Veracode Vulnerability DatabaseVERACODE:21510Denial Of Service (DoS)
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:S/C:N/I:N/A:C
nginx HTTP/2 is vulnerable to denial of service (DoS). It does not prevent an attacker from sending a stream of headers with a 0-length header name and 0-length header value, leading to an intensive memory consumption.
References
lists.opensuse.org/opensuse-security-announce/2019-09/msg00031.html
lists.opensuse.org/opensuse-security-announce/2019-09/msg00032.html
lists.opensuse.org/opensuse-security-announce/2019-09/msg00035.html
lists.opensuse.org/opensuse-security-announce/2019-10/msg00014.html
seclists.org/fulldisclosure/2019/Aug/16
access.redhat.com/errata/RHSA-2019:2745
access.redhat.com/errata/RHSA-2019:2746
access.redhat.com/errata/RHSA-2019:2775
access.redhat.com/errata/RHSA-2019:2799
access.redhat.com/errata/RHSA-2019:2925
access.redhat.com/errata/RHSA-2019:2939
access.redhat.com/errata/RHSA-2019:2946
access.redhat.com/errata/RHSA-2019:2950
access.redhat.com/errata/RHSA-2019:2955
access.redhat.com/errata/RHSA-2019:2966
access.redhat.com/errata/RHSA-2019:3932
access.redhat.com/errata/RHSA-2019:3933
access.redhat.com/errata/RHSA-2019:3935
access.redhat.com/security/updates/classification/#important
github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md
kb.cert.org/vuls/id/605641/
kc.mcafee.com/corporate/index?page=content&id=SB10296
lists.fedoraproject.org/archives/list/[email protected]/message/4ZQGHE3WTYLYAYJEIDJVF2FIGQTAYPMC/
lists.fedoraproject.org/archives/list/[email protected]/message/BP556LEG3WENHZI5TAQ6ZEBFTJB4E2IS/
lists.fedoraproject.org/archives/list/[email protected]/message/CMNFX5MNYRWWIMO4BTKYQCGUDMHO3AXP/
lists.fedoraproject.org/archives/list/[email protected]/message/H472D5HPXN6RRXCNFML3BK5OYC52CXF2/
lists.fedoraproject.org/archives/list/[email protected]/message/POPAEC4FWL4UU4LDEGPY5NPALU24FFQD/
lists.fedoraproject.org/archives/list/[email protected]/message/TAZZEVTCN2B4WT6AIBJ7XGYJMBTORJU5/
lists.fedoraproject.org/archives/list/[email protected]/message/XHTKU7YQ5EEP2XNSAV4M4VJ7QCBOJMOD/
seclists.org/bugtraq/2019/Aug/24
seclists.org/bugtraq/2019/Aug/40
security.netapp.com/advisory/ntap-20190823-0002/
security.netapp.com/advisory/ntap-20190823-0005/
support.f5.com/csp/article/K02591030
support.f5.com/csp/article/K02591030?utm_source=f5support&utm_medium=RSS
usn.ubuntu.com/4099-1/
www.debian.org/security/2019/dsa-4505
www.synology.com/security/advisory/Synology_SA_19_33
Related
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:S/C:N/I:N/A:C