ID

VAR-201908-0263


CVE

CVE-2019-9513


TITLE

HTTP/2 implementations do not robustly handle abnormal traffic and resource exhaustion

Trust: 0.8

sources: CERT/CC: VU#605641

DESCRIPTION

Some HTTP/2 implementations are vulnerable to resource loops, potentially leading to a denial of service. The attacker creates multiple request streams and continually shuffles the priority of the streams in a way that causes substantial churn to the priority tree. This can consume excess CPU. Multiple HTTP/2 implementations are vulnerable to a variety of denial-of-service (DoS) attacks. A resource management error vulnerability exists in HTTP/2. A vulnerability in the HTTP/2 implementation of Nginx could allow an unauthenticated, remote malicious user to cause a denial of service (DoS) condition on a targeted system. The vulnerability is due to improper priority changes in the affected software that could lead to excessive CPU usage. An attacker could exploit this vulnerability by sending a request that submits malicious input to an affected system. A successful exploit could result in a DoS condition on the targeted system. nginx.org has confirmed the vulnerability and released software updates. 8) - aarch64, ppc64le, s390x, x86_64 3. Description: libnghttp2 is a library implementing the Hypertext Transfer Protocol version 2 (HTTP/2) protocol in C. For the oldstable distribution (stretch), these problems have been fixed in version 1.10.3-1+deb9u3. For the stable distribution (buster), these problems have been fixed in version 1.14.2-2+deb10u1. We recommend that you upgrade your nginx packages. For the detailed security status of nginx please refer to its security tracker page at: https://security-tracker.debian.org/tracker/nginx Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl1e7q4ACgkQEMKTtsN8 TjanPg/+JLLuKVdUDpVPFNkX1ckmT5gsoCwzGz3ybhcDMxbf7jD8jtmXFiGFn4fP MXsx6MgrRZn3hq+2VF6MKZjKh9n1hBX38PkqjHKEtV6Xzor97xxLH0rrMlBMEQ7y rz96YTffJfcj+ykI3Vlye1GGDEiKyu0vWgoutXH3i8GUYFyDk//HQdI0eJLQhkfo TMRdbAKmMGeMt/8tSz4G0wewdxc9xjNwE1lKkV22JbT6t656f5QtvOLxt2HvM5c4 gFtFFBv7e1ymh0CKz4VxOxjEH+4ogx5HfzcYP2LjaZJsCFOw8ZUbdieFhlF0R2jH vskBuYLPa/djYHoZ55KY/WTmTsn72y7ZEuQcAdiHRVjg6wRFaum/KkdwutBBCeEj odvrGUcgdLLx4uAC7JOt9HME77Rgu1wTnx3l9L3QCwxIXpHqL8zOuSrSKYDuntDT agQ/awapEYYK5IAgo7YGkhHHHbTSLQ2UX9KfmyoPXJ+H9Vl/XjGhPwdDSEYNqrE9 IKQ8gaFCVOgjJo8lTa5NBsvxa08Gh6jQGZo8Rgfjs4KvUS847Cpb086BvU9pMs36 46+cLbkJ2jkfMLd4slZ5Gf2wkagUJmeZD5O7bY90Szs/IUOJez0LWaN3l7VSMtvY a3a/Y53cX1QYt60eiE6x/ifraOHzcsJglrUNmK8VPfJ9tSTFhWY=+ZOE -----END PGP SIGNATURE----- . Description: Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: rh-nodejs8-nodejs (8.16.1). This release serves as a replacement for Red Hat JBoss Core Services Pack Apache Server 2.4.29 and includes bug fixes and enhancements. Refer to the Release Notes for information on the most significant bug fixes and enhancements included in this release. 7) - noarch, x86_64 3. Description: The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: rh-nginx110-nginx security update Advisory ID: RHSA-2019:2745-01 Product: Red Hat Software Collections Advisory URL: https://access.redhat.com/errata/RHSA-2019:2745 Issue date: 2019-09-12 CVE Names: CVE-2019-9511 CVE-2019-9513 CVE-2019-9516 ==================================================================== 1. Summary: An update for rh-nginx110-nginx is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - x86_64 3. Description: nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage. Security Fix(es): * HTTP/2: large amount of data request leads to denial of service (CVE-2019-9511) * HTTP/2: flood using PRIORITY frames resulting in excessive resource consumption (CVE-2019-9513) * HTTP/2: 0-length headers leads to denial of service (CVE-2019-9516) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The rh-nginx110-nginx service must be restarted for this update to take effect. 5. Package List: Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6): Source: rh-nginx110-nginx-1.10.2-9.el6.1.src.rpm x86_64: rh-nginx110-nginx-1.10.2-9.el6.1.x86_64.rpm rh-nginx110-nginx-debuginfo-1.10.2-9.el6.1.x86_64.rpm rh-nginx110-nginx-mod-http-image-filter-1.10.2-9.el6.1.x86_64.rpm rh-nginx110-nginx-mod-http-perl-1.10.2-9.el6.1.x86_64.rpm rh-nginx110-nginx-mod-http-xslt-filter-1.10.2-9.el6.1.x86_64.rpm rh-nginx110-nginx-mod-mail-1.10.2-9.el6.1.x86_64.rpm rh-nginx110-nginx-mod-stream-1.10.2-9.el6.1.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6): Source: rh-nginx110-nginx-1.10.2-9.el6.1.src.rpm x86_64: rh-nginx110-nginx-1.10.2-9.el6.1.x86_64.rpm rh-nginx110-nginx-debuginfo-1.10.2-9.el6.1.x86_64.rpm rh-nginx110-nginx-mod-http-image-filter-1.10.2-9.el6.1.x86_64.rpm rh-nginx110-nginx-mod-http-perl-1.10.2-9.el6.1.x86_64.rpm rh-nginx110-nginx-mod-http-xslt-filter-1.10.2-9.el6.1.x86_64.rpm rh-nginx110-nginx-mod-mail-1.10.2-9.el6.1.x86_64.rpm rh-nginx110-nginx-mod-stream-1.10.2-9.el6.1.