ID

VAR-201908-0264


CVE

CVE-2019-9514


TITLE

HTTP/2 implementations do not robustly handle abnormal traffic and resource exhaustion

Trust: 0.8

sources: CERT/CC: VU#605641

DESCRIPTION

Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service. The attacker opens a number of streams and sends an invalid request over each stream that should solicit a stream of RST_STREAM frames from the peer. Depending on how the peer queues the RST_STREAM frames, this can consume excess memory, CPU, or both. Multiple HTTP/2 implementations are vulnerable to a variety of denial-of-service (DoS) attacks. HTTP/2 is the second version of the hypertext transfer protocol, which is mainly used to ensure the communication between the client and the server. A resource management error vulnerability exists in HTTP/2. An attacker could exploit this vulnerability to cause a denial of service. it exists that Twisted incorrectly validated or sanitized certain URIs or HTTP methods. A remote attacker could use this issue to inject invalid characters and possibly perform header injection attacks. (CVE-2019-12387). Description: Red Hat Decision Manager is an open source decision management platform that combines business rules management, complex event processing, Decision Model & Notation (DMN) execution, and Business Optimizer for solving planning problems. It automates business decisions and makes that logic available to the entire business. Bugs fixed (https://bugzilla.redhat.com/): 1735645 - CVE-2019-9512 HTTP/2: flood using PING frames results in unbounded memory growth 1735744 - CVE-2019-9514 HTTP/2: flood using HEADERS frames results in unbounded memory growth 1735745 - CVE-2019-9515 HTTP/2: flood using SETTINGS frames results in unbounded memory growth 1735749 - CVE-2019-9518 HTTP/2: flood using empty frames results in excessive resource consumption 1758619 - CVE-2019-16869 netty: HTTP request smuggling by mishandled whitespace before the colon in HTTP headers 1793154 - CVE-2019-20330 jackson-databind: lacks certain net.sf.ehcache blocking 1796225 - CVE-2020-7238 netty: HTTP Request Smuggling due to Transfer-Encoding whitespace mishandling 1796756 - CVE-2020-1718 keycloak: security issue on reset credential flow 1797006 - CVE-2019-12423 cxf: OpenId Connect token service does not properly validate the clientId 1797011 - CVE-2019-17573 cxf: reflected XSS in the services listing page 1798509 - CVE-2019-20445 netty: HttpObjectDecoder.java allows Content-Length header to accompanied by second Content-Length header 1798524 - CVE-2019-20444 netty: HTTP request smuggling 1801149 - CVE-2019-13990 libquartz: XXE attacks via job description 1815470 - CVE-2020-10673 jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution 1815495 - CVE-2020-10672 jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution 1816170 - CVE-2019-12406 cxf: does not restrict the number of message attachments 1816216 - CVE-2020-11612 netty: compression/decompression codecs don't enforce limits on buffer allocation sizes 1816330 - CVE-2020-8840 jackson-databind: Lacks certain xbean-reflect/JNDI blocking 1816332 - CVE-2020-9546 jackson-databind: Serialization gadgets in shaded-hikari-config 1816337 - CVE-2020-9547 jackson-databind: Serialization gadgets in ibatis-sqlmap 1816340 - CVE-2020-9548 jackson-databind: Serialization gadgets in anteros-core 1819208 - CVE-2020-10968 jackson-databind: Serialization gadgets in org.aoju.bus.proxy.provider.*.RmiProvider 1819212 - CVE-2020-10969 jackson-databind: Serialization gadgets in javax.swing.JEditorPane 1821304 - CVE-2020-11111 jackson-databind: Serialization gadgets in org.apache.activemq.jms.pool.XaPooledConnectionFactory 1821311 - CVE-2020-11112 jackson-databind: Serialization gadgets in org.apache.commons.proxy.provider.remoting.RmiProvider 1821315 - CVE-2020-11113 jackson-databind: Serialization gadgets in org.apache.openjpa.ee.WASRegistryManagedRuntime 1826798 - CVE-2020-11620 jackson-databind: Serialization gadgets in commons-jelly:commons-jelly 1826805 - CVE-2020-11619 jackson-databind: Serialization gadgets in org.springframework:spring-aop 1848960 - CVE-2020-14060 jackson-databind: serialization in oadd.org.apache.xalan.lib.sql.JNDIConnectionPool 1848962 - CVE-2020-14062 jackson-databind: serialization in com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool 1848966 - CVE-2020-14061 jackson-databind: serialization in weblogic/oracle-aqjms 5. All OpenShift Container Platform 3.10 users are advised to upgrade to these updated packages and images. Solution: For OpenShift Container Platform 3.10 see the following documentation, which will be updated shortly for release 3.10.170, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update: https://docs.openshift.com/container-platform/3.10/release_notes/ocp_3_10_r elease_notes.html 5. Description: Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. See the Red Hat JBoss Enterprise Application Platform 7.2.5 Release Notes for information about the most significant bug fixes and enhancements included in this release. The References section of this erratum contains a download link (you must log in to download the update). The JBoss server process must be restarted for the update to take effect. JIRA issues fixed (https://issues.jboss.org/): JBEAP-17075 - (7.2.z) Upgrade yasson from 1.0.2.redhat-00001 to 1.0.5 JBEAP-17220 - (7.2.x) HHH-13504 Upgrade ByteBuddy to 1.9.11 JBEAP-17365 - [GSS](7.2.z) Upgrade RESTEasy from 3.6.1.SP6 to 3.6.1.SP7 JBEAP-17476 - [GSS](7.2.z) Upgrade Generic JMS RA 2.0.2.Final JBEAP-17478 - [GSS](7.2.z) Upgrade JBoss Remoting from 5.0.14.SP1 to 5.0.16.Final JBEAP-17483 - [GSS](7.2.z) Upgrade Apache CXF from 3.2.9 to 3.2.10 JBEAP-17495 - (7.2.z) Upgrade PicketLink from 2.5.5.SP12-redhat-00007 to 2.5.5.SP12-redhat-00009 JBEAP-17496 - (7.2.z) Upgrade PicketLink bindings from 2.5.5.SP12-redhat-00007 to 2.5.5.SP12-redhat-00009 JBEAP-17513 - [GSS](7.2.z) Upgrade Hibernate ORM from 5.3.11.SP1 to 5.3.13 JBEAP-17521 - (7.2.z) Upgrade picketbox from 5.0.3.Final-redhat-00004 to 5.0.3.Final-redhat-00005 JBEAP-17523 - [GSS](7.2.z) Upgrade wildfly-core from 6.0.16 to 6.0.17 JBEAP-17547 - [GSS](7.2.z) Upgrade Elytron-Tool from 1.4.3 to 1.4.4.Final JBEAP-17548 - [GSS](7.2.z) Upgrade Elytron from 1.6.4.Final-redhat-00001 to 1.6.5.Final-redhat-00001 JBEAP-17560 - [GSS](7.2.z) Upgrade HAL from 3.0.16 to 3.0.17 JBEAP-17579 - [GSS](7.2.z) Upgrade JBoss MSC from 1.4.8 to 1.4.11 JBEAP-17582 - [GSS](7.2.z) Upgrade JSF based on Mojarra 2.3.5.SP3-redhat-00002 to 2.3.5.SP3-redhat-00003 JBEAP-17631 - [GSS](7.2.z) Upgrade Undertow from 2.0.25.SP1 to 2.0.26.SP3 JBEAP-17647 - [GSS](7.2.z) Upgrade IronJacamar from 1.4.17.Final to 1.4.18.Final JBEAP-17665 - [GSS](7.2.z) Upgrade XNIO from 3.7.3.Final-redhat-00001 to 3.7.6.Final