch), these problems have been\nfixed in version 1.10.3-1+deb9u3.\n\nFor the stable distribution (buster), these problems have been fixed\nin version 1.14.2-2+deb10u1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nginx\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:10.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:9.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/08/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/08/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/08/23\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"10.0\", prefix:\"libnginx-mod-http-auth-pam\", reference:\"1.14.2-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"libnginx-mod-http-cache-purge\", reference:\"1.14.2-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"libnginx-mod-http-dav-ext\", reference:\"1.14.2-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"libnginx-mod-http-echo\", reference:\"1.14.2-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"libnginx-mod-http-fancyindex\", reference:\"1.14.2-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"libnginx-mod-http-geoip\", reference:\"1.14.2-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"libnginx-mod-http-headers-more-filter\", reference:\"1.14.2-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"libnginx-mod-http-image-filter\", reference:\"1.14.2-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"libnginx-mod-http-lua\", reference:\"1.14.2-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"libnginx-mod-http-ndk\", reference:\"1.14.2-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"libnginx-mod-http-perl\", reference:\"1.14.2-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"libnginx-mod-http-subs-filter\", reference:\"1.14.2-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"libnginx-mod-http-uploadprogress\", reference:\"1.14.2-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"libnginx-mod-http-upstream-fair\", reference:\"1.14.2-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"libnginx-mod-http-xslt-filter\", reference:\"1.14.2-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"libnginx-mod-mail\", reference:\"1.14.2-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"libnginx-mod-nchan\", reference:\"1.14.2-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"libnginx-mod-rtmp\", reference:\"1.14.2-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"libnginx-mod-stream\", reference:\"1.14.2-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"nginx\", reference:\"1.14.2-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"nginx-common\", reference:\"1.14.2-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"nginx-doc\", reference:\"1.14.2-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"nginx-extras\", reference:\"1.14.2-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"nginx-full\", reference:\"1.14.2-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"nginx-light\", reference:\"1.14.2-2+deb10u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libnginx-mod-http-auth-pam\", reference:\"1.10.3-1+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libnginx-mod-http-cache-purge\", reference:\"1.10.3-1+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libnginx-mod-http-dav-ext\", reference:\"1.10.3-1+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libnginx-mod-http-echo\", reference:\"1.10.3-1+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libnginx-mod-http-fancyindex\", reference:\"1.10.3-1+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libnginx-mod-http-geoip\", reference:\"1.10.3-1+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libnginx-mod-http-headers-more-filter\", reference:\"1.10.3-1+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libnginx-mod-http-image-filter\", reference:\"1.10.3-1+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libnginx-mod-http-lua\", reference:\"1.10.3-1+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libnginx-mod-http-ndk\", reference:\"1.10.3-1+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libnginx-mod-http-perl\", reference:\"1.10.3-1+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libnginx-mod-http-subs-filter\", reference:\"1.10.3-1+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libnginx-mod-http-uploadprogress\", reference:\"1.10.3-1+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libnginx-mod-http-upstream-fair\", reference:\"1.10.3-1+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libnginx-mod-http-xslt-filter\", reference:\"1.10.3-1+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libnginx-mod-mail\", reference:\"1.10.3-1+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libnginx-mod-nchan\", reference:\"1.10.3-1+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libnginx-mod-stream\", reference:\"1.10.3-1+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"nginx\", reference:\"1.10.3-1+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"nginx-common\", reference:\"1.10.3-1+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"nginx-doc\", reference:\"1.10.3-1+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"nginx-extras\", reference:\"1.10.3-1+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"nginx-full\", reference:\"1.10.3-1+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"nginx-light\", reference:\"1.10.3-1+deb9u3\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-01-01T02:27:24", "description": "Fixes CVE-2019-9511, CVE-2019-9513, CVE-2019-9516\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "edition": 17, "cvss3": {"score": 7.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2019-08-22T00:00:00", "title": "Fedora 30 : 1:nginx (2019-befd924cfe) (0-Length Headers Leak) (Data Dribble) (Resource Loop)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-9511", "CVE-2019-9513", "CVE-2019-9516"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:30", "p-cpe:/a:fedoraproject:fedora:1:nginx"], "id": "FEDORA_2019-BEFD924CFE.NASL", "href": "https://www.tenable.com/plugins/nessus/128067", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2019-befd924cfe.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(128067);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2020/01/02\");\n\n script_cve_id(\"CVE-2019-9511\", \"CVE-2019-9513\", \"CVE-2019-9516\");\n script_xref(name:\"FEDORA\", value:\"2019-befd924cfe\");\n\n script_name(english:\"Fedora 30 : 1:nginx (2019-befd924cfe) (0-Length Headers Leak) (Data Dribble) (Resource Loop)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Fixes CVE-2019-9511, CVE-2019-9513, CVE-2019-9516\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2019-befd924cfe\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected 1:nginx package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:1:nginx\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:30\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/08/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/08/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/08/22\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^30([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 30\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC30\", reference:\"nginx-1.16.1-1.fc30\", epoch:\"1\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"1:nginx\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-01-01T02:42:14", "description": "NGINX Team reports :\n\nSeveral security issues were identified in nginx HTTP/2 implementation\nwhich might cause excessive memory consumption and CPU usage\n(CVE-2019-9511, CVE-2019-9513, CVE-2019-9516). The issues affect nginx\ncompiled with the ngx_http_v2_module (not compiled by default) if the\nhttp2 option of the listen directive is used in a configuration file.", "edition": 17, "cvss3": {"score": 7.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2019-08-20T00:00:00", "title": "FreeBSD : NGINX -- Multiple vulnerabilities (87679fcb-be60-11e9-9051-4c72b94353b5) (0-Length Headers Leak) (Data Dribble) (Resource Loop)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-9511", "CVE-2019-9513", "CVE-2019-9516"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/o:freebsd:freebsd", "p-cpe:/a:freebsd:freebsd:nginx-devel", "p-cpe:/a:freebsd:freebsd:nginx"], "id": "FREEBSD_PKG_87679FCBBE6011E990514C72B94353B5.NASL", "href": "https://www.tenable.com/plugins/nessus/127950", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2020 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(127950);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2020/01/02\");\n\n script_cve_id(\"CVE-2019-9511\", \"CVE-2019-9513\", \"CVE-2019-9516\");\n\n script_name(english:\"FreeBSD : NGINX -- Multiple vulnerabilities (87679fcb-be60-11e9-9051-4c72b94353b5) (0-Length Headers Leak) (Data Dribble) (Resource Loop)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"NGINX Team reports :\n\nSeveral security issues were identified in nginx HTTP/2 implementation\nwhich might cause excessive memory consumption and CPU usage\n(CVE-2019-9511, CVE-2019-9513, CVE-2019-9516). The issues affect nginx\ncompiled with the ngx_http_v2_module (not compiled by default) if the\nhttp2 option of the listen directive is used in a configuration file.