Details of VAR-201908-0263

ID

VAR-201908-0263

CVE

CVE-2019-9513

TITLE

HTTP/2 implementations do not robustly handle abnormal traffic and resource exhaustion

Trust: 0.8

sources: CERT/CC: VU#605641

DESCRIPTION

Some HTTP/2 implementations are vulnerable to resource loops, potentially leading to a denial of service. The attacker creates multiple request streams and continually shuffles the priority of the streams in a way that causes substantial churn to the priority tree. This can consume excess CPU. Multiple HTTP/2 implementations are vulnerable to a variety of denial-of-service (DoS) attacks. Apple SwiftNIO Used in products such as HTTP/2 Contains a resource exhaustion vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. HTTP/2 is the second version of the hypertext transfer protocol, which is mainly used to ensure the communication between the client and the server. A resource management error vulnerability exists in HTTP/2. A vulnerability in the HTTP/2 implementation of Nginx could allow an unauthenticated, remote malicious user to cause a denial of service (DoS) condition on a targeted system. The vulnerability is due to improper priority changes in the affected software that could lead to excessive CPU usage. An attacker could exploit this vulnerability by sending a request that submits malicious input to an affected system. A successful exploit could result in a DoS condition on the targeted system. nginx.org has confirmed the vulnerability and released software updates. For the oldstable distribution (stretch), these problems have been fixed in version 1.10.3-1+deb9u3. For the stable distribution (buster), these problems have been fixed in version 1.14.2-2+deb10u1. We recommend that you upgrade your nginx packages. For the detailed security status of nginx please refer to its security tracker page at: https://security-tracker.debian.org/tracker/nginx Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl1e7q4ACgkQEMKTtsN8 TjanPg/+JLLuKVdUDpVPFNkX1ckmT5gsoCwzGz3ybhcDMxbf7jD8jtmXFiGFn4fP MXsx6MgrRZn3hq+2VF6MKZjKh9n1hBX38PkqjHKEtV6Xzor97xxLH0rrMlBMEQ7y rz96YTffJfcj+ykI3Vlye1GGDEiKyu0vWgoutXH3i8GUYFyDk//HQdI0eJLQhkfo TMRdbAKmMGeMt/8tSz4G0wewdxc9xjNwE1lKkV22JbT6t656f5QtvOLxt2HvM5c4 gFtFFBv7e1ymh0CKz4VxOxjEH+4ogx5HfzcYP2LjaZJsCFOw8ZUbdieFhlF0R2jH vskBuYLPa/djYHoZ55KY/WTmTsn72y7ZEuQcAdiHRVjg6wRFaum/KkdwutBBCeEj odvrGUcgdLLx4uAC7JOt9HME77Rgu1wTnx3l9L3QCwxIXpHqL8zOuSrSKYDuntDT agQ/awapEYYK5IAgo7YGkhHHHbTSLQ2UX9KfmyoPXJ+H9Vl/XjGhPwdDSEYNqrE9 IKQ8gaFCVOgjJo8lTa5NBsvxa08Gh6jQGZo8Rgfjs4KvUS847Cpb086BvU9pMs36 46+cLbkJ2jkfMLd4slZ5Gf2wkagUJmeZD5O7bY90Szs/IUOJez0LWaN3l7VSMtvY a3a/Y53cX1QYt60eiE6x/ifraOHzcsJglrUNmK8VPfJ9tSTFhWY=+ZOE -----END PGP SIGNATURE----- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: httpd24-httpd and httpd24-nghttp2 security update Advisory ID: RHSA-2019:2949-01 Product: Red Hat Software Collections Advisory URL: https://access.redhat.com/errata/RHSA-2019:2949 Issue date: 2019-10-01 CVE Names: CVE-2019-9511 CVE-2019-9513 CVE-2019-9517 ==================================================================== 1. Summary: An update for httpd24-httpd and httpd24-nghttp2 is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - noarch, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - aarch64, noarch, ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5) - noarch, ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6) - noarch, ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7) - noarch, ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - noarch, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64 3. Description: The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix(es): * HTTP/2: large amount of data requests leads to denial of service (CVE-2019-9511) * HTTP/2: flood using PRIORITY frames resulting in excessive resource consumption (CVE-2019-9513) * HTTP/2: request for large response leads to denial of service (CVE-2019-9517) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing the updated packages, the httpd daemon will be restarted automatically. 5. Bugs fixed (https://bugzilla.redhat.com/): 1735741 - CVE-2019-9513 HTTP/2: flood using PRIORITY frames results in excessive resource consumption 1741860 - CVE-2019-9511 HTTP/2: large amount of data requests leads to denial of service 1741868 - CVE-2019-9517 HTTP/2: request for large response leads to denial of service 6. Package List: Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6): Source: httpd24-httpd-2.4.34-8.el6.1.src.rpm httpd24-nghttp2-1.7.1-7.el6.1.src.rpm noarch: httpd24-httpd-manual-2.4.34-8.el6.1.noarch.rpm x86_64: httpd24-httpd-2.4.34-8.el6.1.x86_64.rpm httpd24-httpd-debuginfo-2.4.34-8.el6.1.x86_64.rpm httpd24-httpd-devel-2.4.34-8.el6.1.x86_64.rpm httpd24-httpd-tools-2.4.34-8.el6.1.x86_64.rpm httpd24-libnghttp2-1.7.1-7.el6.1.x86_64.rpm httpd24-libnghttp2-devel-1.7.1-7.el6.1.x86_64.rpm httpd24-mod_ldap-2.4.34-8.el6.1.x86_64.rpm httpd24-mod_proxy_html-2.4.34-8.el6.1.x86_64.rpm httpd24-mod_session-2.4.34-8.el6.1.x86_64.rpm httpd24-mod_ssl-2.4.34-8.el6.1.x86_64.rpm httpd24-nghttp2-1.7.1-7.el6.1.x86_64.rpm httpd24-nghttp2-debuginfo-1.7.1-7.el6.1.