ID

VAR-201908-0266


CVE

CVE-2019-9516


TITLE

HTTP/2 implementations do not robustly handle abnormal traffic and resource exhaustion

Trust: 0.8

sources: CERT/CC: VU#605641

DESCRIPTION

Some HTTP/2 implementations are vulnerable to a header leak, potentially leading to a denial of service. The attacker sends a stream of headers with a 0-length header name and 0-length header value, optionally Huffman encoded into 1-byte or greater headers. Some implementations allocate memory for these headers and keep the allocation alive until the session dies. This can consume excess memory. Multiple HTTP/2 implementations are vulnerable to a variety of denial-of-service (DoS) attacks. HTTP/2 is the second version of the hypertext transfer protocol, which is mainly used to ensure the communication between the client and the server. A resource management error vulnerability exists in HTTP/2. A vulnerability in the HTTP/2 implementation of Nginx could allow an unauthenticated, remote malicious user to cause a denial of service (DoS) condition on a targeted system. The vulnerability is due to improper parsing of zero length headers by the affected software that could lead to excessive CPU usage. An attacker could exploit this vulnerability by sending a request that submits malicious input to an affected system. A successful exploit could result in a DoS condition on the targeted system. nginx.org has confirmed the vulnerability and released software updates. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: rh-nginx110-nginx security update Advisory ID: RHSA-2019:2745-01 Product: Red Hat Software Collections Advisory URL: https://access.redhat.com/errata/RHSA-2019:2745 Issue date: 2019-09-12 CVE Names: CVE-2019-9511 CVE-2019-9513 CVE-2019-9516 ==================================================================== 1. Summary: An update for rh-nginx110-nginx is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - x86_64 3. Description: nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage. Security Fix(es): * HTTP/2: large amount of data request leads to denial of service (CVE-2019-9511) * HTTP/2: flood using PRIORITY frames resulting in excessive resource consumption (CVE-2019-9513) * HTTP/2: 0-length headers leads to denial of service (CVE-2019-9516) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The rh-nginx110-nginx service must be restarted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1735741 - CVE-2019-9513 HTTP/2: flood using PRIORITY frames resulting in excessive resource consumption 1741860 - CVE-2019-9511 HTTP/2: large amount of data request leads to denial of service 1741864 - CVE-2019-9516 HTTP/2: 0-length headers leads to denial of service 6. Package List: Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6): Source: rh-nginx110-nginx-1.10.2-9.el6.1.src.rpm x86_64: rh-nginx110-nginx-1.10.2-9.el6.1.x86_64.rpm rh-nginx110-nginx-debuginfo-1.10.2-9.el6.1.x86_64.rpm rh-nginx110-nginx-mod-http-image-filter-1.10.2-9.el6.1.x86_64.rpm rh-nginx110-nginx-mod-http-perl-1.10.2-9.el6.1.x86_64.rpm rh-nginx110-nginx-mod-http-xslt-filter-1.10.2-9.el6.1.x86_64.rpm rh-nginx110-nginx-mod-mail-1.10.2-9.el6.1.x86_64.rpm rh-nginx110-nginx-mod-stream-1.10.2-9.el6.1.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6): Source: rh-nginx110-nginx-1.10.2-9.el6.1.src.rpm x86_64: rh-nginx110-nginx-1.10.2-9.el6.1.x86_64.rpm rh-nginx110-nginx-debuginfo-1.10.2-9.el6.1.x86_64.rpm rh-nginx110-nginx-mod-http-image-filter-1.10.2-9.el6.1.x86_64.rpm rh-nginx110-nginx-mod-http-perl-1.10.2-9.el6.1.x86_64.rpm rh-nginx110-nginx-mod-http-xslt-filter-1.10.2-9.el6.1.x86_64.rpm rh-nginx110-nginx-mod-mail-1.10.2-9.el6.1.x86_64.rpm rh-nginx110-nginx-mod-stream-1.10.2-9.el6.1.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7): Source: rh-nginx110-nginx-1.10.2-9.el7.1.src.rpm x86_64: rh-nginx110-nginx-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-debuginfo-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-mod-http-image-filter-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-mod-http-perl-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-mod-http-xslt-filter-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-mod-mail-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-mod-stream-1.10.2-9.el7.1.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4): Source: rh-nginx110-nginx-1.10.2-9.el7.1.src.rpm x86_64: rh-nginx110-nginx-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-debuginfo-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-mod-http-image-filter-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-mod-http-perl-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-mod-http-xslt-filter-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-mod-mail-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-mod-stream-1.10.2-9.el7.1.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5): Source: rh-nginx110-nginx-1.10.2-9.el7.1.src.rpm x86_64: rh-nginx110-nginx-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-debuginfo-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-mod-http-image-filter-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-mod-http-perl-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-mod-http-xslt-filter-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-mod-mail-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-mod-stream-1.10.2-9.el7.1.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6): Source: rh-nginx110-nginx-1.10.2-9.el7.1.src.rpm x86_64: rh-nginx110-nginx-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-debuginfo-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-mod-http-image-filter-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-mod-http-perl-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-mod-http-xslt-filter-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-mod-mail-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-mod-stream-1.10.2-9.el7.1.