ID

VAR-201908-0266


CVE

CVE-2019-9516


TITLE

HTTP/2 implementations do not robustly handle abnormal traffic and resource exhaustion

Trust: 0.8

sources: CERT/CC: VU#605641

DESCRIPTION

Some HTTP/2 implementations are vulnerable to a header leak, potentially leading to a denial of service. The attacker sends a stream of headers with a 0-length header name and 0-length header value, optionally Huffman encoded into 1-byte or greater headers. Some implementations allocate memory for these headers and keep the allocation alive until the session dies. This can consume excess memory. Multiple HTTP/2 implementations are vulnerable to a variety of denial-of-service (DoS) attacks. HTTP/2 is the second version of the hypertext transfer protocol, which is mainly used to ensure the communication between the client and the server. A resource management error vulnerability exists in HTTP/2. A vulnerability in the HTTP/2 implementation of Nginx could allow an unauthenticated, remote malicious user to cause a denial of service (DoS) condition on a targeted system. The vulnerability is due to improper parsing of zero length headers by the affected software that could lead to excessive CPU usage. An attacker could exploit this vulnerability by sending a request that submits malicious input to an affected system. A successful exploit could result in a DoS condition on the targeted system. nginx.org has confirmed the vulnerability and released software updates. JIRA issues fixed (https://issues.jboss.org/): JBCS-826 - Rebase nghttp2 to 1.39.2 7. Bug Fix(es): * Fixed repository mirror credentials properly escaped to allow special characters * Fixed repository mirror UI cancel button enabled * Fixed repository mirror UI change next sync date 3. Solution: Please download the release images via: quay.io/redhat/quay:v3.1.1 quay.io/redhat/clair-jwt:v3.1.1 quay.io/redhat/quay-builder:v3.1.1 4. Description: This release adds the new Apache HTTP Server 2.4.37 packages that are part of the JBoss Core Services offering. This release serves as a replacement for Red Hat JBoss Core Services Pack Apache Server 2.4.29 and includes bug fixes and enhancements. Refer to the Release Notes for information on the most significant bug fixes and enhancements included in this release. After installing the updated packages, the httpd daemon will be restarted automatically. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: rh-nginx112-nginx security update Advisory ID: RHSA-2019:2746-01 Product: Red Hat Software Collections Advisory URL: https://access.redhat.com/errata/RHSA-2019:2746 Issue date: 2019-09-12 CVE Names: CVE-2019-9511 CVE-2019-9513 CVE-2019-9516 ==================================================================== 1. Summary: An update for rh-nginx112-nginx is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - aarch64, ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4) - ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5) - ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6) - ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7) - ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - x86_64 3. Description: nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage. Security Fix(es): * HTTP/2: large amount of data request leads to denial of service (CVE-2019-9511) * HTTP/2: flood using PRIORITY frames resulting in excessive resource consumption (CVE-2019-9513) * HTTP/2: 0-length headers leads to denial of service (CVE-2019-9516) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The rh-nginx112-nginx service must be restarted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1735741 - CVE-2019-9513 HTTP/2: flood using PRIORITY frames resulting in excessive resource consumption 1741860 - CVE-2019-9511 HTTP/2: large amount of data request leads to denial of service 1741864 - CVE-2019-9516 HTTP/2: 0-length headers leads to denial of service 6. Package List: Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7): Source: rh-nginx112-nginx-1.12.1-3.el7.1.src.rpm aarch64: rh-nginx112-nginx-1.12.1-3.el7.1.aarch64.rpm rh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.aarch64.rpm rh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.aarch64.rpm rh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.aarch64.rpm rh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.aarch64.rpm rh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.aarch64.rpm ppc64le: rh-nginx112-nginx-1.12.1-3.el7.1.ppc64le.rpm rh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.ppc64le.rpm rh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.ppc64le.rpm rh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.ppc64le.rpm rh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.ppc64le.rpm rh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.ppc64le.rpm s390x: rh-nginx112-nginx-1.12.1-3.el7.1.s390x.rpm rh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.s390x.rpm rh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.s390x.rpm rh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.s390x.rpm rh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.s390x.rpm rh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.s390x.