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://nginx.org/en/security_advisories.html\"\n );\n # https://vuxml.freebsd.org/freebsd/87679fcb-be60-11e9-9051-4c72b94353b5.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?99dc3f33\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:nginx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:nginx-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/08/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/08/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/08/20\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"nginx<1.16.1,2\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"nginx-devel<1.17.3\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-06-27T03:07:02", "description": "According to its Server response header, the installed version of nginx is 1.9.5 prior to 1.16.1 or 1.17.x prior to\n1.17.3. It is, therefore, affected by multiple denial of service vulnerabilities :\n\n - A denial of service vulnerability exists in the HTTP/2 protocol stack due to improper handling of exceptional\n conditions. An unauthenticated, remote attacker can exploit this, by manipulating the window size and stream\n priority of a large data request, to cause a denial of service condition. (CVE-2019-9511)\n\n - A denial of service vulnerability exists in the HTTP/2 protocol stack due to improper handling of exceptional\n conditions. An unauthenticated, remote attacker can exploit this, by creating multiple request streams and\n continually shuffling the priority of the streams, to cause a denial of service condition. (CVE-2019-9513)\n\n - A denial of service vulnerability exists in the HTTP/2 protocol stack due to improper handling of exceptional\n conditions. An unauthenticated, remote attacker can exploit this, by sending a stream of headers with a zero length\n header name and zero length header value, to cause a denial of service condition. (CVE-2019-9516)", "edition": 12, "cvss3": {"score": 7.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2019-08-16T00:00:00", "title": "nginx 1.9.5 < 1.16.1 / 1.17.x < 1.17.3 Multiple Vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-9511", "CVE-2019-9513", "CVE-2019-9516"], "modified": "2019-08-16T00:00:00", "cpe": ["cpe:/a:igor_sysoev:nginx"], "id": "NGINX_1_17_3.NASL", "href": "https://www.tenable.com/plugins/nessus/127907", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(127907);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/06/26\");\n\n script_cve_id(\"CVE-2019-9511\", \"CVE-2019-9513\", \"CVE-2019-9516\");\n\n script_name(english:\"nginx 1.9.5 < 1.16.1 / 1.17.x < 1.17.3 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server is affected by multiple denial of service vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its Server response header, the installed version of nginx is 1.9.5 prior to 1.16.1 or 1.17.x prior to\n1.17.3. It is, therefore, affected by multiple denial of service vulnerabilities :\n\n - A denial of service vulnerability exists in the HTTP/2 protocol stack due to improper handling of exceptional\n conditions. An unauthenticated, remote attacker can exploit this, by manipulating the window size and stream\n priority of a large data request, to cause a denial of service condition. (CVE-2019-9511)\n\n - A denial of service vulnerability exists in the HTTP/2 protocol stack due to improper handling of exceptional\n conditions. An unauthenticated, remote attacker can exploit this, by creating multiple request streams and\n continually shuffling the priority of the streams, to cause a denial of service condition. (CVE-2019-9513)\n\n - A denial of service vulnerability exists in the HTTP/2 protocol stack due to improper handling of exceptional\n conditions. An unauthenticated, remote attacker can exploit this, by sending a stream of headers with a zero length\n header name and zero length header value, to cause a denial of service condition. (CVE-2019-9516)\");\n # https://www.nginx.com/blog/nginx-updates-mitigate-august-2019-http-2-vulnerabilities/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?b562be58\");\n # https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?5ca4073f\");\n # http://nginx.org/en/security_advisories.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?98fc786c\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to nginx version 1.16.1 / 1.17.3 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-9511\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/08/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/08/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/08/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:igor_sysoev:nginx\");\n script_set_attribute(attribute:\"agent\", value:\"unix\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"nginx_detect.nasl\", \"nginx_nix_installed.nbin\");\n script_require_keys(\"installed_sw/nginx\");\n\n exit(0);\n}\n\ninclude('http.inc');\ninclude('vcf.inc');\n\nappname = 'nginx';\nget_install_count(app_name:appname, exit_if_zero:TRUE);\napp_info = vcf::combined_get_app_info(app:appname);\nvcf::check_granularity(app_info:app_info, sig_segments:3);\n\n# If the detection is only remote, Detection Method won't be set, and we should require paranoia\nif (empty_or_null(app_info['Detection Method']) && report_paranoia < 2)\n audit(AUDIT_PARANOID);\n\nconstraints = [\n {'min_version' : '1.9.5', 'fixed_version' : '1.16.0', 'fixed_display' : '1.16.1 / 1.17.3'},\n {'min_version' : '1.16.0', 'fixed_version' : '1.16.1'},\n {'min_version' : '1.17.0', 'fixed_version' : '1.17.3'}\n];\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "redhat": [{"lastseen": "2020-11-10T10:21:43", "bulletinFamily": "unix", "cvelist": ["CVE-2019-9511", "CVE-2019-9513", "CVE-2019-9516"], "description": "Nginx is a web server and a reverse proxy server for HTTP, SMTP, POP3 (Post Office Protocol 3) and IMAP protocols, with a focus on high concurrency, performance and low memory usage. \n\nSecurity Fix(es):\n\n* HTTP/2: large amount of data request leads to denial of service (CVE-2019-9511)\n\n* HTTP/2: flood using PRIORITY frames resulting in excessive resource consumption (CVE-2019-9513)\n\n* HTTP/2: 0-length headers leads to denial of service (CVE-2019-9516)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2019-09-19T07:34:11", "published": "2019-09-17T12:45:10", "id": "RHSA-2019:2799", "href": "https://access.redhat.com/errata/RHSA-2019:2799", "type": "redhat", "title": "(RHSA-2019:2799) Important: nginx:1.14 security update", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-09-12T14:48:14", "bulletinFamily": "unix", "cvelist": ["CVE-2019-9511", "CVE-2019-9513", "CVE-2019-9516"], "description": "nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage.\n\nSecurity Fix(es):\n\n* HTTP/2: large amount of data request leads to denial of service (CVE-2019-9511)\n\n* HTTP/2: flood using PRIORITY frames resulting in excessive resource consumption (CVE-2019-9513)\n\n* HTTP/2: 0-length headers leads to denial of service (CVE-2019-9516)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2019-09-12T15:41:34", "published": "2019-09-12T15:28:52", "id": "RHSA-2019:2745", "href": "https://access.redhat.com/errata/RHSA-2019:2745", "type": "redhat", "title": "(RHSA-2019:2745) Important: rh-nginx110-nginx security update", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-09-12T14:47:59", "bulletinFamily": "unix", "cvelist": ["CVE-2019-9511", "CVE-2019-9513", "CVE-2019-9516"], "description": "nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage.\n\nSecurity Fix(es):\n\n* HTTP/2: large amount of data request leads to denial of service (CVE-2019-9511)\n\n* HTTP/2: flood using PRIORITY frames resulting in excessive resource consumption (CVE-2019-9513)\n\n* HTTP/2: 0-length headers leads to denial of service (CVE-2019-9516)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2019-09-12T15:52:39", "published": "2019-09-12T15:30:03", "id": "RHSA-2019:2746", "href": "https://access.redhat.com/errata/RHSA-2019:2746", "type": "redhat", "title": "(RHSA-2019:2746) Important: rh-nginx112-nginx security update", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-05-08T05:41:58", "bulletinFamily": "unix", "cvelist": ["CVE-2019-9511", "CVE-2019-9513", "CVE-2019-9516", "CVE-2019-9517"], "description": "Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience.\n\nThis release of Red Hat JBoss Core Services Apache HTTP Server 2.4.29 Service Pack 3 serves as an update to Red Hat JBoss Core Services Apache HTTP Server 2.4.29, and includes bug fixes for CVEs which are linked in the References section.\n\nSecurity Fix(es):\n\n* mod_http2: HTTP/2: 0-length headers leads to denial of service (CVE-2019-9516)\n\n* mod_http2: HTTP/2: request for large response leads to denial of service (CVE-2019-9517)\n\nBug Fix(es):\n\n* nghttp2: Rebase to 1.39.2\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2020-05-08T09:15:30", "published": "2019-10-01T14:18:36", "id": "RHSA-2019:2946", "href": "https://access.redhat.com/errata/RHSA-2019:2946", "type": "redhat", "title": "(RHSA-2019:2946) Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.29 SP3 security update", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-10-03T20:25:36", "bulletinFamily": "unix", "cvelist": ["CVE-2019-9511", "CVE-2019-9512", "CVE-2019-9513", "CVE-2019-9514", "CVE-2019-9516"], "description": "Quay 3.1.1 errata release, including:\n\nSecurity Fix(es):\n\n* HTTP/2: large amount of data requests leads to denial of service (CVE-2019-9511)\n\n* HTTP/2: flood using PING frames results in unbounded memory growth (CVE-2019-9512)\n\n* HTTP/2: flood using PRIORITY frames resulting in excessive resource consumption (CVE-2019-9513)\n\n* HTTP/2: flood using HEADERS frames results in unbounded memory growth (CVE-2019-9514)\n\n* HTTP/2: 0-length headers lead to denial of service (CVE-2019-9516)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* Fixed repository mirror credentials properly escaped to allow special characters\n* Fixed repository mirror UI cancel button enabled\n* Fixed repository mirror UI change next sync date", "modified": "2019-10-03T22:55:54", "published": "2019-10-03T22:55:15", "id": "RHSA-2019:2966", "href": "https://access.redhat.com/errata/RHSA-2019:2966", "type": "redhat", "title": "(RHSA-2019:2966) Important: Red Hat Quay v3.1.1 security update", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-10-14T17:31:13", "bulletinFamily": "unix", "cvelist": ["CVE-2019-9511", "CVE-2019-9513"], "description": "Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an on-premise OpenShift Container Platform installation.\n\nThis advisory covers the RPM packages for the OpenShift Service Mesh 1.0.1 release.\n\nSecurity Fix(es):\n\n* HTTP/2: large amount of data requests leads to denial of service (CVE-2019-9511)\n\n* HTTP/2: flood using PRIORITY frames results in excessive resource consumption (CVE-2019-9513)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2019-10-14T20:51:06", "published": "2019-10-14T20:45:27", "id": "RHSA-2019:3041", "href": "https://access.redhat.com/errata/RHSA-2019:3041", "type": "redhat", "title": "(RHSA-2019:3041) Important: Red Hat OpenShift Service Mesh 1.0.1 RPMs", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-09-09T20:48:45", "bulletinFamily": "unix", "cvelist": ["CVE-2019-9511", "CVE-2019-9513"], "description": "libnghttp2 is a library implementing the Hypertext Transfer Protocol version 2 (HTTP/2) protocol in C.\n\nSecurity Fix(es):\n\n* HTTP/2: large amount of data request leads to denial of service (CVE-2019-9511)\n\n* HTTP/2: flood using PRIORITY frames resulting in excessive resource consumption (CVE-2019-9513)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2019-09-09T23:23:42", "published": "2019-09-09T22:39:39", "id": "RHSA-2019:2692", "href": "https://access.redhat.com/errata/RHSA-2019:2692", "type": "redhat", "title": "(RHSA-2019:2692) Important: nghttp2 security update", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-10-01T12:32:59", "bulletinFamily": "unix", "cvelist": ["CVE-2019-9511", "CVE-2019-9513", "CVE-2019-9517"], "description": "The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.\n\nSecurity Fix(es):\n\n* HTTP/2: large amount of data requests leads to denial of service (CVE-2019-9511)\n\n* HTTP/2: flood using PRIORITY frames resulting in excessive resource consumption (CVE-2019-9513)\n\n* HTTP/2: request for large response leads to denial of service (CVE-2019-9517)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2019-10-01T15:44:30", "published": "2019-10-01T15:23:22", "id": "RHSA-2019:2949", "href": "https://access.redhat.com/errata/RHSA-2019:2949", "type": "redhat", "title": "(RHSA-2019:2949) Important: httpd24-httpd and httpd24-nghttp2 security update", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "hackerone": [{"lastseen": "2020-02-06T20:36:56", "bulletinFamily": "bugbounty", "bounty": 0.0, "cvelist": ["CVE-2019-9511", "CVE-2019-9513", "CVE-2019-9516"], "description": "## Summary:\nI found a version disclosure (Nginx) in your web server's HTTP response.\n\n***Extracted Version:*** 1.16.1\n\nThis information might help an attacker gain a greater understanding of the systems in use and potentially develop further attacks targeted at the specific version of Nginx.\n\n## Steps To Reproduce:\n\n***Checkout the URL:** https://localizestaging.com/\n\nCheckout the header response:\n\nHTTP/1.1 200 OK\nContent-Type: text/html; charset=utf-8\nConnection: close\nDate: Sun, 26 Jan 2020 21:37:55 GMT\nServer: nginx/1.16.1\nVary: Accept-Encoding\nX-DNS-Prefetch-Control: off\nX-Content-Type-Options: nosniff\nX-XSS-Protection: 1; mode=block\nContent-Security-Policy: object-src 'none'; base-uri https://localizestaging.com; frame-ancestors https://localize.live\nETag: W/\"883d-dUYoyQDdg3V8h1QICXD3rs4\"\nX-Cache: Miss from cloudfront\nVia: 1.1 5157dedfe33ef5a309f236599901abe3.cloudfront.net (CloudFront)\nX-Amz-Cf-Pop: SIN52-C3\nX-Amz-Cf-Id: \nContent-Length: 34877\n\nPoC : F696981: Server Disclosure .jpg \n\n## Supporting Material/References:\n***Number of vulnerabilities:*** 3\n***CVE IDs:*** \t\n1. CVE-2019-9511\n2. CVE-2019-9513\n3. CVE-2019-9516\n\n##1) Resource exhaustion\nSeverity: Medium\nCVE-ID: CVE-2019-9511\nCWE-ID: CWE-400 - Uncontrolled Resource Consumption ('Resource Exhaustion')\n***Description***\nThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.\nThe vulnerability exists due to improper input validation when processing HTTP/2 requests. A remote attacker can send a specially crafted HTTP/2 request the affected server, consume all available CPU resources and perform a denial of service (DoS) attack.\nSuccessful exploitation of the vulnerability requires that support for HTTP/2 is enabled.\n***Mitigation***\nInstall updates from vendor's website.\n\n##2) Resource exhaustion\nSeverity: Medium\nCVE-ID: CVE-2019-9513\nCWE-ID: CWE-400 - Uncontrolled Resource Consumption ('Resource Exhaustion')\n***Description***\nThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.\n\nThe vulnerability exists due to improper input validation when processing HTTP/2 requests. A remote attacker can send a specially crafted HTTP/2 request the affected server, consume all available CPU resources and perform a denial of service (DoS) attack.\nSuccessful exploitation of the vulnerability requires that support for HTTP/2 is enabled.\n***Mitigation***\nInstall updates from vendor's website.\n\n##3) Resource exhaustion\nSeverity: Medium\nCVE-ID: CVE-2019-9516\n\nCWE-ID: CWE-400 - Uncontrolled Resource Consumption ('Resource Exhaustion')\n***Description***\nThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.\n\nThe vulnerability exists due to improper input validation when processing HTTP/2 requests within the ngx_http_v2_module module. A remote attacker can send a specially crafted HTTP/2 request the affected server, consume all available CPU resources and perform a denial of service (DoS) attack.\nSuccessful exploitation of the vulnerability requires that support for HTTP/2 is enabled.\n***Mitigation***\nInstall updates from vendor's website.\n\n***More details:*** https://www.cybersecurity-help.cz/vdb/SB2019081323\n\n## Impact\n\nAn attacker might use the disclosed information to harvest specific security vulnerabilities for the version identified.\n\nAdd the following line to your nginx.conf file to prevent information leakage from the SERVER header of its HTTP response:\n\n```server_tokens off```", "modified": "2020-02-06T20:07:24", "published": "2020-01-26T21:54:31", "id": "H1:783852", "href": "https://hackerone.com/reports/783852", "type": "hackerone", "title": "Localize: Nginx version is disclosed in HTTP response", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "openvas": [{"lastseen": "2020-01-31T16:54:22", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-9511", "CVE-2019-9513", "CVE-2019-9516"], "description": "The remote host is missing an update for the ", "modified": "2020-01-31T00:00:00", "published": "2019-10-07T00:00:00", "id": "OPENVAS:1361412562310852731", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310852731", "type": "openvas", "title": "openSUSE: Security Advisory for nginx (openSUSE-SU-2019:2264-1)", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.852731\");\n script_version(\"2020-01-31T08:04:39+0000\");\n script_cve_id(\"CVE-2019-9511\", \"CVE-2019-9513\", \"CVE-2019-9516\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:04:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-10-07 02:01:27 +0000 (Mon, 07 Oct 2019)\");\n script_name(\"openSUSE: Security Advisory for nginx (openSUSE-SU-2019:2264-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap15\\.0\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2019:2264-1\");\n script_xref(name:\"URL\", value:\"https://lists.opensuse.org/opensuse-security-announce/2019-10/msg00014.