JBEAP-17722 - [GSS](7.2.z) Upgrade wildfly-http-client from 1.0.15.Final-redhat-00001 to 1.0.17.Final JBEAP-17874 - (7.2.z) Upgrade to wildfly-openssl 1.0.8 JBEAP-17880 - (7.2.z) Upgrade XNIO from 3.7.6.Final-redhat-00001 to 3.7.6.SP1 6. Description: Red Hat Single Sign-On 7.3 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. JIRA issues fixed (https://issues.jboss.org/): KEYCLOAK-11816 - Tracker bug for the RH-SSO 7.3.5 release for RHEL7 7. Installation instructions are available from the Fuse 7.6.0 product documentation page: https://access.redhat.com/documentation/en-us/red_hat_fuse/7.6/ 4. Bugs fixed (https://bugzilla.redhat.com/): 1399546 - CVE-2015-9251 js-jquery: Cross-site scripting via cross-domain ajax requests 1432858 - CVE-2017-5929 logback: Serialization vulnerability in SocketServer and ServerSocketReceiver 1591854 - CVE-2017-16012 js-jquery: XSS in responses from cross-origin ajax requests 1618573 - CVE-2018-11771 apache-commons-compress: ZipArchiveInputStream.read() fails to identify correct EOF allowing for DoS via crafted zip 1643043 - CVE-2018-15756 springframework: DoS Attack via Range Requests 1693777 - CVE-2019-3888 undertow: leak credentials to log files UndertowLogger.REQUEST_LOGGER.undertowRequestFailed 1703469 - CVE-2019-10174 infinispan: invokeAccessibly method from ReflectionUtil class allows to invoke private methods 1709860 - CVE-2019-5427 c3p0: loading XML configuration leads to denial of service 1713068 - CVE-2019-10184 undertow: Information leak in requests for directories without trailing slashes 1725795 - CVE-2019-12814 jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server via crafted JSON message. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: nodejs:10 security update Advisory ID: RHSA-2019:2925-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2019:2925 Issue date: 2019-09-30 CVE Names: CVE-2019-9511 CVE-2019-9512 CVE-2019-9513 CVE-2019-9514 CVE-2019-9515 CVE-2019-9516 CVE-2019-9517 CVE-2019-9518 ===================================================================== 1. Summary: An update for the nodejs:10 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64 3. Description: Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: nodejs (10.16.3). Security Fix(es): * HTTP/2: large amount of data requests leads to denial of service (CVE-2019-9511) * HTTP/2: flood using PING frames results in unbounded memory growth (CVE-2019-9512) * HTTP/2: flood using PRIORITY frames results in excessive resource consumption (CVE-2019-9513) * HTTP/2: flood using HEADERS frames results in unbounded memory growth (CVE-2019-9514) * HTTP/2: flood using SETTINGS frames results in unbounded memory growth (CVE-2019-9515) * HTTP/2: 0-length headers lead to denial of service (CVE-2019-9516) * HTTP/2: request for large response leads to denial of service (CVE-2019-9517) * HTTP/2: flood using empty frames results in excessive resource consumption (CVE-2019-9518) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1735645 - CVE-2019-9512 HTTP/2: flood using PING frames results in unbounded memory growth 1735741 - CVE-2019-9513 HTTP/2: flood using PRIORITY frames results in excessive resource consumption 1735744 - CVE-2019-9514 HTTP/2: flood using HEADERS frames results in unbounded memory growth 1735745 - CVE-2019-9515 HTTP/2: flood using SETTINGS frames results in unbounded memory growth 1735749 - CVE-2019-9518 HTTP/2: flood using empty frames results in excessive resource consumption 1741860 - CVE-2019-9511 HTTP/2: large amount of data requests leads to denial of service 1741864 - CVE-2019-9516 HTTP/2: 0-length headers lead to denial of service 1741868 - CVE-2019-9517 HTTP/2: request for large response leads to denial of service 6. Package List: Red Hat Enterprise Linux AppStream (v. 8): Source: nodejs-10.16.3-2.module+el8.0.0+4214+49953fda.src.rpm nodejs-nodemon-1.18.3-1.module+el8+2632+6c5111ed.src.rpm nodejs-packaging-17-3.module+el8+2873+aa7dfd9a.src.rpm aarch64: nodejs-10.16.3-2.module+el8.0.0+4214+49953fda.aarch64.rpm nodejs-debuginfo-10.16.3-2.module+el8.0.0+4214+49953fda.aarch64.rpm nodejs-debugsource-10.16.3-2.module+el8.0.0+4214+49953fda.aarch64.rpm nodejs-devel-10.16.3-2.module+el8.0.0+4214+49953fda.aarch64.rpm npm-6.9.0-1.10.16.3.2.module+el8.0.0+4214+49953fda.aarch64.rpm noarch: nodejs-docs-10.16.3-2.module+el8.0.0+4214+49953fda.noarch.rpm nodejs-nodemon-1.18.3-1.module+el8+2632+6c5111ed.noarch.rpm nodejs-packaging-17-3.module+el8+2873+aa7dfd9a.noarch.rpm ppc64le: nodejs-10.16.3-2.module+el8.0.0+4214+49953fda.ppc64le.rpm nodejs-debuginfo-10.16.3-2.module+el8.0.0+4214+49953fda.ppc64le.rpm nodejs-debugsource-10.16.3-2.module+el8.0.0+4214+49953fda.ppc64le.rpm nodejs-devel-10.16.3-2.module+el8.0.0+4214+49953fda.ppc64le.rpm npm-6.9.0-1.10.16.3.2.module+el8.0.0+4214+49953fda.ppc64le.rpm s390x: nodejs-10.16.3-2.module+el8.0.0+4214+49953fda.s390x.rpm nodejs-debuginfo-10.16.3-2.module+el8.0.0+4214+49953fda.s390x.rpm nodejs-debugsource-10.16.3-2.module+el8.0.0+4214+49953fda.s390x.rpm nodejs-devel-10.16.3-2.module+el8.0.0+4214+49953fda.s390x.rpm npm-6.9.0-1.10.16.3.2.module+el8.0.0+4214+49953fda.s390x.rpm x86_64: nodejs-10.16.3-2.module+el8.0.0+4214+49953fda.x86_64.rpm nodejs-debuginfo-10.16.3-2.module+el8.0.0+4214+49953fda.x86_64.rpm nodejs-debugsource-10.16.3-2.module+el8.0.0+4214+49953fda.x86_64.rpm nodejs-devel-10.16.3-2.module+el8.0.0+4214+49953fda.x86_64.rpm nodejs-devel-debuginfo-10.16.3-2.module+el8.0.0+4214+49953fda.x86_64.rpm npm-6.9.0-1.10.16.3.2.module+el8.0.0+4214+49953fda.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2019-9511 https://access.redhat.com/security/cve/CVE-2019-9512 https://access.redhat.com/security/cve/CVE-2019-9513 https://access.redhat.com/security/cve/CVE-2019-9514 https://access.redhat.com/security/cve/CVE-2019-9515 https://access.redhat.com/security/cve/CVE-2019-9516 https://access.redhat.com/security/cve/CVE-2019-9517 https://access.redhat.com/security/cve/CVE-2019-9518 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXZGtHtzjgjWX9erEAQiTyRAAor6sJh3gZ6PZ3xUQhSyFif5kUuLb9dOa gsUrFUW9QjnSD4OeWq0eOJ+W1VkY0WKU0p2KCt4f0R9Msi85EKRzjymM4iv8icMu COL40Wcyvpn2WsdzHrrCT0rM7jiry7YShv/KOlao2wUhkbzs5aHc9D8fBhUvkiCj bHQhrGY+63pnIe6LyCUJ9nEEGPCMaFdpzI+9hDvAevh2ooj6h0PISg/MOb5T7N2z d0RNhrmp5wJUJWbb2hrcnUrbu4CQjf5r44a4R1EdrAL8C+y2vgnVO+wb8RprnMrW 350YueLNrCSYgqeysfbcNG1ccP6iZ/YLCOIOwfb9138cDqelUooAdPKmAj6hY97O pRv1cfc4sBCu1MxhnUgRcY3idmD7qaSbY7lNize04z/HMNK5aq3Kgx5bN/q0OA+n FqWVVCckoFYIn6wWUv1CPlAskpjqns2DPoEd1AUeZH9Efg0JBgKGgQh64T6q20Ua Je5DSConOr149WxNARXWbVz7FhnI+wsDTQzWTk7XuXBfhvSHrfl9tqD444cNP1wm WAvONvS+nlxDOqk4Joo+ZOHA9Wjx/lxciQo6S8aYaQHnCBSUbXAvXjKy0VeoUUdz bD5zrdhbGiSxtR0WNKVP0KVb62P14HGGrceFQRIJPSiqkIrNBS7oeCLuOPpB1QSx J/w0T73QFqQ= =4d1d -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce