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6): Source: httpd24-httpd-2.4.34-8.el6.1.src.rpm httpd24-nghttp2-1.7.1-7.el6.1.src.rpm noarch: httpd24-httpd-manual-2.4.34-8.el6.1.noarch.rpm x86_64: httpd24-httpd-2.4.34-8.el6.1.x86_64.rpm httpd24-httpd-debuginfo-2.4.34-8.el6.1.x86_64.rpm httpd24-httpd-devel-2.4.34-8.el6.1.x86_64.rpm httpd24-httpd-tools-2.4.34-8.el6.1.x86_64.rpm httpd24-libnghttp2-1.7.1-7.el6.1.x86_64.rpm httpd24-libnghttp2-devel-1.7.1-7.el6.1.x86_64.rpm httpd24-mod_ldap-2.4.34-8.el6.1.x86_64.rpm httpd24-mod_proxy_html-2.4.34-8.el6.1.x86_64.rpm httpd24-mod_session-2.4.34-8.el6.1.x86_64.rpm httpd24-mod_ssl-2.4.34-8.el6.1.x86_64.rpm httpd24-nghttp2-1.7.1-7.el6.1.x86_64.rpm httpd24-nghttp2-debuginfo-1.7.1-7.el6.1.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7): Source: httpd24-httpd-2.4.34-8.el7.1.src.rpm httpd24-nghttp2-1.7.1-7.el7.1.src.rpm aarch64: httpd24-httpd-2.4.34-8.el7.1.aarch64.rpm httpd24-httpd-debuginfo-2.4.34-8.el7.1.aarch64.rpm httpd24-httpd-devel-2.4.34-8.el7.1.aarch64.rpm httpd24-httpd-tools-2.4.34-8.el7.1.aarch64.rpm httpd24-libnghttp2-1.7.1-7.el7.1.aarch64.rpm httpd24-libnghttp2-devel-1.7.1-7.el7.1.aarch64.rpm httpd24-mod_ldap-2.4.34-8.el7.1.aarch64.rpm httpd24-mod_md-2.4.34-8.el7.1.aarch64.rpm httpd24-mod_proxy_html-2.4.34-8.el7.1.aarch64.rpm httpd24-mod_session-2.4.34-8.el7.1.aarch64.rpm httpd24-mod_ssl-2.4.34-8.el7.1.aarch64.rpm httpd24-nghttp2-1.7.1-7.el7.1.aarch64.rpm httpd24-nghttp2-debuginfo-1.7.1-7.el7.1.aarch64.rpm noarch: httpd24-httpd-manual-2.4.34-8.el7.1.noarch.rpm ppc64le: httpd24-httpd-2.4.34-8.el7.1.ppc64le.rpm httpd24-httpd-debuginfo-2.4.34-8.el7.1.ppc64le.rpm httpd24-httpd-devel-2.4.34-8.el7.1.ppc64le.rpm httpd24-httpd-tools-2.4.34-8.el7.1.ppc64le.rpm httpd24-libnghttp2-1.7.1-7.el7.1.ppc64le.rpm httpd24-libnghttp2-devel-1.7.1-7.el7.1.ppc64le.rpm httpd24-mod_ldap-2.4.34-8.el7.1.ppc64le.rpm httpd24-mod_md-2.4.34-8.el7.1.ppc64le.rpm httpd24-mod_proxy_html-2.4.34-8.el7.1.ppc64le.rpm httpd24-mod_session-2.4.34-8.el7.1.ppc64le.rpm httpd24-mod_ssl-2.4.34-8.el7.1.ppc64le.rpm httpd24-nghttp2-1.7.1-7.el7.1.ppc64le.rpm httpd24-nghttp2-debuginfo-1.7.1-7.el7.1.ppc64le.rpm s390x: httpd24-httpd-2.4.34-8.el7.1.s390x.rpm httpd24-httpd-debuginfo-2.4.34-8.el7.1.s390x.rpm httpd24-httpd-devel-2.4.34-8.el7.1.s390x.rpm httpd24-httpd-tools-2.4.34-8.el7.1.s390x.rpm httpd24-libnghttp2-1.7.1-7.el7.1.s390x.rpm httpd24-libnghttp2-devel-1.7.1-7.el7.1.s390x.rpm httpd24-mod_ldap-2.4.34-8.el7.1.s390x.rpm httpd24-mod_md-2.4.34-8.el7.1.s390x.rpm httpd24-mod_proxy_html-2.4.34-8.el7.1.s390x.rpm httpd24-mod_session-2.4.34-8.el7.1.s390x.rpm httpd24-mod_ssl-2.4.34-8.el7.1.s390x.rpm httpd24-nghttp2-1.7.1-7.el7.1.s390x.rpm httpd24-nghttp2-debuginfo-1.7.1-7.el7.1.s390x.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7): Source: httpd24-httpd-2.4.34-8.el7.1.src.rpm httpd24-nghttp2-1.7.1-7.el7.1.src.rpm aarch64: httpd24-httpd-2.4.34-8.el7.1.aarch64.rpm httpd24-httpd-debuginfo-2.4.34-8.el7.1.aarch64.rpm httpd24-httpd-devel-2.4.34-8.el7.1.aarch64.rpm httpd24-httpd-tools-2.4.34-8.el7.1.aarch64.rpm httpd24-libnghttp2-1.7.1-7.el7.1.aarch64.rpm httpd24-libnghttp2-devel-1.7.1-7.el7.1.aarch64.rpm httpd24-mod_ldap-2.4.34-8.el7.1.aarch64.rpm httpd24-mod_md-2.4.34-8.el7.1.aarch64.rpm httpd24-mod_proxy_html-2.4.34-8.el7.1.aarch64.rpm httpd24-mod_session-2.4.34-8.el7.1.aarch64.rpm httpd24-mod_ssl-2.4.34-8.el7.1.aarch64.rpm httpd24-nghttp2-1.7.1-7.el7.1.aarch64.rpm httpd24-nghttp2-debuginfo-1.7.1-7.el7.1.aarch64.rpm noarch: httpd24-httpd-manual-2.4.34-8.el7.1.noarch.rpm ppc64le: httpd24-httpd-2.4.34-8.el7.1.ppc64le.rpm httpd24-httpd-debuginfo-2.4.34-8.el7.1.ppc64le.rpm httpd24-httpd-devel-2.4.34-8.el7.1.ppc64le.rpm httpd24-httpd-tools-2.4.34-8.el7.1.ppc64le.rpm httpd24-libnghttp2-1.7.1-7.el7.1.ppc64le.rpm httpd24-libnghttp2-devel-1.7.1-7.el7.1.ppc64le.rpm httpd24-mod_ldap-2.4.34-8.el7.1.ppc64le.rpm httpd24-mod_md-2.4.34-8.el7.1.ppc64le.rpm httpd24-mod_proxy_html-2.4.34-8.el7.1.ppc64le.rpm httpd24-mod_session-2.4.34-8.el7.1.ppc64le.rpm httpd24-mod_ssl-2.4.34-8.el7.1.ppc64le.rpm httpd24-nghttp2-1.7.1-7.el7.1.ppc64le.rpm httpd24-nghttp2-debuginfo-1.7.1-7.el7.1.ppc64le.rpm s390x: httpd24-httpd-2.4.34-8.el7.1.s390x.rpm httpd24-httpd-debuginfo-2.4.34-8.el7.1.s390x.rpm httpd24-httpd-devel-2.4.34-8.el7.1.s390x.rpm httpd24-httpd-tools-2.4.34-8.el7.1.s390x.rpm httpd24-libnghttp2-1.7.1-7.el7.1.s390x.rpm httpd24-libnghttp2-devel-1.7.1-7.el7.1.s390x.rpm httpd24-mod_ldap-2.4.34-8.el7.1.s390x.rpm httpd24-mod_md-2.4.34-8.el7.1.s390x.rpm httpd24-mod_proxy_html-2.4.34-8.el7.1.s390x.rpm httpd24-mod_session-2.4.34-8.el7.1.s390x.rpm httpd24-mod_ssl-2.4.34-8.el7.1.s390x.rpm httpd24-nghttp2-1.7.1-7.el7.1.s390x.rpm httpd24-nghttp2-debuginfo-1.7.1-7.el7.1.s390x.rpm x86_64: httpd24-httpd-2.4.34-8.el7.1.x86_64.rpm httpd24-httpd-debuginfo-2.4.34-8.el7.1.x86_64.rpm httpd24-httpd-devel-2.4.34-8.el7.1.x86_64.rpm httpd24-httpd-tools-2.4.34-8.el7.1.x86_64.rpm httpd24-libnghttp2-1.7.1-7.el7.1.x86_64.rpm httpd24-libnghttp2-devel-1.7.1-7.el7.1.x86_64.rpm httpd24-mod_ldap-2.4.34-8.el7.1.x86_64.rpm httpd24-mod_md-2.4.34-8.el7.1.x86_64.rpm httpd24-mod_proxy_html-2.4.34-8.el7.1.x86_64.rpm httpd24-mod_session-2.4.34-8.el7.1.x86_64.rpm httpd24-mod_ssl-2.4.34-8.el7.1.x86_64.rpm httpd24-nghttp2-1.7.1-7.el7.1.x86_64.rpm httpd24-nghttp2-debuginfo-1.7.1-7.el7.1.