ID

VAR-201908-0261


CVE

CVE-2019-9518


TITLE

HTTP/2 implementations do not robustly handle abnormal traffic and resource exhaustion

Trust: 0.8

sources: CERT/CC: VU#605641

DESCRIPTION

Some HTTP/2 implementations are vulnerable to a flood of empty frames, potentially leading to a denial of service. The attacker sends a stream of frames with an empty payload and without the end-of-stream flag. These frames can be DATA, HEADERS, CONTINUATION and/or PUSH_PROMISE. The peer spends time processing each frame disproportionate to attack bandwidth. This can consume excess CPU. Multiple HTTP/2 implementations are vulnerable to a variety of denial-of-service (DoS) attacks. Apple SwiftNIO and Apache Traffic Server Used in HTTP/2 Contains a resource exhaustion vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. HTTP/2 is the second version of the hypertext transfer protocol, which is mainly used to ensure the communication between the client and the server. A resource management error vulnerability exists in HTTP/2. An attacker could exploit this vulnerability to cause a denial of service. Description: Red Hat Decision Manager is an open source decision management platform that combines business rules management, complex event processing, Decision Model & Notation (DMN) execution, and Business Optimizer for solving planning problems. It automates business decisions and makes that logic available to the entire business. It is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process. Description: Red Hat Fuse provides a small-footprint, flexible, open source enterprise service bus and integration platform. Red Hat A-MQ is a standards compliant messaging system that is tailored for use in mission critical applications. It includes bug fixes, which are documented in the patch notes accompanying the package on the download page. See the download link given in the references section below. The References section of this erratum contains a download link (you must log in to download the update). The purpose of this text-only errata is to inform you about the security issues fixed in this release. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: rh-nodejs8-nodejs security update Advisory ID: RHSA-2019:2955-01 Product: Red Hat Software Collections Advisory URL: https://access.redhat.com/errata/RHSA-2019:2955 Issue date: 2019-10-02 CVE Names: CVE-2019-9511 CVE-2019-9512 CVE-2019-9513 CVE-2019-9514 CVE-2019-9515 CVE-2019-9516 CVE-2019-9517 CVE-2019-9518 ==================================================================== 1. Summary: An update for rh-nodejs8-nodejs is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - aarch64, noarch, ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5) - noarch, ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6) - noarch, ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7) - noarch, ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64 3. Description: Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: rh-nodejs8-nodejs (8.16.1). Security Fix(es): * HTTP/2: large amount of data requests leads to denial of service (CVE-2019-9511) * HTTP/2: flood using PING frames results in unbounded memory growth (CVE-2019-9512) * HTTP/2: flood using PRIORITY frames results in excessive resource consumption (CVE-2019-9513) * HTTP/2: flood using HEADERS frames results in unbounded memory growth (CVE-2019-9514) * HTTP/2: flood using SETTINGS frames results in unbounded memory growth (CVE-2019-9515) * HTTP/2: 0-length headers lead to denial of service (CVE-2019-9516) * HTTP/2: request for large response leads to denial of service (CVE-2019-9517) * HTTP/2: flood using empty frames results in excessive resource consumption (CVE-2019-9518) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Package List: Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7): Source: rh-nodejs8-3.0-5.el7.src.rpm rh-nodejs8-nodejs-8.16.1-2.el7.src.rpm aarch64: rh-nodejs8-3.0-5.el7.aarch64.rpm rh-nodejs8-nodejs-8.16.1-2.el7.aarch64.rpm rh-nodejs8-nodejs-debuginfo-8.16.1-2.el7.aarch64.rpm rh-nodejs8-nodejs-devel-8.16.1-2.el7.aarch64.rpm rh-nodejs8-npm-6.4.1-8.16.1.2.el7.aarch64.rpm rh-nodejs8-runtime-3.0-5.el7.aarch64.rpm rh-nodejs8-scldevel-3.0-5.el7.aarch64.rpm noarch: rh-nodejs8-nodejs-docs-8.16.1-2.el7.noarch.rpm ppc64le: rh-nodejs8-3.0-5.el7.ppc64le.rpm rh-nodejs8-nodejs-8.16.1-2.el7.ppc64le.rpm rh-nodejs8-nodejs-debuginfo-8.16.1-2.el7.ppc64le.rpm rh-nodejs8-nodejs-devel-8.16.1-2.el7.ppc64le.rpm rh-nodejs8-npm-6.4.1-8.16.1.2.el7.ppc64le.rpm rh-nodejs8-runtime-3.0-5.el7.ppc64le.rpm rh-nodejs8-scldevel-3.0-5.el7.ppc64le.rpm s390x: rh-nodejs8-3.0-5.el7.s390x.rpm rh-nodejs8-nodejs-8.16.1-2.el7.s390x.rpm rh-nodejs8-nodejs-debuginfo-8.16.1-2.el7.s390x.rpm rh-nodejs8-nodejs-devel-8.16.1-2.el7.s390x.rpm rh-nodejs8-npm-6.4.1-8.16.1.2.el7.s390x.rpm rh-nodejs8-runtime-3.0-5.el7.s390x.rpm rh-nodejs8-scldevel-3.0-5.el7.s390x.