Trust: 2.7

sources: NVD: CVE-2019-9514 // CERT/CC: VU#605641 // VULHUB: VHN-160949 // VULMON: CVE-2019-9514 // PACKETSTORM: 158650 // PACKETSTORM: 154458 // PACKETSTORM: 154638 // PACKETSTORM: 155352 // PACKETSTORM: 154964 // PACKETSTORM: 155480 // PACKETSTORM: 155518 // PACKETSTORM: 156941 // PACKETSTORM: 155396 // PACKETSTORM: 154663

AFFECTED PRODUCTS

vendor:f5model:big-ip local traffic managerscope:ltversion:15.0.1.1

Trust: 1.0

vendor:f5model:big-ip local traffic managerscope:ltversion:13.1.3.2

Trust: 1.0

vendor:apachemodel:traffic serverscope:lteversion:6.2.3

Trust: 1.0

vendor:apachemodel:traffic serverscope:gteversion:6.0.0

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:10.0

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:19.04

Trust: 1.0

vendor:redhatmodel:enterprise linux eusscope:eqversion:8.1

Trust: 1.0

vendor:f5model:big-ip local traffic managerscope:gteversion:11.6.1

Trust: 1.0

vendor:nodejsmodel:node.jsscope:gteversion:8.0.0

Trust: 1.0

vendor:redhatmodel:enterprise linux serverscope:eqversion:7.0

Trust: 1.0

vendor:f5model:big-ip local traffic managerscope:gteversion:12.1.0

Trust: 1.0

vendor:f5model:big-ip local traffic managerscope:gteversion:14.1.0

Trust: 1.0

vendor:nodejsmodel:node.jsscope:gteversion:10.0.0

Trust: 1.0

vendor:apachemodel:traffic serverscope:gteversion:7.0.0

Trust: 1.0

vendor:oraclemodel:graalvmscope:eqversion:19.2.0

Trust: 1.0

vendor:redhatmodel:quayscope:eqversion:3.0.0

Trust: 1.0

vendor:netappmodel:cloud insightsscope:eqversion: -

Trust: 1.0

vendor:nodejsmodel:node.jsscope:lteversion:8.8.1

Trust: 1.0

vendor:f5model:big-ip local traffic managerscope:gteversion:15.0.0

Trust: 1.0

vendor:redhatmodel:jboss enterprise application platformscope:eqversion:7.3.0

Trust: 1.0

vendor:redhatmodel:single sign-onscope:eqversion:7.3

Trust: 1.0

vendor:mcafeemodel:web gatewayscope:gteversion:7.7.2.0

Trust: 1.0

vendor:redhatmodel:openshift container platformscope:eqversion:3.10

Trust: 1.0

vendor:redhatmodel:openshift container platformscope:eqversion:3.9

Trust: 1.0

vendor:nodejsmodel:node.jsscope:ltversion:12.8.1

Trust: 1.0

vendor:fedoraprojectmodel:fedorascope:eqversion:29

Trust: 1.0

vendor:apachemodel:traffic serverscope:lteversion:8.0.3

Trust: 1.0

vendor:redhatmodel:software collectionsscope:eqversion:1.0

Trust: 1.0

vendor:nodejsmodel:node.jsscope:ltversion:10.16.3

Trust: 1.0

vendor:nodejsmodel:node.jsscope:gteversion:10.13.0

Trust: 1.0

vendor:synologymodel:vs960hdscope:eqversion: -

Trust: 1.0

vendor:mcafeemodel:web gatewayscope:gteversion:8.1.0

Trust: 1.0

vendor:fedoraprojectmodel:fedorascope:eqversion:30

Trust: 1.0

vendor:netappmodel:tridentscope:eqversion: -

Trust: 1.0

vendor:f5model:big-ip local traffic managerscope:ltversion:11.6.5.1

Trust: 1.0

vendor:f5model:big-ip local traffic managerscope:ltversion:14.1.2.1

Trust: 1.0

vendor:synologymodel:diskstation managerscope:eqversion:6.2

Trust: 1.0

vendor:redhatmodel:enterprise linux workstationscope:eqversion:7.0

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:9.0

Trust: 1.0

vendor:mcafeemodel:web gatewayscope:ltversion:7.8.2.13

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:18.04

Trust: 1.0

vendor:f5model:big-ip local traffic managerscope:ltversion:12.1.5.1

Trust: 1.0

vendor:f5model:big-ip local traffic managerscope:ltversion:14.0.1.1

Trust: 1.0

vendor:nodejsmodel:node.jsscope:ltversion:8.16.1

Trust: 1.0

vendor:applemodel:swiftnioscope:lteversion:1.4.0

Trust: 1.0

vendor:opensusemodel:leapscope:eqversion:15.0

Trust: 1.0

vendor:synologymodel:skynasscope:eqversion: -

Trust: 1.0

vendor:redhatmodel:developer toolsscope:eqversion:1.0

Trust: 1.0

vendor:redhatmodel:openshift container platformscope:eqversion:4.1

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:16.04

Trust: 1.0

vendor:redhatmodel:openshift service meshscope:eqversion:1.0

Trust: 1.0

vendor:nodejsmodel:node.jsscope:gteversion:12.0.0

Trust: 1.0

vendor:redhatmodel:openstackscope:eqversion:14

Trust: 1.0

vendor:redhatmodel:jboss enterprise application platformscope:eqversion:7.2.0

Trust: 1.0

vendor:mcafeemodel:web gatewayscope:gteversion:7.8.2.0

Trust: 1.0

vendor:redhatmodel:openshift container platformscope:eqversion:3.11

Trust: 1.0

vendor:f5model:big-ip local traffic managerscope:gteversion:13.1.0

Trust: 1.0

vendor:redhatmodel:openshift container platformscope:eqversion:4.2

Trust: 1.0

vendor:redhatmodel:enterprise linuxscope:eqversion:8.0

Trust: 1.0

vendor:f5model:big-ip local traffic managerscope:gteversion:14.0.0

Trust: 1.0

vendor:apachemodel:traffic serverscope:lteversion:7.1.6

Trust: 1.0

vendor:nodejsmodel:node.jsscope:lteversion:10.12.0

Trust: 1.0

vendor:apachemodel:traffic serverscope:gteversion:8.0.0

Trust: 1.0

vendor:opensusemodel:leapscope:eqversion:15.1

Trust: 1.0

vendor:mcafeemodel:web gatewayscope:ltversion:8.2.0

Trust: 1.0

vendor:applemodel:swiftnioscope:gteversion:1.0.0

Trust: 1.0

vendor:redhatmodel:jboss core servicesscope:eqversion:1.0

Trust: 1.0

vendor:nodejsmodel:node.jsscope:gteversion:8.9.0

Trust: 1.0

vendor:mcafeemodel:web gatewayscope:ltversion:7.7.2.24

Trust: 1.0

vendor:akamaimodel: - scope: - version: -

Trust: 0.8

vendor:amazonmodel: - scope: - version: -

Trust: 0.8

vendor:apache traffic servermodel: - scope: - version: -

Trust: 0.8

vendor:applemodel: - scope: - version: -

Trust: 0.8

vendor:cloudflaremodel: - scope: - version: -

Trust: 0.8

vendor:envoymodel: - scope: - version: -

Trust: 0.8

vendor:facebookmodel: - scope: - version: -

Trust: 0.8

vendor:go programming languagemodel: - scope: - version: -

Trust: 0.8

vendor:litespeedmodel: - scope: - version: -

Trust: 0.8

vendor:microsoftmodel: - scope: - version: -

Trust: 0.8

vendor:nettymodel: - scope: - version: -

Trust: 0.8

vendor:node jsmodel: - scope: - version: -

Trust: 0.8

vendor:synologymodel: - scope: - version: -

Trust: 0.8

vendor:twistedmodel: - scope: - version: -

Trust: 0.8

vendor:ubuntumodel: - scope: - version: -

Trust: 0.8

vendor:grpcmodel: - scope: - version: -

Trust: 0.8

vendor:nghttp2model: - scope: - version: -

Trust: 0.8

vendor:nginxmodel: - scope: - version: -

Trust: 0.8

sources: CERT/CC: VU#605641 // NVD: CVE-2019-9514

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-9514
value: HIGH

Trust: 1.0

cret@cert.org: CVE-2019-9514
value: HIGH

Trust: 1.0

CNNVD: CNNVD-201908-931
value: HIGH

Trust: 0.6

VULHUB: VHN-160949
value: HIGH

Trust: 0.1

VULMON: CVE-2019-9514
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2019-9514
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

VULHUB: VHN-160949
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-9514
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

cret@cert.org: CVE-2019-9514
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.0

Trust: 1.0

sources: VULHUB: VHN-160949 // VULMON: CVE-2019-9514 // CNNVD: CNNVD-201908-931 // NVD: CVE-2019-9514 // NVD: CVE-2019-9514

PROBLEMTYPE DATA

problemtype:CWE-400

Trust: 1.1

problemtype:CWE-770

Trust: 1.1

sources: VULHUB: VHN-160949 // NVD: CVE-2019-9514

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201908-931