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5): Source: httpd24-httpd-2.4.34-8.el7.1.src.rpm httpd24-nghttp2-1.7.1-7.el7.1.src.rpm noarch: httpd24-httpd-manual-2.4.34-8.el7.1.noarch.rpm ppc64le: httpd24-httpd-2.4.34-8.el7.1.ppc64le.rpm httpd24-httpd-debuginfo-2.4.34-8.el7.1.ppc64le.rpm httpd24-httpd-devel-2.4.34-8.el7.1.ppc64le.rpm httpd24-httpd-tools-2.4.34-8.el7.1.ppc64le.rpm httpd24-libnghttp2-1.7.1-7.el7.1.ppc64le.rpm httpd24-libnghttp2-devel-1.7.1-7.el7.1.ppc64le.rpm httpd24-mod_ldap-2.4.34-8.el7.1.ppc64le.rpm httpd24-mod_md-2.4.34-8.el7.1.ppc64le.rpm httpd24-mod_proxy_html-2.4.34-8.el7.1.ppc64le.rpm httpd24-mod_session-2.4.34-8.el7.1.ppc64le.rpm httpd24-mod_ssl-2.4.34-8.el7.1.ppc64le.rpm httpd24-nghttp2-1.7.1-7.el7.1.ppc64le.rpm httpd24-nghttp2-debuginfo-1.7.1-7.el7.1.ppc64le.rpm s390x: httpd24-httpd-2.4.34-8.el7.1.s390x.rpm httpd24-httpd-debuginfo-2.4.34-8.el7.1.s390x.rpm httpd24-httpd-devel-2.4.34-8.el7.1.s390x.rpm httpd24-httpd-tools-2.4.34-8.el7.1.s390x.rpm httpd24-libnghttp2-1.7.1-7.el7.1.s390x.rpm httpd24-libnghttp2-devel-1.7.1-7.el7.1.s390x.rpm httpd24-mod_ldap-2.4.34-8.el7.1.s390x.rpm httpd24-mod_md-2.4.34-8.el7.1.s390x.rpm httpd24-mod_proxy_html-2.4.34-8.el7.1.s390x.rpm httpd24-mod_session-2.4.34-8.el7.1.s390x.rpm httpd24-mod_ssl-2.4.34-8.el7.1.s390x.rpm httpd24-nghttp2-1.7.1-7.el7.1.s390x.rpm httpd24-nghttp2-debuginfo-1.7.1-7.el7.1.s390x.rpm x86_64: httpd24-httpd-2.4.34-8.el7.1.x86_64.rpm httpd24-httpd-debuginfo-2.4.34-8.el7.1.x86_64.rpm httpd24-httpd-devel-2.4.34-8.el7.1.x86_64.rpm httpd24-httpd-tools-2.4.34-8.el7.1.x86_64.rpm httpd24-libnghttp2-1.7.1-7.el7.1.x86_64.rpm httpd24-libnghttp2-devel-1.7.1-7.el7.1.x86_64.rpm httpd24-mod_ldap-2.4.34-8.el7.1.x86_64.rpm httpd24-mod_md-2.4.34-8.el7.1.x86_64.rpm httpd24-mod_proxy_html-2.4.34-8.el7.1.x86_64.rpm httpd24-mod_session-2.4.34-8.el7.1.x86_64.rpm httpd24-mod_ssl-2.4.34-8.el7.1.x86_64.rpm httpd24-nghttp2-1.7.1-7.el7.1.x86_64.rpm httpd24-nghttp2-debuginfo-1.7.1-7.el7.1.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6): Source: httpd24-httpd-2.4.34-8.el7.1.src.rpm httpd24-nghttp2-1.7.1-7.el7.1.src.rpm noarch: httpd24-httpd-manual-2.4.34-8.el7.1.noarch.rpm ppc64le: httpd24-httpd-2.4.34-8.el7.1.ppc64le.rpm httpd24-httpd-debuginfo-2.4.34-8.el7.1.ppc64le.rpm httpd24-httpd-devel-2.4.34-8.el7.1.ppc64le.rpm httpd24-httpd-tools-2.4.34-8.el7.1.ppc64le.rpm httpd24-libnghttp2-1.7.1-7.el7.1.ppc64le.rpm httpd24-libnghttp2-devel-1.7.1-7.el7.1.ppc64le.rpm httpd24-mod_ldap-2.4.34-8.el7.1.ppc64le.rpm httpd24-mod_md-2.4.34-8.el7.1.ppc64le.rpm httpd24-mod_proxy_html-2.4.34-8.el7.1.ppc64le.rpm httpd24-mod_session-2.4.34-8.el7.1.ppc64le.rpm httpd24-mod_ssl-2.4.34-8.el7.1.ppc64le.rpm httpd24-nghttp2-1.7.1-7.el7.1.ppc64le.rpm httpd24-nghttp2-debuginfo-1.7.1-7.el7.1.ppc64le.rpm s390x: httpd24-httpd-2.4.34-8.el7.1.s390x.rpm httpd24-httpd-debuginfo-2.4.34-8.el7.1.s390x.rpm httpd24-httpd-devel-2.4.34-8.el7.1.s390x.rpm httpd24-httpd-tools-2.4.34-8.el7.1.s390x.rpm httpd24-libnghttp2-1.7.1-7.el7.1.s390x.rpm httpd24-libnghttp2-devel-1.7.1-7.el7.1.s390x.rpm httpd24-mod_ldap-2.4.34-8.el7.1.s390x.rpm httpd24-mod_md-2.4.34-8.el7.1.s390x.rpm httpd24-mod_proxy_html-2.4.34-8.el7.1.s390x.rpm httpd24-mod_session-2.4.34-8.el7.1.s390x.rpm httpd24-mod_ssl-2.4.34-8.el7.1.s390x.rpm httpd24-nghttp2-1.7.1-7.el7.1.s390x.rpm httpd24-nghttp2-debuginfo-1.7.1-7.el7.1.s390x.rpm x86_64: httpd24-httpd-2.4.34-8.el7.1.x86_64.rpm httpd24-httpd-debuginfo-2.4.34-8.el7.1.x86_64.rpm httpd24-httpd-devel-2.4.34-8.el7.1.x86_64.rpm httpd24-httpd-tools-2.4.34-8.el7.1.x86_64.rpm httpd24-libnghttp2-1.7.1-7.el7.1.x86_64.rpm httpd24-libnghttp2-devel-1.7.1-7.el7.1.x86_64.rpm httpd24-mod_ldap-2.4.34-8.el7.1.x86_64.rpm httpd24-mod_md-2.4.34-8.el7.1.x86_64.rpm httpd24-mod_proxy_html-2.4.34-8.el7.1.x86_64.rpm httpd24-mod_session-2.4.34-8.el7.1.x86_64.rpm httpd24-mod_ssl-2.4.34-8.el7.1.x86_64.rpm httpd24-nghttp2-1.7.1-7.el7.1.x86_64.rpm httpd24-nghttp2-debuginfo-1.7.1-7.el7.1.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7): Source: httpd24-httpd-2.4.34-8.el7.1.src.rpm httpd24-nghttp2-1.7.1-7.el7.1.src.rpm noarch: httpd24-httpd-manual-2.4.34-8.el7.1.noarch.rpm ppc64le: httpd24-httpd-2.4.34-8.el7.1.ppc64le.rpm httpd24-httpd-debuginfo-2.4.34-8.el7.1.ppc64le.rpm httpd24-httpd-devel-2.4.34-8.el7.1.ppc64le.rpm httpd24-httpd-tools-2.4.34-8.el7.1.ppc64le.rpm httpd24-libnghttp2-1.7.1-7.el7.1.ppc64le.rpm httpd24-libnghttp2-devel-1.7.1-7.el7.1.ppc64le.rpm httpd24-mod_ldap-2.4.34-8.el7.1.ppc64le.rpm httpd24-mod_md-2.4.34-8.el7.1.ppc64le.rpm httpd24-mod_proxy_html-2.4.34-8.el7.1.ppc64le.rpm httpd24-mod_session-2.4.34-8.el7.1.ppc64le.rpm httpd24-mod_ssl-2.4.34-8.el7.1.ppc64le.rpm httpd24-nghttp2-1.7.1-7.el7.1.ppc64le.rpm httpd24-nghttp2-debuginfo-1.7.1-7.el7.1.ppc64le.rpm s390x: httpd24-httpd-2.4.34-8.el7.1.s390x.rpm httpd24-httpd-debuginfo-2.4.34-8.el7.1.s390x.rpm httpd24-httpd-devel-2.4.34-8.el7.1.s390x.rpm httpd24-httpd-tools-2.4.34-8.el7.1.s390x.rpm httpd24-libnghttp2-1.7.1-7.el7.1.s390x.rpm httpd24-libnghttp2-devel-1.7.1-7.el7.1.s390x.rpm httpd24-mod_ldap-2.4.34-8.el7.1.s390x.rpm httpd24-mod_md-2.4.34-8.el7.1.s390x.rpm httpd24-mod_proxy_html-2.4.34-8.el7.1.s390x.rpm httpd24-mod_session-2.4.34-8.el7.1.s390x.rpm httpd24-mod_ssl-2.4.34-8.el7.1.s390x.rpm httpd24-nghttp2-1.7.1-7.el7.1.s390x.rpm httpd24-nghttp2-debuginfo-1.7.1-7.el7.1.s390x.rpm x86_64: httpd24-httpd-2.4.34-8.el7.1.x86_64.rpm httpd24-httpd-debuginfo-2.4.34-8.el7.1.x86_64.rpm httpd24-httpd-devel-2.4.34-8.el7.1.x86_64.rpm httpd24-httpd-tools-2.4.34-8.el7.1.x86_64.rpm httpd24-libnghttp2-1.7.1-7.el7.1.x86_64.rpm httpd24-libnghttp2-devel-1.7.1-7.el7.1.x86_64.rpm httpd24-mod_ldap-2.4.34-8.el7.1.x86_64.rpm httpd24-mod_md-2.4.34-8.el7.1.x86_64.rpm httpd24-mod_proxy_html-2.4.34-8.el7.1.x86_64.rpm httpd24-mod_session-2.4.34-8.el7.1.x86_64.rpm httpd24-mod_ssl-2.4.34-8.el7.1.x86_64.rpm httpd24-nghttp2-1.7.1-7.el7.1.x86_64.rpm httpd24-nghttp2-debuginfo-1.7.1-7.el7.1.