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7): Source: rh-nginx110-nginx-1.10.2-9.el7.1.src.rpm x86_64: rh-nginx110-nginx-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-debuginfo-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-mod-http-image-filter-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-mod-http-perl-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-mod-http-xslt-filter-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-mod-mail-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-mod-stream-1.10.2-9.el7.1.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7): Source: rh-nginx110-nginx-1.10.2-9.el7.1.src.rpm x86_64: rh-nginx110-nginx-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-debuginfo-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-mod-http-image-filter-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-mod-http-perl-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-mod-http-xslt-filter-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-mod-mail-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-mod-stream-1.10.2-9.el7.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2019-9511 https://access.redhat.com/security/cve/CVE-2019-9513 https://access.redhat.com/security/cve/CVE-2019-9516 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXXoyktzjgjWX9erEAQhqVxAApUw26k8XmcjEQM1gNlPgcNvj98eqGOxP vsQLEYCjMQuNtZdeZdgSGv1RLdIxK60CByHpOpy4HVa2cN96CLTDl+cRd2l5JyK2 mVCGTg6Iyin0Vp0gRLG8xwUZqiqfwRRmdvFaK2YD8sH3ykBAheg3udRBr11/l8X+ 4kBCmOttfl0ZTNe/VBi8j5l8bpSZm2W9Hw0gzdzFikI8ScPSOzZkmgRXT3LBCt2k rNGGNrrJLOC9jqwsNea6WXIpmTIdbtiAnL6V22adVjdBGkoJBxe79pqdgvJNYC14 ENl1NKX0UEidrYZ/PS6YtCnFNEpsONM43ZtHliEzMxYCnk/pQNAx4iArdf81tKG6 uglPwQlgaEJm+/2Nnlst07cABT9boYOUcGiKpQhzzs9QuABqJN1u2ZgTDmQkq9gU BGuV3ejUHRHlYuMyNNS/L9SLDAHptsCEzpEzr8Vl4T+m1ah9+AUeI+PqgO1n/1Nl Omt/g+f6ErlKMF2Jf8VkuYnLroqptZefYQJ1+mP9PhYYCh7jw3r00xi036SNeR/0 Elhvl6t48tYTZogIaOetCuJGgukluOPlYBJAlj2/pQjWlAWAYvvb5ha0fitXbDJR LF0KoJoT/6yZLD+XAuHkM9j7spA0iND1czI5j1Ay6R6DnsGAubJxdB4L0RRQ2U7X zMtgbVh8BNU=zH69 -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . Bug Fix(es): * Fixed repository mirror credentials properly escaped to allow special characters * Fixed repository mirror UI cancel button enabled * Fixed repository mirror UI change next sync date 3. Solution: Please download the release images via: quay.io/redhat/quay:v3.1.1 quay.io/redhat/clair-jwt:v3.1.1 quay.io/redhat/quay-builder:v3.1.1 4. The purpose of this text-only errata is to inform you about the security issues fixed in this release. Solution: Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on. Installation instructions are available from the Fuse 7.6.0 product documentation page: https://access.redhat.com/documentation/en-us/red_hat_fuse/7.6/ 4. Bugs fixed (https://bugzilla.redhat.com/): 1399546 - CVE-2015-9251 js-jquery: Cross-site scripting via cross-domain ajax requests 1432858 - CVE-2017-5929 logback: Serialization vulnerability in SocketServer and ServerSocketReceiver 1591854 - CVE-2017-16012 js-jquery: XSS in responses from cross-origin ajax requests 1618573 - CVE-2018-11771 apache-commons-compress: ZipArchiveInputStream.read() fails to identify correct EOF allowing for DoS via crafted zip 1643043 - CVE-2018-15756 springframework: DoS Attack via Range Requests 1693777 - CVE-2019-3888 undertow: leak credentials to log files UndertowLogger.REQUEST_LOGGER.undertowRequestFailed 1703469 - CVE-2019-10174 infinispan: invokeAccessibly method from ReflectionUtil class allows to invoke private methods 1709860 - CVE-2019-5427 c3p0: loading XML configuration leads to denial of service 1713068 - CVE-2019-10184 undertow: Information leak in requests for directories without trailing slashes 1725795 - CVE-2019-12814 jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server via crafted JSON message. Description: This release adds the new Apache HTTP Server 2.4.37 packages that are part of the JBoss Core Services offering. This release serves as a replacement for Red Hat JBoss Core Services Pack Apache Server 2.4.29 and includes bug fixes and enhancements. Refer to the Release Notes for information on the most significant bug fixes and enhancements included in this release. After installing the updated packages, the httpd daemon will be restarted automatically. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2019-08-13-5 SwiftNIO HTTP/2 1.5.0 SwiftNIO HTTP/2 1.5.0 is now available and addresses the following: SwiftNIO HTTP/2 Available for: SwiftNIO HTTP/2 1.0.0 through 1.4.0 on macOS Sierra 10.12 and later and Ubuntu 14.04 and later Impact: A HTTP/2 server may consume unbounded amounts of memory when receiving certain traffic patterns and eventually suffer resource exhaustion Description: This issue was addressed with improved buffer size management. CVE-2019-9512: Jonathan Looney of Netflix CVE-2019-9514: Jonathan Looney of Netflix CVE-2019-9515: Jonathan Looney of Netflix CVE-2019-9516: Jonathan Looney of Netflix SwiftNIO HTTP/2 Available for: SwiftNIO HTTP/2 1.0.0 through 1.4.0 on macOS Sierra 10.12 and later and Ubuntu 14.04 and later Impact: A HTTP/2 server may consume excessive CPU resources when receiving certain traffic patterns Description: This issue was addressed with improved input validation. CVE-2019-9518: Piotr Sikora of Google, Envoy Security Team Installation note: SwiftNIO HTTP/2 1.5.0 may be obtained via Swift Package Manager. Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 and https://github.com/apple/swift-nio-http2/releases/tag/1.5.0. 7) - noarch, x86_64 3. Description: Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: rh-nodejs10-nodejs (10.16.3). 8) - aarch64, noarch, ppc64le, s390x, x86_64 3