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7): Source: rh-nginx112-nginx-1.12.1-3.el7.1.src.rpm aarch64: rh-nginx112-nginx-1.12.1-3.el7.1.aarch64.rpm rh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.aarch64.rpm rh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.aarch64.rpm rh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.aarch64.rpm rh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.aarch64.rpm rh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.aarch64.rpm ppc64le: rh-nginx112-nginx-1.12.1-3.el7.1.ppc64le.rpm rh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.ppc64le.rpm rh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.ppc64le.rpm rh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.ppc64le.rpm rh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.ppc64le.rpm rh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.ppc64le.rpm s390x: rh-nginx112-nginx-1.12.1-3.el7.1.s390x.rpm rh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.s390x.rpm rh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.s390x.rpm rh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.s390x.rpm rh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.s390x.rpm rh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.s390x.rpm x86_64: rh-nginx112-nginx-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-mod-http-perl-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4): Source: rh-nginx112-nginx-1.12.1-3.el7.1.src.rpm ppc64le: rh-nginx112-nginx-1.12.1-3.el7.1.ppc64le.rpm rh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.ppc64le.rpm rh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.ppc64le.rpm rh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.ppc64le.rpm rh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.ppc64le.rpm rh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.ppc64le.rpm s390x: rh-nginx112-nginx-1.12.1-3.el7.1.s390x.rpm rh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.s390x.rpm rh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.s390x.rpm rh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.s390x.rpm rh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.s390x.rpm rh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.s390x.rpm x86_64: rh-nginx112-nginx-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-mod-http-perl-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5): Source: rh-nginx112-nginx-1.12.1-3.el7.1.src.rpm ppc64le: rh-nginx112-nginx-1.12.1-3.el7.1.ppc64le.rpm rh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.ppc64le.rpm rh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.ppc64le.rpm rh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.ppc64le.rpm rh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.ppc64le.rpm rh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.ppc64le.rpm s390x: rh-nginx112-nginx-1.12.1-3.el7.1.s390x.rpm rh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.s390x.rpm rh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.s390x.rpm rh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.s390x.rpm rh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.s390x.rpm rh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.s390x.rpm x86_64: rh-nginx112-nginx-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-mod-http-perl-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6): Source: rh-nginx112-nginx-1.12.1-3.el7.1.src.rpm ppc64le: rh-nginx112-nginx-1.12.1-3.el7.1.ppc64le.rpm rh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.ppc64le.rpm rh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.ppc64le.rpm rh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.ppc64le.rpm rh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.ppc64le.rpm rh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.ppc64le.rpm s390x: rh-nginx112-nginx-1.12.1-3.el7.1.s390x.rpm rh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.s390x.rpm rh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.s390x.rpm rh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.s390x.rpm rh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.s390x.rpm rh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.s390x.rpm x86_64: rh-nginx112-nginx-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-mod-http-perl-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7): Source: rh-nginx112-nginx-1.12.1-3.el7.1.src.rpm ppc64le: rh-nginx112-nginx-1.12.1-3.el7.1.ppc64le.rpm rh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.ppc64le.rpm rh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.ppc64le.rpm rh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.ppc64le.rpm rh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.ppc64le.rpm rh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.ppc64le.rpm s390x: rh-nginx112-nginx-1.12.1-3.el7.1.s390x.rpm rh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.s390x.rpm rh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.s390x.rpm rh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.s390x.rpm rh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.s390x.rpm rh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.s390x.rpm x86_64: rh-nginx112-nginx-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-mod-http-perl-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7): Source: rh-nginx112-nginx-1.12.1-3.el7.1.src.rpm x86_64: rh-nginx112-nginx-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-mod-http-perl-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2019-9511 https://access.redhat.com/security/cve/CVE-2019-9513 https://access.redhat.com/security/cve/CVE-2019-9516 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXXo0dNzjgjWX9erEAQhefQ//dizpNyk55ohd3bzckhrY1IwL4dPGUqa9 PPhd+kqZlhQYr8VqABpda7hXEg65TUrrz8eM8BESmoNc/4vdUjzbO0KI5ByM2zgS ieDmP/4dcZtKlYH6TmSaRMZ5+D1jdgcoP6nkwuC/4a+b0HyB+9P6z/Prn94RLM5d kbhKEU1nLqNW7KjxSYtHU8Nc0n34WeXKiNaLHviV7dFbC0Pxhlt0W/2CpNDsgvco rGHbK6pWsajWGdYZ78zSrnmAIGn6R84LEK8kRcCzzm0c7ehewC4vkSghdCqfqLC2 PO2koEfNNYRPSA8WgEZYBjVAIkGJz7mhDBN99kOQjf3VDpgPmOa+NJ0pDel6F7Nv oEx8ruGYQzLt0z2aCaY7lavHJ4isCJOHE7hvyqgumDmpkC14bxNrhjy+65o6fQVS 7RrzBtPtRTR2UAH0NhkKTXDjVS7NK+OIEcb1mj19DUvMUXDHLaZfYos0erqqf9j/ issNZShxG2rbCBlDZRC875AAeby/0k0ETYg8VeqazhtSaNF2wx0ZnanoOQ+skFaO 7QmNe8O4vrk5A0yFhSjVrYNj2A51XplqXdrdmaN6FEKGm0WEd3BkLEX352bo5NHt fXpdT29tQwd5IHBsx5Ti3ik2lzxIRzRChed8Hnu4xHs/j++rJMNkQ39ku8kmqXVL pTuQ2UprbLU=PAtT -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . Description: AMQ Broker is a high-performance messaging implementation based on ActiveMQ Artemis. It uses an asynchronous journal for fast message persistence, and supports multiple languages, protocols, and platforms. Solution: Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on. The References section of this erratum contains a download link (you must log in to download the update). 8) - aarch64, noarch, ppc64le, s390x, x86_64 3. Description: Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: nodejs (10.16.3)