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7): Source: rh-nginx110-nginx-1.10.2-9.el7.1.src.rpm x86_64: rh-nginx110-nginx-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-debuginfo-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-mod-http-image-filter-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-mod-http-perl-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-mod-http-xslt-filter-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-mod-mail-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-mod-stream-1.10.2-9.el7.1.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4): Source: rh-nginx110-nginx-1.10.2-9.el7.1.src.rpm x86_64: rh-nginx110-nginx-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-debuginfo-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-mod-http-image-filter-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-mod-http-perl-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-mod-http-xslt-filter-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-mod-mail-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-mod-stream-1.10.2-9.el7.1.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5): Source: rh-nginx110-nginx-1.10.2-9.el7.1.src.rpm x86_64: rh-nginx110-nginx-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-debuginfo-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-mod-http-image-filter-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-mod-http-perl-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-mod-http-xslt-filter-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-mod-mail-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-mod-stream-1.10.2-9.el7.1.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6): Source: rh-nginx110-nginx-1.10.2-9.el7.1.src.rpm x86_64: rh-nginx110-nginx-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-debuginfo-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-mod-http-image-filter-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-mod-http-perl-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-mod-http-xslt-filter-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-mod-mail-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-mod-stream-1.10.2-9.el7.1.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7): Source: rh-nginx110-nginx-1.10.2-9.el7.1.src.rpm x86_64: rh-nginx110-nginx-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-debuginfo-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-mod-http-image-filter-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-mod-http-perl-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-mod-http-xslt-filter-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-mod-mail-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-mod-stream-1.10.2-9.el7.1.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7): Source: rh-nginx110-nginx-1.10.2-9.el7.1.src.rpm x86_64: rh-nginx110-nginx-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-debuginfo-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-mod-http-image-filter-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-mod-http-perl-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-mod-http-xslt-filter-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-mod-mail-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-mod-stream-1.10.2-9.el7.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2019-9511 https://access.redhat.com/security/cve/CVE-2019-9513 https://access.redhat.com/security/cve/CVE-2019-9516 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXXoyktzjgjWX9erEAQhqVxAApUw26k8XmcjEQM1gNlPgcNvj98eqGOxP vsQLEYCjMQuNtZdeZdgSGv1RLdIxK60CByHpOpy4HVa2cN96CLTDl+cRd2l5JyK2 mVCGTg6Iyin0Vp0gRLG8xwUZqiqfwRRmdvFaK2YD8sH3ykBAheg3udRBr11/l8X+ 4kBCmOttfl0ZTNe/VBi8j5l8bpSZm2W9Hw0gzdzFikI8ScPSOzZkmgRXT3LBCt2k rNGGNrrJLOC9jqwsNea6WXIpmTIdbtiAnL6V22adVjdBGkoJBxe79pqdgvJNYC14 ENl1NKX0UEidrYZ/PS6YtCnFNEpsONM43ZtHliEzMxYCnk/pQNAx4iArdf81tKG6 uglPwQlgaEJm+/2Nnlst07cABT9boYOUcGiKpQhzzs9QuABqJN1u2ZgTDmQkq9gU BGuV3ejUHRHlYuMyNNS/L9SLDAHptsCEzpEzr8Vl4T+m1ah9+AUeI+PqgO1n/1Nl Omt/g+f6ErlKMF2Jf8VkuYnLroqptZefYQJ1+mP9PhYYCh7jw3r00xi036SNeR/0 Elhvl6t48tYTZogIaOetCuJGgukluOPlYBJAlj2/pQjWlAWAYvvb5ha0fitXbDJR LF0KoJoT/6yZLD+XAuHkM9j7spA0iND1czI5j1Ay6R6DnsGAubJxdB4L0RRQ2U7X zMtgbVh8BNU=zH69 -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . 8) - aarch64, noarch, ppc64le, s390x, x86_64 3. ========================================================================== Ubuntu Security Notice USN-6754-2 May 07, 2024 nghttp2 vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 24.04 LTS Summary: Several security issues were fixed in nghttp2. This update provides the corresponding update for Ubuntu 24.04 LTS. Original advisory details: It was discovered that nghttp2 incorrectly handled the HTTP/2 implementation. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2019-9511, CVE-2019-9513) It was discovered that nghttp2 incorrectly handled request cancellation. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2023-44487) It was discovered that nghttp2 could be made to process an unlimited number of HTTP/2 CONTINUATION frames. (CVE-2024-28182) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 24.04 LTS libnghttp2-14 1.59.0-1ubuntu0.1 nghttp2 1.59.0-1ubuntu0.1 nghttp2-client 1.59.0-1ubuntu0.1 nghttp2-proxy 1.59.0-1ubuntu0.1 nghttp2-server 1.59.0-1ubuntu0.1 In general, a standard system update will make all the necessary changes