Trust: 2.7

sources: NVD: CVE-2019-9516 // CERT/CC: VU#605641 // VULHUB: VHN-160951 // VULMON: CVE-2019-9516 // PACKETSTORM: 154712 // PACKETSTORM: 155417 // PACKETSTORM: 154470 // PACKETSTORM: 154725 // PACKETSTORM: 156941 // PACKETSTORM: 155416 // PACKETSTORM: 154471 // PACKETSTORM: 154058 // PACKETSTORM: 154693 // PACKETSTORM: 154663

AFFECTED PRODUCTS

vendor:fedoraprojectmodel:fedorascope:eqversion:32

Trust: 1.0

vendor:redhatmodel:enterprise linuxscope:eqversion:8.0

Trust: 1.0

vendor:redhatmodel:quayscope:eqversion:3.0.0

Trust: 1.0

vendor:synologymodel:skynasscope:eqversion: -

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:16.04

Trust: 1.0

vendor:redhatmodel:openshift service meshscope:eqversion:1.0

Trust: 1.0

vendor:f5model:nginxscope:gteversion:1.9.5

Trust: 1.0

vendor:f5model:nginxscope:gteversion:1.17.0

Trust: 1.0

vendor:fedoraprojectmodel:fedorascope:eqversion:30

Trust: 1.0

vendor:synologymodel:diskstation managerscope:eqversion:6.2

Trust: 1.0

vendor:mcafeemodel:web gatewayscope:gteversion:7.8.2.0

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:18.04

Trust: 1.0

vendor:applemodel:swiftnioscope:lteversion:1.4.0

Trust: 1.0

vendor:applemodel:swiftnioscope:gteversion:1.0.0

Trust: 1.0

vendor:apachemodel:traffic serverscope:gteversion:8.0.0

Trust: 1.0

vendor:fedoraprojectmodel:fedorascope:eqversion:29

Trust: 1.0

vendor:nodejsmodel:node.jsscope:gteversion:10.0.0

Trust: 1.0

vendor:apachemodel:traffic serverscope:gteversion:7.0.0

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:10.0

Trust: 1.0

vendor:opensusemodel:leapscope:eqversion:15.1

Trust: 1.0

vendor:nodejsmodel:node.jsscope:ltversion:12.8.1

Trust: 1.0

vendor:apachemodel:traffic serverscope:gteversion:6.0.0

Trust: 1.0

vendor:nodejsmodel:node.jsscope:ltversion:10.16.3

Trust: 1.0

vendor:mcafeemodel:web gatewayscope:gteversion:7.7.2.0

Trust: 1.0

vendor:nodejsmodel:node.jsscope:gteversion:8.0.0

Trust: 1.0

vendor:redhatmodel:jboss enterprise application platformscope:eqversion:7.2.0

Trust: 1.0

vendor:f5model:nginxscope:lteversion:1.17.2

Trust: 1.0

vendor:nodejsmodel:node.jsscope:gteversion:12.0.0

Trust: 1.0

vendor:synologymodel:vs960hdscope:eqversion: -

Trust: 1.0

vendor:oraclemodel:graalvmscope:eqversion:19.2.0

Trust: 1.0

vendor:mcafeemodel:web gatewayscope:ltversion:7.8.2.13

Trust: 1.0

vendor:nodejsmodel:node.jsscope:ltversion:8.16.1

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:19.04

Trust: 1.0

vendor:opensusemodel:leapscope:eqversion:15.0

Trust: 1.0

vendor:redhatmodel:jboss core servicesscope:eqversion:1.0

Trust: 1.0

vendor:mcafeemodel:web gatewayscope:ltversion:8.2.0

Trust: 1.0

vendor:apachemodel:traffic serverscope:lteversion:7.1.6

Trust: 1.0

vendor:apachemodel:traffic serverscope:lteversion:6.2.3

Trust: 1.0

vendor:mcafeemodel:web gatewayscope:gteversion:8.1.0

Trust: 1.0

vendor:redhatmodel:software collectionsscope:eqversion:1.0

Trust: 1.0

vendor:mcafeemodel:web gatewayscope:ltversion:7.7.2.24

Trust: 1.0

vendor:f5model:nginxscope:ltversion:1.16.1

Trust: 1.0

vendor:redhatmodel:jboss enterprise application platformscope:eqversion:7.3.0

Trust: 1.0

vendor:apachemodel:traffic serverscope:lteversion:8.0.3

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:9.0

Trust: 1.0

vendor:akamaimodel: - scope: - version: -

Trust: 0.8

vendor:amazonmodel: - scope: - version: -

Trust: 0.8