Trust: 2.52

sources: NVD: CVE-2019-9516 // CERT/CC: VU#605641 // VULHUB: VHN-160951 // VULMON: CVE-2019-9516 // PACKETSTORM: 155417 // PACKETSTORM: 154697 // PACKETSTORM: 157214 // PACKETSTORM: 154725 // PACKETSTORM: 155416 // PACKETSTORM: 154471 // PACKETSTORM: 156852 // PACKETSTORM: 154663

AFFECTED PRODUCTS

vendor:apachemodel:traffic serverscope:lteversion:6.2.3

Trust: 1.0

vendor:f5model:nginxscope:ltversion:1.16.1

Trust: 1.0

vendor:apachemodel:traffic serverscope:gteversion:6.0.0

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:19.04

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:10.0

Trust: 1.0

vendor:nodejsmodel:node.jsscope:gteversion:8.0.0

Trust: 1.0

vendor:nodejsmodel:node.jsscope:gteversion:10.0.0

Trust: 1.0

vendor:apachemodel:traffic serverscope:gteversion:7.0.0

Trust: 1.0

vendor:oraclemodel:graalvmscope:eqversion:19.2.0

Trust: 1.0

vendor:redhatmodel:quayscope:eqversion:3.0.0

Trust: 1.0

vendor:f5model:nginxscope:gteversion:1.17.0

Trust: 1.0

vendor:redhatmodel:jboss enterprise application platformscope:eqversion:7.3.0

Trust: 1.0

vendor:mcafeemodel:web gatewayscope:gteversion:7.7.2.0

Trust: 1.0

vendor:nodejsmodel:node.jsscope:ltversion:12.8.1

Trust: 1.0

vendor:fedoraprojectmodel:fedorascope:eqversion:29

Trust: 1.0

vendor:fedoraprojectmodel:fedorascope:eqversion:32

Trust: 1.0

vendor:apachemodel:traffic serverscope:lteversion:8.0.3

Trust: 1.0

vendor:redhatmodel:software collectionsscope:eqversion:1.0

Trust: 1.0

vendor:nodejsmodel:node.jsscope:ltversion:10.16.3

Trust: 1.0

vendor:synologymodel:vs960hdscope:eqversion: -

Trust: 1.0

vendor:mcafeemodel:web gatewayscope:gteversion:8.1.0

Trust: 1.0

vendor:fedoraprojectmodel:fedorascope:eqversion:30

Trust: 1.0

vendor:f5model:nginxscope:lteversion:1.17.2

Trust: 1.0

vendor:synologymodel:diskstation managerscope:eqversion:6.2

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:9.0

Trust: 1.0

vendor:mcafeemodel:web gatewayscope:ltversion:7.8.2.13

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:18.04

Trust: 1.0

vendor:nodejsmodel:node.jsscope:ltversion:8.16.1

Trust: 1.0

vendor:applemodel:swiftnioscope:lteversion:1.4.0

Trust: 1.0

vendor:opensusemodel:leapscope:eqversion:15.0

Trust: 1.0

vendor:synologymodel:skynasscope:eqversion: -

Trust: 1.0

vendor:redhatmodel:openshift service meshscope:eqversion:1.0

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:16.04

Trust: 1.0

vendor:nodejsmodel:node.jsscope:gteversion:12.0.0

Trust: 1.0

vendor:redhatmodel:jboss enterprise application platformscope:eqversion:7.2.0

Trust: 1.0

vendor:mcafeemodel:web gatewayscope:gteversion:7.8.2.0

Trust: 1.0

vendor:redhatmodel:enterprise linuxscope:eqversion:8.0

Trust: 1.0

vendor:apachemodel:traffic serverscope:lteversion:7.1.6

Trust: 1.0

vendor:apachemodel:traffic serverscope:gteversion:8.0.0

Trust: 1.0

vendor:f5model:nginxscope:gteversion:1.9.5

Trust: 1.0

vendor:opensusemodel:leapscope:eqversion:15.1

Trust: 1.0

vendor:mcafeemodel:web gatewayscope:ltversion:8.2.0

Trust: 1.0

vendor:applemodel:swiftnioscope:gteversion:1.0.0

Trust: 1.0

vendor:redhatmodel:jboss core servicesscope:eqversion:1.0

Trust: 1.0

vendor:mcafeemodel:web gatewayscope:ltversion:7.7.2.24

Trust: 1.0

vendor:akamaimodel: - scope: - version: -

Trust: 0.8

vendor:amazonmodel: - scope: - version: -

Trust: 0.8

vendor:apache traffic servermodel: - scope: - version: -

Trust: 0.8

vendor:applemodel: - scope: - version: -

Trust: 0.8

vendor:cloudflaremodel: - scope: - version: -

Trust: 0.8

vendor:envoymodel: - scope: - version: -

Trust: 0.8

vendor:facebookmodel: - scope: - version: -

Trust: 0.8

vendor:go programming languagemodel: - scope: - version: -

Trust: 0.8

vendor:litespeedmodel: - scope: - version: -

Trust: 0.8

vendor:microsoftmodel: - scope: - version: -

Trust: 0.8

vendor:nettymodel: - scope: - version: -

Trust: 0.8

vendor:node jsmodel: - scope: - version: -

Trust: 0.8

vendor:synologymodel: - scope: - version: -

Trust: 0.8

vendor:twistedmodel: - scope: - version: -