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7): Source: rh-nodejs8-3.0-5.el7.src.rpm rh-nodejs8-nodejs-8.16.1-2.el7.src.rpm aarch64: rh-nodejs8-3.0-5.el7.aarch64.rpm rh-nodejs8-nodejs-8.16.1-2.el7.aarch64.rpm rh-nodejs8-nodejs-debuginfo-8.16.1-2.el7.aarch64.rpm rh-nodejs8-nodejs-devel-8.16.1-2.el7.aarch64.rpm rh-nodejs8-npm-6.4.1-8.16.1.2.el7.aarch64.rpm rh-nodejs8-runtime-3.0-5.el7.aarch64.rpm rh-nodejs8-scldevel-3.0-5.el7.aarch64.rpm noarch: rh-nodejs8-nodejs-docs-8.16.1-2.el7.noarch.rpm ppc64le: rh-nodejs8-3.0-5.el7.ppc64le.rpm rh-nodejs8-nodejs-8.16.1-2.el7.ppc64le.rpm rh-nodejs8-nodejs-debuginfo-8.16.1-2.el7.ppc64le.rpm rh-nodejs8-nodejs-devel-8.16.1-2.el7.ppc64le.rpm rh-nodejs8-npm-6.4.1-8.16.1.2.el7.ppc64le.rpm rh-nodejs8-runtime-3.0-5.el7.ppc64le.rpm rh-nodejs8-scldevel-3.0-5.el7.ppc64le.rpm s390x: rh-nodejs8-3.0-5.el7.s390x.rpm rh-nodejs8-nodejs-8.16.1-2.el7.s390x.rpm rh-nodejs8-nodejs-debuginfo-8.16.1-2.el7.s390x.rpm rh-nodejs8-nodejs-devel-8.16.1-2.el7.s390x.rpm rh-nodejs8-npm-6.4.1-8.16.1.2.el7.s390x.rpm rh-nodejs8-runtime-3.0-5.el7.s390x.rpm rh-nodejs8-scldevel-3.0-5.el7.s390x.rpm x86_64: rh-nodejs8-3.0-5.el7.x86_64.rpm rh-nodejs8-nodejs-8.16.1-2.el7.x86_64.rpm rh-nodejs8-nodejs-debuginfo-8.16.1-2.el7.x86_64.rpm rh-nodejs8-nodejs-devel-8.16.1-2.el7.x86_64.rpm rh-nodejs8-npm-6.4.1-8.16.1.2.el7.x86_64.rpm rh-nodejs8-runtime-3.0-5.el7.x86_64.rpm rh-nodejs8-scldevel-3.0-5.el7.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5): Source: rh-nodejs8-3.0-5.el7.src.rpm rh-nodejs8-nodejs-8.16.1-2.el7.src.rpm noarch: rh-nodejs8-nodejs-docs-8.16.1-2.el7.noarch.rpm ppc64le: rh-nodejs8-3.0-5.el7.ppc64le.rpm rh-nodejs8-nodejs-8.16.1-2.el7.ppc64le.rpm rh-nodejs8-nodejs-debuginfo-8.16.1-2.el7.ppc64le.rpm rh-nodejs8-nodejs-devel-8.16.1-2.el7.ppc64le.rpm rh-nodejs8-npm-6.4.1-8.16.1.2.el7.ppc64le.rpm rh-nodejs8-runtime-3.0-5.el7.ppc64le.rpm rh-nodejs8-scldevel-3.0-5.el7.ppc64le.rpm s390x: rh-nodejs8-3.0-5.el7.s390x.rpm rh-nodejs8-nodejs-8.16.1-2.el7.s390x.rpm rh-nodejs8-nodejs-debuginfo-8.16.1-2.el7.s390x.rpm rh-nodejs8-nodejs-devel-8.16.1-2.el7.s390x.rpm rh-nodejs8-npm-6.4.1-8.16.1.2.el7.s390x.rpm rh-nodejs8-runtime-3.0-5.el7.s390x.rpm rh-nodejs8-scldevel-3.0-5.el7.s390x.rpm x86_64: rh-nodejs8-3.0-5.el7.x86_64.rpm rh-nodejs8-nodejs-8.16.1-2.el7.x86_64.rpm rh-nodejs8-nodejs-debuginfo-8.16.1-2.el7.x86_64.rpm rh-nodejs8-nodejs-devel-8.16.1-2.el7.x86_64.rpm rh-nodejs8-npm-6.4.1-8.16.1.2.el7.x86_64.rpm rh-nodejs8-runtime-3.0-5.el7.x86_64.rpm rh-nodejs8-scldevel-3.0-5.el7.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6): Source: rh-nodejs8-3.0-5.el7.src.rpm rh-nodejs8-nodejs-8.16.1-2.el7.src.rpm noarch: rh-nodejs8-nodejs-docs-8.16.1-2.el7.noarch.rpm ppc64le: rh-nodejs8-3.0-5.el7.ppc64le.rpm rh-nodejs8-nodejs-8.16.1-2.el7.ppc64le.rpm rh-nodejs8-nodejs-debuginfo-8.16.1-2.el7.ppc64le.rpm rh-nodejs8-nodejs-devel-8.16.1-2.el7.ppc64le.rpm rh-nodejs8-npm-6.4.1-8.16.1.2.el7.ppc64le.rpm rh-nodejs8-runtime-3.0-5.el7.ppc64le.rpm rh-nodejs8-scldevel-3.0-5.el7.ppc64le.rpm s390x: rh-nodejs8-3.0-5.el7.s390x.rpm rh-nodejs8-nodejs-8.16.1-2.el7.s390x.rpm rh-nodejs8-nodejs-debuginfo-8.16.1-2.el7.s390x.rpm rh-nodejs8-nodejs-devel-8.16.1-2.el7.s390x.rpm rh-nodejs8-npm-6.4.1-8.16.1.2.el7.s390x.rpm rh-nodejs8-runtime-3.0-5.el7.s390x.rpm rh-nodejs8-scldevel-3.0-5.el7.s390x.rpm x86_64: rh-nodejs8-3.0-5.el7.x86_64.rpm rh-nodejs8-nodejs-8.16.1-2.el7.x86_64.rpm rh-nodejs8-nodejs-debuginfo-8.16.1-2.el7.x86_64.rpm rh-nodejs8-nodejs-devel-8.16.1-2.el7.x86_64.rpm rh-nodejs8-npm-6.4.1-8.16.1.2.el7.x86_64.rpm rh-nodejs8-runtime-3.0-5.el7.x86_64.rpm rh-nodejs8-scldevel-3.0-5.el7.