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'nginx'\n package(s) announced via the openSUSE-SU-2019:2264-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for nginx fixes the following issues:\n\n Security issues fixed:\n\n - CVE-2019-9511: Fixed a denial of service by manipulating the window size\n and stream prioritization (bsc#1145579).\n\n - CVE-2019-9513: Fixed a denial of service caused by resource loops\n (bsc#1145580).\n\n - CVE-2019-9516: Fixed a denial of service caused by header leaks\n (bsc#1145582).\n\n This update was imported from the SUSE:SLE-15:Update update project.\n\n Patch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended\n installation methods\n like YaST online_update or 'zypper patch'.\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.0:\n\n zypper in -t patch openSUSE-2019-2264=1\");\n\n script_tag(name:\"affected\", value:\"'nginx' package(s) on openSUSE Leap 15.0.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap15.0\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"nginx\", rpm:\"nginx~1.14.2~lp150.2.11.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"nginx-debuginfo\", rpm:\"nginx-debuginfo~1.14.2~lp150.2.11.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"nginx-debugsource\", rpm:\"nginx-debugsource~1.14.2~lp150.2.11.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"vim-plugin-nginx\", rpm:\"vim-plugin-nginx~1.14.2~lp150.2.11.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-08-26T12:49:28", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-9511", "CVE-2019-9513", "CVE-2019-9516"], "description": "The remote host is missing an update for the ", "modified": "2019-08-24T00:00:00", "published": "2019-08-24T00:00:00", "id": "OPENVAS:1361412562310704505", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310704505", "type": "openvas", "title": "Debian Security Advisory DSA 4505-1 (nginx - security update)", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.704505\");\n script_version(\"2019-08-24T02:00:13+0000\");\n script_cve_id(\"CVE-2019-9511\", \"CVE-2019-9513\", \"CVE-2019-9516\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-08-24 02:00:13 +0000 (Sat, 24 Aug 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-08-24 02:00:13 +0000 (Sat, 24 Aug 2019)\");\n script_name(\"Debian Security Advisory DSA 4505-1 (nginx - security update)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB(10|9)\");\n\n script_xref(name:\"URL\", value:\"https://www.debian.org/security/2019/dsa-4505.html\");\n script_xref(name:\"URL\", value:\"https://security-tracker.debian.org/tracker/DSA-4505-1\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'nginx'\n package(s) announced via the DSA-4505-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Three vulnerabilities were discovered in the HTTP/2 code of Nginx, a\nhigh-performance web and reverse proxy server, which could result in\ndenial of service.\");\n\n script_tag(name:\"affected\", value:\"'nginx' package(s) on Debian Linux.\");\n\n script_tag(name:\"solution\", value:\"For the oldstable distribution (stretch), these problems have been fixed\nin version 1.10.3-1+deb9u3.\n\nFor the stable distribution (buster), these problems have been fixed in\nversion 1.14.2-2+deb10u1.\n\nWe recommend that you upgrade your nginx packages.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"libnginx-mod-http-auth-pam\", ver:\"1.14.2-2+deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libnginx-mod-http-cache-purge\", ver:\"1.14.2-2+deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libnginx-mod-http-dav-ext\", ver:\"1.14.2-2+deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libnginx-mod-http-echo\", ver:\"1.14.2-2+deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libnginx-mod-http-fancyindex\", ver:\"1.14.2-2+deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libnginx-mod-http-geoip\", ver:\"1.14.2-2+deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libnginx-mod-http-headers-more-filter\", ver:\"1.14.2-2+deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libnginx-mod-http-image-filter\", ver:\"1.14.2-2+deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libnginx-mod-http-lua\", ver:\"1.14.2-2+deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libnginx-mod-http-ndk\", ver:\"1.14.2-2+deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libnginx-mod-http-perl\", ver:\"1.14.2-2+deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libnginx-mod-http-subs-filter\", ver:\"1.14.2-2+deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libnginx-mod-http-uploadprogress\", ver:\"1.14.2-2+deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libnginx-mod-http-upstream-fair\", ver:\"1.14.2-2+deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libnginx-mod-http-xslt-filter\", ver:\"1.14.2-2+deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libnginx-mod-mail\", ver:\"1.14.2-2+deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libnginx-mod-nchan\", ver:\"1.14.2-2+deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libnginx-mod-rtmp\", ver:\"1.14.2-2+deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libnginx-mod-stream\", ver:\"1.14.2-2+deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"nginx\", ver:\"1.14.2-2+deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"nginx-common\", ver:\"1.14.2-2+deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"nginx-doc\", ver:\"1.14.2-2+deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"nginx-extras\", ver:\"1.14.2-2+deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"nginx-full\", ver:\"1.14.2-2+deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"nginx-light\", ver:\"1.14.2-2+deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libnginx-mod-http-auth-pam\", ver:\"1.10.3-1+deb9u3\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libnginx-mod-http-cache-purge\", ver:\"1.10.3-1+deb9u3\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libnginx-mod-http-dav-ext\", ver:\"1.10.3-1+deb9u3\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libnginx-mod-http-echo\", ver:\"1.10.3-1+deb9u3\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libnginx-mod-http-fancyindex\", ver:\"1.10.3-1+deb9u3\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libnginx-mod-http-geoip\", ver:\"1.10.3-1+deb9u3\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libnginx-mod-http-headers-more-filter\", ver:\"1.10.3-1+deb9u3\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libnginx-mod-http-image-filter\", ver:\"1.10.3-1+deb9u3\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libnginx-mod-http-lua\", ver:\"1.10.3-1+deb9u3\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libnginx-mod-http-ndk\", ver:\"1.10.3-1+deb9u3\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libnginx-mod-http-perl\", ver:\"1.10.3-1+deb9u3\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libnginx-mod-http-subs-filter\", ver:\"1.10.3-1+deb9u3\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libnginx-mod-http-uploadprogress\", ver:\"1.10.3-1+deb9u3\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libnginx-mod-http-upstream-fair\", ver:\"1.10.3-1+deb9u3\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libnginx-mod-http-xslt-filter\", ver:\"1.10.3-1+deb9u3\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libnginx-mod-mail\", ver:\"1.10.3-1+deb9u3\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libnginx-mod-nchan\", ver:\"1.10.3-1+deb9u3\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libnginx-mod-stream\", ver:\"1.10.3-1+deb9u3\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"nginx\", ver:\"1.10.3-1+deb9u3\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"nginx-common\", ver:\"1.10.3-1+deb9u3\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"nginx-doc\", ver:\"1.10.3-1+deb9u3\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"nginx-extras\", ver:\"1.10.3-1+deb9u3\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"nginx-full\", ver:\"1.10.3-1+deb9u3\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"nginx-light\", ver:\"1.10.3-1+deb9u3\", rls:\"DEB9\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}\n\nexit(0);", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-08-27T12:41:26", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-9511", "CVE-2019-9513", "CVE-2019-9516"], "description": "nginx