Trust: 0.8

vendor:ubuntumodel: - scope: - version: -

Trust: 0.8

vendor:grpcmodel: - scope: - version: -

Trust: 0.8

vendor:nghttp2model: - scope: - version: -

Trust: 0.8

vendor:nginxmodel: - scope: - version: -

Trust: 0.8

sources: CERT/CC: VU#605641 // NVD: CVE-2019-9516

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-9516
value: MEDIUM

Trust: 1.0

cret@cert.org: CVE-2019-9516
value: HIGH

Trust: 1.0

CNNVD: CNNVD-201908-938
value: MEDIUM

Trust: 0.6

VULHUB: VHN-160951
value: HIGH

Trust: 0.1

VULMON: CVE-2019-9516
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-9516
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:L/AU:S/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

VULHUB: VHN-160951
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-9516
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.1

Trust: 1.0

cret@cert.org: CVE-2019-9516
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.0

Trust: 1.0

sources: VULHUB: VHN-160951 // VULMON: CVE-2019-9516 // CNNVD: CNNVD-201908-938 // NVD: CVE-2019-9516 // NVD: CVE-2019-9516

PROBLEMTYPE DATA

problemtype:CWE-400

Trust: 1.1

problemtype:CWE-770

Trust: 1.1

sources: VULHUB: VHN-160951 // NVD: CVE-2019-9516

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201908-938

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201908-938

PATCH

title:HTTP/2 Remedial measures to achieve security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=96621

Trust: 0.6

title:Red Hat: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.29 SP3 security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20192950 - Security Advisory

Trust: 0.1

title:Red Hat: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.29 SP3 security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20192946 - Security Advisory

Trust: 0.1

title:Red Hat: Important: rh-nginx110-nginx security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20192745 - Security Advisory

Trust: 0.1

title:Red Hat: Important: rh-nginx114-nginx security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20192775 - Security Advisory

Trust: 0.1

title:Red Hat: Important: nginx:1.14 security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20192799 - Security Advisory

Trust: 0.1

title:Red Hat: Important: rh-nginx112-nginx security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20192746 - Security Advisory

Trust: 0.1

title:Red Hat: Important: Red Hat Quay v3.1.1 security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20192966 - Security Advisory

Trust: 0.1

title:Red Hat: CVE-2019-9516url:https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database&qid=CVE-2019-9516

Trust: 0.1

title:Debian CVElist Bug Report Logs: nginx: CVE-2019-9511 CVE-2019-9513 CVE-2019-9516url:https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=aa3f98e7e42f366cb232cf3ada195106

Trust: 0.1

title:Ubuntu Security Notice: nginx vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-4099-1

Trust: 0.1

title:Debian Security Advisories: DSA-4505-1 nginx -- security updateurl:https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=b38c3ef2fccf5f32d01340c117d4ef05

Trust: 0.1

title:Red Hat: Important: nodejs:10 security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20192925 - Security Advisory

Trust: 0.1

title:Arch Linux Issues: url:https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues&qid=CVE-2019-9516

Trust: 0.1

title:Red Hat: Important: rh-nodejs8-nodejs security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20192955 - Security Advisory

Trust: 0.1

title:Red Hat: Important: rh-nodejs10-nodejs security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20192939 - Security Advisory

Trust: 0.1

title:Arch Linux Advisories: [ASA-201908-13] nginx: denial of serviceurl:https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories&qid=ASA-201908-13

Trust: 0.1

title:Amazon Linux AMI: ALAS-2019-1299url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami&qid=ALAS-2019-1299