Trust: 2.61

sources: NVD: CVE-2019-9513 // CERT/CC: VU#605641 // VULHUB: VHN-160948 // VULMON: CVE-2019-9513 // PACKETSTORM: 154401 // PACKETSTORM: 154190 // PACKETSTORM: 154712 // PACKETSTORM: 155417 // PACKETSTORM: 154699 // PACKETSTORM: 154470 // PACKETSTORM: 154284 // PACKETSTORM: 154663 // PACKETSTORM: 178500

AFFECTED PRODUCTS

vendor:redhatmodel:enterprise linuxscope:eqversion:8.0

Trust: 1.0

vendor:redhatmodel:quayscope:eqversion:3.0.0

Trust: 1.0

vendor:synologymodel:skynasscope:eqversion: -

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:16.04

Trust: 1.0

vendor:redhatmodel:openshift service meshscope:eqversion:1.0

Trust: 1.0

vendor:f5model:nginxscope:gteversion:1.9.5

Trust: 1.0

vendor:f5model:nginxscope:gteversion:1.17.0

Trust: 1.0

vendor:fedoraprojectmodel:fedorascope:eqversion:30

Trust: 1.0

vendor:synologymodel:diskstation managerscope:eqversion:6.2

Trust: 1.0

vendor:mcafeemodel:web gatewayscope:gteversion:7.8.2.0

Trust: 1.0

vendor:oraclemodel:enterprise communications brokerscope:eqversion:3.2.0

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:18.04

Trust: 1.0

vendor:applemodel:swiftnioscope:lteversion:1.4.0

Trust: 1.0

vendor:applemodel:swiftnioscope:gteversion:1.0.0

Trust: 1.0

vendor:apachemodel:traffic serverscope:gteversion:8.0.0

Trust: 1.0

vendor:fedoraprojectmodel:fedorascope:eqversion:29

Trust: 1.0

vendor:nodejsmodel:node.jsscope:gteversion:10.0.0

Trust: 1.0

vendor:nodejsmodel:node.jsscope:gteversion:10.13.0

Trust: 1.0

vendor:apachemodel:traffic serverscope:gteversion:7.0.0

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:10.0

Trust: 1.0

vendor:oraclemodel:enterprise communications brokerscope:eqversion:3.1.0

Trust: 1.0

vendor:opensusemodel:leapscope:eqversion:15.1

Trust: 1.0

vendor:nodejsmodel:node.jsscope:ltversion:12.8.1

Trust: 1.0

vendor:apachemodel:traffic serverscope:gteversion:6.0.0

Trust: 1.0

vendor:nodejsmodel:node.jsscope:lteversion:8.8.1

Trust: 1.0

vendor:nodejsmodel:node.jsscope:ltversion:10.16.3

Trust: 1.0

vendor:mcafeemodel:web gatewayscope:gteversion:7.7.2.0

Trust: 1.0

vendor:nodejsmodel:node.jsscope:gteversion:8.0.0

Trust: 1.0

vendor:redhatmodel:jboss enterprise application platformscope:eqversion:7.2.0

Trust: 1.0

vendor:f5model:nginxscope:lteversion:1.17.2

Trust: 1.0

vendor:nodejsmodel:node.jsscope:gteversion:12.0.0

Trust: 1.0

vendor:synologymodel:vs960hdscope:eqversion: -

Trust: 1.0

vendor:oraclemodel:graalvmscope:eqversion:19.2.0

Trust: 1.0

vendor:mcafeemodel:web gatewayscope:ltversion:7.8.2.13

Trust: 1.0

vendor:nodejsmodel:node.jsscope:ltversion:8.16.1

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:19.04

Trust: 1.0

vendor:opensusemodel:leapscope:eqversion:15.0

Trust: 1.0

vendor:redhatmodel:jboss core servicesscope:eqversion:1.0

Trust: 1.0

vendor:nodejsmodel:node.jsscope:lteversion:10.12.0

Trust: 1.0

vendor:mcafeemodel:web gatewayscope:ltversion:8.2.0

Trust: 1.0

vendor:apachemodel:traffic serverscope:lteversion:7.1.6

Trust: 1.0

vendor:apachemodel:traffic serverscope:lteversion:6.2.3

Trust: 1.0

vendor:mcafeemodel:web gatewayscope:gteversion:8.1.0

Trust: 1.0

vendor:redhatmodel:software collectionsscope:eqversion:1.0

Trust: 1.0

vendor:mcafeemodel:web gatewayscope:ltversion:7.7.2.24

Trust: 1.0

vendor:nodejsmodel:node.jsscope:gteversion:8.9.0

Trust: 1.0

vendor:f5model:nginxscope:ltversion:1.16.1

Trust: 1.0

vendor:redhatmodel:jboss enterprise application platformscope:eqversion:7.3.0

Trust: 1.0

vendor:apachemodel:traffic serverscope:lteversion:8.0.3

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:9.0

Trust: 1.0

vendor:akamaimodel: - scope: - version: -

Trust: 0.8

vendor:amazonmodel: - scope: - version: -

Trust: 0.8

vendor:apache traffic servermodel: - scope: - version: -

Trust: 0.8

vendor:applemodel: - scope: - version: -

Trust: 0.8

vendor:cloudflaremodel: - scope: - version: -

Trust: 0.8

vendor:envoymodel: - scope: - version: -

Trust: 0.8

vendor:facebookmodel: - scope: - version: -

Trust: 0.8

vendor:go programming languagemodel: - scope: - version: -

Trust: 0.8

vendor:litespeedmodel: - scope: - version: -

Trust: 0.8

vendor:microsoftmodel: - scope: - version: -

Trust: 0.8

vendor:nettymodel: - scope: - version: -

Trust: 0.8

vendor:node jsmodel: - scope: - version: -

Trust: 0.8

vendor:synologymodel: - scope: - version: -

Trust: 0.8

vendor:twistedmodel: - scope: - version: -

Trust: 0.8

vendor:ubuntumodel: - scope: - version: -

Trust: 0.8

vendor:grpcmodel: - scope: - version: -

Trust: 0.8