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7): Source: rh-nodejs8-3.0-5.el7.src.rpm rh-nodejs8-nodejs-8.16.1-2.el7.src.rpm noarch: rh-nodejs8-nodejs-docs-8.16.1-2.el7.noarch.rpm ppc64le: rh-nodejs8-3.0-5.el7.ppc64le.rpm rh-nodejs8-nodejs-8.16.1-2.el7.ppc64le.rpm rh-nodejs8-nodejs-debuginfo-8.16.1-2.el7.ppc64le.rpm rh-nodejs8-nodejs-devel-8.16.1-2.el7.ppc64le.rpm rh-nodejs8-npm-6.4.1-8.16.1.2.el7.ppc64le.rpm rh-nodejs8-runtime-3.0-5.el7.ppc64le.rpm rh-nodejs8-scldevel-3.0-5.el7.ppc64le.rpm s390x: rh-nodejs8-3.0-5.el7.s390x.rpm rh-nodejs8-nodejs-8.16.1-2.el7.s390x.rpm rh-nodejs8-nodejs-debuginfo-8.16.1-2.el7.s390x.rpm rh-nodejs8-nodejs-devel-8.16.1-2.el7.s390x.rpm rh-nodejs8-npm-6.4.1-8.16.1.2.el7.s390x.rpm rh-nodejs8-runtime-3.0-5.el7.s390x.rpm rh-nodejs8-scldevel-3.0-5.el7.s390x.rpm x86_64: rh-nodejs8-3.0-5.el7.x86_64.rpm rh-nodejs8-nodejs-8.16.1-2.el7.x86_64.rpm rh-nodejs8-nodejs-debuginfo-8.16.1-2.el7.x86_64.rpm rh-nodejs8-nodejs-devel-8.16.1-2.el7.x86_64.rpm rh-nodejs8-npm-6.4.1-8.16.1.2.el7.x86_64.rpm rh-nodejs8-runtime-3.0-5.el7.x86_64.rpm rh-nodejs8-scldevel-3.0-5.el7.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7): Source: rh-nodejs8-3.0-5.el7.src.rpm rh-nodejs8-nodejs-8.16.1-2.el7.src.rpm noarch: rh-nodejs8-nodejs-docs-8.16.1-2.el7.noarch.rpm x86_64: rh-nodejs8-3.0-5.el7.x86_64.rpm rh-nodejs8-nodejs-8.16.1-2.el7.x86_64.rpm rh-nodejs8-nodejs-debuginfo-8.16.1-2.el7.x86_64.rpm rh-nodejs8-nodejs-devel-8.16.1-2.el7.x86_64.rpm rh-nodejs8-npm-6.4.1-8.16.1.2.el7.x86_64.rpm rh-nodejs8-runtime-3.0-5.el7.x86_64.rpm rh-nodejs8-scldevel-3.0-5.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2019-9511 https://access.redhat.com/security/cve/CVE-2019-9512 https://access.redhat.com/security/cve/CVE-2019-9513 https://access.redhat.com/security/cve/CVE-2019-9514 https://access.redhat.com/security/cve/CVE-2019-9515 https://access.redhat.com/security/cve/CVE-2019-9516 https://access.redhat.com/security/cve/CVE-2019-9517 https://access.redhat.com/security/cve/CVE-2019-9518 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXZSz+NzjgjWX9erEAQhrnQ//YWmbjNrYsOnrqBPWZDBil0Basr6JUpEe YoTqouv9A7gkpSoYLoCRE0E3tsTxHlQwJR91vlr/dPEtHbsF52YEGrumAQCK4H6b nEhOj2pH9UG+FcPUBkyHzNQXcWYLZ9vaxVCW4gUpxm0QggyigAOdIImlZkTGgcrI mWReipMFC8hBARJU/vQ0bCCj6LfOYnx4h2pu6Jzy+vkeVJDoCNAxGT5FwfaMZTUy T0y8dpzWSq/vg2Xd3JaYnoh70a8k62kEMH3VmCBNNU3aiMiXBeBMlS1i/q00IOJ+ fy/1STMJGt1tj6xfYNsZY5E+CPVm0ZvVlKfRi8DpxPWXI48a712XZ/XONYb2jDnt pmkNM62ZdjZahQwXyC+y8havivg7LcEzxV0G2yfkNIqM33Zplz0h4BOCmLuT4I84 BMylBIrODsw70uWbc1DcPsF8vhmxryGfNNQ9FCk+jH52lRi3YnWkhRBThY+rpAqZ qmfTb4m2kD0s45q85Xv87N9F2tZJjhfYQ0U2LyHkbQov0CFkNu4YcElKMclBvvvc lzostLzxOJYt/l3qgXp+RlQNnlQG/jsFrEmmhskjzFJ8a9fhtBWNFxMcQ+SDBrUK HSNNzBwQhHam6OPCqpyWYvFT/bRbHucyMI6pGZmpc+MQ5cMAjP1A0incXot30UDD wV7rh6lCkE8=S8e1 -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . The fixes are too intrusive to backport to the version in the oldstable distribution (stretch). An upgrade to Debian stable (buster) is recommended instead. For the stable distribution (buster), these problems have been fixed in version 8.0.2+ds-1+deb10u1. We recommend that you upgrade your trafficserver packages. For the detailed security status of trafficserver please refer to its security tracker page at: https://security-tracker.debian.org/tracker/trafficserver Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl12uUMACgkQEMKTtsN8 TjbP/Q//UvaJG0Gts7+yZcOmkiaVinEtOzN445QNHGGQMKPfR4/hCuY6TrO0aWUM msNVTMwiEgLtXBqjNC2mT7f1UzQjZ76wb7wXAayaTsUsidMqsL9ZkVpzGSLrMBur wrhUpJRbDp/29qBdETP5bpjAp/Q7HMN1d9WbJa1ao2UpG1J2zpB8jQP0UjfVuM8W JwDlgj+Oj7M4CuQgN1A4vtK62f5k8X+d4bZZZSNUqkHKJuNFB1STDrDuZ+5aCPGo h0PYB/NX21T3W6AfGHIRwJda4IsSqRI/UnNIQygRs2QRiSzkGInCmb5KjsXKAiqF SnYLqKlxAcQ/8+zsEUqQKziBrZX6QsIiKFDYRV29KoK3AwDm7s5Q4KHzXGtNX5Mp a0GzAccDa1GpTxzSI8u5Jo60Ygf2ETkpwiyWSUivcFnzASyDCAwNLAwPAWpfARhO 2rE+LIi42dGnGfa2plKt7jvQDBj2hBvRHd8nMT8ugoJCTQCNnHC9X5/RNWPqIZmR XVHQSRTR8BCCnTdRuvXJB3oQyRQZORMqrsYoARm50+J/v2wJ/Q8Wo4kwWXpflDoH SAO10qjWU9Ja5giiQJh9ToJKPfx6sAma77XoaBz0HteCs3uCvyJK5cpmmoMcImyh 3po/YTjSdJRYZI9YjLWT1ZDP6TeueBkIqf07uuT9Kk92VWuyfhs=UFIM -----END PGP SIGNATURE----- . Description: Red Hat Data Grid is a distributed, in-memory, NoSQL datastore based on the Infinispan project. This release of Red Hat Data Grid 7.3.3 serves as a replacement for Red Hat Data Grid 7.3.2 and includes bug fixes and enhancements, which are described in the Release Notes, linked to in the References section of this erratum. Solution: To install this update, do the following: 1. Download the Data Grid 7.3.3 server patch from the customer portal. Back up your existing Data Grid installation. You should back up databases, configuration files, and so on. Install the Data Grid 7.3.3 server patch. Refer to the 7.3 Release Notes for patching instructions. Restart Data Grid to ensure the changes take effect. Description: AMQ Broker is a high-performance messaging implementation based on ActiveMQ Artemis. It uses an asynchronous journal for fast message persistence, and supports multiple languages, protocols, and platforms