Trust: 0.1

title:Arch Linux Advisories: [ASA-201908-12] nginx-mainline: denial of serviceurl:https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories&qid=ASA-201908-12

Trust: 0.1

title:Amazon Linux 2: ALAS2-2019-1342url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux2&qid=ALAS2-2019-1342

Trust: 0.1

title:Red Hat: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 Security Releaseurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20193935 - Security Advisory

Trust: 0.1

title:Red Hat: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 Security Release on RHEL 6url:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20193932 - Security Advisory

Trust: 0.1

title:Red Hat: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 Security Release on RHEL 7url:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20193933 - Security Advisory

Trust: 0.1

title:Red Hat: Important: Red Hat AMQ Broker 7.4.3 release and security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20201445 - Security Advisory

Trust: 0.1

title:Red Hat: Important: Red Hat AMQ Broker 7.6 release and security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20200922 - Security Advisory

Trust: 0.1

title:Red Hat: Important: Red Hat Fuse 7.6.0 security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20200983 - Security Advisory

Trust: 0.1

title:IBM: IBM Security Bulletin: Version 8.15.0 of Node.js included in IBM Cloud Event Management 2.3.0 has several security vulnerabilities.url:https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=3b9c6b5fbfb51d956856e88dff5a7acd

Trust: 0.1

title:IBM: IBM Security Bulletin: Node.js vulnerabilities affect IBM Spectrum Control (formerly Tivoli Storage Productivity Center) (CVE-2019-9511, CVE-2019-9512, CVE-2019-9513, CVE-2019-9514, CVE-2019-9515, CVE-2019-9516, CVE-2019-9517, CVE-2019-9518)url:https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=5ad9418973cac91ba73c01ad16b1f5a4

Trust: 0.1

title:IBM: IBM Security Bulletin: Multiple vulnerabilities affect IBM® SDK for Node.js™ in IBM Cloudurl:https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=89d19e42a01e098dd5f88e0433d2bb5d

Trust: 0.1

title:IBM: Security Bulletin: IBM Cloud Transformation Advisor is affected by a Node.js vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=8f76cfb8f0c5ea84a0bc28705788f854

Trust: 0.1

title:IBM: IBM Security Bulletin: Multiple vulnerabilities in Node.js affect IBM Cloud App Managementurl:https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=1ce0280dd79176d32c26f34906d1d4de

Trust: 0.1

title:IBM: IBM Security Bulletin: Multiple vulnerabilities in Node.js affect IBM Cloud App Managementurl:https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=b76ff63209def4a949aa18bdf6b518b8

Trust: 0.1

title:IBM: IBM Security Bulletin: Multiple vulnerabilities in Node.js affect IBM iurl:https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=247686da02fe524817c1939b0f6b6a5c

Trust: 0.1

title:Fortinet Security Advisories: HTTP/2 Multiple DoS Attacks (VU#605641)url:https://vulmon.com/vendoradvisory?qidtp=fortinet_security_advisories&qid=FG-IR-19-225

Trust: 0.1

title:bogeitingressurl:https://github.com/lieshoujieyuan/bogeitingress

Trust: 0.1

title:DC-4-Vulnhub-Walkthroughurl:https://github.com/vshaliii/DC-4-Vulnhub-Walkthrough