vendor:nghttp2model: - scope: - version: -

Trust: 0.8

vendor:nginxmodel: - scope: - version: -

Trust: 0.8

sources: CERT/CC: VU#605641 // NVD: CVE-2019-9513

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-9513
value: HIGH

Trust: 1.0

cret@cert.org: CVE-2019-9513
value: HIGH

Trust: 1.0

CNNVD: CNNVD-201908-935
value: HIGH

Trust: 0.6

VULHUB: VHN-160948
value: HIGH

Trust: 0.1

VULMON: CVE-2019-9513
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2019-9513
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

VULHUB: VHN-160948
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-9513
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

cret@cert.org: CVE-2019-9513
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.0

Trust: 1.0

sources: VULHUB: VHN-160948 // VULMON: CVE-2019-9513 // CNNVD: CNNVD-201908-935 // NVD: CVE-2019-9513 // NVD: CVE-2019-9513

PROBLEMTYPE DATA

problemtype:CWE-400

Trust: 1.1

problemtype:NVD-CWE-Other

Trust: 1.0

sources: VULHUB: VHN-160948 // NVD: CVE-2019-9513

THREAT TYPE

remote

Trust: 0.7

sources: PACKETSTORM: 178500 // CNNVD: CNNVD-201908-935

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-201908-935

PATCH

title:HTTP/2 Remedial measures to achieve security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=96619

Trust: 0.6

title:Red Hat: Important: Red Hat OpenShift Service Mesh 1.0.1 RPMsurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20193041 - Security Advisory

Trust: 0.1

title:Red Hat: Important: nghttp2 security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20192692 - Security Advisory

Trust: 0.1

title:Red Hat: Important: rh-nginx110-nginx security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20192745 - Security Advisory

Trust: 0.1

title:Red Hat: Important: rh-nginx112-nginx security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20192746 - Security Advisory

Trust: 0.1

title:Red Hat: Important: rh-nginx114-nginx security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20192775 - Security Advisory

Trust: 0.1

title:Red Hat: Important: httpd24-httpd and httpd24-nghttp2 security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20192949 - Security Advisory

Trust: 0.1

title:Red Hat: Important: nginx:1.14 security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20192799 - Security Advisory

Trust: 0.1

title:Debian Security Advisories: DSA-4511-1 nghttp2 -- security updateurl:https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=5abd31eeab4f550ac0063c6db4c6fefa

Trust: 0.1

title:Red Hat: Important: Red Hat Quay v3.1.1 security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20192966 - Security Advisory

Trust: 0.1

title:Ubuntu Security Notice: nginx vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-4099-1

Trust: 0.1

title:Red Hat: CVE-2019-9513url:https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database&qid=CVE-2019-9513

Trust: 0.1

title:Debian CVElist Bug Report Logs: nginx: CVE-2019-9511 CVE-2019-9513 CVE-2019-9516url:https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=aa3f98e7e42f366cb232cf3ada195106

Trust: 0.1

title:Arch Linux Issues: url:https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues&qid=CVE-2019-9513

Trust: 0.1

title:Red Hat: Important: nodejs:10 security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20192925 - Security Advisory

Trust: 0.1

title:Debian Security Advisories: DSA-4505-1 nginx -- security updateurl:https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=b38c3ef2fccf5f32d01340c117d4ef05

Trust: 0.1

title:Red Hat: Important: rh-nodejs8-nodejs security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20192955 - Security Advisory

Trust: 0.1

title:Red Hat: Important: rh-nodejs10-nodejs security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20192939 - Security Advisory

Trust: 0.1

title:Amazon Linux AMI: ALAS-2019-1298url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami&qid=ALAS-2019-1298

Trust: 0.1

title:Arch Linux Advisories: [ASA-201908-13] nginx: denial of serviceurl:https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories&qid=ASA-201908-13

Trust: 0.1

title:Arch Linux Advisories: [ASA-201908-17] libnghttp2: denial of serviceurl:https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories&qid=ASA-201908-17

Trust: 0.1

title:Amazon Linux 2: ALAS2-2019-1298url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux2&qid=ALAS2-2019-1298

Trust: 0.1

title:Amazon Linux AMI: ALAS-2019-1299url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami&qid=ALAS-2019-1299