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7): Source: httpd24-httpd-2.4.34-8.el7.1.src.rpm httpd24-nghttp2-1.7.1-7.el7.1.src.rpm noarch: httpd24-httpd-manual-2.4.34-8.el7.1.noarch.rpm x86_64: httpd24-httpd-2.4.34-8.el7.1.x86_64.rpm httpd24-httpd-debuginfo-2.4.34-8.el7.1.x86_64.rpm httpd24-httpd-devel-2.4.34-8.el7.1.x86_64.rpm httpd24-httpd-tools-2.4.34-8.el7.1.x86_64.rpm httpd24-libnghttp2-1.7.1-7.el7.1.x86_64.rpm httpd24-libnghttp2-devel-1.7.1-7.el7.1.x86_64.rpm httpd24-mod_ldap-2.4.34-8.el7.1.x86_64.rpm httpd24-mod_md-2.4.34-8.el7.1.x86_64.rpm httpd24-mod_proxy_html-2.4.34-8.el7.1.x86_64.rpm httpd24-mod_session-2.4.34-8.el7.1.x86_64.rpm httpd24-mod_ssl-2.4.34-8.el7.1.x86_64.rpm httpd24-nghttp2-1.7.1-7.el7.1.x86_64.rpm httpd24-nghttp2-debuginfo-1.7.1-7.el7.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2019-9511 https://access.redhat.com/security/cve/CVE-2019-9513 https://access.redhat.com/security/cve/CVE-2019-9517 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXZM+I9zjgjWX9erEAQhZww/+KbkqyDmqC5wyM0PG3/ZbsAg8Odywrvl7 P6oFYg8/Dsb5Tdrf6kZgHb6TFPYRqdptH5WTmLVedjvkvYgOeseVyzUCcjUgxP3S GjH1rGHQosMyRG82dyB3nexUnjJsDPQZ7kAnT3QS7WwzluY+jzBmQb54nEyfOK+2 Cm7MQbRJGS9igNGWlrbJpWA1caZkLDWpXxBNwmf1lh6LR/xOlbbEn3OnU4VFnIeI dbqAOP8DXSMvTFDvUuqZTJw2IjnWAYm2CJ3hi/BdRiAbsRtiIjFrQ3A3EaObt3ip P+FEXawj7/NzwMEFZu5Los+bJBH21Gdr44d0iS1FQYYC41rz0g1KVHizFVkFT2Hh m2YI65XlEd393dQMCtfrZIArZt87dBkU4JCBvKPYQ9+cF3PMR5ZzHSI2iSJ67iZM TWxkZv5mrI7DXZooOMfrW7aX8eyKk9PZy/iU24Iu8rJ4d9WZto9oDXZb4RwrurfV 2HB7wOpDz3duWsCJojE8lbpWJ8PswajfaruJq/jX7Za++v7F7GyTbSOgsAQAfDY2 XUTGiYzbrZmaIKaP3REWwTn+xTJBh8mqvUA2E+KvZzSn8fBEry8GIUsIKmxxzsz2 uqDSPyZ4Q5UO1nwLXpghkz/S1/JJztzbpLn1BJuISsTmR12R5a2Zrd8wcqpn9SOl I52/ZH/L3O8=N7om -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . The purpose of this text-only errata is to inform you about the security issues fixed in this release. Description: This release of Red Hat Fuse 7.6.0 serves as a replacement for Red Hat Fuse 7.5, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Solution: Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on. Installation instructions are available from the Fuse 7.6.0 product documentation page: https://access.redhat.com/documentation/en-us/red_hat_fuse/7.6/ 4. Bugs fixed (https://bugzilla.redhat.com/): 1399546 - CVE-2015-9251 js-jquery: Cross-site scripting via cross-domain ajax requests 1432858 - CVE-2017-5929 logback: Serialization vulnerability in SocketServer and ServerSocketReceiver 1591854 - CVE-2017-16012 js-jquery: XSS in responses from cross-origin ajax requests 1618573 - CVE-2018-11771 apache-commons-compress: ZipArchiveInputStream.read() fails to identify correct EOF allowing for DoS via crafted zip 1643043 - CVE-2018-15756 springframework: DoS Attack via Range Requests 1693777 - CVE-2019-3888 undertow: leak credentials to log files UndertowLogger.REQUEST_LOGGER.undertowRequestFailed 1703469 - CVE-2019-10174 infinispan: invokeAccessibly method from ReflectionUtil class allows to invoke private methods 1709860 - CVE-2019-5427 c3p0: loading XML configuration leads to denial of service 1713068 - CVE-2019-10184 undertow: Information leak in requests for directories without trailing slashes 1725795 - CVE-2019-12814 jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server via crafted JSON message. 7) - x86_64 3. Description: nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage. Description: Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: rh-nodejs10-nodejs (10.16.3). ========================================================================== Ubuntu Security Notice USN-6754-1 April 25, 2024 nghttp2 vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 23.10 - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS (Available with Ubuntu Pro) - Ubuntu 16.04 LTS (Available with Ubuntu Pro) Summary: Several security issues were fixed in nghttp2. Software Description: - nghttp2: HTTP/2 C Library and tools Details: It was discovered that nghttp2 incorrectly handled the HTTP/2 implementation. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2019-9511, CVE-2019-9513) It was discovered that nghttp2 incorrectly handled request cancellation. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2023-44487) It was discovered that nghttp2 could be made to process an unlimited number of HTTP/2 CONTINUATION frames. (CVE-2024-28182) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 23.10: libnghttp2-14 1.55.1-1ubuntu0.2 nghttp2 1.55.1-1ubuntu0.2 nghttp2-client 1.55.1-1ubuntu0.2 nghttp2-proxy 1.55.1-1ubuntu0.2 nghttp2-server 1.55.1-1ubuntu0.2 Ubuntu 22.04 LTS: libnghttp2-14 1.43.0-1ubuntu0.2 nghttp2 1.43.0-1ubuntu0.2 nghttp2-client 1.43.0-1ubuntu0.2 nghttp2-proxy 1.43.0-1ubuntu0.2 nghttp2-server 1.43.0-1ubuntu0.2 Ubuntu 20.04 LTS: libnghttp2-14 1.40.0-1ubuntu0.3 nghttp2 1.40.0-1ubuntu0.3 nghttp2-client 1.40.0-1ubuntu0.3 nghttp2-proxy 1.40.0-1ubuntu0.3 nghttp2-server 1.40.0-1ubuntu0.3 Ubuntu 18.04 LTS (Available with Ubuntu Pro): libnghttp2-14 1.30.0-1ubuntu1+esm2 nghttp2 1.30.0-1ubuntu1+esm2 nghttp2-client 1.30.0-1ubuntu1+esm2 nghttp2-proxy 1.30.0-1ubuntu1+esm2 nghttp2-server 1.30.0-1ubuntu1+esm2 Ubuntu 16.04 LTS (Available with Ubuntu Pro): libnghttp2-14 1.7.1-1ubuntu0.1~esm2 nghttp2 1.7.1-1ubuntu0.1~esm2 nghttp2-client 1.7.1-1ubuntu0.1~esm2 nghttp2-proxy 1.7.1-1ubuntu0.1~esm2 nghttp2-server 1.7.1-1ubuntu0.1~esm2 In general, a standard system update will make all the necessary changes