Trust: 3.24

sources: NVD: CVE-2019-9518 // CERT/CC: VU#605641 // JVNDB: JVNDB-2019-008015 // VULHUB: VHN-160953 // PACKETSTORM: 158650 // PACKETSTORM: 155728 // PACKETSTORM: 155352 // PACKETSTORM: 158651 // PACKETSTORM: 154712 // PACKETSTORM: 154430 // PACKETSTORM: 157214 // PACKETSTORM: 156628 // PACKETSTORM: 156852

AFFECTED PRODUCTS

vendor:apachemodel:traffic serverscope:lteversion:6.2.3

Trust: 1.0

vendor:apachemodel:traffic serverscope:gteversion:6.0.0

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:19.04

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:10.0

Trust: 1.0

vendor:nodejsmodel:node.jsscope:gteversion:8.0.0

Trust: 1.0

vendor:nodejsmodel:node.jsscope:gteversion:10.0.0

Trust: 1.0

vendor:apachemodel:traffic serverscope:gteversion:7.0.0

Trust: 1.0

vendor:oraclemodel:graalvmscope:eqversion:19.2.0

Trust: 1.0

vendor:redhatmodel:quayscope:eqversion:3.0.0

Trust: 1.0

vendor:nodejsmodel:node.jsscope:lteversion:8.8.1

Trust: 1.0

vendor:redhatmodel:jboss enterprise application platformscope:eqversion:7.3.0

Trust: 1.0

vendor:mcafeemodel:web gatewayscope:gteversion:7.7.2.0

Trust: 1.0

vendor:nodejsmodel:node.jsscope:ltversion:12.8.1

Trust: 1.0

vendor:fedoraprojectmodel:fedorascope:eqversion:29

Trust: 1.0

vendor:apachemodel:traffic serverscope:lteversion:8.0.3

Trust: 1.0

vendor:redhatmodel:software collectionsscope:eqversion:1.0

Trust: 1.0

vendor:nodejsmodel:node.jsscope:ltversion:10.16.3

Trust: 1.0

vendor:nodejsmodel:node.jsscope:gteversion:10.13.0

Trust: 1.0

vendor:synologymodel:vs960hdscope:eqversion: -

Trust: 1.0

vendor:mcafeemodel:web gatewayscope:gteversion:8.1.0

Trust: 1.0

vendor:fedoraprojectmodel:fedorascope:eqversion:30

Trust: 1.0

vendor:synologymodel:diskstation managerscope:eqversion:6.2

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:9.0

Trust: 1.0

vendor:mcafeemodel:web gatewayscope:ltversion:7.8.2.13

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:18.04

Trust: 1.0

vendor:nodejsmodel:node.jsscope:ltversion:8.16.1

Trust: 1.0

vendor:applemodel:swiftnioscope:lteversion:1.4.0

Trust: 1.0

vendor:opensusemodel:leapscope:eqversion:15.0

Trust: 1.0

vendor:synologymodel:skynasscope:eqversion: -

Trust: 1.0

vendor:redhatmodel:openshift service meshscope:eqversion:1.0

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:16.04

Trust: 1.0

vendor:nodejsmodel:node.jsscope:gteversion:12.0.0

Trust: 1.0

vendor:redhatmodel:jboss enterprise application platformscope:eqversion:7.2.0

Trust: 1.0

vendor:mcafeemodel:web gatewayscope:gteversion:7.8.2.0

Trust: 1.0

vendor:nodejsmodel:node.jsscope:lteversion:10.12.0

Trust: 1.0

vendor:redhatmodel:enterprise linuxscope:eqversion:8.0

Trust: 1.0

vendor:apachemodel:traffic serverscope:lteversion:7.1.6

Trust: 1.0

vendor:apachemodel:traffic serverscope:gteversion:8.0.0

Trust: 1.0

vendor:opensusemodel:leapscope:eqversion:15.1

Trust: 1.0

vendor:mcafeemodel:web gatewayscope:ltversion:8.2.0

Trust: 1.0

vendor:applemodel:swiftnioscope:gteversion:1.0.0

Trust: 1.0

vendor:redhatmodel:jboss core servicesscope:eqversion:1.0

Trust: 1.0

vendor:nodejsmodel:node.jsscope:gteversion:8.9.0

Trust: 1.0

vendor:mcafeemodel:web gatewayscope:ltversion:7.7.2.24

Trust: 1.0

vendor:akamaimodel: - scope: - version: -

Trust: 0.8

vendor:amazonmodel: - scope: - version: -

Trust: 0.8

vendor:apache traffic servermodel: - scope: - version: -

Trust: 0.8

vendor:applemodel: - scope: - version: -

Trust: 0.8

vendor:cloudflaremodel: - scope: - version: -

Trust: 0.8

vendor:envoymodel: - scope: - version: -

Trust: 0.8

vendor:facebookmodel: - scope: - version: -

Trust: 0.8

vendor:go programming languagemodel: - scope: - version: -

Trust: 0.8

vendor:litespeedmodel: - scope: - version: -

Trust: 0.8

vendor:microsoftmodel: - scope: - version: -

Trust: 0.8

vendor:nettymodel: - scope: - version: -

Trust: 0.8

vendor:node jsmodel: - scope: - version: -

Trust: 0.8

vendor:synologymodel: - scope: - version: -

Trust: 0.8

vendor:twistedmodel: - scope: - version: -

Trust: 0.8

vendor:ubuntumodel: - scope: - version: -

Trust: 0.8

vendor:grpcmodel: - scope: - version: -

Trust: 0.8

vendor:nghttp2model: - scope: - version: -

Trust: 0.8

vendor:nginxmodel: - scope: - version: -

Trust: 0.8

vendor:apachemodel:traffic serverscope: - version: -

Trust: 0.8

vendor:applemodel:swiftnioscope: - version: -

Trust: 0.8

sources: CERT/CC: VU#605641 // JVNDB: JVNDB-2019-008015 // NVD: CVE-2019-9518

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-9518
value: HIGH

Trust: 1.0

cret@cert.org: CVE-2019-9518
value: HIGH

Trust: 1.0

NVD: CVE-2019-9518
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201908-940
value: HIGH