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201908-931

PATCH

title:HTTP/2 Remedial measures to achieve security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=96615

Trust: 0.6

title:Red Hat: Important: container-tools:1.0 security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20194273 - Security Advisory

Trust: 0.1

title:Red Hat: Important: go-toolset-1.11 and go-toolset-1.11-golang security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20192682 - Security Advisory

Trust: 0.1

title:Red Hat: Important: OpenShift Container Platform 3.11 HTTP/2 security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20193906 - Security Advisory

Trust: 0.1

title:Red Hat: Important: Red Hat OpenShift Container Platform 4.1 openshift RPM security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20192661 - Security Advisory

Trust: 0.1

title:Red Hat: Important: OpenShift Container Platform 4.2 security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20193245 - Security Advisory

Trust: 0.1

title:Red Hat: Important: go-toolset:rhel8 security and bug fix updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20192726 - Security Advisory

Trust: 0.1

title:Red Hat: Important: OpenShift Container Platform 4.1 security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20193265 - Security Advisory

Trust: 0.1

title:Red Hat: Important: containernetworking-plugins security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20200406 - Security Advisory

Trust: 0.1

title:Red Hat: Important: OpenShift Container Platform 4.1.20 golang security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20193131 - Security Advisory

Trust: 0.1

title:Red Hat: Important: OpenShift Container Platform 3.9 security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20192769 - Security Advisory

Trust: 0.1

title:Debian CVElist Bug Report Logs: golang-1.13: CVE-2019-14809url:https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=4f1284fb5317a7db524840483ee9db6f

Trust: 0.1

title:Red Hat: Important: OpenShift Container Platform 3.10 security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20192690 - Security Advisory

Trust: 0.1

title:Red Hat: Important: OpenShift Container Platform 4.1.18 gRPC security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20192861 - Security Advisory

Trust: 0.1

title:Red Hat: Important: container-tools:rhel8 security and bug fix updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20194269 - Security Advisory

Trust: 0.1

title:Red Hat: CVE-2019-9514url:https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database&qid=CVE-2019-9514

Trust: 0.1

title:Red Hat: Important: Red Hat OpenShift Enterprise 4.1.15 gRPC security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20192766 - Security Advisory

Trust: 0.1

title:Red Hat: Important: Red Hat Quay v3.1.1 security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20192966 - Security Advisory

Trust: 0.1

title:Red Hat: Important: Red Hat Single Sign-On 7.3.5 security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20194045 - Security Advisory

Trust: 0.1

title:Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.2.5 security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20194021 - Security Advisory

Trust: 0.1

title:Red Hat: Important: OpenShift Container Platform 4.1.14 security and bug fix updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20192594 - Security Advisory

Trust: 0.1

title:Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.2.5 on RHEL 6 security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20194018 - Security Advisory

Trust: 0.1

title:Debian CVElist Bug Report Logs: CVE-2019-9512 CVE-2019-9514 CVE-2019-9515url:https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=7cb587dafb04d397dd392a7f09dec1d9

Trust: 0.1

title:Debian CVElist Bug Report Logs: CVE-2019-9512 CVE-2019-9514 CVE-2019-9515url:https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=84ba5eefbc1d57b08d1c61852a12e026

Trust: 0.1

title:Amazon Linux AMI: ALAS-2019-1270url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami&qid=ALAS-2019-1270

Trust: 0.1

title:Debian Security Advisories: DSA-4503-1 golang-1.11 -- security updateurl:https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=99481074beb7ec3119ad722cad3dd9cc

Trust: 0.1

title:Debian Security Advisories: DSA-4508-1 h2o -- security updateurl:https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=728a827d177258876055a9107f821dfe

Trust: 0.1

title:Red Hat: Important: Red Hat Single Sign-On 7.3.5 security update on RHEL 7url:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20194041 - Security Advisory

Trust: 0.1

title:Arch Linux Issues: url:https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues&qid=CVE-2019-9514

Trust: 0.1

title:Red Hat: Important: Red Hat Single Sign-On 7.3.5 security update on RHEL 8url:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20194042 - Security Advisory

Trust: 0.1

title:Red Hat: Important: Red Hat Single Sign-On 7.3.5 security update on RHEL 6url:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20194040 - Security Advisory

Trust: 0.1

title:Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.2.5 on RHEL 7 security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20194019 - Security Advisory

Trust: 0.1

title:Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.2.5 on RHEL 8 security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20194020 - Security Advisory

Trust: 0.1

title:Red Hat: Important: nodejs:10 security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20192925 - Security Advisory

Trust: 0.1

title:Red Hat: Important: rh-nodejs8-nodejs security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20192955 - Security Advisory

Trust: 0.1

title:Debian Security Advisories: DSA-4520-1 trafficserver -- security updateurl:https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=3b21ecf9ab12cf6e0b56a2ef2ccf56b8

Trust: 0.1

title:Red Hat: Important: Red Hat JBoss Fuse/A-MQ 6.3 R14 security and bug fix updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20194352 - Security Advisory

Trust: 0.1

title:Red Hat: Important: EAP Continuous Delivery Technical Preview Release 18 security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20202565 - Security Advisory

Trust: 0.1

title:Apple: SwiftNIO HTTP/2 1.5.0url:https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=39f63f0751cdcda5bff86ad147e8e1d5

Trust: 0.1

title:Arch Linux Advisories: [ASA-201908-15] go: multiple issuesurl:https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories&qid=ASA-201908-15

Trust: 0.1

title:Red Hat: Important: rh-nodejs10-nodejs security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20192939 - Security Advisory

Trust: 0.1

title:Ubuntu Security Notice: twisted vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-4308-1

Trust: 0.1

title:Arch Linux Advisories: [ASA-201908-16] go-pie: multiple issuesurl:https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories&qid=ASA-201908-16

Trust: 0.1

title:Red Hat: Important: Red Hat Data Grid 7.3.3 security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20200727 - Security Advisory