Trust: 3.24

sources: NVD: CVE-2019-9513 // CERT/CC: VU#605641 // JVNDB: JVNDB-2019-008113 // VULHUB: VHN-160948 // VULMON: CVE-2019-9513 // PACKETSTORM: 154190 // PACKETSTORM: 154712 // PACKETSTORM: 154699 // PACKETSTORM: 154284 // PACKETSTORM: 156941 // PACKETSTORM: 154471 // PACKETSTORM: 154693 // PACKETSTORM: 178284

AFFECTED PRODUCTS

vendor:	redhat	model:	enterprise linux	scope:	eq	version:	8.0	Trust: 1.0
vendor:	redhat	model:	quay	scope:	eq	version:	3.0.0	Trust: 1.0
vendor:	synology	model:	skynas	scope:	eq	version:	-	Trust: 1.0
vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	16.04	Trust: 1.0
vendor:	redhat	model:	openshift service mesh	scope:	eq	version:	1.0	Trust: 1.0
vendor:	f5	model:	nginx	scope:	gte	version:	1.9.5	Trust: 1.0
vendor:	f5	model:	nginx	scope:	gte	version:	1.17.0	Trust: 1.0
vendor:	fedoraproject	model:	fedora	scope:	eq	version:	30	Trust: 1.0
vendor:	synology	model:	diskstation manager	scope:	eq	version:	6.2	Trust: 1.0
vendor:	mcafee	model:	web gateway	scope:	gte	version:	7.8.2.0	Trust: 1.0
vendor:	oracle	model:	enterprise communications broker	scope:	eq	version:	3.2.0	Trust: 1.0
vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	18.04	Trust: 1.0
vendor:	apple	model:	swiftnio	scope:	lte	version:	1.4.0	Trust: 1.0
vendor:	apple	model:	swiftnio	scope:	gte	version:	1.0.0	Trust: 1.0
vendor:	apache	model:	traffic server	scope:	gte	version:	8.0.0	Trust: 1.0
vendor:	fedoraproject	model:	fedora	scope:	eq	version:	29	Trust: 1.0
vendor:	nodejs	model:	node.js	scope:	gte	version:	10.0.0	Trust: 1.0
vendor:	nodejs	model:	node.js	scope:	gte	version:	10.13.0	Trust: 1.0
vendor:	apache	model:	traffic server	scope:	gte	version:	7.0.0	Trust: 1.0
vendor:	debian	model:	linux	scope:	eq	version:	10.0	Trust: 1.0
vendor:	oracle	model:	enterprise communications broker	scope:	eq	version:	3.1.0	Trust: 1.0
vendor:	opensuse	model:	leap	scope:	eq	version:	15.1	Trust: 1.0
vendor:	nodejs	model:	node.js	scope:	lt	version:	12.8.1	Trust: 1.0
vendor:	apache	model:	traffic server	scope:	gte	version:	6.0.0	Trust: 1.0
vendor:	nodejs	model:	node.js	scope:	lte	version:	8.8.1	Trust: 1.0
vendor:	nodejs	model:	node.js	scope:	lt	version:	10.16.3	Trust: 1.0
vendor:	mcafee	model:	web gateway	scope:	gte	version:	7.7.2.0	Trust: 1.0
vendor:	nodejs	model:	node.js	scope:	gte	version:	8.0.0	Trust: 1.0
vendor:	redhat	model:	jboss enterprise application platform	scope:	eq	version:	7.2.0	Trust: 1.0
vendor:	f5	model:	nginx	scope:	lte	version:	1.17.2	Trust: 1.0
vendor:	nodejs	model:	node.js	scope:	gte	version:	12.0.0	Trust: 1.0
vendor:	synology	model:	vs960hd	scope:	eq	version:	-	Trust: 1.0
vendor:	oracle	model:	graalvm	scope:	eq	version:	19.2.0	Trust: 1.0
vendor:	mcafee	model:	web gateway	scope:	lt	version:	7.8.2.13	Trust: 1.0
vendor:	nodejs	model:	node.js	scope:	lt	version:	8.16.1	Trust: 1.0
vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	19.04	Trust: 1.0
vendor:	opensuse	model:	leap	scope:	eq	version:	15.0	Trust: 1.0
vendor:	redhat	model:	jboss core services	scope:	eq	version:	1.0	Trust: 1.0
vendor:	nodejs	model:	node.js	scope:	lte	version:	10.12.0	Trust: 1.0
vendor:	mcafee	model:	web gateway	scope:	lt	version:	8.2.0	Trust: 1.0
vendor:	apache	model:	traffic server	scope:	lte	version:	7.1.6	Trust: 1.0
vendor:	apache	model:	traffic server	scope:	lte	version:	6.2.3	Trust: 1.0
vendor:	mcafee	model:	web gateway	scope:	gte	version:	8.1.0	Trust: 1.0
vendor:	redhat	model:	software collections	scope:	eq	version:	1.0	Trust: 1.0
vendor:	mcafee	model:	web gateway	scope:	lt	version:	7.7.2.24	Trust: 1.0
vendor:	nodejs	model:	node.js	scope:	gte	version:	8.9.0	Trust: 1.0
vendor:	f5	model:	nginx	scope:	lt	version:	1.16.1	Trust: 1.0
vendor:	redhat	model:	jboss enterprise application platform	scope:	eq	version:	7.3.0	Trust: 1.0
vendor:	apache	model:	traffic server	scope:	lte	version:	8.0.3	Trust: 1.0
vendor:	debian	model:	linux	scope:	eq	version:	9.0	Trust: 1.0
vendor:	akamai	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	amazon	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	apache traffic server	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	apple	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	cloudflare	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	envoy	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	facebook	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	go programming language	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	litespeed	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	microsoft	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	netty	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	node js	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	synology	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	twisted	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	ubuntu	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	grpc	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	nghttp2	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	nginx	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	apache	model:	traffic server	scope:	-	version:	-	Trust: 0.8
vendor:	canonical	model:	ubuntu	scope:	-	version:	-	Trust: 0.8
vendor:	debian	model:	gnu/linux	scope:	-	version:	-	Trust: 0.8
vendor:	fedora	model:	fedora	scope:	-	version:	-	Trust: 0.8
vendor:	synology	model:	diskstation manager	scope:	-	version:	-	Trust: 0.8
vendor:	synology	model:	skynas	scope:	-	version:	-	Trust: 0.8
vendor:	synology	model:	vs960hd	scope:	-	version:	-	Trust: 0.8
vendor:	apple	model:	swiftnio	scope:	-	version:	-	Trust: 0.8

sources: CERT/CC: VU#605641 // JVNDB: JVNDB-2019-008113 // NVD: CVE-2019-9513

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-9513
value:	HIGH
Trust: 1.0
cret@cert.org:	CVE-2019-9513
value:	HIGH
Trust: 1.0
NVD:	CVE-2019-9513
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201908-935
value:	HIGH
Trust: 0.6
VULHUB:	VHN-160948
value:	HIGH
Trust: 0.1
VULMON:	CVE-2019-9513
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2019-9513
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-160948
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

cret@cert.org:	CVE-2019-9513
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.0
Trust: 1.8
nvd@nist.gov:	CVE-2019-9513
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0

sources: VULHUB: VHN-160948 // VULMON: CVE-2019-9513 // JVNDB: JVNDB-2019-008113 // CNNVD: CNNVD-201908-935 // NVD: CVE-2019-9513 // NVD: CVE-2019-9513