Trust: 0.1

title:Red Hat: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 Security Release on RHEL 6url:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20193932 - Security Advisory

Trust: 0.1

title:Red Hat: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 Security Release on RHEL 7url:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20193933 - Security Advisory

Trust: 0.1

title:Red Hat: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 Security Releaseurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20193935 - Security Advisory

Trust: 0.1

title:Arch Linux Advisories: [ASA-201908-12] nginx-mainline: denial of serviceurl:https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories&qid=ASA-201908-12

Trust: 0.1

title:Debian Security Advisories: DSA-4669-1 nodejs -- security updateurl:https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=0919b27d8bf334fac6a8fbea7195b6b0

Trust: 0.1

title:Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - October 2019url:https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins&qid=1258fbf11199f28879a6fcc9f39902e9

Trust: 0.1

title:Red Hat: Important: Red Hat Fuse 7.6.0 security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20200983 - Security Advisory

Trust: 0.1

title:IBM: Security Bulletin: IBM Cloud Transformation Advisor is affected by vulnerabilities in WebSphere Application Server Liberty (CVE-2019-9515, CVE-2019-9518, CVE-2019-9517, CVE-2019-9512, CVE-2019-9514, CVE-2019-9513)url:https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=cbf2ee0b22e92590472860fdb3718cab

Trust: 0.1

title:IBM: IBM Security Bulletin: Version 8.15.0 of Node.js included in IBM Cloud Event Management 2.3.0 has several security vulnerabilities.url:https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=3b9c6b5fbfb51d956856e88dff5a7acd

Trust: 0.1

title:IBM: IBM Security Bulletin: Node.js vulnerabilities affect IBM Spectrum Control (formerly Tivoli Storage Productivity Center) (CVE-2019-9511, CVE-2019-9512, CVE-2019-9513, CVE-2019-9514, CVE-2019-9515, CVE-2019-9516, CVE-2019-9517, CVE-2019-9518)url:https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=5ad9418973cac91ba73c01ad16b1f5a4

Trust: 0.1

title:IBM: IBM Security Bulletin: Multiple vulnerabilities affect IBM® SDK for Node.js™ in IBM Cloudurl:https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=89d19e42a01e098dd5f88e0433d2bb5d

Trust: 0.1

title:IBM: Security Bulletin: IBM Cloud Transformation Advisor is affected by a Node.js vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=8f76cfb8f0c5ea84a0bc28705788f854

Trust: 0.1

title:IBM: IBM Security Bulletin: Multiple vulnerabilities in Node.js affect IBM Cloud App Managementurl:https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=1ce0280dd79176d32c26f34906d1d4de

Trust: 0.1

title:IBM: IBM Security Bulletin: Multiple vulnerabilities in Node.js affect IBM Cloud App Managementurl:https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=b76ff63209def4a949aa18bdf6b518b8

Trust: 0.1

title:IBM: IBM Security Bulletin: Multiple vulnerabilities in Node.js affect IBM iurl:https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=247686da02fe524817c1939b0f6b6a5c

Trust: 0.1

title:Fortinet Security Advisories: HTTP/2 Multiple DoS Attacks (VU#605641)url:https://vulmon.com/vendoradvisory?qidtp=fortinet_security_advisories&qid=FG-IR-19-225