Trust: 0.1

title:Debian Security Advisories: DSA-4669-1 nodejs -- security updateurl:https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=0919b27d8bf334fac6a8fbea7195b6b0

Trust: 0.1

title:Red Hat: Important: Red Hat AMQ Broker 7.4.3 release and security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20201445 - Security Advisory

Trust: 0.1

title:Red Hat: Important: Red Hat AMQ Broker 7.6 release and security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20200922 - Security Advisory

Trust: 0.1

title:Amazon Linux 2: ALAS2-2019-1272url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux2&qid=ALAS2-2019-1272

Trust: 0.1

title:Red Hat: Important: Red Hat Fuse 7.6.0 security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20200983 - Security Advisory

Trust: 0.1

title:IBM: Security Bulletin: IBM Cloud Transformation Advisor is affected by vulnerabilities in WebSphere Application Server Liberty (CVE-2019-9515, CVE-2019-9518, CVE-2019-9517, CVE-2019-9512, CVE-2019-9514, CVE-2019-9513)url:https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=cbf2ee0b22e92590472860fdb3718cab

Trust: 0.1

title:Red Hat: Important: Red Hat Process Automation Manager 7.8.0 Security Updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20203197 - Security Advisory

Trust: 0.1

title:Red Hat: Important: Red Hat Fuse 7.5.0 security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20193892 - Security Advisory

Trust: 0.1

title:Red Hat: Important: Red Hat Decision Manager 7.8.0 Security Updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20203196 - Security Advisory

Trust: 0.1

title:IBM: IBM Security Bulletin: Version 8.15.0 of Node.js included in IBM Cloud Event Management 2.3.0 has several security vulnerabilities.url:https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=3b9c6b5fbfb51d956856e88dff5a7acd

Trust: 0.1

title:IBM: IBM Security Bulletin: Multiple vulnerabilities affect IBM® SDK for Node.js™ in IBM Cloudurl:https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=89d19e42a01e098dd5f88e0433d2bb5d

Trust: 0.1

title:IBM: IBM Security Bulletin: Node.js vulnerabilities affect IBM Spectrum Control (formerly Tivoli Storage Productivity Center) (CVE-2019-9511, CVE-2019-9512, CVE-2019-9513, CVE-2019-9514, CVE-2019-9515, CVE-2019-9516, CVE-2019-9517, CVE-2019-9518)url:https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=5ad9418973cac91ba73c01ad16b1f5a4

Trust: 0.1

title:IBM: IBM Security Bulletin: Multiple vulnerabilities in Node.js affect IBM iurl:https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=247686da02fe524817c1939b0f6b6a5c

Trust: 0.1

title:IBM: Security Bulletin: IBM Cloud Transformation Advisor is affected by a Node.js vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=8f76cfb8f0c5ea84a0bc28705788f854

Trust: 0.1

title:IBM: IBM Security Bulletin: Multiple vulnerabilities in Node.js affect IBM Cloud App Managementurl:https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=1ce0280dd79176d32c26f34906d1d4de

Trust: 0.1

title:IBM: IBM Security Bulletin: Multiple vulnerabilities in Node.js affect IBM Cloud App Managementurl:https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=b76ff63209def4a949aa18bdf6b518b8

Trust: 0.1

title:Red Hat: Important: Red Hat build of Thorntail 2.5.1 security and bug fix updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20202067 - Security Advisory

Trust: 0.1

title:Fortinet Security Advisories: HTTP/2 Multiple DoS Attacks (VU#605641)url:https://vulmon.com/vendoradvisory?qidtp=fortinet_security_advisories&qid=FG-IR-19-225

Trust: 0.1

title:metargeturl:https://github.com/brant-ruan/metarget

Trust: 0.1

title:Symantec Threat Intelligence Blogurl:https://www.symantec.com/blogs/threat-intelligence/microsoft-patch-tuesday-august-2019

Trust: 0.1

title:BleepingComputerurl:https://www.bleepingcomputer.com/news/security/severe-flaws-in-kubernetes-expose-all-servers-to-dos-attacks/

Trust: 0.1

title:Threatposturl:https://threatpost.com/http-bugs/147405/

Trust: 0.1

sources: VULMON: CVE-2019-9514 // CNNVD: CNNVD-201908-931

EXTERNAL IDS

db:NVDid:CVE-2019-9514

Trust: 2.8

db:CERT/CCid:VU#605641

Trust: 2.6

db:MCAFEEid:SB10296

Trust: 1.8

db:OPENWALLid:OSS-SECURITY/2019/08/20/1

Trust: 1.8

db:OPENWALLid:OSS-SECURITY/2023/10/18/8

Trust: 1.0

db:CNNVDid:CNNVD-201908-931

Trust: 0.7

db:PACKETSTORMid:158651

Trust: 0.7

db:PACKETSTORMid:155352

Trust: 0.7

db:PACKETSTORMid:156941

Trust: 0.7

db:PACKETSTORMid:155396

Trust: 0.7

db:PACKETSTORMid:155484

Trust: 0.6

db:PACKETSTORMid:157214

Trust: 0.6

db:PACKETSTORMid:157741

Trust: 0.6

db:PACKETSTORMid:155705

Trust: 0.6

db:PACKETSTORMid:156852

Trust: 0.6

db:PACKETSTORMid:156209

Trust: 0.6

db:PACKETSTORMid:158095

Trust: 0.6

db:PACKETSTORMid:156628

Trust: 0.6

db:PACKETSTORMid:155520

Trust: 0.6

db:PACKETSTORMid:154135

Trust: 0.6

db:PACKETSTORMid:155728

Trust: 0.6

db:AUSCERTid:ESB-2019.4238

Trust: 0.6

db:AUSCERTid:ESB-2019.4737

Trust: 0.6

db:AUSCERTid:ESB-2019.4332

Trust: 0.6

db:AUSCERTid:ESB-2020.4324

Trust: 0.6

db:AUSCERTid:ESB-2020.1544

Trust: 0.6

db:AUSCERTid:ESB-2020.1030

Trust: 0.6

db:AUSCERTid:ESB-2020.2619

Trust: 0.6

db:AUSCERTid:ESB-2019.4533

Trust: 0.6

db:AUSCERTid:ESB-2020.0643

Trust: 0.6

db:AUSCERTid:ESB-2020.1766

Trust: 0.6

db:AUSCERTid:ESB-2019.3152

Trust: 0.6

db:AUSCERTid:ESB-2020.1076

Trust: 0.6

db:AUSCERTid:ESB-2020.0994

Trust: 0.6

db:AUSCERTid:ESB-2019.3114

Trust: 0.6

db:AUSCERTid:ESB-2019.3597.2

Trust: 0.6

db:AUSCERTid:ESB-2020.0007

Trust: 0.6

db:AUSCERTid:ESB-2019.4645

Trust: 0.6

db:AUSCERTid:ESB-2019.4596

Trust: 0.6

db:AUSCERTid:ESB-2019.4586

Trust: 0.6

db:AUSCERTid:ESB-2020.0100

Trust: 0.6

db:AUSCERTid:ESB-2019.4788

Trust: 0.6

db:AUSCERTid:ESB-2020.2071

Trust: 0.6

db:AUSCERTid:ESB-2019.4697

Trust: 0.6

db:AUSCERTid:ESB-2019.4484

Trust: 0.6

db:AUSCERTid:ESB-2020.1335

Trust: 0.6

db:AUSCERTid:ESB-2020.1427

Trust: 0.6

db:AUSCERTid:ESB-2019.4368

Trust: 0.6

db:AUSCERTid:ESB-2019.4665

Trust: 0.6

db:AUSCERTid:ESB-2020.0832

Trust: 0.6

db:AUSCERTid:ESB-2019.3597.3

Trust: 0.6

db:CS-HELPid:SB2022072128

Trust: 0.6

db:ICS CERTid:ICSA-19-346-01

Trust: 0.6

db:NSFOCUSid:43921

Trust: 0.6

db:PACKETSTORMid:158650

Trust: 0.2

db:VULHUBid:VHN-160949

Trust: 0.1

db:VULMONid:CVE-2019-9514

Trust: 0.1

db:PACKETSTORMid:154458

Trust: 0.1

db:PACKETSTORMid:154638

Trust: 0.1

db:PACKETSTORMid:154964

Trust: 0.1

db:PACKETSTORMid:155480

Trust: 0.1

db:PACKETSTORMid:155518

Trust: 0.1

db:PACKETSTORMid:154663

Trust: 0.1

sources: CERT/CC: VU#605641 // VULHUB: VHN-160949 // VULMON: CVE-2019-9514 // PACKETSTORM: 158650 // PACKETSTORM: 154458 // PACKETSTORM: 154638 // PACKETSTORM: 155352 // PACKETSTORM: 154964 // PACKETSTORM: 155480 // PACKETSTORM: 155518 // PACKETSTORM: 156941 // PACKETSTORM: 155396 // PACKETSTORM: 154663 // CNNVD: CNNVD-201908-931 // NVD: CVE-2019-9514