PROBLEMTYPE DATA

problemtype:	CWE-400	Trust: 1.9
problemtype:	NVD-CWE-Other	Trust: 1.0

sources: VULHUB: VHN-160948 // JVNDB: JVNDB-2019-008113 // NVD: CVE-2019-9513

THREAT TYPE

remote

Trust: 0.7

sources: PACKETSTORM: 178284 // CNNVD: CNNVD-201908-935

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-201908-935

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-008113

PATCH

title:	DSA-4505	url:	https://www.debian.org/security/2019/dsa-4505	Trust: 0.8
title:	FEDORA-2019-befd924cfe	url:	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TAZZEVTCN2B4WT6AIBJ7XGYJMBTORJU5/	Trust: 0.8
title:	FEDORA-2019-81985a8858	url:	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LZLUYPYY3RX4ZJDWZRJIKSULYRJ4PXW7/	Trust: 0.8
title:	FEDORA-2019-6a2980de56	url:	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4ZQGHE3WTYLYAYJEIDJVF2FIGQTAYPMC/	Trust: 0.8
title:	FEDORA-2019-5a6a7bc12c	url:	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CMNFX5MNYRWWIMO4BTKYQCGUDMHO3AXP/	Trust: 0.8
title:	SwiftNIO	url:	https://github.com/apple/swift-nio	Trust: 0.8
title:	Apache Traffic Server	url:	https://github.com/apache/trafficserver	Trust: 0.8
title:	Synology-SA-19:33 HTTP/2 DoS Attacks	url:	https://www.synology.com/ja-jp/security/advisory/Synology_SA_19_33	Trust: 0.8
title:	USN-4099-1	url:	https://usn.ubuntu.com/4099-1/	Trust: 0.8
title:	HTTP/2 Remedial measures to achieve security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=96619	Trust: 0.6
title:	Red Hat: Important: Red Hat OpenShift Service Mesh 1.0.1 RPMs	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20193041 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: nghttp2 security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20192692 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: rh-nginx110-nginx security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20192745 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: rh-nginx112-nginx security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20192746 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: rh-nginx114-nginx security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20192775 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: httpd24-httpd and httpd24-nghttp2 security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20192949 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: nginx:1.14 security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20192799 - Security Advisory	Trust: 0.1
title:	Debian Security Advisories: DSA-4511-1 nghttp2 -- security update	url:	https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=5abd31eeab4f550ac0063c6db4c6fefa	Trust: 0.1
title:	Red Hat: Important: Red Hat Quay v3.1.1 security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20192966 - Security Advisory	Trust: 0.1
title:	Ubuntu Security Notice: nginx vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-4099-1	Trust: 0.1
title:	Red Hat: CVE-2019-9513	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database&qid=CVE-2019-9513	Trust: 0.1
title:	Debian CVElist Bug Report Logs: nginx: CVE-2019-9511 CVE-2019-9513 CVE-2019-9516	url:	https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=aa3f98e7e42f366cb232cf3ada195106	Trust: 0.1
title:	Arch Linux Issues:	url:	https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues&qid=CVE-2019-9513	Trust: 0.1
title:	Red Hat: Important: nodejs:10 security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20192925 - Security Advisory	Trust: 0.1
title:	Debian Security Advisories: DSA-4505-1 nginx -- security update	url:	https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=b38c3ef2fccf5f32d01340c117d4ef05	Trust: 0.1
title:	Red Hat: Important: rh-nodejs8-nodejs security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20192955 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: rh-nodejs10-nodejs security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20192939 - Security Advisory	Trust: 0.1
title:	Amazon Linux AMI: ALAS-2019-1298	url:	https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami&qid=ALAS-2019-1298	Trust: 0.1
title:	Arch Linux Advisories: [ASA-201908-13] nginx: denial of service	url:	https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories&qid=ASA-201908-13	Trust: 0.1
title:	Arch Linux Advisories: [ASA-201908-17] libnghttp2: denial of service	url:	https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories&qid=ASA-201908-17	Trust: 0.1
title:	Amazon Linux 2: ALAS2-2019-1298	url:	https://vulmon.com/vendoradvisory?qidtp=amazon_linux2&qid=ALAS2-2019-1298	Trust: 0.1
title:	Amazon Linux AMI: ALAS-2019-1299	url:	https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami&qid=ALAS-2019-1299	Trust: 0.1
title:	Red Hat: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 Security Release on RHEL 6	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20193932 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 Security Release on RHEL 7	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20193933 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 Security Release	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20193935 - Security Advisory	Trust: 0.1
title:	Arch Linux Advisories: [ASA-201908-12] nginx-mainline: denial of service	url:	https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories&qid=ASA-201908-12	Trust: 0.1
title:	Debian Security Advisories: DSA-4669-1 nodejs -- security update	url:	https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=0919b27d8bf334fac6a8fbea7195b6b0	Trust: 0.1
title:	Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - October 2019	url:	https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins&qid=1258fbf11199f28879a6fcc9f39902e9	Trust: 0.1
title:	Red Hat: Important: Red Hat Fuse 7.6.0 security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20200983 - Security Advisory	Trust: 0.1
title:	IBM: Security Bulletin: IBM Cloud Transformation Advisor is affected by vulnerabilities in WebSphere Application Server Liberty (CVE-2019-9515, CVE-2019-9518, CVE-2019-9517, CVE-2019-9512, CVE-2019-9514, CVE-2019-9513)	url:	https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=cbf2ee0b22e92590472860fdb3718cab	Trust: 0.1
title:	IBM: IBM Security Bulletin: Version 8.15.0 of Node.js included in IBM Cloud Event Management 2.3.0 has several security vulnerabilities.	url:	https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=3b9c6b5fbfb51d956856e88dff5a7acd	Trust: 0.1
title:	IBM: IBM Security Bulletin: Node.js vulnerabilities affect IBM Spectrum Control (formerly Tivoli Storage Productivity Center) (CVE-2019-9511, CVE-2019-9512, CVE-2019-9513, CVE-2019-9514, CVE-2019-9515, CVE-2019-9516, CVE-2019-9517, CVE-2019-9518)	url:	https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=5ad9418973cac91ba73c01ad16b1f5a4	Trust: 0.1
title:	IBM: IBM Security Bulletin: Multiple vulnerabilities affect IBMÂ® SDK for Node.jsâ„¢ in IBM Cloud	url:	https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=89d19e42a01e098dd5f88e0433d2bb5d	Trust: 0.1
title:	IBM: Security Bulletin: IBM Cloud Transformation Advisor is affected by a Node.js vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=8f76cfb8f0c5ea84a0bc28705788f854	Trust: 0.1
title:	IBM: IBM Security Bulletin: Multiple vulnerabilities in Node.js affect IBM Cloud App Management	url:	https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=1ce0280dd79176d32c26f34906d1d4de	Trust: 0.1
title:	IBM: IBM Security Bulletin: Multiple vulnerabilities in Node.js affect IBM Cloud App Management	url:	https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=b76ff63209def4a949aa18bdf6b518b8	Trust: 0.1
title:	IBM: IBM Security Bulletin: Multiple vulnerabilities in Node.js affect IBM i	url:	https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=247686da02fe524817c1939b0f6b6a5c	Trust: 0.1
title:	Fortinet Security Advisories: HTTP/2 Multiple DoS Attacks (VU#605641)	url:	https://vulmon.com/vendoradvisory?qidtp=fortinet_security_advisories&qid=FG-IR-19-225	Trust: 0.1
title:	bogeitingress	url:	https://github.com/lieshoujieyuan/bogeitingress	Trust: 0.1

sources: VULMON: CVE-2019-9513 // JVNDB: JVNDB-2019-008113 // CNNVD: CNNVD-201908-935

EXTERNAL IDS

db:	NVD	id:	CVE-2019-9513	Trust: 3.4
db:	CERT/CC	id:	VU#605641	Trust: 3.3
db:	MCAFEE	id:	SB10296	Trust: 1.7
db:	JVN	id:	JVNVU98433488	Trust: 0.8
db:	JVNDB	id:	JVNDB-2019-008113	Trust: 0.8
db:	CNNVD	id:	CNNVD-201908-935	Trust: 0.7
db:	PACKETSTORM	id:	156941	Trust: 0.7
db:	AUSCERT	id:	ESB-2019.3306	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.3116	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.4788	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.1544	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.3129	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.1076	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.4343	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.3597.3	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.4645	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.4665	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.0007	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.4403	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.4238	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.4596	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.3597.2	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.0643	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.3299	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.0100	Trust: 0.6
db:	PACKETSTORM	id:	155414	Trust: 0.6
db:	NSFOCUS	id:	43920	Trust: 0.6
db:	ICS CERT	id:	ICSA-19-346-01	Trust: 0.6
db:	VULHUB	id:	VHN-160948	Trust: 0.1
db:	VULMON	id:	CVE-2019-9513	Trust: 0.1
db:	PACKETSTORM	id:	154190	Trust: 0.1
db:	PACKETSTORM	id:	154712	Trust: 0.1
db:	PACKETSTORM	id:	154699	Trust: 0.1
db:	PACKETSTORM	id:	154284	Trust: 0.1
db:	PACKETSTORM	id:	154471	Trust: 0.1
db:	PACKETSTORM	id:	154693	Trust: 0.1
db:	PACKETSTORM	id:	178284	Trust: 0.1

sources: CERT/CC: VU#605641 // VULHUB: VHN-160948 // VULMON: CVE-2019-9513 // JVNDB: JVNDB-2019-008113 // PACKETSTORM: 154190 // PACKETSTORM: 154712 // PACKETSTORM: 154699 // PACKETSTORM: 154284 // PACKETSTORM: 156941 // PACKETSTORM: 154471 // PACKETSTORM: 154693 // PACKETSTORM: 178284 // CNNVD: CNNVD-201908-935 // NVD: CVE-2019-9513

