A flaw was found in HTTP/2. Using frames with an empty payload, a flood could occur that results in excessive CPU usage and starvation of other clients. The highest threat from this vulnerability is to system availability.

References

github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md

nodejs.org/en/blog/vulnerability/aug-2019-security-releases/

nvd.nist.gov/vuln/detail/CVE-2019-9518

www.cve.org/CVERecord?id=CVE-2019-9518

ubuntucve 1

debiancve 1

f5 1

mscve 1

cve 2

osv 5

prion 1

symantec 1

veracode 1

alpinelinux 1

nessus 24

ibm 55

openvas 20

ubuntu 1

debian 1

apple 2

oraclelinux 3

altlinux 1

redhat 11

suse 2

cloudfoundry 1

fedora 3

thn 1

nodejsblog 1

fortinet 1

freebsd 1

myhack58 1

threatpost 1

almalinux 1

cert 1

rocky 1

mageia 1

mskb 7

kaspersky 1

talosblog 1

ubuntucve

CVE-2019-9518

2019-08-13 00:00:00

debiancve

CVE-2019-9518

2019-08-13 21:15:00

K46011592 : HTTP/2 Empty Frames Flood vulnerability CVE-2019-9518

2019-08-20 00:00:00

mscve

HTTP/2 Server Denial of Service Vulnerability

2019-08-13 07:00:00

cve

CVE-2019-9518

2019-08-13 21:15:00

CVE-2019-14992

2019-08-13 18:15:00

osv

CVE-2019-9518

2019-08-13 21:15:13

netty vulnerabilities

2021-06-29 19:18:08

trafficserver - security update

2019-09-09 00:00:00

prion

Design/Logic Flaw

2019-08-13 21:15:00

symantec

Microsoft Windows 'HTTP.sys' CVE-2019-9518 Denial of Service Vulnerability

2019-08-13 00:00:00

veracode

Denial Of Service (DoS)

2019-10-01 00:17:28

alpinelinux

CVE-2019-9518

2019-08-13 21:15:00

nessus

Ubuntu 18.04 ESM : Netty vulnerabilities (USN-4866-1)

2023-10-16 00:00:00

Debian DSA-4520-1 : trafficserver - security update (Empty Frames Flood) (Ping Flood) (Reset Flood) (Settings Flood)

2019-09-10 00:00:00

Jetty < 9.4.21 Multiple Vulnerabilities

2021-10-04 00:00:00

ibm

Security Bulletin: Multiple vulnerabilities in netty affect IBM Operations Analytics Predictive Insights (CVE-2019-9514, CVE-2019-9512, CVE-2019-9518, CVE-2019-9515)

2020-02-28 17:05:23

Security Bulletin: Vulnerabilities in Netty affect IBM Netcool Agile Service Manager

2020-03-31 22:16:20

Security Bulletin: Netty vulnerabilities affect IBM Spectrum Control (formerly Tivoli Storage Productivity Center) (CVE-2019-9514, CVE-2019-9512, CVE-2019-9518, CVE-2019-9515)

2022-02-22 20:10:14

openvas

Ubuntu: Security Advisory (USN-4866-1)

2023-01-27 00:00:00

Debian: Security Advisory (DSA-4520-1)

2019-09-11 00:00:00

Fedora Update for nodejs FEDORA-2019-6a2980de56

2019-08-27 00:00:00

ubuntu

Netty vulnerabilities

2021-06-29 00:00:00

debian

[SECURITY] [DSA 4520-1] trafficserver security update

2019-09-09 20:44:25

apple

About the security content of SwiftNIO HTTP/2 1.5.0 - Apple Support

2019-08-13 06:09:21

About the security content of SwiftNIO HTTP/2 1.5.0

2019-08-13 00:00:00

oraclelinux

nodejs:10 security update

2020-04-15 00:00:00

nodejs:10 security update

2020-02-26 00:00:00

nodejs:10 security update

2019-09-30 00:00:00

altlinux

Security fix for the ALT Linux 10 package node version 10.16.3-alt1

2019-08-30 00:00:00

redhat

(RHSA-2019:4352) Important: Red Hat JBoss Fuse/A-MQ 6.3 R14 security and bug fix update

2019-12-19 17:16:33

(RHSA-2019:2955) Important: rh-nodejs8-nodejs security update

2019-10-02 13:56:16

(RHSA-2019:2925) Important: nodejs:10 security update

2019-09-30 07:07:29

suse

Security update for nodejs8 (important)

2019-09-11 00:00:00

Security update for nodejs10 (important)

2019-09-11 00:00:00

cloudfoundry

Various HTTP2 CVEs: Some Cloud Foundry products are impacted by HTTP denial of service attacks | Cloud Foundry

2019-12-03 00:00:00

fedora

[SECURITY] Fedora 30 Update: nodejs-10.19.0-1.fc30

2020-02-23 01:09:36

[SECURITY] Fedora 29 Update: nodejs-10.16.3-1.fc29

2019-08-25 03:04:17

[SECURITY] Fedora 30 Update: nodejs-10.16.3-1.fc30

2019-08-25 00:58:04

thn

8 New HTTP/2 Implementation Flaws Expose Websites to DoS Attacks

2019-08-14 08:19:00

nodejsblog

August 2019 Security Releases

2019-08-16 00:00:00

fortinet

HTTP/2 Multiple DoS Attacks (VU#605641)

2019-09-03 00:00:00

freebsd

Node.js -- multiple vulnerabilities

2019-08-16 00:00:00

myhack58

HTTP/2 denial of service attack vulnerability alerts-a vulnerability alert-the black bar safety net

2019-08-14 00:00:00

threatpost

HTTP Bugs Open Websites to DoS Attacks

2019-08-15 19:20:38

almalinux

Important: nodejs:10 security update

2019-09-30 07:07:29

cert

HTTP/2 implementations do not robustly handle abnormal traffic and resource exhaustion

2019-08-13 00:00:00

rocky

nodejs:10 security update

2019-09-30 07:07:29

mageia

Updated nodejs packages fix security vulnerabilities

2020-09-27 23:06:37

mskb

August 13, 2019—KB4512497 (OS Build 10240.18305)

2019-08-13 07:00:00

August 13, 2019—KB4512507 (OS Build 15063.1988)

2019-08-13 07:00:00

August 13, 2019—KB4512516 (OS Build 16299.1331)

2019-08-13 07:00:00

kaspersky

KLA11534 Multiple vulnerabilities in Microsoft Windows

2019-08-13 00:00:00

talosblog

Microsoft Patch Tuesday — Aug. 2019: Vulnerability disclosures and Snort coverage

2019-08-14 09:55:35

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
OpenSource

@2024 Vulners Inc

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.8 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

0.014 Low

EPSS

Percentile

86.0%

JSON

Related for RH:CVE-2019-9518