REFERENCES

url:https://www.debian.org/security/2019/dsa-4503

Trust: 3.0

url:https://github.com/netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md

Trust: 2.6

url:https://www.synology.com/security/advisory/synology_sa_19_33

Trust: 2.6

url:https://access.redhat.com/errata/rhsa-2019:3892

Trust: 2.5

url:https://access.redhat.com/errata/rhsa-2019:4021

Trust: 2.5

url:https://access.redhat.com/errata/rhsa-2019:4041

Trust: 2.5

url:https://access.redhat.com/errata/rhsa-2019:4273

Trust: 2.5

url:https://access.redhat.com/errata/rhsa-2019:4018

Trust: 2.4

url:https://access.redhat.com/errata/rhsa-2019:4019

Trust: 2.4

url:https://access.redhat.com/errata/rhsa-2019:4020

Trust: 2.4

url:https://access.redhat.com/errata/rhsa-2019:4040

Trust: 2.4

url:https://access.redhat.com/errata/rhsa-2019:4042

Trust: 2.4

url:https://access.redhat.com/errata/rhsa-2019:4045

Trust: 2.4

url:https://access.redhat.com/errata/rhsa-2019:4269

Trust: 2.4

url:https://access.redhat.com/errata/rhsa-2019:4352

Trust: 2.4

url:https://access.redhat.com/errata/rhsa-2019:2690

Trust: 1.9

url:https://access.redhat.com/errata/rhsa-2019:2769

Trust: 1.9

url:https://access.redhat.com/errata/rhsa-2019:2861

Trust: 1.9

url:https://access.redhat.com/errata/rhsa-2019:2925

Trust: 1.9

url:https://access.redhat.com/errata/rhsa-2019:3906

Trust: 1.9

url:https://usn.ubuntu.com/4308-1/

Trust: 1.9

url:https://seclists.org/bugtraq/2019/aug/24

Trust: 1.8

url:https://seclists.org/bugtraq/2019/aug/31

Trust: 1.8

url:https://seclists.org/bugtraq/2019/aug/43

Trust: 1.8

url:https://seclists.org/bugtraq/2019/sep/18

Trust: 1.8

url:https://kb.cert.org/vuls/id/605641/

Trust: 1.8

url:https://security.netapp.com/advisory/ntap-20190823-0001/

Trust: 1.8

url:https://security.netapp.com/advisory/ntap-20190823-0004/

Trust: 1.8

url:https://security.netapp.com/advisory/ntap-20190823-0005/

Trust: 1.8

url:https://support.f5.com/csp/article/k01988340

Trust: 1.8

url:https://www.debian.org/security/2019/dsa-4508

Trust: 1.8

url:https://www.debian.org/security/2019/dsa-4520

Trust: 1.8

url:https://www.debian.org/security/2020/dsa-4669

Trust: 1.8

url:http://seclists.org/fulldisclosure/2019/aug/16

Trust: 1.8

url:https://lists.debian.org/debian-lts-announce/2020/12/msg00011.html

Trust: 1.8

url:http://www.openwall.com/lists/oss-security/2019/08/20/1

Trust: 1.8

url:https://access.redhat.com/errata/rhsa-2019:2594

Trust: 1.8

url:https://access.redhat.com/errata/rhsa-2019:2661

Trust: 1.8

url:https://access.redhat.com/errata/rhsa-2019:2682

Trust: 1.8

url:https://access.redhat.com/errata/rhsa-2019:2726

Trust: 1.8

url:https://access.redhat.com/errata/rhsa-2019:2766

Trust: 1.8

url:https://access.redhat.com/errata/rhsa-2019:2796

Trust: 1.8

url:https://access.redhat.com/errata/rhsa-2019:2939

Trust: 1.8

url:https://access.redhat.com/errata/rhsa-2019:2955

Trust: 1.8

url:https://access.redhat.com/errata/rhsa-2019:2966

Trust: 1.8

url:https://access.redhat.com/errata/rhsa-2019:3131

Trust: 1.8

url:https://access.redhat.com/errata/rhsa-2019:3245

Trust: 1.8

url:https://access.redhat.com/errata/rhsa-2019:3265

Trust: 1.8

url:https://access.redhat.com/errata/rhsa-2020:0406

Trust: 1.8

url:https://access.redhat.com/errata/rhsa-2020:0727

Trust: 1.8

url:http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00076.html

Trust: 1.8

url:http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00002.html

Trust: 1.8

url:http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00011.html

Trust: 1.8

url:http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00021.html

Trust: 1.8

url:http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00032.html

Trust: 1.8

url:http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00031.html

Trust: 1.8

url:http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00038.html

Trust: 1.8

url:https://kc.mcafee.com/corporate/index?page=content&id=sb10296

Trust: 1.7

url:https://blogs.akamai.com/sitr/2019/08/http2-vulnerabilities.html

Trust: 1.6

url:https://nvd.nist.gov/vuln/detail/cve-2019-9514

Trust: 1.6

url:https://access.redhat.com/security/cve/cve-2019-9512

Trust: 1.0

url:https://access.redhat.com/security/updates/classification/#important

Trust: 1.0

url:https://access.redhat.com/security/cve/cve-2019-9514

Trust: 1.0

url:https://access.redhat.com/security/team/contact/

Trust: 1.0

url:https://www.redhat.com/mailman/listinfo/rhsa-announce

Trust: 1.0

url:https://bugzilla.redhat.com/):

Trust: 1.0

url:https://nvd.nist.gov/vuln/detail/cve-2019-9512

Trust: 1.0

url:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4zqghe3wtylyayjeidjvf2figqtaypmc/

Trust: 1.0

url:https://support.f5.com/csp/article/k01988340?utm_source=f5support&amp%3butm_medium=rss

Trust: 1.0

url:https://lists.apache.org/thread.html/ad3d01e767199c1aed8033bb6b3f5bf98c011c7c536f07a5d34b3c19%40%3cannounce.trafficserver.apache.org%3e

Trust: 1.0

url:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4bbp27pzgsy6op6d26e5fw4gzkbfhnu7/

Trust: 1.0

url:http://www.openwall.com/lists/oss-security/2023/10/18/8

Trust: 1.0

url:https://lists.apache.org/thread.html/392108390cef48af647a2e47b7fd5380e050e35ae8d1aa2030254c04%40%3cusers.trafficserver.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/bde52309316ae798186d783a5e29f4ad1527f61c9219a289d0eee0a7%40%3cdev.trafficserver.apache.org%3e

Trust: 1.0

url:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/cmnfx5mnyrwwimo4btkyqcgudmho3axp/

Trust: 1.0

url:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/lyo6e3h34c346d2e443glxk7ok6kiyiq/