Trust: 0.1

title: - url:https://github.com/khulnasoft-lab/awesome-security

Trust: 0.1

title:Threatposturl:https://threatpost.com/http-bugs/147405/

Trust: 0.1

sources: VULMON: CVE-2019-9516 // CNNVD: CNNVD-201908-938

EXTERNAL IDS

db:CERT/CCid:VU#605641

Trust: 2.6

db:NVDid:CVE-2019-9516

Trust: 2.6

db:MCAFEEid:SB10296

Trust: 1.8

db:CNNVDid:CNNVD-201908-938

Trust: 0.7

db:PACKETSTORMid:157214

Trust: 0.7

db:PACKETSTORMid:156852

Trust: 0.7

db:AUSCERTid:ESB-2019.3116

Trust: 0.6

db:AUSCERTid:ESB-2019.3213

Trust: 0.6

db:AUSCERTid:ESB-2019.4788

Trust: 0.6

db:AUSCERTid:ESB-2019.3129

Trust: 0.6

db:AUSCERTid:ESB-2020.1076

Trust: 0.6

db:AUSCERTid:ESB-2019.3597.3

Trust: 0.6

db:AUSCERTid:ESB-2019.4645

Trust: 0.6

db:AUSCERTid:ESB-2019.4403

Trust: 0.6

db:AUSCERTid:ESB-2020.1335

Trust: 0.6

db:AUSCERTid:ESB-2019.3597.2

Trust: 0.6

db:AUSCERTid:ESB-2019.3299

Trust: 0.6

db:AUSCERTid:ESB-2020.0100

Trust: 0.6

db:AUSCERTid:ESB-2020.1030

Trust: 0.6

db:PACKETSTORMid:156941

Trust: 0.6

db:PACKETSTORMid:154190

Trust: 0.6

db:PACKETSTORMid:155414

Trust: 0.6

db:PACKETSTORMid:154697

Trust: 0.2

db:PACKETSTORMid:154698

Trust: 0.1

db:VULHUBid:VHN-160951

Trust: 0.1

db:VULMONid:CVE-2019-9516

Trust: 0.1

db:PACKETSTORMid:155417

Trust: 0.1

db:PACKETSTORMid:154725

Trust: 0.1

db:PACKETSTORMid:155416

Trust: 0.1

db:PACKETSTORMid:154471

Trust: 0.1

db:PACKETSTORMid:154663

Trust: 0.1

sources: CERT/CC: VU#605641 // VULHUB: VHN-160951 // VULMON: CVE-2019-9516 // PACKETSTORM: 155417 // PACKETSTORM: 154697 // PACKETSTORM: 157214 // PACKETSTORM: 154725 // PACKETSTORM: 155416 // PACKETSTORM: 154471 // PACKETSTORM: 156852 // PACKETSTORM: 154663 // CNNVD: CNNVD-201908-938 // NVD: CVE-2019-9516

REFERENCES

url:https://github.com/netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md

Trust: 2.6

url:https://www.synology.com/security/advisory/synology_sa_19_33

Trust: 2.6

url:https://access.redhat.com/errata/rhsa-2019:3932

Trust: 2.5

url:https://access.redhat.com/errata/rhsa-2019:3933

Trust: 2.5

url:https://usn.ubuntu.com/4099-1/

Trust: 2.5

url:https://www.debian.org/security/2019/dsa-4505

Trust: 2.4

url:https://access.redhat.com/errata/rhsa-2019:3935

Trust: 2.4

url:https://access.redhat.com/errata/rhsa-2019:2746

Trust: 1.9

url:https://access.redhat.com/errata/rhsa-2019:2925

Trust: 1.9

url:https://access.redhat.com/errata/rhsa-2019:2946

Trust: 1.9

url:https://access.redhat.com/errata/rhsa-2019:2966

Trust: 1.9

url:https://seclists.org/bugtraq/2019/aug/24

Trust: 1.8

url:https://seclists.org/bugtraq/2019/aug/40

Trust: 1.8

url:https://kb.cert.org/vuls/id/605641/

Trust: 1.8

url:https://security.netapp.com/advisory/ntap-20190823-0002/

Trust: 1.8

url:https://security.netapp.com/advisory/ntap-20190823-0005/

Trust: 1.8

url:http://seclists.org/fulldisclosure/2019/aug/16

Trust: 1.8

url:https://access.redhat.com/errata/rhsa-2019:2745

Trust: 1.8

url:https://access.redhat.com/errata/rhsa-2019:2775

Trust: 1.8

url:https://access.redhat.com/errata/rhsa-2019:2799

Trust: 1.8

url:https://access.redhat.com/errata/rhsa-2019:2939

Trust: 1.8

url:https://access.redhat.com/errata/rhsa-2019:2950

Trust: 1.8

url:https://access.redhat.com/errata/rhsa-2019:2955

Trust: 1.8

url:http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00032.html

Trust: 1.8

url:http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00031.html

Trust: 1.8

url:http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00035.html

Trust: 1.8

url:http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00014.html

Trust: 1.8

url:https://kc.mcafee.com/corporate/index?page=content&id=sb10296

Trust: 1.7

url:https://blogs.akamai.com/sitr/2019/08/http2-vulnerabilities.html

Trust: 1.6

url:https://nvd.nist.gov/vuln/detail/cve-2019-9516

Trust: 1.4

url:https://support.f5.com/csp/article/k02591030

Trust: 1.2

url:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4zqghe3wtylyayjeidjvf2figqtaypmc/

Trust: 1.0

url:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/xhtku7yq5eep2xnsav4m4vj7qcbojmod/

Trust: 1.0

url:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/popaec4fwl4uu4ldegpy5npalu24ffqd/

Trust: 1.0

url:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/tazzevtcn2b4wt6aibj7xgyjmbtorju5/

Trust: 1.0

url:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/cmnfx5mnyrwwimo4btkyqcgudmho3axp/

Trust: 1.0

url:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/h472d5hpxn6rrxcnfml3bk5oyc52cxf2/

Trust: 1.0

url:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/bp556leg3wenhzi5taq6zebftjb4e2is/

Trust: 1.0

url:https://support.f5.com/csp/article/k02591030?utm_source=f5support&amp%3butm_medium=rss