REFERENCES

url:	https://github.com/netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md	Trust: 2.5
url:	https://www.synology.com/security/advisory/synology_sa_19_33	Trust: 2.5
url:	https://kb.cert.org/vuls/id/605641/	Trust: 2.5
url:	https://www.debian.org/security/2019/dsa-4511	Trust: 2.3
url:	https://access.redhat.com/errata/rhsa-2019:3932	Trust: 2.3
url:	https://access.redhat.com/errata/rhsa-2019:3933	Trust: 2.3
url:	https://access.redhat.com/errata/rhsa-2019:3935	Trust: 2.3
url:	https://usn.ubuntu.com/4099-1/	Trust: 2.3
url:	https://nvd.nist.gov/vuln/detail/cve-2019-9513	Trust: 2.2
url:	https://access.redhat.com/errata/rhsa-2019:2746	Trust: 1.8
url:	https://access.redhat.com/errata/rhsa-2019:2939	Trust: 1.8
url:	https://access.redhat.com/errata/rhsa-2019:2949	Trust: 1.8
url:	https://access.redhat.com/errata/rhsa-2019:2955	Trust: 1.8
url:	https://seclists.org/bugtraq/2019/aug/40	Trust: 1.7
url:	https://seclists.org/bugtraq/2019/sep/1	Trust: 1.7
url:	https://security.netapp.com/advisory/ntap-20190823-0002/	Trust: 1.7
url:	https://security.netapp.com/advisory/ntap-20190823-0005/	Trust: 1.7
url:	https://www.debian.org/security/2019/dsa-4505	Trust: 1.7
url:	https://www.debian.org/security/2020/dsa-4669	Trust: 1.7
url:	https://www.oracle.com/security-alerts/cpujan2021.html	Trust: 1.7
url:	https://www.oracle.com/security-alerts/cpuoct2020.html	Trust: 1.7
url:	https://access.redhat.com/errata/rhsa-2019:2692	Trust: 1.7
url:	https://access.redhat.com/errata/rhsa-2019:2745	Trust: 1.7
url:	https://access.redhat.com/errata/rhsa-2019:2775	Trust: 1.7
url:	https://access.redhat.com/errata/rhsa-2019:2799	Trust: 1.7
url:	https://access.redhat.com/errata/rhsa-2019:2925	Trust: 1.7
url:	https://access.redhat.com/errata/rhsa-2019:2966	Trust: 1.7
url:	https://access.redhat.com/errata/rhsa-2019:3041	Trust: 1.7
url:	http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00032.html	Trust: 1.7
url:	http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00031.html	Trust: 1.7
url:	http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00035.html	Trust: 1.7
url:	http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00003.html	Trust: 1.7
url:	http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00005.html	Trust: 1.7
url:	http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00014.html	Trust: 1.7
url:	https://blogs.akamai.com/sitr/2019/08/http2-vulnerabilities.html	Trust: 1.6
url:	https://kc.mcafee.com/corporate/index?page=content&id=sb10296	Trust: 1.6
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9513	Trust: 1.4
url:	https://support.f5.com/csp/article/k02591030	Trust: 1.1
url:	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4zqghe3wtylyayjeidjvf2figqtaypmc/	Trust: 1.0
url:	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/cmnfx5mnyrwwimo4btkyqcgudmho3axp/	Trust: 1.0
url:	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/jubyaf6ed3o4xchq5c2hyenjlxyxzc4m/	Trust: 1.0
url:	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/lzluypyy3rx4zjdwzrjiksulyrj4pxw7/	Trust: 1.0
url:	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/popaec4fwl4uu4ldegpy5npalu24ffqd/	Trust: 1.0
url:	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/tazzevtcn2b4wt6aibj7xgyjmbtorju5/	Trust: 1.0
url:	https://support.f5.com/csp/article/k02591030?utm_source=f5support&amp%3butm_medium=rss	Trust: 1.0
url:	https://vuls.cert.org/confluence/pages/viewpage.action?pageid=56393752	Trust: 0.8
url:	https://tools.ietf.org/html/rfc7540	Trust: 0.8
url:	https://tools.ietf.org/html/rfc7541	Trust: 0.8
url:	https://blog.cloudflare.com/on-the-recent-http-2-dos-attacks/	Trust: 0.8
url:	https://blog.litespeedtech.com/2019/08/15/litespeed-addresses-http-2-dos-advisories/	Trust: 0.8
url:	https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-9511https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-9512https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-9513https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-9514https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-9518	Trust: 0.8
url:	https://jvn.jp/vu/jvnvu98433488/	Trust: 0.8
url:	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/cmnfx5mnyrwwimo4btkyqcgudmho3axp/	Trust: 0.7
url:	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4zqghe3wtylyayjeidjvf2figqtaypmc/	Trust: 0.7
url:	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/popaec4fwl4uu4ldegpy5npalu24ffqd/	Trust: 0.7
url:	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/lzluypyy3rx4zjdwzrjiksulyrj4pxw7/	Trust: 0.7
url:	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/jubyaf6ed3o4xchq5c2hyenjlxyxzc4m/	Trust: 0.7
url:	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/tazzevtcn2b4wt6aibj7xgyjmbtorju5/	Trust: 0.7
url:	https://nvd.nist.gov/vuln/detail/cve-2019-9511	Trust: 0.7
url:	https://support.f5.com/csp/article/k02591030?utm_source=f5support&utm_medium=rss	Trust: 0.6
url:	http2-cves/	Trust: 0.6
url:	https://www.cloudfoundry.org/blog/various-	Trust: 0.6
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9518	Trust: 0.6
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9517	Trust: 0.6
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9516	Trust: 0.6
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9515	Trust: 0.6
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9514	Trust: 0.6
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9512	Trust: 0.6
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9511	Trust: 0.6
url:	http://mailman.nginx.org/pipermail/nginx-announce/2019/000249.html	Trust: 0.6
url:	https://security.business.xerox.com/wp-content/uploads/2019/11/cert_xrx19-029_ffpsv2_win10_securitybulletin_nov2019.pdf	Trust: 0.6
url:	https://www.suse.com/support/update/announcement/2019/suse-su-20192254-1.html	Trust: 0.6
url:	https://support.f5.com/csp/article/k50233772	Trust: 0.6
url:	https://www.ibm.com/support/pages/node/1126605	Trust: 0.6
url:	https://www.suse.com/support/update/announcement/2019/suse-su-201914246-1.html	Trust: 0.6
url:	https://www.ibm.com/support/pages/node/1104951	Trust: 0.6
url:	https://www.us-cert.gov/ics/advisories/icsa-19-346-01	Trust: 0.6
url:	https://www.ibm.com/support/pages/node/1165894	Trust: 0.6
url:	https://www.ibm.com/support/pages/node/1165906	Trust: 0.6
url:	https://www.ibm.com/support/pages/node/1135167	Trust: 0.6
url:	https://www.ibm.com/support/pages/node/1164346	Trust: 0.6
url:	https://www.ibm.com/support/pages/node/1164364	Trust: 0.6
url:	https://www.suse.com/support/update/announcement/2020/suse-su-20200059-1.html	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.1544/	Trust: 0.6
url:	https://www.ibm.com/support/pages/node/1127397	Trust: 0.6
url:	https://www.ibm.com/support/pages/node/1128387	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.4645/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.4403/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.3597.2/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.4665/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.4788/	Trust: 0.6
url:	https://pivotal.io/security/cve-2019-9517	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-node-js-affect-ibm-spectrum-protect-plus-cve-2019-15606-cve-2019-15604-cve-2019-15605-cve-2019-9511-cve-2019-9516-cve-2019-9512-cve-2019-9517-cve-2019-951/	Trust: 0.6
url:	http-2-cve-2019-9515-cve-2019-9518-cve-2019-9517-cve-2019-9514-cve-2019-9512-cve-2019/	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-console-and-rest-api-are-vulnerable-to-multiple-denial-of-service-attacks-within-	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-transformation-advisor-is-affected-by-vulnerabilities-in-websphere-application-server-liberty-cve-2019-9515-cve-2019-9518-cve-2019-9517-cve-2019-9512-cve-2019-9514-c/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.4596/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.0643/	Trust: 0.6
url:	https://www.ibm.com/support/pages/node/1143454	Trust: 0.6
url:	http2-implementation-vulnerablility/	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-websphere-liberty-susceptible-to-	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.3306/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.3116/	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-in-ibm-websphere-application-server-affect-ibm-sterling-b2b-integrator/	Trust: 0.6
url:	https://portal.msrc.microsoft.com/zh-cn/security-guidance/advisory/cve-2019-9513	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-kubernetes-affect-ibm-infosphere-information-server/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.3299/	Trust: 0.6
url:	https://packetstormsecurity.com/files/156941/red-hat-security-advisory-2020-0983-01.html	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-websphere-application-server-liberty-affect-ibm-spectrum-protect-operations-center-and-client-management-service/	Trust: 0.6
url:	http-2-implementation-used-by-watson-knowledge-catalog-for-ibm-cloud-pak-for-data/	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-ibm-infosphere-information-server-is-affected-by-multiple-vulnerabilities-in-websphere-application-server-liberty/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.3597.3/	Trust: 0.6
url:	https://packetstormsecurity.com/files/155414/red-hat-security-advisory-2019-3935-01.html	Trust: 0.6
url:	https://www.ibm.com/support/pages/node/1150960	Trust: 0.6
url:	https://www.ibm.com/support/pages/node/1137466	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.4343/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.0100/	Trust: 0.6
url:	https://www.ibm.com/support/pages/node/1167160	Trust: 0.6
url:	https://vigilance.fr/vulnerability/http-2-multiple-vulnerabilities-30040	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.0007/	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-vyatta-5600-vrouter-software-patches-release-1801-ze-2/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.3129/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.4238/	Trust: 0.6
url:	http://www.nsfocus.net/vulndb/43920	Trust: 0.6
url:	https://www.ibm.com/support/pages/node/1165852	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.1076/	Trust: 0.6
url:	https://www.ibm.com/support/pages/node/1127853	Trust: 0.6
url:	https://nvd.nist.gov/vuln/detail/cve-2019-9516	Trust: 0.5
url:	https://access.redhat.com/security/updates/classification/#important	Trust: 0.5
url:	https://access.redhat.com/security/cve/cve-2019-9513	Trust: 0.5
url:	https://access.redhat.com/security/team/contact/	Trust: 0.5
url:	https://www.redhat.com/mailman/listinfo/rhsa-announce	Trust: 0.5
url:	https://bugzilla.redhat.com/):	Trust: 0.5
url:	https://access.redhat.com/security/cve/cve-2019-9511	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2019-9517	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2019-9517	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2019-9516	Trust: 0.4
url:	https://access.redhat.com/articles/11258	Trust: 0.4
url:	https://access.redhat.com/security/team/key/	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2019-9514	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2019-9515	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2019-9512	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2019-9514	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2019-9515	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2019-9518	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2019-9512	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2019-9518	Trust: 0.3
url:	https://www.debian.org/security/faq	Trust: 0.2
url:	https://www.debian.org/security/	Trust: 0.2
url:	https://kc.mcafee.com/corporate/index?page=content&id=sb10296	Trust: 0.1
url:	https://support.f5.com/csp/article/k02591030?utm_source=f5support&amp;utm_medium=rss	Trust: 0.1
url:	https://security-tracker.debian.org/tracker/nginx	Trust: 0.1
url:	https://security-tracker.debian.org/tracker/nghttp2	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-10174	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2015-9251	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-10184	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-14379	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-11771	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-5427	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-12422	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-3888	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2017-5929	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-12422	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-14439	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-11272	Trust: 0.1
url:	https://access.redhat.com/documentation/en-us/red_hat_fuse/7.6/	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-17570	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-3888	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-17570	Trust: 0.1
url:	https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions&product=jboss.fuse&version=7.6.0	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2017-5929	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2018-11771	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-14439	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-3802	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-12814	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-10184	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-12384	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2018-15756	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-5427	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-15756	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-9251	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2017-16012	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-10174	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-12384	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-11272	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-3802	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-12814	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2017-16012	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2020:0983	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-14379	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/nghttp2/1.40.0-1ubuntu0.3	Trust: 0.1
url:	https://ubuntu.com/security/notices/usn-6754-1	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2023-44487	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/nghttp2/1.43.0-1ubuntu0.2	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/nghttp2/1.55.1-1ubuntu0.2	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2024-28182	Trust: 0.1