Trust: 0.6

VULHUB: VHN-160953
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2019-9518
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-160953
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

cret@cert.org: CVE-2019-9518
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.0

Trust: 1.8

nvd@nist.gov: CVE-2019-9518
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

sources: VULHUB: VHN-160953 // JVNDB: JVNDB-2019-008015 // CNNVD: CNNVD-201908-940 // NVD: CVE-2019-9518 // NVD: CVE-2019-9518

PROBLEMTYPE DATA

problemtype:CWE-400

Trust: 1.9

problemtype:CWE-770

Trust: 1.1

sources: VULHUB: VHN-160953 // JVNDB: JVNDB-2019-008015 // NVD: CVE-2019-9518

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201908-940

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201908-940

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-008015

PATCH

title:SwiftNIOurl:https://github.com/apple/swift-nio

Trust: 0.8

title:ATS is vulnerable to a HTTP/2 attack with empty frames (091b518)url:https://lists.apache.org/thread.html/091b518265bce56a16af87b77c8cfacda902a02079e866f9fdf13b61@%3Cusers.trafficserver.apache.org%3E

Trust: 0.8

title:ATS is vulnerable to a HTTP/2 attack with empty frames (2653c56)url:https://lists.apache.org/thread.html/2653c56545573b528f3f6352a29eccaf498bd6fb2a6a59568d81a61d@%3Cannounce.trafficserver.apache.org%3E

Trust: 0.8

title:ATS is vulnerable to a HTTP/2 attack with empty frames (ff5b082)url:https://lists.apache.org/thread.html/ff5b0821a6985159a832ff6d1a4bd311ac07ecc7db1e2d8bab619107@%3Cdev.trafficserver.apache.org%3E

Trust: 0.8

title:HTTP/2 Remedial measures to achieve security vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=96623

Trust: 0.6

sources: JVNDB: JVNDB-2019-008015 // CNNVD: CNNVD-201908-940

EXTERNAL IDS

db:NVDid:CVE-2019-9518

Trust: 3.4

db:CERT/CCid:VU#605641

Trust: 3.3

db:MCAFEEid:SB10296

Trust: 1.7

db:PACKETSTORMid:158651

Trust: 0.8

db:JVNid:JVNVU93696206

Trust: 0.8

db:JVNid:JVNVU98433488

Trust: 0.8

db:JVNDBid:JVNDB-2019-008015

Trust: 0.8

db:CNNVDid:CNNVD-201908-940

Trust: 0.7

db:PACKETSTORMid:155728

Trust: 0.7

db:PACKETSTORMid:155352

Trust: 0.7

db:PACKETSTORMid:157214

Trust: 0.7

db:PACKETSTORMid:156628

Trust: 0.7

db:PACKETSTORMid:156852

Trust: 0.7

db:AUSCERTid:ESB-2020.1335

Trust: 0.6

db:AUSCERTid:ESB-2019.3597.2

Trust: 0.6

db:AUSCERTid:ESB-2020.0832

Trust: 0.6

db:AUSCERTid:ESB-2020.0100

Trust: 0.6

db:AUSCERTid:ESB-2020.2619

Trust: 0.6

db:AUSCERTid:ESB-2019.4596

Trust: 0.6

db:AUSCERTid:ESB-2019.4238

Trust: 0.6

db:AUSCERTid:ESB-2019.4343

Trust: 0.6

db:AUSCERTid:ESB-2020.1427

Trust: 0.6

db:AUSCERTid:ESB-2020.0643

Trust: 0.6

db:AUSCERTid:ESB-2019.3597.3

Trust: 0.6

db:AUSCERTid:ESB-2020.0007

Trust: 0.6

db:AUSCERTid:ESB-2022.5666

Trust: 0.6

db:AUSCERTid:ESB-2020.1030

Trust: 0.6

db:AUSCERTid:ESB-2019.4586

Trust: 0.6

db:AUSCERTid:ESB-2019.4332

Trust: 0.6

db:AUSCERTid:ESB-2020.1076

Trust: 0.6

db:AUSCERTid:ESB-2019.4737

Trust: 0.6

db:AUSCERTid:ESB-2019.3325

Trust: 0.6

db:AUSCERTid:ESB-2019.4645

Trust: 0.6

db:AUSCERTid:ESB-2019.3299

Trust: 0.6

db:AUSCERTid:ESB-2019.4788

Trust: 0.6

db:AUSCERTid:ESB-2019.3412

Trust: 0.6

db:AUSCERTid:ESB-2019.4665

Trust: 0.6

db:AUSCERTid:ESB-2019.3114

Trust: 0.6

db:PACKETSTORMid:156941

Trust: 0.6

db:NSFOCUSid:43922

Trust: 0.6

db:ICS CERTid:ICSA-19-346-01

Trust: 0.6

db:CS-HELPid:SB2022072128

Trust: 0.6

db:PACKETSTORMid:158650

Trust: 0.2

db:VULHUBid:VHN-160953

Trust: 0.1

db:PACKETSTORMid:154712

Trust: 0.1

db:PACKETSTORMid:154430

Trust: 0.1

sources: CERT/CC: VU#605641 // VULHUB: VHN-160953 // JVNDB: JVNDB-2019-008015 // PACKETSTORM: 158650 // PACKETSTORM: 155728 // PACKETSTORM: 155352 // PACKETSTORM: 158651 // PACKETSTORM: 154712 // PACKETSTORM: 154430 // PACKETSTORM: 157214 // PACKETSTORM: 156628 // PACKETSTORM: 156852 // CNNVD: CNNVD-201908-940 // NVD: CVE-2019-9518

REFERENCES

url:https://github.com/netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md