Trust: 0.1

title:bogeitingressurl:https://github.com/lieshoujieyuan/bogeitingress

Trust: 0.1

sources: VULMON: CVE-2019-9513 // CNNVD: CNNVD-201908-935

EXTERNAL IDS

db:NVDid:CVE-2019-9513

Trust: 2.7

db:CERT/CCid:VU#605641

Trust: 2.5

db:MCAFEEid:SB10296

Trust: 1.7

db:CNNVDid:CNNVD-201908-935

Trust: 0.7

db:AUSCERTid:ESB-2019.3306

Trust: 0.6

db:AUSCERTid:ESB-2019.3116

Trust: 0.6

db:AUSCERTid:ESB-2019.4788

Trust: 0.6

db:AUSCERTid:ESB-2020.1544

Trust: 0.6

db:AUSCERTid:ESB-2019.3129

Trust: 0.6

db:AUSCERTid:ESB-2020.1076

Trust: 0.6

db:AUSCERTid:ESB-2019.4343

Trust: 0.6

db:AUSCERTid:ESB-2019.3597.3

Trust: 0.6

db:AUSCERTid:ESB-2019.4645

Trust: 0.6

db:AUSCERTid:ESB-2019.4665

Trust: 0.6

db:AUSCERTid:ESB-2020.0007

Trust: 0.6

db:AUSCERTid:ESB-2019.4403

Trust: 0.6

db:AUSCERTid:ESB-2019.4238

Trust: 0.6

db:AUSCERTid:ESB-2019.4596

Trust: 0.6

db:AUSCERTid:ESB-2019.3597.2

Trust: 0.6

db:AUSCERTid:ESB-2020.0643

Trust: 0.6

db:AUSCERTid:ESB-2019.3299

Trust: 0.6

db:AUSCERTid:ESB-2020.0100

Trust: 0.6

db:PACKETSTORMid:156941

Trust: 0.6

db:PACKETSTORMid:155414

Trust: 0.6

db:NSFOCUSid:43920

Trust: 0.6

db:ICS CERTid:ICSA-19-346-01

Trust: 0.6

db:VULHUBid:VHN-160948

Trust: 0.1

db:VULMONid:CVE-2019-9513

Trust: 0.1

db:PACKETSTORMid:154401

Trust: 0.1

db:PACKETSTORMid:154190

Trust: 0.1

db:PACKETSTORMid:154712

Trust: 0.1

db:PACKETSTORMid:155417

Trust: 0.1

db:PACKETSTORMid:154699

Trust: 0.1

db:PACKETSTORMid:154470

Trust: 0.1

db:PACKETSTORMid:154284

Trust: 0.1

db:PACKETSTORMid:154663

Trust: 0.1

db:PACKETSTORMid:178500

Trust: 0.1

sources: CERT/CC: VU#605641 // VULHUB: VHN-160948 // VULMON: CVE-2019-9513 // PACKETSTORM: 154401 // PACKETSTORM: 154190 // PACKETSTORM: 154712 // PACKETSTORM: 155417 // PACKETSTORM: 154699 // PACKETSTORM: 154470 // PACKETSTORM: 154284 // PACKETSTORM: 154663 // PACKETSTORM: 178500 // CNNVD: CNNVD-201908-935 // NVD: CVE-2019-9513

REFERENCES

url:https://github.com/netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md

Trust: 2.5

url:https://www.synology.com/security/advisory/synology_sa_19_33

Trust: 2.5

url:https://access.redhat.com/errata/rhsa-2019:3932

Trust: 2.4

url:https://www.debian.org/security/2019/dsa-4511

Trust: 2.3

url:https://access.redhat.com/errata/rhsa-2019:3933

Trust: 2.3

url:https://access.redhat.com/errata/rhsa-2019:3935

Trust: 2.3

url:https://usn.ubuntu.com/4099-1/

Trust: 2.3

url:https://access.redhat.com/errata/rhsa-2019:2692

Trust: 1.8

url:https://access.redhat.com/errata/rhsa-2019:2745

Trust: 1.8

url:https://access.redhat.com/errata/rhsa-2019:2925

Trust: 1.8

url:https://access.redhat.com/errata/rhsa-2019:2949

Trust: 1.8

url:https://access.redhat.com/errata/rhsa-2019:2955

Trust: 1.8

url:https://seclists.org/bugtraq/2019/aug/40

Trust: 1.7

url:https://seclists.org/bugtraq/2019/sep/1

Trust: 1.7

url:https://kb.cert.org/vuls/id/605641/

Trust: 1.7

url:https://security.netapp.com/advisory/ntap-20190823-0002/

Trust: 1.7

url:https://security.netapp.com/advisory/ntap-20190823-0005/

Trust: 1.7

url:https://www.debian.org/security/2019/dsa-4505

Trust: 1.7

url:https://www.debian.org/security/2020/dsa-4669

Trust: 1.7

url:https://www.oracle.com/security-alerts/cpujan2021.html

Trust: 1.7

url:https://www.oracle.com/security-alerts/cpuoct2020.html

Trust: 1.7

url:https://access.redhat.com/errata/rhsa-2019:2746

Trust: 1.7

url:https://access.redhat.com/errata/rhsa-2019:2775

Trust: 1.7

url:https://access.redhat.com/errata/rhsa-2019:2799

Trust: 1.7

url:https://access.redhat.com/errata/rhsa-2019:2939

Trust: 1.7

url:https://access.redhat.com/errata/rhsa-2019:2966

Trust: 1.7

url:https://access.redhat.com/errata/rhsa-2019:3041

Trust: 1.7

url:http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00032.html

Trust: 1.7

url:http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00031.html

Trust: 1.7

url:http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00035.html

Trust: 1.7

url:http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00003.html

Trust: 1.7

url:http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00005.html

Trust: 1.7

url:http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00014.html

Trust: 1.7

url:https://blogs.akamai.com/sitr/2019/08/http2-vulnerabilities.html

Trust: 1.6

url:https://kc.mcafee.com/corporate/index?page=content&id=sb10296

Trust: 1.6

url:https://nvd.nist.gov/vuln/detail/cve-2019-9513

Trust: 1.5

url:https://support.f5.com/csp/article/k02591030

Trust: 1.1

url:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4zqghe3wtylyayjeidjvf2figqtaypmc/

Trust: 1.0

url:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/cmnfx5mnyrwwimo4btkyqcgudmho3axp/

Trust: 1.0

url:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/jubyaf6ed3o4xchq5c2hyenjlxyxzc4m/

Trust: 1.0

url:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/lzluypyy3rx4zjdwzrjiksulyrj4pxw7/

Trust: 1.0

url:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/popaec4fwl4uu4ldegpy5npalu24ffqd/

Trust: 1.0

url:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/tazzevtcn2b4wt6aibj7xgyjmbtorju5/

Trust: 1.0

url:https://support.f5.com/csp/article/k02591030?utm_source=f5support&amp%3butm_medium=rss

Trust: 1.0

url:https://vuls.cert.org/confluence/pages/viewpage.action?pageid=56393752

Trust: 0.8

url:https://tools.ietf.org/html/rfc7540

Trust: 0.8

url:https://tools.ietf.org/html/rfc7541

Trust: 0.8

url:https://blog.cloudflare.com/on-the-recent-http-2-dos-attacks/

Trust: 0.8

url:https://blog.litespeedtech.com/2019/08/15/litespeed-addresses-http-2-dos-advisories/