is prone to multiple denial of service vulnerabilities in the HTTP/2\n implementation.", "modified": "2019-08-27T00:00:00", "published": "2019-08-27T00:00:00", "id": "OPENVAS:1361412562310142802", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310142802", "type": "openvas", "title": "nginx HTTP/2 Multiple Vulnerablilities", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nCPE = \"cpe:/a:nginx:nginx\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.142802\");\n script_version(\"2019-08-27T05:04:04+0000\");\n script_tag(name:\"last_modification\", value:\"2019-08-27 05:04:04 +0000 (Tue, 27 Aug 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-08-27 04:48:10 +0000 (Tue, 27 Aug 2019)\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n\n script_cve_id(\"CVE-2019-9511\", \"CVE-2019-9513\", \"CVE-2019-9516\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_name(\"nginx HTTP/2 Multiple Vulnerablilities\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"This script is Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Denial of Service\");\n script_dependencies(\"nginx_detect.nasl\");\n script_mandatory_keys(\"nginx/installed\");\n\n script_tag(name:\"summary\", value:\"nginx is prone to multiple denial of service vulnerabilities in the HTTP/2\n implementation.\");\n\n script_tag(name:\"insight\", value:\"Several security issues were identified in nginx HTTP/2 implementation, which\n might cause excessive memory consumption and CPU usage (CVE-2019-9511, CVE-2019-9513, CVE-2019-9516).\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"affected\", value:\"nginx versions 1.9.5 - 1.17.2.\");\n\n script_tag(name:\"solution\", value:\"Update to version 1.16.1, 1.17.3 or later.\");\n\n script_xref(name:\"URL\", value:\"https://mailman.nginx.org/pipermail/nginx-announce/2019/000249.html\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif (!port = get_app_port(cpe: CPE))\n exit(0);\n\nif (!version = get_app_version(cpe: CPE, port: port))\n exit(0);\n\nif (version_in_range(version: version, test_version: \"1.9.5\", test_version2: \"1.16.0\")) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"1.16.1\");\n security_message(port: port, data: report);\n exit(0);\n}\n\nif (version_in_range(version: version, test_version: \"1.17\", test_version2: \"1.17.2\")) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"1.17.3\");\n security_message(port: port, data: report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-08-28T14:47:59", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-9511", "CVE-2019-9513", "CVE-2019-9516"], "description": "The remote host is missing an update for the ", "modified": "2019-08-27T00:00:00", "published": "2019-08-16T00:00:00", "id": "OPENVAS:1361412562310844139", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310844139", "type": "openvas", "title": "Ubuntu Update for nginx USN-4099-1", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.844139\");\n script_version(\"2019-08-27T07:56:59+0000\");\n script_cve_id(\"CVE-2019-9511\", \"CVE-2019-9513\", \"CVE-2019-9516\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-08-27 07:56:59 +0000 (Tue, 27 Aug 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-08-16 02:00:40 +0000 (Fri, 16 Aug 2019)\");\n script_name(\"Ubuntu Update for nginx USN-4099-1\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=(UBUNTU18\\.04 LTS|UBUNTU19\\.04|UBUNTU16\\.04 LTS)\");\n\n script_xref(name:\"USN\", value:\"4099-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-4099-1/\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'nginx'\n package(s) announced via the USN-4099-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Jonathan Looney discovered that nginx incorrectly handled the HTTP/2\nimplementation. A remote attacker could possibly use this issue to consume\nresources, leading to a denial of service.\");\n\n script_tag(name:\"affected\", value:\"'nginx' package(s) on Ubuntu 19.04, Ubuntu 18.04 LTS, Ubuntu 16.04 LTS.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"UBUNTU18.04 LTS\") {\n\n if(!isnull(res = isdpkgvuln(pkg:\"nginx-common\", ver:\"1.14.0-0ubuntu1.4\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"nginx-core\", ver:\"1.14.0-0ubuntu1.4\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"nginx-extras\", ver:\"1.14.0-0ubuntu1.4\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"nginx-full\", ver:\"1.14.0-0ubuntu1.4\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"nginx-light\", ver:\"1.14.0-0ubuntu1.4\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nif(release == \"UBUNTU19.04\") {\n\n if(!isnull(res = isdpkgvuln(pkg:\"nginx-common\", ver:\"1.15.9-0ubuntu1.1\", rls:\"UBUNTU19.04\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"nginx-core\", ver:\"1.15.9-0ubuntu1.1\", rls:\"UBUNTU19.04\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"nginx-extras\", ver:\"1.15.9-0ubuntu1.1\", rls:\"UBUNTU19.04\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"nginx-full\", ver:\"1.15.9-0ubuntu1.1\", rls:\"UBUNTU19.04\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"nginx-light\", ver:\"1.15.9-0ubuntu1.1\", rls:\"UBUNTU19.04\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nif(release == \"UBUNTU16.04 LTS\") {\n\n if(!isnull(res = isdpkgvuln(pkg:\"nginx-common\", ver:\"1.10.3-0ubuntu0.16.04.4\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"nginx-core\", ver:\"1.10.3-0ubuntu0.16.04.4\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"nginx-extras\", ver:\"1.10.3-0ubuntu0.16.04.4\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"nginx-full\", ver:\"1.10.3-0ubuntu0.16.04.4\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"nginx-light\", ver:\"1.10.3-0ubuntu0.16.04.4\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-01-27T18:36:48", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-9511", "CVE-2019-9513", "CVE-2018-16843", "CVE-2018-16844", "CVE-2019-9516"], "description": "The remote host is missing an update for the Huawei EulerOS\n ", "modified": "2020-01-23T00:00:00", "published": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220192084", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220192084", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for nginx (EulerOS-SA-2019-2084)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.2084\");\n script_version(\"2020-01-23T12:33:49+0000\");\n script_cve_id(\"CVE-2018-16843\", \"CVE-2018-16844\", \"CVE-2019-9511\", \"CVE-2019-9513\", \"CVE-2019-9516\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 12:33:49 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 12:33:49 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for nginx (EulerOS-SA-2019-2084)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP8\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-2084\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2084\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'nginx' package(s) announced via the EulerOS-SA-2019-2084 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the implementation of HTTP/2 that can allow for excessive memory consumption. This issue affects nginx compiled with the ngx_http_v2_module (not compiled by default) if the 'http2' option of the 'listen' directive is used in a configuration file.(CVE-2018-16843)\n\nnginx before versions 1.15.6 and 1.14.1 has a vulnerability in the implementation of HTTP/2 that can allow for excessive CPU usage. This issue affects nginx compiled with the ngx_http_v2_module (not compiled by default) if the 'http2' option of the 'listen' directive is used in a configuration file.(CVE-2018-16844)\n\nSome HTTP/2 implementations are vulnerable to resource loops, potentially leading to a denial of service. The attacker creates multiple request streams and continually shuffles the priority of the streams in a way that causes substantial churn to the priority tree. This can consume excess CPU.(CVE-2019-9513)\n\nSome HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service. The attacker requests a large amount of data from a specified resource over multiple streams. They manipulate window size and stream priority to force the server to queue the data in 1-byte chunks. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both.(CVE-2019-9511)\n\nSome HTTP/2 implementations are vulnerable to a header leak, potentially leading to a denial of service. The attacker sends a stream of headers with a 0-length header name and 0-length header value, optionally Huffman encoded into 1-byte or greater headers. Some implementations allocate memory for these headers and keep the allocation alive until the session dies. This can consume excess memory.