Trust: 2.5

url:https://www.synology.com/security/advisory/synology_sa_19_33

Trust: 2.5

url:https://kb.cert.org/vuls/id/605641/

Trust: 2.5

url:https://access.redhat.com/errata/rhsa-2019:3892

Trust: 2.4

url:https://access.redhat.com/errata/rhsa-2019:4352

Trust: 2.4

url:https://www.debian.org/security/2019/dsa-4520

Trust: 2.3

url:https://nvd.nist.gov/vuln/detail/cve-2019-9518

Trust: 2.3

url:https://access.redhat.com/errata/rhsa-2019:2955

Trust: 1.8

url:https://access.redhat.com/errata/rhsa-2020:0727

Trust: 1.8

url:https://seclists.org/bugtraq/2019/aug/24

Trust: 1.7

url:https://seclists.org/bugtraq/2019/sep/18

Trust: 1.7

url:https://security.netapp.com/advisory/ntap-20190823-0005/

Trust: 1.7

url:http://seclists.org/fulldisclosure/2019/aug/16

Trust: 1.7

url:https://access.redhat.com/errata/rhsa-2019:2925

Trust: 1.7

url:https://access.redhat.com/errata/rhsa-2019:2939

Trust: 1.7

url:http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00032.html

Trust: 1.7

url:http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00031.html

Trust: 1.7

url:https://blogs.akamai.com/sitr/2019/08/http2-vulnerabilities.html

Trust: 1.6

url:https://kc.mcafee.com/corporate/index?page=content&id=sb10296

Trust: 1.6

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9518

Trust: 1.4

url:https://support.f5.com/csp/article/k46011592

Trust: 1.1

url:https://support.f5.com/csp/article/k46011592?utm_source=f5support&amp%3butm_medium=rss

Trust: 1.0

url:https://lists.apache.org/thread.html/ff5b0821a6985159a832ff6d1a4bd311ac07ecc7db1e2d8bab619107%40%3cdev.trafficserver.apache.org%3e

Trust: 1.0

url:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4zqghe3wtylyayjeidjvf2figqtaypmc/

Trust: 1.0

url:https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe%40%3ccommits.druid.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/091b518265bce56a16af87b77c8cfacda902a02079e866f9fdf13b61%40%3cusers.trafficserver.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/r99a625fb17032646d96cd23dec49603ff630e9318e44a686d63046bc%40%3ccommits.cassandra.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/rd31230d01fa6aad18bdadc0720acd1747e53690bd35f73a48e7a9b75%40%3ccommits.cassandra.apache.org%3e

Trust: 1.0

url:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/cmnfx5mnyrwwimo4btkyqcgudmho3axp/

Trust: 1.0

url:https://lists.apache.org/thread.html/2653c56545573b528f3f6352a29eccaf498bd6fb2a6a59568d81a61d%40%3cannounce.trafficserver.apache.org%3e

Trust: 1.0

url:https://nvd.nist.gov/vuln/detail/cve-2019-9514

Trust: 0.9

url:https://nvd.nist.gov/vuln/detail/cve-2019-9515

Trust: 0.9

url:https://nvd.nist.gov/vuln/detail/cve-2019-9512

Trust: 0.9

url:https://vuls.cert.org/confluence/pages/viewpage.action?pageid=56393752

Trust: 0.8

url:https://tools.ietf.org/html/rfc7540

Trust: 0.8

url:https://tools.ietf.org/html/rfc7541

Trust: 0.8

url:https://blog.cloudflare.com/on-the-recent-http-2-dos-attacks/

Trust: 0.8

url:https://blog.litespeedtech.com/2019/08/15/litespeed-addresses-http-2-dos-advisories/

Trust: 0.8

url:https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-9511https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-9512https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-9513https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-9514https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-9518

Trust: 0.8

url:https://jvn.jp/vu/jvnvu98433488/

Trust: 0.8

url:https://jvn.jp/vu/jvnvu93696206/

Trust: 0.8

url:https://access.redhat.com/security/cve/cve-2019-9512

Trust: 0.8

url:https://access.redhat.com/security/updates/classification/#important

Trust: 0.8

url:https://access.redhat.com/security/cve/cve-2019-9514

Trust: 0.8

url:https://access.redhat.com/security/cve/cve-2019-9515

Trust: 0.8

url:https://access.redhat.com/security/cve/cve-2019-9518

Trust: 0.8

url:https://access.redhat.com/security/team/contact/

Trust: 0.8

url:https://www.redhat.com/mailman/listinfo/rhsa-announce

Trust: 0.8

url:https://bugzilla.redhat.com/):

Trust: 0.8

url:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/cmnfx5mnyrwwimo4btkyqcgudmho3axp/

Trust: 0.7

url:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4zqghe3wtylyayjeidjvf2figqtaypmc/

Trust: 0.7

url:https://lists.apache.org/thread.html/r99a625fb17032646d96cd23dec49603ff630e9318e44a686d63046bc@%3ccommits.cassandra.apache.org%3e

Trust: 0.7

url:https://lists.apache.org/thread.html/rd31230d01fa6aad18bdadc0720acd1747e53690bd35f73a48e7a9b75@%3ccommits.cassandra.apache.org%3e

Trust: 0.7

url:https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe@%3ccommits.druid.apache.org%3e

Trust: 0.7

url:https://lists.apache.org/thread.html/2653c56545573b528f3f6352a29eccaf498bd6fb2a6a59568d81a61d@%3cannounce.trafficserver.apache.org%3e

Trust: 0.7

url:https://lists.apache.org/thread.html/ff5b0821a6985159a832ff6d1a4bd311ac07ecc7db1e2d8bab619107@%3cdev.trafficserver.apache.org%3e

Trust: 0.7

url:https://lists.apache.org/thread.html/091b518265bce56a16af87b77c8cfacda902a02079e866f9fdf13b61@%3cusers.trafficserver.apache.org%3e

Trust: 0.7

url:https://support.f5.com/csp/article/k46011592?utm_source=f5support&utm_medium=rss

Trust: 0.6

url:http2-cves/

Trust: 0.6

url:https://www.cloudfoundry.org/blog/various-

Trust: 0.6

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9517

Trust: 0.6

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9516

Trust: 0.6

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9515

Trust: 0.6

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9514

Trust: 0.6

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9513

Trust: 0.6

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9512

Trust: 0.6

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9511

Trust: 0.6

url:https://www.suse.com/support/update/announcement/2019/suse-su-20192260-1.html