Trust: 0.8

url:https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-9511https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-9512https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-9513https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-9514https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-9518

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2019-9511

Trust: 0.8

url:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/cmnfx5mnyrwwimo4btkyqcgudmho3axp/

Trust: 0.7

url:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4zqghe3wtylyayjeidjvf2figqtaypmc/

Trust: 0.7

url:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/popaec4fwl4uu4ldegpy5npalu24ffqd/

Trust: 0.7

url:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/lzluypyy3rx4zjdwzrjiksulyrj4pxw7/

Trust: 0.7

url:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/jubyaf6ed3o4xchq5c2hyenjlxyxzc4m/

Trust: 0.7

url:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/tazzevtcn2b4wt6aibj7xgyjmbtorju5/

Trust: 0.7

url:https://www.redhat.com/mailman/listinfo/rhsa-announce

Trust: 0.6

url:https://access.redhat.com/security/cve/cve-2019-9511

Trust: 0.6

url:https://bugzilla.redhat.com/):

Trust: 0.6

url:https://access.redhat.com/security/team/key/

Trust: 0.6

url:https://access.redhat.com/articles/11258

Trust: 0.6

url:https://access.redhat.com/security/cve/cve-2019-9513

Trust: 0.6

url:https://access.redhat.com/security/team/contact/

Trust: 0.6

url:https://access.redhat.com/security/updates/classification/#important

Trust: 0.6

url:https://support.f5.com/csp/article/k02591030?utm_source=f5support&utm_medium=rss

Trust: 0.6

url:http2-cves/

Trust: 0.6

url:https://www.cloudfoundry.org/blog/various-

Trust: 0.6

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9518

Trust: 0.6

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9517

Trust: 0.6

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9516

Trust: 0.6

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9515

Trust: 0.6

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9514

Trust: 0.6

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9513

Trust: 0.6

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9512

Trust: 0.6

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9511

Trust: 0.6

url:http://mailman.nginx.org/pipermail/nginx-announce/2019/000249.html

Trust: 0.6

url:https://security.business.xerox.com/wp-content/uploads/2019/11/cert_xrx19-029_ffpsv2_win10_securitybulletin_nov2019.pdf

Trust: 0.6

url:https://www.suse.com/support/update/announcement/2019/suse-su-20192254-1.html

Trust: 0.6

url:https://support.f5.com/csp/article/k50233772

Trust: 0.6

url:https://www.ibm.com/support/pages/node/1126605

Trust: 0.6

url:https://www.suse.com/support/update/announcement/2019/suse-su-201914246-1.html

Trust: 0.6

url:https://www.ibm.com/support/pages/node/1104951

Trust: 0.6

url:https://www.us-cert.gov/ics/advisories/icsa-19-346-01

Trust: 0.6

url:https://www.ibm.com/support/pages/node/1165894

Trust: 0.6

url:https://www.ibm.com/support/pages/node/1165906

Trust: 0.6

url:https://www.ibm.com/support/pages/node/1135167

Trust: 0.6

url:https://www.ibm.com/support/pages/node/1164346

Trust: 0.6

url:https://www.ibm.com/support/pages/node/1164364

Trust: 0.6

url:https://www.suse.com/support/update/announcement/2020/suse-su-20200059-1.html

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.1544/

Trust: 0.6

url:https://www.ibm.com/support/pages/node/1127397

Trust: 0.6

url:https://www.ibm.com/support/pages/node/1128387

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.4645/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.4403/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.3597.2/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.4665/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.4788/

Trust: 0.6

url:https://pivotal.io/security/cve-2019-9517

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-node-js-affect-ibm-spectrum-protect-plus-cve-2019-15606-cve-2019-15604-cve-2019-15605-cve-2019-9511-cve-2019-9516-cve-2019-9512-cve-2019-9517-cve-2019-951/

Trust: 0.6

url:http-2-cve-2019-9515-cve-2019-9518-cve-2019-9517-cve-2019-9514-cve-2019-9512-cve-2019/

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-console-and-rest-api-are-vulnerable-to-multiple-denial-of-service-attacks-within-

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-transformation-advisor-is-affected-by-vulnerabilities-in-websphere-application-server-liberty-cve-2019-9515-cve-2019-9518-cve-2019-9517-cve-2019-9512-cve-2019-9514-c/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.4596/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.0643/

Trust: 0.6

url:https://www.ibm.com/support/pages/node/1143454

Trust: 0.6

url:http2-implementation-vulnerablility/

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-websphere-liberty-susceptible-to-

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.3306/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.3116/

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-in-ibm-websphere-application-server-affect-ibm-sterling-b2b-integrator/

Trust: 0.6

url:https://portal.msrc.microsoft.com/zh-cn/security-guidance/advisory/cve-2019-9513

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-kubernetes-affect-ibm-infosphere-information-server/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.3299/

Trust: 0.6

url:https://packetstormsecurity.com/files/156941/red-hat-security-advisory-2020-0983-01.html

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-websphere-application-server-liberty-affect-ibm-spectrum-protect-operations-center-and-client-management-service/