(CVE-2019-9516)\");\n\n script_tag(name:\"affected\", value:\"'nginx' package(s) on Huawei EulerOS V2.0SP8.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP8\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"nginx\", rpm:\"nginx~1.12.1~14.h1.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"nginx-all-modules\", rpm:\"nginx-all-modules~1.12.1~14.h1.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"nginx-filesystem\", rpm:\"nginx-filesystem~1.12.1~14.h1.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"nginx-mod-http-image-filter\", rpm:\"nginx-mod-http-image-filter~1.12.1~14.h1.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"nginx-mod-http-perl\", rpm:\"nginx-mod-http-perl~1.12.1~14.h1.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"nginx-mod-http-xslt-filter\", rpm:\"nginx-mod-http-xslt-filter~1.12.1~14.h1.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"nginx-mod-mail\", rpm:\"nginx-mod-mail~1.12.1~14.h1.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"nginx-mod-stream\", rpm:\"nginx-mod-stream~1.12.1~14.h1.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-09-04T14:53:04", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-9511", "CVE-2019-9513"], "description": "The remote host is missing an update for the ", "modified": "2019-09-03T00:00:00", "published": "2019-09-03T00:00:00", "id": "OPENVAS:1361412562310704511", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310704511", "type": "openvas", "title": "Debian Security Advisory DSA 4511-1 (nghttp2 - security update)", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.704511\");\n script_version(\"2019-09-03T02:00:09+0000\");\n script_cve_id(\"CVE-2019-9511\", \"CVE-2019-9513\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-09-03 02:00:09 +0000 (Tue, 03 Sep 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-09-03 02:00:09 +0000 (Tue, 03 Sep 2019)\");\n script_name(\"Debian Security Advisory DSA 4511-1 (nghttp2 - security update)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB(9|10)\");\n\n script_xref(name:\"URL\", value:\"https://www.debian.org/security/2019/dsa-4511.html\");\n script_xref(name:\"URL\", value:\"https://security-tracker.debian.org/tracker/DSA-4511-1\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'nghttp2'\n package(s) announced via the DSA-4511-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Two vulnerabilities were discovered in the HTTP/2 code of the nghttp2\nHTTP server, which could result in denial of service.\");\n\n script_tag(name:\"affected\", value:\"'nghttp2' package(s) on Debian Linux.\");\n\n script_tag(name:\"solution\", value:\"For the oldstable distribution (stretch), these problems have been fixed\nin version 1.18.1-1+deb9u1.\n\nFor the stable distribution (buster), these problems have been fixed in\nversion 1.36.0-2+deb10u1.\n\nWe recommend that you upgrade your nghttp2 packages.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"libnghttp2-14\", ver:\"1.18.1-1+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libnghttp2-dev\", ver:\"1.18.1-1+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libnghttp2-doc\", ver:\"1.18.1-1+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"nghttp2\", ver:\"1.18.1-1+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"nghttp2-client\", ver:\"1.18.1-1+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"nghttp2-proxy\", ver:\"1.18.1-1+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"nghttp2-server\", ver:\"1.18.1-1+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libnghttp2-14\", ver:\"1.36.0-2+deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libnghttp2-dev\", ver:\"1.36.0-2+deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libnghttp2-doc\", ver:\"1.36.0-2+deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"nghttp2\", ver:\"1.36.0-2+deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"nghttp2-client\", ver:\"1.36.0-2+deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"nghttp2-proxy\", ver:\"1.36.0-2+deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"nghttp2-server\", ver:\"1.36.0-2+deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}\n\nexit(0);", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-01-31T16:30:12", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-9511", "CVE-2019-9513"], "description": "The remote host is missing an update for the ", "modified": "2020-01-31T00:00:00", "published": "2020-01-09T00:00:00", "id": "OPENVAS:1361412562310852933", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310852933", "type": "openvas", "title": "openSUSE: Security Advisory for nghttp2 (openSUSE-SU-2019:2232-1)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.852933\");\n script_version(\"2020-01-31T08:04:39+0000\");\n script_cve_id(\"CVE-2019-9511\", \"CVE-2019-9513\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:04:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-09 09:46:36 +0000 (Thu, 09 Jan 2020)\");\n script_name(\"openSUSE: Security Advisory for nghttp2 (openSUSE-SU-2019:2232-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap15\\.1\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2019:2232-1\");\n script_xref(name:\"URL\", value:\"https://lists.opensuse.org/opensuse-security-announce/2019-10/msg00003.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'nghttp2'\n package(s) announced via the openSUSE-SU-2019:2232-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for nghttp2 fixes the following issues:\n\n Security issues fixed:\n\n - CVE-2019-9513: Fixed HTTP/2 implementation that is vulnerable to\n resource loops, potentially leading to a denial of service (bsc#1146184).\n\n - CVE-2019-9511: Fixed HTTP/2 implementations that are vulnerable to\n window size manipulation and stream prioritization manipulation,\n potentially leading to a denial of service (bsc#11461).\n\n Bug fixes and enhancements:\n\n - Fixed mistake in spec file (bsc#1125689)\n\n - Fixed build issue with boost 1.70.0 (bsc#1134616)\n\n - Feature: Add W&S module (FATE#326776, bsc#1112438)\n\n This update was imported from the SUSE:SLE-15:Update update project.\n\n Patch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended\n installation methods\n like YaST online_update or 'zypper patch'.\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.1:\n\n zypper in -t patch openSUSE-2019-2232=1\");\n\n script_tag(name:\"affected\", value:\"'nghttp2' package(s) on openSUSE Leap 15.1.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap15.1\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"libnghttp2-14\", rpm:\"libnghttp2-14~1.39.2~lp151.3.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libnghttp2-14-debuginfo\", rpm:\"libnghttp2-14-debuginfo~1.39.2~lp151.3.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libnghttp2-devel\", rpm:\"libnghttp2-devel~1.39.2~lp151.3.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libnghttp2_asio-devel\", rpm:\"libnghttp2_asio-devel~1.39.2~lp151.3.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libnghttp2_asio1\", rpm:\"libnghttp2_asio1~1.39.2~lp151.3.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libnghttp2_asio1-debuginfo\", rpm:\"libnghttp2_asio1-debuginfo~1.39.2~lp151.3.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"nghttp2\", rpm:\"nghttp2~1.39.2~lp151.3.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"nghttp2-debuginfo\", rpm:\"nghttp2-debuginfo~1.39.2~lp151.3.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"nghttp2-debugsource\", rpm:\"nghttp2-debugsource~1.39.2~lp151.3.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"nghttp2-python-debugsource\", rpm:\"nghttp2-python-debugsource~1.39.2~lp151.3.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python3-nghttp2\", rpm:\"python3-nghttp2~1.39.2~lp151.3.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python3-nghttp2-debuginfo\", rpm:\"python3-nghttp2-debuginfo~1.39.2~lp151.3.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libnghttp2-14-32bit\", rpm:\"libnghttp2-14-32bit~1.39.2~lp151.3.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libnghttp2-14-32bit-debuginfo\", rpm:\"libnghttp2-14-32bit-debuginfo~1.39.2~lp151.3.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libnghttp2_asio1-32bit\", rpm:\"libnghttp2_asio1-32bit~1.39.2~lp151.3.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libnghttp2_asio1-32bit-debuginfo\", rpm:\"libnghttp2_asio1-32bit-debuginfo~1.39.2~lp151.3.