Trust: 0.6

url:https://security.business.xerox.com/wp-content/uploads/2019/11/cert_xrx19-029_ffpsv2_win10_securitybulletin_nov2019.pdf

Trust: 0.6

url:https://support.apple.com/en-au/ht210436

Trust: 0.6

url:https://www.suse.com/support/update/announcement/2019/suse-su-20192254-1.html

Trust: 0.6

url:https://support.f5.com/csp/article/k50233772

Trust: 0.6

url:https://www.ibm.com/support/pages/node/1126605

Trust: 0.6

url:https://www.suse.com/support/update/announcement/2019/suse-su-201914246-1.html

Trust: 0.6

url:https://www.ibm.com/support/pages/node/1104951

Trust: 0.6

url:https://www.us-cert.gov/ics/advisories/icsa-19-346-01

Trust: 0.6

url:https://www.ibm.com/support/pages/node/1109787

Trust: 0.6

url:https://www.ibm.com/support/pages/node/1109781

Trust: 0.6

url:https://www.ibm.com/support/pages/node/1108515

Trust: 0.6

url:https://www.ibm.com/support/pages/node/1109775

Trust: 0.6

url:https://www.ibm.com/support/pages/node/1165894

Trust: 0.6

url:https://www.ibm.com/support/pages/node/1165906

Trust: 0.6

url:https://www.ibm.com/support/pages/node/1135167

Trust: 0.6

url:https://www.ibm.com/support/pages/node/1164346

Trust: 0.6

url:https://www.ibm.com/support/pages/node/1164364

Trust: 0.6

url:https://www.suse.com/support/update/announcement/2020/suse-su-20200059-1.html

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-dependent-libraries-affect-ibm-db2-leading-to-denial-of-service-or-privilege-escalation/

Trust: 0.6

url:https://www.ibm.com/support/pages/node/1128387

Trust: 0.6

url:https://packetstormsecurity.com/files/157214/red-hat-security-advisory-2020-1445-01.html

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.4788/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.4586/

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-node-js-affect-ibm-spectrum-protect-plus-cve-2019-15606-cve-2019-15604-cve-2019-15605-cve-2019-9511-cve-2019-9516-cve-2019-9512-cve-2019-9517-cve-2019-951/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.4332/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.0643/

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-have-been-identified-in-db2-that-affect-the-ibm-performance-management-product/

Trust: 0.6

url:https://www.ibm.com/support/pages/node/1143454

Trust: 0.6

url:http2-implementation-vulnerablility/

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-websphere-liberty-susceptible-to-

Trust: 0.6

url:https://packetstormsecurity.com/files/155728/red-hat-security-advisory-2019-4352-01.html

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.2619/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.3114/

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-kubernetes-affect-ibm-infosphere-information-server/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.3299/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.5666

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-websphere-application-server-liberty-affect-ibm-spectrum-protect-operations-center-and-client-management-service/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.1335/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.3597.3/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.4737/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.0832/

Trust: 0.6

url:https://www.ibm.com/support/pages/node/1137466

Trust: 0.6

url:https://vigilance.fr/vulnerability/http-2-multiple-vulnerabilities-30040

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-netty-affect-ibm-operations-analytics-predictive-insights-cve-2019-9514-cve-2019-9512-cve-2019-9518-cve-2019-9515/

Trust: 0.6

url:http://www.nsfocus.net/vulndb/43922

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.1076/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.3325/

Trust: 0.6

url:https://packetstormsecurity.com/files/156628/red-hat-security-advisory-2020-0727-01.html

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-dependent-libraries-affect-ibm-db2-leading-to-denial-of-service-or-privilege-escalation-3/

Trust: 0.6

url:https://www.ibm.com/support/pages/node/1127397

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.1427/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.4645/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.3597.2/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.4665/

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-ibm-watson-discovery-for-ibm-cloud-pak-for-data-affected-by-vulnerability-in-netty/

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-netty-affect-ibm-netcool-agile-service-manager/

Trust: 0.6

url:https://pivotal.io/security/cve-2019-9517

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-ibm-db2-warehouse-has-released-a-fix-in-response-to-multiple-vulnerabilities-found-in-ibm-db2/

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-transformation-advisor-is-affected-by-vulnerabilities-in-websphere-application-server-liberty-cve-2019-9515-cve-2019-9518-cve-2019-9517-cve-2019-9512-cve-2019-9514-c/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.4596/

Trust: 0.6

url:https://support.apple.com/en-us/ht210436

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-in-ibm-websphere-application-server-affect-ibm-sterling-b2b-integrator/

Trust: 0.6

url:https://packetstormsecurity.com/files/156852/red-hat-security-advisory-2020-0922-01.html

Trust: 0.6

url:https://packetstormsecurity.com/files/156941/red-hat-security-advisory-2020-0983-01.html

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022072128

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-dependent-libraries-affect-ibm-db2-leading-to-denial-of-service-or-privilege-escalation-2/

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-ibm-infosphere-information-server-is-affected-by-multiple-vulnerabilities-in-websphere-application-server-liberty/

Trust: 0.6

url:https://packetstormsecurity.com/files/158651/red-hat-security-advisory-2020-3197-01.html

Trust: 0.6

url:https://portal.msrc.microsoft.com/zh-cn/security-guidance/advisory/cve-2019-9518

Trust: 0.6

url:https://www.ibm.com/support/pages/node/1150960

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.4343/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.0100/

Trust: 0.6

url:https://www.ibm.com/support/pages/node/1167160

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.0007/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.4238/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.3412/

Trust: 0.6

url:https://packetstormsecurity.com/files/155352/red-hat-security-advisory-2019-3892-01.html