Trust: 0.6

url:http-2-implementation-used-by-watson-knowledge-catalog-for-ibm-cloud-pak-for-data/

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-ibm-infosphere-information-server-is-affected-by-multiple-vulnerabilities-in-websphere-application-server-liberty/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.3597.3/

Trust: 0.6

url:https://packetstormsecurity.com/files/155414/red-hat-security-advisory-2019-3935-01.html

Trust: 0.6

url:https://www.ibm.com/support/pages/node/1150960

Trust: 0.6

url:https://www.ibm.com/support/pages/node/1137466

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.4343/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.0100/

Trust: 0.6

url:https://www.ibm.com/support/pages/node/1167160

Trust: 0.6

url:https://vigilance.fr/vulnerability/http-2-multiple-vulnerabilities-30040

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.0007/

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-vyatta-5600-vrouter-software-patches-release-1801-ze-2/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.3129/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.4238/

Trust: 0.6

url:http://www.nsfocus.net/vulndb/43920

Trust: 0.6

url:https://www.ibm.com/support/pages/node/1165852

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.1076/

Trust: 0.6

url:https://www.ibm.com/support/pages/node/1127853

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2019-9516

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2019-9517

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2019-9517

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2019-9516

Trust: 0.4

url:https://www.debian.org/security/faq

Trust: 0.2

url:https://www.debian.org/security/

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-9514

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-9515

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-9512

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-9514

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-9515

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-9518

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-9512

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-9518

Trust: 0.2

url:https://kc.mcafee.com/corporate/index?page=content&amp;id=sb10296

Trust: 0.1

url:https://support.f5.com/csp/article/k02591030?utm_source=f5support&amp;amp;utm_medium=rss

Trust: 0.1

url:https://security-tracker.debian.org/tracker/nginx

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-0197

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-5407

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-17199

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-17189

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-0737

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-17199

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-0737

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-0217

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-0734

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-0217

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-0197

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-17189

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-5407

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-0196

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-0196

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-0734

Trust: 0.1

url:https://security-tracker.debian.org/tracker/nghttp2

Trust: 0.1

url:https://ubuntu.com/security/notices/usn-6754-2

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2023-44487

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2024-28182

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/nghttp2/1.59.0-1ubuntu0.1

Trust: 0.1

url:https://ubuntu.com/security/notices/usn-6754-1

Trust: 0.1

sources: CERT/CC: VU#605641 // VULHUB: VHN-160948 // PACKETSTORM: 154401 // PACKETSTORM: 154190 // PACKETSTORM: 154712 // PACKETSTORM: 155417 // PACKETSTORM: 154699 // PACKETSTORM: 154470 // PACKETSTORM: 154284 // PACKETSTORM: 154663 // PACKETSTORM: 178500 // CNNVD: CNNVD-201908-935 // NVD: CVE-2019-9513

CREDITS

Red Hat

Trust: 1.2

sources: PACKETSTORM: 154401 // PACKETSTORM: 154712 // PACKETSTORM: 155417 // PACKETSTORM: 154699 // PACKETSTORM: 154470 // PACKETSTORM: 154663 // CNNVD: CNNVD-201908-935

SOURCES

db:CERT/CCid:VU#605641
db:VULHUBid:VHN-160948
db:VULMONid:CVE-2019-9513
db:PACKETSTORMid:154401
db:PACKETSTORMid:154190
db:PACKETSTORMid:154712
db:PACKETSTORMid:155417
db:PACKETSTORMid:154699
db:PACKETSTORMid:154470
db:PACKETSTORMid:154284
db:PACKETSTORMid:154663
db:PACKETSTORMid:178500
db:CNNVDid:CNNVD-201908-935
db:NVDid:CVE-2019-9513

LAST UPDATE DATE

2024-11-07T20:24:41.850000+00:00


SOURCES UPDATE DATE

db:CERT/CCid:VU#605641date:2019-11-19T00:00:00
db:VULHUBid:VHN-160948date:2020-10-22T00:00:00
db:VULMONid:CVE-2019-9513date:2022-08-12T00:00:00
db:CNNVDid:CNNVD-201908-935date:2022-03-10T00:00:00
db:NVDid:CVE-2019-9513date:2023-11-07T03:13:42.177

SOURCES RELEASE DATE

db:CERT/CCid:VU#605641date:2019-08-13T00:00:00
db:VULHUBid:VHN-160948date:2019-08-13T00:00:00
db:VULMONid:CVE-2019-9513date:2019-08-13T00:00:00
db:PACKETSTORMid:154401date:2019-09-09T23:04:07
db:PACKETSTORMid:154190date:2019-08-22T20:20:23
db:PACKETSTORMid:154712date:2019-10-02T15:03:59
db:PACKETSTORMid:155417date:2019-11-20T21:11:11
db:PACKETSTORMid:154699date:2019-10-01T20:46:00
db:PACKETSTORMid:154470date:2019-09-12T14:32:43
db:PACKETSTORMid:154284date:2019-09-02T17:39:28
db:PACKETSTORMid:154663date:2019-09-30T13:33:33
db:PACKETSTORMid:178500date:2024-05-09T15:42:01
db:CNNVDid:CNNVD-201908-935date:2019-08-13T00:00:00
db:NVDid:CVE-2019-9513date:2019-08-13T21:15:12.380