Trust: 1.0

url:https://vuls.cert.org/confluence/pages/viewpage.action?pageid=56393752

Trust: 0.8

url:https://tools.ietf.org/html/rfc7540

Trust: 0.8

url:https://tools.ietf.org/html/rfc7541

Trust: 0.8

url:https://blog.cloudflare.com/on-the-recent-http-2-dos-attacks/

Trust: 0.8

url:https://blog.litespeedtech.com/2019/08/15/litespeed-addresses-http-2-dos-advisories/

Trust: 0.8

url:https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-9511https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-9512https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-9513https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-9514https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-9518

Trust: 0.8

url:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/lyo6e3h34c346d2e443glxk7ok6kiyiq/

Trust: 0.8

url:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/cmnfx5mnyrwwimo4btkyqcgudmho3axp/

Trust: 0.8

url:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4bbp27pzgsy6op6d26e5fw4gzkbfhnu7/

Trust: 0.8

url:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4zqghe3wtylyayjeidjvf2figqtaypmc/

Trust: 0.8

url:https://lists.apache.org/thread.html/ad3d01e767199c1aed8033bb6b3f5bf98c011c7c536f07a5d34b3c19@%3cannounce.trafficserver.apache.org%3e

Trust: 0.8

url:https://lists.apache.org/thread.html/bde52309316ae798186d783a5e29f4ad1527f61c9219a289d0eee0a7@%3cdev.trafficserver.apache.org%3e

Trust: 0.8

url:https://lists.apache.org/thread.html/392108390cef48af647a2e47b7fd5380e050e35ae8d1aa2030254c04@%3cusers.trafficserver.apache.org%3e

Trust: 0.8

url:https://support.f5.com/csp/article/k01988340?utm_source=f5support&utm_medium=rss

Trust: 0.7

url:https://nvd.nist.gov/vuln/detail/cve-2019-9515

Trust: 0.7

url:https://access.redhat.com/security/cve/cve-2019-9515

Trust: 0.7

url:http2-cves/

Trust: 0.6

url:https://www.cloudfoundry.org/blog/various-

Trust: 0.6

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9518

Trust: 0.6

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9517

Trust: 0.6

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9516

Trust: 0.6

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9515

Trust: 0.6

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9514

Trust: 0.6

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9513

Trust: 0.6

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9512

Trust: 0.6

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9511

Trust: 0.6

url:https://support.apple.com/en-au/ht210436

Trust: 0.6

url:https://support.f5.com/csp/article/k50233772

Trust: 0.6

url:https://www.ibm.com/support/pages/node/1126605

Trust: 0.6

url:https://www.suse.com/support/update/announcement/2019/suse-su-201914246-1.html

Trust: 0.6

url:https://www.ibm.com/support/pages/node/1104951

Trust: 0.6

url:https://access.redhat.com/errata/rhsa-2019:3905

Trust: 0.6

url:https://www.us-cert.gov/ics/advisories/icsa-19-346-01

Trust: 0.6

url:https://www.ibm.com/support/pages/node/1109787

Trust: 0.6

url:https://www.ibm.com/support/pages/node/1109781

Trust: 0.6

url:https://www.ibm.com/support/pages/node/1108515

Trust: 0.6

url:https://www.ibm.com/support/pages/node/1109775

Trust: 0.6

url:https://www.ibm.com/support/pages/node/1165894

Trust: 0.6

url:https://www.ibm.com/support/pages/node/1165906

Trust: 0.6

url:https://www.ibm.com/support/pages/node/1135167

Trust: 0.6

url:https://www.ibm.com/support/pages/node/1164346

Trust: 0.6

url:https://www.ibm.com/support/pages/node/1164364

Trust: 0.6

url:https://www.suse.com/support/update/announcement/2020/suse-su-20200059-1.html

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-dependent-libraries-affect-ibm-db2-leading-to-denial-of-service-or-privilege-escalation/

Trust: 0.6

url:https://www.ibm.com/support/pages/node/1128387

Trust: 0.6

url:https://packetstormsecurity.com/files/157214/red-hat-security-advisory-2020-1445-01.html

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.4368/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.4788/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.4586/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.0994/

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-node-js-affect-ibm-spectrum-protect-plus-cve-2019-15606-cve-2019-15604-cve-2019-15605-cve-2019-9511-cve-2019-9516-cve-2019-9512-cve-2019-9517-cve-2019-951/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.4332/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.0643/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.4484/

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-have-been-identified-in-db2-that-affect-the-ibm-performance-management-product/

Trust: 0.6

url:http2-implementation-vulnerablility/

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-websphere-liberty-susceptible-to-

Trust: 0.6

url:https://packetstormsecurity.com/files/155728/red-hat-security-advisory-2019-4352-01.html

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.2619/

Trust: 0.6

url:https://portal.msrc.microsoft.com/zh-cn/security-guidance/advisory/cve-2019-9514

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.3114/

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-kubernetes-affect-ibm-infosphere-information-server/

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-websphere-application-server-liberty-affect-ibm-spectrum-protect-operations-center-and-client-management-service/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.1335/

Trust: 0.6

url:https://packetstormsecurity.com/files/157741/red-hat-security-advisory-2020-2067-01.html

Trust: 0.6

url:https://packetstormsecurity.com/files/156209/red-hat-security-advisory-2020-0406-01.html

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.3597.3/

Trust: 0.6

url:https://packetstormsecurity.com/files/158095/red-hat-security-advisory-2020-2565-01.html

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.4737/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.0832/

Trust: 0.6

url:https://www.ibm.com/support/pages/node/1137466

Trust: 0.6

url:https://vigilance.fr/vulnerability/http-2-multiple-vulnerabilities-30040

Trust: 0.6

url:https://packetstormsecurity.com/files/155484/red-hat-security-advisory-2019-4019-01.html

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-netty-affect-ibm-operations-analytics-predictive-insights-cve-2019-9514-cve-2019-9512-cve-2019-9518-cve-2019-9515/

Trust: 0.6

url:http://www.nsfocus.net/vulndb/43921

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.1076/

Trust: 0.6

url:https://packetstormsecurity.com/files/156628/red-hat-security-advisory-2020-0727-01.html

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-dependent-libraries-affect-ibm-db2-leading-to-denial-of-service-or-privilege-escalation-3/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.1544/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.2071/

Trust: 0.6

url:https://www.ibm.com/support/pages/node/1127397

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.1427/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.4645/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.3597.2/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.4665/

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-ibm-watson-discovery-for-ibm-cloud-pak-for-data-affected-by-vulnerability-in-netty/

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-netty-affect-ibm-netcool-agile-service-manager/

Trust: 0.6

url:https://pivotal.io/security/cve-2019-9517

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.4697/

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-ibm-db2-warehouse-has-released-a-fix-in-response-to-multiple-vulnerabilities-found-in-ibm-db2/

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-transformation-advisor-is-affected-by-vulnerabilities-in-websphere-application-server-liberty-cve-2019-9515-cve-2019-9518-cve-2019-9517-cve-2019-9512-cve-2019-9514-c/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.4596/

Trust: 0.6

url:https://support.apple.com/en-us/ht210436

Trust: 0.6

url:https://packetstormsecurity.com/files/155520/red-hat-security-advisory-2019-4045-01.html

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-in-ibm-websphere-application-server-affect-ibm-sterling-b2b-integrator/

Trust: 0.6

url:https://www.ibm.com/support/pages/node/1128279

Trust: 0.6

url:https://packetstormsecurity.com/files/156852/red-hat-security-advisory-2020-0922-01.html

Trust: 0.6

url:https://packetstormsecurity.com/files/156941/red-hat-security-advisory-2020-0983-01.html

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.1766/

Trust: 0.6

url:https://packetstormsecurity.com/files/154135/debian-security-advisory-4503-1.html

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022072128

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.3152/

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-dependent-libraries-affect-ibm-db2-leading-to-denial-of-service-or-privilege-escalation-2/