Trust: 1.0

url:https://vuls.cert.org/confluence/pages/viewpage.action?pageid=56393752

Trust: 0.8

url:https://tools.ietf.org/html/rfc7540

Trust: 0.8

url:https://tools.ietf.org/html/rfc7541

Trust: 0.8

url:https://blog.cloudflare.com/on-the-recent-http-2-dos-attacks/

Trust: 0.8

url:https://blog.litespeedtech.com/2019/08/15/litespeed-addresses-http-2-dos-advisories/

Trust: 0.8

url:https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-9511https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-9512https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-9513https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-9514https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-9518

Trust: 0.8

url:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/bp556leg3wenhzi5taq6zebftjb4e2is/

Trust: 0.8

url:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/cmnfx5mnyrwwimo4btkyqcgudmho3axp/

Trust: 0.8

url:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/xhtku7yq5eep2xnsav4m4vj7qcbojmod/

Trust: 0.8

url:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4zqghe3wtylyayjeidjvf2figqtaypmc/

Trust: 0.8

url:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/popaec4fwl4uu4ldegpy5npalu24ffqd/

Trust: 0.8

url:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/tazzevtcn2b4wt6aibj7xgyjmbtorju5/

Trust: 0.8

url:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/h472d5hpxn6rrxcnfml3bk5oyc52cxf2/

Trust: 0.8

url:https://access.redhat.com/security/updates/classification/#important

Trust: 0.8

url:https://access.redhat.com/security/cve/cve-2019-9516

Trust: 0.8

url:https://access.redhat.com/security/team/contact/

Trust: 0.8

url:https://www.redhat.com/mailman/listinfo/rhsa-announce

Trust: 0.8

url:https://bugzilla.redhat.com/):

Trust: 0.8

url:https://support.f5.com/csp/article/k02591030?utm_source=f5support&utm_medium=rss

Trust: 0.7

url:https://access.redhat.com/security/cve/cve-2019-9511

Trust: 0.7

url:https://nvd.nist.gov/vuln/detail/cve-2019-9511

Trust: 0.7

url:https://nvd.nist.gov/vuln/detail/cve-2019-9517

Trust: 0.6

url:https://access.redhat.com/security/cve/cve-2019-9517

Trust: 0.6

url:http2-cves/

Trust: 0.6

url:https://www.cloudfoundry.org/blog/various-

Trust: 0.6

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9518

Trust: 0.6

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9517

Trust: 0.6

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9516

Trust: 0.6

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9515

Trust: 0.6

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9514

Trust: 0.6

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9513

Trust: 0.6

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9512

Trust: 0.6

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9511

Trust: 0.6

url:https://support.f5.com/csp/article/k50233772

Trust: 0.6

url:http://mailman.nginx.org/pipermail/nginx-announce/2019/000249.html

Trust: 0.6

url:https://www.suse.com/support/update/announcement/2019/suse-su-201914246-1.html

Trust: 0.6

url:https://www.suse.com/support/update/announcement/2020/suse-su-20200059-1.html

Trust: 0.6

url:https://www.suse.com/support/update/announcement/2019/suse-su-20192254-1.html

Trust: 0.6

url:https://packetstormsecurity.com/files/157214/red-hat-security-advisory-2020-1445-01.html

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.4645/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.4403/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.3597.2/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.4788/

Trust: 0.6

url:https://packetstormsecurity.com/files/154190/debian-security-advisory-4505-1.html

Trust: 0.6

url:https://pivotal.io/security/cve-2019-9517

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-node-js-affect-ibm-spectrum-protect-plus-cve-2019-15606-cve-2019-15604-cve-2019-15605-cve-2019-9511-cve-2019-9516-cve-2019-9512-cve-2019-9517-cve-2019-951/

Trust: 0.6

url:https://support.apple.com/en-us/ht210436

Trust: 0.6

url:https://www.ibm.com/support/pages/node/1143454

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.3116/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.3213/

Trust: 0.6

url:https://packetstormsecurity.com/files/156852/red-hat-security-advisory-2020-0922-01.html

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-kubernetes-affect-ibm-infosphere-information-server/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.3299/

Trust: 0.6

url:https://packetstormsecurity.com/files/156941/red-hat-security-advisory-2020-0983-01.html

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.1335/

Trust: 0.6

url:https://www.ibm.com/support/pages/node/1072144

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.3597.3/

Trust: 0.6

url:https://packetstormsecurity.com/files/155414/red-hat-security-advisory-2019-3935-01.html

Trust: 0.6

url:https://www.ibm.com/support/pages/node/1150960

Trust: 0.6

url:https://www.ibm.com/support/pages/node/1137466

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.0100/

Trust: 0.6

url:https://www.ibm.com/support/pages/node/1167160

Trust: 0.6

url:https://vigilance.fr/vulnerability/http-2-multiple-vulnerabilities-30040

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.3129/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.1076/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.1030/