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-08-29T14:46:39", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-9511", "CVE-2019-9513"], "description": "The remote host is missing an update for the\n ", "modified": "2019-08-29T00:00:00", "published": "2019-08-23T00:00:00", "id": "OPENVAS:1361412562310876712", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310876712", "type": "openvas", "title": "Fedora Update for nghttp2 FEDORA-2019-81985a8858", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.876712\");\n script_version(\"2019-08-29T08:12:40+0000\");\n script_cve_id(\"CVE-2019-9511\", \"CVE-2019-9513\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-08-29 08:12:40 +0000 (Thu, 29 Aug 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-08-23 02:24:05 +0000 (Fri, 23 Aug 2019)\");\n script_name(\"Fedora Update for nghttp2 FEDORA-2019-81985a8858\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC30\");\n\n script_xref(name:\"FEDORA\", value:\"2019-81985a8858\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZLUYPYY3RX4ZJDWZRJIKSULYRJ4PXW7\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the\n 'nghttp2' package(s) announced via the FEDORA-2019-81985a8858 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is\n present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This package contains the HTTP/2 client,\n server and proxy programs.\");\n\n script_tag(name:\"affected\", value:\"'nghttp2' package(s) on Fedora 30.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC30\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"nghttp2\", rpm:\"nghttp2~1.39.2~1.fc30\", rls:\"FC30\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-08-31T16:47:03", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-9511", "CVE-2019-9513"], "description": "The remote host is missing an update for the ", "modified": "2019-08-30T00:00:00", "published": "2019-08-29T00:00:00", "id": "OPENVAS:1361412562310876724", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310876724", "type": "openvas", "title": "Fedora Update for nghttp2 FEDORA-2019-8a437d5c2f", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.876724\");\n script_version(\"2019-08-30T11:09:32+0000\");\n script_cve_id(\"CVE-2019-9511\", \"CVE-2019-9513\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-08-30 11:09:32 +0000 (Fri, 30 Aug 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-08-29 02:25:05 +0000 (Thu, 29 Aug 2019)\");\n script_name(\"Fedora Update for nghttp2 FEDORA-2019-8a437d5c2f\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC29\");\n\n script_xref(name:\"FEDORA\", value:\"2019-8a437d5c2f\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JUBYAF6ED3O4XCHQ5C2HYENJLXYXZC4M\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'nghttp2'\n package(s) announced via the FEDORA-2019-8a437d5c2f advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This package contains the HTTP/2 client, server and proxy programs.\");\n\n script_tag(name:\"affected\", value:\"'nghttp2' package(s) on Fedora 29.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC29\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"nghttp2\", rpm:\"nghttp2~1.39.2~1.fc29\", rls:\"FC29\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-01-31T16:51:02", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-9511", "CVE-2019-9513"], "description": "The remote host is missing an update for the ", "modified": "2020-01-31T00:00:00", "published": "2019-10-02T00:00:00", "id": "OPENVAS:1361412562310852724", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310852724", "type": "openvas", "title": "openSUSE: Security Advisory for nghttp2 (openSUSE-SU-2019:2234-1)", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.852724\");\n script_version(\"2020-01-31T08:04:39+0000\");\n script_cve_id(\"CVE-2019-9511\", \"CVE-2019-9513\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:04:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-10-02 02:00:55 +0000 (Wed, 02 Oct 2019)\");\n script_name(\"openSUSE: Security Advisory for nghttp2 (openSUSE-SU-2019:2234-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap15\\.0\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2019:2234-1\");\n script_xref(name:\"URL\", value:\"https://lists.opensuse.org/opensuse-security-announce/2019-10/msg00005.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'nghttp2'\n package(s) announced via the openSUSE-SU-2019:2234-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for nghttp2 fixes the following issues:\n\n Security issues fixed:\n\n - CVE-2019-9513: Fixed HTTP/2 implementation that is vulnerable to\n resource loops, potentially leading to a denial of service (bsc#1146184).\n\n - CVE-2019-9511: Fixed HTTP/2 implementations that are vulnerable to\n window size manipulation and stream prioritization manipulation,\n potentially leading to a denial of service (bsc#11461).\n\n Bug fixes and enhancements:\n\n - Fixed mistake in spec file (bsc#1125689)\n\n - Fixed build issue with boost 1.70.0 (bsc#1134616)\n\n - Feature: Add W&S module (FATE#326776, bsc#1112438)\n\n This update was imported from the SUSE:SLE-15:Update update project.\n\n Patch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended\n installation methods\n like YaST online_update or 'zypper patch'.\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.0:\n\n zypper in -t patch openSUSE-2019-2234=1\");\n\n script_tag(name:\"affected\", value:\"'nghttp2' package(s) on openSUSE Leap 15.0.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap15.0\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"libnghttp2-14\", rpm:\"libnghttp2-14~1.39.2~lp150.2.3.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libnghttp2-14-debuginfo\", rpm:\"libnghttp2-14-debuginfo~1.39.2~lp150.2.3.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libnghttp2-devel\", rpm:\"libnghttp2-devel~1.39.2~lp150.2.3.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libnghttp2_asio-devel\", rpm:\"libnghttp2_asio-devel~1.39.2~lp150.2.3.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libnghttp2_asio1\", rpm:\"libnghttp2_asio1~1.39.2~lp150.2.3.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libnghttp2_asio1-debuginfo\", rpm:\"libnghttp2_asio1-debuginfo~1.39.2~lp150.2.3.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"nghttp2\", rpm:\"nghttp2~1.39.2~lp150.2.3.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"nghttp2-debuginfo\", rpm:\"nghttp2-debuginfo~1.39.2~lp150.2.3.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"nghttp2-debugsource\", rpm:\"nghttp2-debugsource~1.39.2~lp150.2.3.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"nghttp2-python-debugsource\", rpm:\"nghttp2-python-debugsource~1.39.2~lp150.2.3.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python3-nghttp2\", rpm:\"python3-nghttp2~1.39.2~lp150.2.3.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python3-nghttp2-debuginfo\", rpm:\"python3-nghttp2-debuginfo~1.39.2~lp150.2.3.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libnghttp2-14-32bit\", rpm:\"libnghttp2-14-32bit~1.39.2~lp150.2.3.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libnghttp2-14-32bit-debuginfo\", rpm:\"libnghttp2-14-32bit-debuginfo~1.39.2~lp150.2.3.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libnghttp2_asio1-32bit\", rpm:\"libnghttp2_asio1-32bit~1.39.2~lp150.2.3.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libnghttp2_asio1-32bit-debuginfo\", rpm:\"libnghttp2_asio1-32bit-debuginfo~1.39.2~lp150.2.3.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "symantec": [{"lastseen": "2019-08-22T22:49:44", "bulletinFamily": "software", "cvelist": ["CVE-2019-9513"], "description": "### Description\n\nMicrosoft Windows is prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to cause the affected system to become unresponsive, resulting in a denial-of-service condition.\n\n### Technologies Affected\n\n * Microsoft Windows 10 Version 1607 for 32-bit Systems \n * Microsoft Windows 10 Version 1607 for x64-based Systems \n * Microsoft Windows 10 Version 1709 for ARM64-based Systems \n * Microsoft Windows 10 Version 1803 for 32-bit Systems \n * Microsoft Windows 10 Version 1803 for ARM64-based Systems \n * Microsoft Windows 10 Version 1803 for x64-based Systems \n * Microsoft Windows 10 Version 1809 for 32-bit Systems \n * Microsoft Windows 10 Version 1809 for ARM64-based Systems \n * Microsoft Windows 10 Version 1809 for x64-based Systems \n * Microsoft Windows 10 Version 1903 for 32-bit Systems \n * Microsoft Windows 10 Version 1903 for ARM64-based Systems \n * Microsoft Windows 10 Version 1903 for x64-based Systems \n * Microsoft Windows 10 for 32-bit Systems \n * Microsoft Windows 10 for x64-based Systems \n * Microsoft Windows 10 version 1703 for 32-bit Systems \n * Microsoft Windows 10 version 1703 for x64-based Systems \n * Microsoft Windows 10 version 1709 for 32-bit Systems \n * Microsoft Windows 10 version 1709 for x64-based Systems \n * Microsoft Windows Server 1803 \n * Microsoft Windows Server 1903 \n * Microsoft Windows Server 2016 \n * Microsoft Windows Server 2019 \n * RFC 7540 HTTP/2 \n\n### Recommendations\n\n**Block external access at the network boundary, unless external parties require service.