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-ibm-infosphere-information-server-is-affected-by-multiple-vulnerabilities-in-websphere-application-server-liberty/

Trust: 0.6

url:https://packetstormsecurity.com/files/158651/red-hat-security-advisory-2020-3197-01.html

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.4324/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.4533/

Trust: 0.6

url:https://www.ibm.com/support/pages/node/1150960

Trust: 0.6

url:https://packetstormsecurity.com/files/155396/red-hat-security-advisory-2019-3906-01.html

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.0100/

Trust: 0.6

url:https://packetstormsecurity.com/files/155705/red-hat-security-advisory-2019-4273-01.html

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.0007/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.4238/

Trust: 0.6

url:https://packetstormsecurity.com/files/155352/red-hat-security-advisory-2019-3892-01.html

Trust: 0.6

url:https://www.ibm.com/support/pages/node/1165852

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.1030/

Trust: 0.6

url:https://www.ibm.com/support/pages/node/1127853

Trust: 0.6

url:https://www.ibm.com/support/pages/node/1168528

Trust: 0.6

url:https://access.redhat.com/security/team/key/

Trust: 0.5

url:https://access.redhat.com/security/cve/cve-2019-9518

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2019-9518

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2019-16869

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-16869

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-11247

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-11247

Trust: 0.2

url:https://issues.jboss.org/):

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-9511

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-9511

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-14843

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-14838

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-14843

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-14838

Trust: 0.2

url:https://access.redhat.com/articles/11258

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-9513

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-9517

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-9517

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-9516

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-9513

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-9516

Trust: 0.2

url:https://kc.mcafee.com/corporate/index?page=content&amp;id=sb10296

Trust: 0.1

url:https://support.f5.com/csp/article/k01988340?utm_source=f5support&amp;amp;utm_medium=rss

Trust: 0.1

url:https://cwe.mitre.org/data/definitions/770.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://www.kb.cert.org/vuls/id/605641

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-14060

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-11112

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-12406

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-9547

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-11113

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-10968

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-17573

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-20444

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-1718

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-9546

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-14060

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-13990

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-11620

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-10672

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-12406

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-17573

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-11612

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-20330

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-14061

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-11619

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-20445

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-10673

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-1718

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-9548

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-20444

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-13990

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2020:3196

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-14062

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-8840

Trust: 0.1

url:https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions&product=rhdm&version=7.8.0

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-10672

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-10969

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-11619

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-11620

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-7238

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-11111

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-20330

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-7238

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-12423

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-11112

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-11612

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-12423

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-10968

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/red_hat_decision_manager/7.8/html/release_notes_for_red_hat_decision_manager_7.8/index

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-11111

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-20445

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-10969

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-14061

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-11113

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-14062

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-10673

Trust: 0.1

url:https://docs.openshift.com/container-platform/3.10/release_notes/ocp_3_10_r

Trust: 0.1

url:https://docs.openshift.com/container-platform/4.1/release_notes/ocp-4-1-rel

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-11796

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-0204

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2017-15095

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-19360

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-8034

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-14720

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-14718

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-10173

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-14718

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-19361

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-14719

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-14719

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-12022

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-14720

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-1000850

Trust: 0.1

url:https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions&product=jboss.fuse&version=7.5.0

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-10173

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-1000850

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-0201

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-12023

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2017-17485

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-8009

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-8034

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/red_hat_fuse/7.5/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-19360

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-11775

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-11796

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-19362

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-1131

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-1131

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-19362

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-0204

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-12023

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-14721

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-12022

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-11775

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-11307

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-14721

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-14860

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-0201

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2017-17485

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2017-15095

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-8009

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-11307

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-14860

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-19361

Trust: 0.1

url:https://docs.openshift.com/container-platform/3.9/release_notes/ocp_3_9_rel

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.2/html-single/installation_guide/

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.2/

Trust: 0.1

url:https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=appplatform&downloadtype=securitypatches&version=7.2

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/red_hat_single_sign-on/7.3/

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-14837

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-14837

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-10174

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2015-9251

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-10184

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-14379

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-11771

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-5427

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-12422

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-3888

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2017-5929

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-12422

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-14439

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-11272

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/red_hat_fuse/7.6/

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-17570

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-3888

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-17570

Trust: 0.1

url:https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions&product=jboss.fuse&version=7.6.0

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2017-5929

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-11771

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-14439

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-3802

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-12814

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-10184

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-12384

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-15756

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-5427

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-15756

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-9251

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2017-16012

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-10174

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-12384

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-11272

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-3802

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-12814

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2017-16012

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2020:0983

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-14379

Trust: 0.1

url:https://docs.openshift.com/container-platform/3.11/release_notes/ocp_3_11_r

Trust: 0.1

sources: CERT/CC: VU#605641 // VULHUB: VHN-160949 // VULMON: CVE-2019-9514 // PACKETSTORM: 158650 // PACKETSTORM: 154458 // PACKETSTORM: 154638 // PACKETSTORM: 155352 // PACKETSTORM: 154964 // PACKETSTORM: 155480 // PACKETSTORM: 155518 // PACKETSTORM: 156941 // PACKETSTORM: 155396 // PACKETSTORM: 154663 // CNNVD: CNNVD-201908-931 // NVD: CVE-2019-9514

CREDITS

Red Hat

Trust: 1.0

sources: PACKETSTORM: 158650 // PACKETSTORM: 154458 // PACKETSTORM: 154638 // PACKETSTORM: 155352 // PACKETSTORM: 154964 // PACKETSTORM: 155480 // PACKETSTORM: 155518 // PACKETSTORM: 156941 // PACKETSTORM: 155396 // PACKETSTORM: 154663

SOURCES

db:CERT/CCid:VU#605641
db:VULHUBid:VHN-160949
db:VULMONid:CVE-2019-9514
db:PACKETSTORMid:158650
db:PACKETSTORMid:154458
db:PACKETSTORMid:154638
db:PACKETSTORMid:155352
db:PACKETSTORMid:154964
db:PACKETSTORMid:155480
db:PACKETSTORMid:155518
db:PACKETSTORMid:156941
db:PACKETSTORMid:155396
db:PACKETSTORMid:154663
db:CNNVDid:CNNVD-201908-931
db:NVDid:CVE-2019-9514

LAST UPDATE DATE

2024-12-21T20:21:59.442000+00:00


SOURCES UPDATE DATE

db:CERT/CCid:VU#605641date:2019-11-19T00:00:00
db:VULHUBid:VHN-160949date:2020-10-22T00:00:00
db:VULMONid:CVE-2019-9514date:2020-12-09T00:00:00
db:CNNVDid:CNNVD-201908-931date:2022-07-22T00:00:00
db:NVDid:CVE-2019-9514date:2024-11-21T04:51:46.663

SOURCES RELEASE DATE

db:CERT/CCid:VU#605641date:2019-08-13T00:00:00
db:VULHUBid:VHN-160949date:2019-08-13T00:00:00
db:VULMONid:CVE-2019-9514date:2019-08-13T00:00:00
db:PACKETSTORMid:158650date:2020-07-29T17:52:58
db:PACKETSTORMid:154458date:2019-09-11T19:58:47
db:PACKETSTORMid:154638date:2019-09-27T13:02:22
db:PACKETSTORMid:155352date:2019-11-15T16:16:10
db:PACKETSTORMid:154964date:2019-10-24T18:52:58
db:PACKETSTORMid:155480date:2019-11-27T15:38:24
db:PACKETSTORMid:155518date:2019-12-02T19:20:11
db:PACKETSTORMid:156941date:2020-03-27T13:16:40
db:PACKETSTORMid:155396date:2019-11-19T15:17:09
db:PACKETSTORMid:154663date:2019-09-30T13:33:33
db:CNNVDid:CNNVD-201908-931date:2019-08-13T00:00:00
db:NVDid:CVE-2019-9514date:2019-08-13T21:15:12.443