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2019-9513

Trust: 0.5

url:https://access.redhat.com/articles/11258

Trust: 0.5

url:https://access.redhat.com/security/cve/cve-2019-9513

Trust: 0.5

url:https://access.redhat.com/security/team/key/

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2019-9514

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2019-9512

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2019-9514

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2019-9512

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2019-9515

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2019-9515

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2019-9518

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2019-9518

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2019-0197

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2018-5407

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2018-17199

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2018-17189

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2018-0737

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2018-17199

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2018-0737

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-0217

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2018-0734

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-0217

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-0197

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2018-17189

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2018-5407

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-0196

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-0196

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2018-0734

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-0222

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-20444

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-10247

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-20445

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-20444

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-16869

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-0222

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-7238

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-7238

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-10241

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-10247

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-16869

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-10241

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-20445

Trust: 0.2

url:https://kc.mcafee.com/corporate/index?page=content&amp;id=sb10296

Trust: 0.1

url:https://support.f5.com/csp/article/k02591030?utm_source=f5support&amp;amp;utm_medium=rss

Trust: 0.1

url:https://cwe.mitre.org/data/definitions/770.html

Trust: 0.1

url:http://tools.cisco.com/security/center/viewalert.x?alertid=60633

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://www.kb.cert.org/vuls/id/605641

Trust: 0.1

url:https://issues.jboss.org/):

Trust: 0.1

url:https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions&product=jboss.amq.broker&version=7.4.3

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2020:1445

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/red_hat_amq/7.4/

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/red_hat_amq/7.6/

Trust: 0.1

url:https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions&product=jboss.amq.broker&version=7.6.0&productchanged=yes

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2020:0922

Trust: 0.1

sources: CERT/CC: VU#605641 // VULHUB: VHN-160951 // VULMON: CVE-2019-9516 // PACKETSTORM: 155417 // PACKETSTORM: 154697 // PACKETSTORM: 157214 // PACKETSTORM: 154725 // PACKETSTORM: 155416 // PACKETSTORM: 154471 // PACKETSTORM: 156852 // PACKETSTORM: 154663 // CNNVD: CNNVD-201908-938 // NVD: CVE-2019-9516

CREDITS

Red Hat

Trust: 0.8

sources: PACKETSTORM: 155417 // PACKETSTORM: 154697 // PACKETSTORM: 157214 // PACKETSTORM: 154725 // PACKETSTORM: 155416 // PACKETSTORM: 154471 // PACKETSTORM: 156852 // PACKETSTORM: 154663

SOURCES

db:CERT/CCid:VU#605641
db:VULHUBid:VHN-160951
db:VULMONid:CVE-2019-9516
db:PACKETSTORMid:155417
db:PACKETSTORMid:154697
db:PACKETSTORMid:157214
db:PACKETSTORMid:154725
db:PACKETSTORMid:155416
db:PACKETSTORMid:154471
db:PACKETSTORMid:156852
db:PACKETSTORMid:154663
db:CNNVDid:CNNVD-201908-938
db:NVDid:CVE-2019-9516

LAST UPDATE DATE

2024-12-21T21:02:57.791000+00:00


SOURCES UPDATE DATE

db:CERT/CCid:VU#605641date:2019-11-19T00:00:00
db:VULHUBid:VHN-160951date:2020-10-22T00:00:00
db:VULMONid:CVE-2019-9516date:2022-08-05T00:00:00
db:CNNVDid:CNNVD-201908-938date:2021-10-29T00:00:00
db:NVDid:CVE-2019-9516date:2024-11-21T04:51:47.107

SOURCES RELEASE DATE

db:CERT/CCid:VU#605641date:2019-08-13T00:00:00
db:VULHUBid:VHN-160951date:2019-08-13T00:00:00
db:VULMONid:CVE-2019-9516date:2019-08-13T00:00:00
db:PACKETSTORMid:155417date:2019-11-20T21:11:11
db:PACKETSTORMid:154697date:2019-10-01T20:45:33
db:PACKETSTORMid:157214date:2020-04-14T15:39:41
db:PACKETSTORMid:154725date:2019-10-03T20:31:49
db:PACKETSTORMid:155416date:2019-11-20T20:55:55
db:PACKETSTORMid:154471date:2019-09-12T14:32:51
db:PACKETSTORMid:156852date:2020-03-23T15:57:42
db:PACKETSTORMid:154663date:2019-09-30T13:33:33
db:CNNVDid:CNNVD-201908-938date:2019-08-13T00:00:00
db:NVDid:CVE-2019-9516date:2019-08-13T21:15:12.583