** \nIf global access isn't needed, filter access to the affected computer at the network boundary. Restricting access to only trusted computers and networks might greatly reduce the likelihood of exploits.\n\n**Deploy network intrusion detection systems to monitor network traffic for malicious activity.** \nDeploy NIDS to monitor network traffic for signs of anomalous or suspicious activity. This includes unexplained incoming and outgoing traffic. This may indicate exploit attempts or activity that results from successful exploits.\n\nUpdates are available. Please see the references or vendor advisory for more information.\n", "modified": "2019-08-13T00:00:00", "published": "2019-08-13T00:00:00", "id": "SMNTC-109633", "href": "https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/109633", "type": "symantec", "title": "Microsoft Windows 'HTTP.sys' CVE-2019-9513 Denial of Service Vulnerability", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2019-08-22T22:49:38", "bulletinFamily": "software", "cvelist": ["CVE-2019-9511"], "description": "### Description\n\nMicrosoft Windows is prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to cause the affected system to become unresponsive, resulting in a denial-of-service condition.\n\n### Technologies Affected\n\n * Microsoft Windows 10 Version 1607 for 32-bit Systems \n * Microsoft Windows 10 Version 1607 for x64-based Systems \n * Microsoft Windows 10 Version 1709 for ARM64-based Systems \n * Microsoft Windows 10 Version 1803 for 32-bit Systems \n * Microsoft Windows 10 Version 1803 for ARM64-based Systems \n * Microsoft Windows 10 Version 1803 for x64-based Systems \n * Microsoft Windows 10 Version 1809 for 32-bit Systems \n * Microsoft Windows 10 Version 1809 for ARM64-based Systems \n * Microsoft Windows 10 Version 1809 for x64-based Systems \n * Microsoft Windows 10 Version 1903 for 32-bit Systems \n * Microsoft Windows 10 Version 1903 for ARM64-based Systems \n * Microsoft Windows 10 Version 1903 for x64-based Systems \n * Microsoft Windows 10 for 32-bit Systems \n * Microsoft Windows 10 for x64-based Systems \n * Microsoft Windows 10 version 1703 for 32-bit Systems \n * Microsoft Windows 10 version 1703 for x64-based Systems \n * Microsoft Windows 10 version 1709 for 32-bit Systems \n * Microsoft Windows 10 version 1709 for x64-based Systems \n * Microsoft Windows Server 1803 \n * Microsoft Windows Server 1903 \n * Microsoft Windows Server 2016 \n * Microsoft Windows Server 2019 \n * RFC 7540 HTTP/2 \n\n### Recommendations\n\n**Block external access at the network boundary, unless external parties require service.** \nIf global access isn't needed, filter access to the affected computer at the network boundary. Restricting access to only trusted computers and networks might greatly reduce the likelihood of exploits.\n\n**Deploy network intrusion detection systems to monitor network traffic for malicious activity.** \nDeploy NIDS to monitor network traffic for signs of anomalous or suspicious activity. This includes unexplained incoming and outgoing traffic. This may indicate exploit attempts or activity that results from successful exploits.\n\nUpdates are available. Please see the references or vendor advisory for more information.\n", "modified": "2019-08-13T00:00:00", "published": "2019-08-13T00:00:00", "id": "SMNTC-109625", "href": "https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/109625", "type": "symantec", "title": "Microsoft Windows 'HTTP.sys' CVE-2019-9511 Denial of Service Vulnerability", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2021-01-13T02:48:16", "bulletinFamily": "software", "cvelist": ["CVE-2017-7529", "CVE-2018-16843", "CVE-2018-16844", "CVE-2018-16845", "CVE-2019-9511", "CVE-2019-9513", "CVE-2019-9516"], "description": "**Summary**\n\nSymantec SWG products using affected versions of Nginx may be susceptible to multiple Nginx vulnerabilities. A remote attacker can use crafted requests to obtain sensitive information or cause denial of service. An attacker can also obtain sensitive information or cause denial of service by triggering Nginx to stream crafted MP4 files. \n** **\n\n**Affected Product(s)**\n\n**Content Analysis (CA)** \n--- \n**CVE** | **Supported Version(s)** | **Remediation** \nCVE-2017-7529 | 2.3, 2.4 | Not available at this time \n3.0 | Not vulnerable, fixed in 3.0.1.1 \n \n \n\n**SSL Visibility (SSLV)** \n--- \n**CVE** | **Supported Version(s)** | **Remediation** \nCVE-2017-7529 | 3.10, 3.12 | Upgrade to later release with fixes. \n4.5 and later | Not vulnerable, fixed in 4.5.1.1 \n \n \n\n**Additional Product Information**\n\nThe following products are not vulnerable: \n**Advanced Secure Gateway (ASG) \nAuthConnector \nBCAAA \nCacheFlow (CF) \nDirector \nGeneral Auth Connector Login Application \nHSM Agent for the Luna SP \nManagement Center (MC) \nProxySG \nReporter \nSecurity Analytics (SA) \nSymantec Messaging Gateway (SMG) \nUnified Agent \nWeb Isolation (WI) \nWSS Agent \nWSS Mobile Agent \nX-Series XOS \n \n**\n\n**Issue Details**\n\n**CVE-2017-7529** \n--- \n**Severity / CVSS v3.0:** | High / 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) \n**References:** | NVD: [CVE-2017-7529](<https://nvd.nist.gov/vuln/detail/CVE-2017-7529> \"NVD - CVE-2017-7529\" ) \n**Impact:** | Information disclosure \n**Description:** | An integer overflow in the range filter module allows a remote attacker to send crafted requests and obtain sensitive information from the target process memory. \n \n \n\n**CVE-2018-16843** \n--- \n**Severity / CVSS v3.0:** | High / 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n**References:** | NVD: [CVE-2018-16843](<https://nvd.nist.gov/vuln/detail/CVE-2018-16843> \"NVD - CVE-2018-16843\" ) \n**Impact:** | Denial of service \n**Description:** | A flaw in the HTTP/2 implementation allows a remote attacker to send crafted requests and cause denial of service through excessive memory consumption. \n \n \n\n**CVE-2018-16844** \n--- \n**Severity / CVSS v3.0:** | High / 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n**References:** | NVD: [CVE-2018-16844](<https://nvd.nist.gov/vuln/detail/CVE-2018-16844> \"NVD - CVE-2018-16844\" ) \n**Impact:** | Denial of service \n**Description:** | A flaw in the HTTP/2 implementation allows a remote attacker to send crafted requests and cause denial of service through excessive CPU consumption. \n \n \n\n**CVE-2018-16845** \n--- \n**Severity / CVSS v3.0:** | Medium / 6.1 (AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H) \n**References:** | NVD: [CVE-2018-16845](<https://nvd.nist.gov/vuln/detail/CVE-2018-16845> \"NVD - CVE-2018-16845\" ) \n**Impact:** | Information disclosure, denial of service \n**Description:** | A flaw in the ngx_http_mp4_module allows an attacker to use a crafted MP4 file to obtain sensitive information from the target process memory. The attacker can also cause denial of service through an infinite loop. The attacker needs to trigger nginx to process/stream the crafted MP4 file. \n \n \n\n**CVE-2019-9511** \n--- \n**Severity / CVSS v3.0:** | High / 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n**References:** | NVD: [CVE-2019-9511](<https://nvd.nist.gov/vuln/detail/CVE-2019-9511> \"NVD - CVE-2019-9511\" ) \n**Impact:** | Denial of service \n**Description:** | A flaw in the HTTP/2 implementation allows a remote attacker to send crafted requests and cause denial of service through excessive CPU or memory consumption. \n \n \n\n**CVE-2019-9513** \n--- \n**Severity / CVSS v3.0:** | High / 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n**References:** | NVD: [CVE-2019-9513](<https://nvd.nist.gov/vuln/detail/CVE-2019-9513> \"NVD - CVE-2019-9513\" ) \n**Impact:** | Denial of service \n**Description:** | A flaw in the HTTP/2 implementation allows a remote attacker to send crafted requests and cause denial of service through excessive CPU consumption. \n \n \n\n**CVE-2019-9516** \n--- \n**Severity / CVSS v3.0:** | High / 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n**References:** | NVD: [CVE-2019-9516](<https://nvd.nist.gov/vuln/detail/CVE-2019-9516> \"NVD - CVE-2019-9516\" ) \n**Impact:** | Denial of service \n**Description:** | A flaw in the HTTP/2 implementation allows a remote attacker to send crafted requests and cause denial of service through excessive memory consumption. \n \n** \nRevisions**\n\n2021-01-12 A fix for SSLV 3.10 and SSLV 3.12 will not be provided. Please upgrade to a later version with the vulnerability fixes. \n2020-05-06 initial public release \n \n\n", "modified": "2021-01-13T01:05:18", "published": "2020-05-06T18:48:22", "id": "SMNTC-1760", "href": "", "type": "symantec", "title": "Nginx Vulnerabilities Jul 2017 - Oct 2019", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}]}