sources: CERT/CC: VU#605641 // VULHUB: VHN-160948 // JVNDB: JVNDB-2019-008113 // PACKETSTORM: 154190 // PACKETSTORM: 154712 // PACKETSTORM: 154699 // PACKETSTORM: 154284 // PACKETSTORM: 156941 // PACKETSTORM: 154471 // PACKETSTORM: 154693 // PACKETSTORM: 178284 // CNNVD: CNNVD-201908-935 // NVD: CVE-2019-9513

CREDITS

Red Hat

Trust: 1.1

sources: PACKETSTORM: 154712 // PACKETSTORM: 154699 // PACKETSTORM: 156941 // PACKETSTORM: 154471 // PACKETSTORM: 154693 // CNNVD: CNNVD-201908-935

SOURCES

db:	CERT/CC	id:	VU#605641
db:	VULHUB	id:	VHN-160948
db:	VULMON	id:	CVE-2019-9513
db:	JVNDB	id:	JVNDB-2019-008113
db:	PACKETSTORM	id:	154190
db:	PACKETSTORM	id:	154712
db:	PACKETSTORM	id:	154699
db:	PACKETSTORM	id:	154284
db:	PACKETSTORM	id:	156941
db:	PACKETSTORM	id:	154471
db:	PACKETSTORM	id:	154693
db:	PACKETSTORM	id:	178284
db:	CNNVD	id:	CNNVD-201908-935
db:	NVD	id:	CVE-2019-9513

LAST UPDATE DATE

2024-11-22T19:34:57.184000+00:00

SOURCES UPDATE DATE

db:	CERT/CC	id:	VU#605641	date:	2019-11-19T00:00:00
db:	VULHUB	id:	VHN-160948	date:	2020-10-22T00:00:00
db:	VULMON	id:	CVE-2019-9513	date:	2022-08-12T00:00:00
db:	JVNDB	id:	JVNDB-2019-008113	date:	2019-08-26T00:00:00
db:	CNNVD	id:	CNNVD-201908-935	date:	2022-03-10T00:00:00
db:	NVD	id:	CVE-2019-9513	date:	2023-11-07T03:13:42.177

SOURCES RELEASE DATE

db:	CERT/CC	id:	VU#605641	date:	2019-08-13T00:00:00
db:	VULHUB	id:	VHN-160948	date:	2019-08-13T00:00:00
db:	VULMON	id:	CVE-2019-9513	date:	2019-08-13T00:00:00
db:	JVNDB	id:	JVNDB-2019-008113	date:	2019-08-26T00:00:00
db:	PACKETSTORM	id:	154190	date:	2019-08-22T20:20:23
db:	PACKETSTORM	id:	154712	date:	2019-10-02T15:03:59
db:	PACKETSTORM	id:	154699	date:	2019-10-01T20:46:00
db:	PACKETSTORM	id:	154284	date:	2019-09-02T17:39:28
db:	PACKETSTORM	id:	156941	date:	2020-03-27T13:16:40
db:	PACKETSTORM	id:	154471	date:	2019-09-12T14:32:51
db:	PACKETSTORM	id:	154693	date:	2019-09-30T22:22:22
db:	PACKETSTORM	id:	178284	date:	2024-04-26T15:13:40
db:	CNNVD	id:	CNNVD-201908-935	date:	2019-08-13T00:00:00
db:	NVD	id:	CVE-2019-9513	date:	2019-08-13T21:15:12.380