Trust: 0.6

url:https://www.ibm.com/support/pages/node/1165852

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.1030/

Trust: 0.6

url:https://www.ibm.com/support/pages/node/1127853

Trust: 0.6

url:https://access.redhat.com/security/cve/cve-2019-16869

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2019-16869

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2019-20444

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2019-20445

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2019-20444

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2020-7238

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2019-20445

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2020-7238

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2019-10173

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2019-10173

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2019-9511

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2019-9517

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2019-9511

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2019-9517

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2019-9516

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2019-9516

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2020-14060

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-11112

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-12406

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-9547

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-11113

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-10968

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-17573

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-1718

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-9546

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-14060

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-13990

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-11620

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-10672

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-12406

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-17573

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-11612

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-20330

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-14061

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-11619

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-10673

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-1718

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-9548

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-13990

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-14062

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-8840

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-10672

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-10969

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-11619

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-11620

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-11111

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-20330

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-12423

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-11112

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-11612

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-12423

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-10968

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-11111

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-10969

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-14061

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-11113

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-14062

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-10673

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-0201

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-0201

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-0222

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-10247

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-0222

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-10241

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-10247

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-10241

Trust: 0.2

url:https://kc.mcafee.com/corporate/index?page=content&amp;id=sb10296

Trust: 0.1

url:https://support.f5.com/csp/article/k46011592?utm_source=f5support&amp;amp;utm_medium=rss

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2020:3196

Trust: 0.1

url:https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions&product=rhdm&version=7.8.0

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/red_hat_decision_manager/7.8/html/release_notes_for_red_hat_decision_manager_7.8/index

Trust: 0.1

url:https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=jboss.fuse&downloadtype=securitypatches&version=6.3

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-12384

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-12384

Trust: 0.1

url:https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=jboss.amq.broker&downloadtype=securitypatches&version=6.3.0

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/red_hat_jboss_fuse/6.3/html/release_notes/index

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-11796

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-0204

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2017-15095

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-19360

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-8034

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-14720

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-14718

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-14718

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-19361

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-14719

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-14719

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-12022

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-14720

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-1000850

Trust: 0.1

url:https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions&product=jboss.fuse&version=7.5.0

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-1000850

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-12023

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2017-17485

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-8009

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-8034

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/red_hat_fuse/7.5/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-19360

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-11775

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-11796

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-19362

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-1131

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-1131

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-19362

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-0204

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-12023

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-14721

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-12022

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-11775

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-11307

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-14721

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-14860

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2017-17485

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2017-15095

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-8009

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-11307

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-14860

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-19361

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/red_hat_process_automation_manager/7.8/html/release_notes_for_red_hat_process_automation_manager_7.8/index

Trust: 0.1

url:https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions&product=rhpam&version=7.8.0

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2020:3197

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-10086

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-10086

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-9513

Trust: 0.1

url:https://access.redhat.com/articles/11258

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-9513

Trust: 0.1

url:https://access.redhat.com/security/team/key/

Trust: 0.1

url:https://www.debian.org/security/faq

Trust: 0.1

url:https://www.debian.org/security/

Trust: 0.1

url:https://security-tracker.debian.org/tracker/trafficserver

Trust: 0.1

url:https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions&product=jboss.amq.broker&version=7.4.3

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2020:1445

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/red_hat_amq/7.4/

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-14335

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-10174

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-14379

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-10184

Trust: 0.1

url:https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product\xdata.grid&downloadtype=patches&version=7.3

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-3888

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-3888

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-10212

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-10212

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/red_hat_data_grid/7.3/html-single/red_hat_data_grid_7.3_release_notes/index

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-10184

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-10174

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-3805

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-14335

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-3805

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-14379

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/red_hat_amq/7.6/

Trust: 0.1

url:https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions&product=jboss.amq.broker&version=7.6.0&productchanged=yes

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2020:0922

Trust: 0.1

sources: CERT/CC: VU#605641 // VULHUB: VHN-160953 // JVNDB: JVNDB-2019-008015 // PACKETSTORM: 158650 // PACKETSTORM: 155728 // PACKETSTORM: 155352 // PACKETSTORM: 158651 // PACKETSTORM: 154712 // PACKETSTORM: 154430 // PACKETSTORM: 157214 // PACKETSTORM: 156628 // PACKETSTORM: 156852 // CNNVD: CNNVD-201908-940 // NVD: CVE-2019-9518

CREDITS

Red Hat

Trust: 1.4

sources: PACKETSTORM: 158650 // PACKETSTORM: 155728 // PACKETSTORM: 155352 // PACKETSTORM: 158651 // PACKETSTORM: 154712 // PACKETSTORM: 157214 // PACKETSTORM: 156628 // PACKETSTORM: 156852 // CNNVD: CNNVD-201908-940

SOURCES

db:CERT/CCid:VU#605641
db:VULHUBid:VHN-160953
db:JVNDBid:JVNDB-2019-008015
db:PACKETSTORMid:158650
db:PACKETSTORMid:155728
db:PACKETSTORMid:155352
db:PACKETSTORMid:158651
db:PACKETSTORMid:154712
db:PACKETSTORMid:154430
db:PACKETSTORMid:157214
db:PACKETSTORMid:156628
db:PACKETSTORMid:156852
db:CNNVDid:CNNVD-201908-940
db:NVDid:CVE-2019-9518

LAST UPDATE DATE

2024-12-21T20:52:22.692000+00:00


SOURCES UPDATE DATE

db:CERT/CCid:VU#605641date:2019-11-19T00:00:00
db:VULHUBid:VHN-160953date:2020-10-22T00:00:00
db:JVNDBid:JVNDB-2019-008015date:2019-08-23T00:00:00
db:CNNVDid:CNNVD-201908-940date:2022-11-09T00:00:00
db:NVDid:CVE-2019-9518date:2024-11-21T04:51:47.587

SOURCES RELEASE DATE

db:CERT/CCid:VU#605641date:2019-08-13T00:00:00
db:VULHUBid:VHN-160953date:2019-08-13T00:00:00
db:JVNDBid:JVNDB-2019-008015date:2019-08-23T00:00:00
db:PACKETSTORMid:158650date:2020-07-29T17:52:58
db:PACKETSTORMid:155728date:2019-12-19T22:07:40
db:PACKETSTORMid:155352date:2019-11-15T16:16:10
db:PACKETSTORMid:158651date:2020-07-29T17:53:05
db:PACKETSTORMid:154712date:2019-10-02T15:03:59
db:PACKETSTORMid:154430date:2019-09-10T23:12:17
db:PACKETSTORMid:157214date:2020-04-14T15:39:41
db:PACKETSTORMid:156628date:2020-03-05T14:41:17
db:PACKETSTORMid:156852date:2020-03-23T15:57:42
db:CNNVDid:CNNVD-201908-940date:2019-08-13T00:00:00
db:NVDid:CVE-2019-9518date:2019-08-13T21:15:13.003