vendor:apache traffic servermodel: - scope: - version: -

Trust: 0.8

vendor:applemodel: - scope: - version: -

Trust: 0.8

vendor:cloudflaremodel: - scope: - version: -

Trust: 0.8

vendor:envoymodel: - scope: - version: -

Trust: 0.8

vendor:facebookmodel: - scope: - version: -

Trust: 0.8

vendor:go programming languagemodel: - scope: - version: -

Trust: 0.8

vendor:litespeedmodel: - scope: - version: -

Trust: 0.8

vendor:microsoftmodel: - scope: - version: -

Trust: 0.8

vendor:nettymodel: - scope: - version: -

Trust: 0.8

vendor:node jsmodel: - scope: - version: -

Trust: 0.8

vendor:synologymodel: - scope: - version: -

Trust: 0.8

vendor:twistedmodel: - scope: - version: -

Trust: 0.8

vendor:ubuntumodel: - scope: - version: -

Trust: 0.8

vendor:grpcmodel: - scope: - version: -

Trust: 0.8

vendor:nghttp2model: - scope: - version: -

Trust: 0.8

vendor:nginxmodel: - scope: - version: -

Trust: 0.8

sources: CERT/CC: VU#605641 // NVD: CVE-2019-9516

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-9516
value: MEDIUM

Trust: 1.0

cret@cert.org: CVE-2019-9516
value: HIGH

Trust: 1.0

CNNVD: CNNVD-201908-938
value: MEDIUM

Trust: 0.6

VULHUB: VHN-160951
value: HIGH

Trust: 0.1

VULMON: CVE-2019-9516
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-9516
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:L/AU:S/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

VULHUB: VHN-160951
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-9516
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.1

Trust: 1.0

cret@cert.org: CVE-2019-9516
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.0

Trust: 1.0

sources: VULHUB: VHN-160951 // VULMON: CVE-2019-9516 // CNNVD: CNNVD-201908-938 // NVD: CVE-2019-9516 // NVD: CVE-2019-9516

PROBLEMTYPE DATA

problemtype:CWE-400

Trust: 1.1

problemtype:CWE-770

Trust: 1.1

sources: VULHUB: VHN-160951 // NVD: CVE-2019-9516

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201908-938

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201908-938

PATCH

title:HTTP/2 Remedial measures to achieve security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=96621

Trust: 0.6

title:Red Hat: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.29 SP3 security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20192950 - Security Advisory

Trust: 0.1

title:Red Hat: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.29 SP3 security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20192946 - Security Advisory

Trust: 0.1

title:Red Hat: Important: rh-nginx110-nginx security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20192745 - Security Advisory

Trust: 0.1

title:Red Hat: Important: rh-nginx114-nginx security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20192775 - Security Advisory

Trust: 0.1

title:Red Hat: Important: nginx:1.14 security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20192799 - Security Advisory

Trust: 0.1

title:Red Hat: Important: rh-nginx112-nginx security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20192746 - Security Advisory

Trust: 0.1

title:Red Hat: Important: Red Hat Quay v3.1.1 security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20192966 - Security Advisory

Trust: 0.1

title:Red Hat: CVE-2019-9516url:https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database&qid=CVE-2019-9516

Trust: 0.1

title:Debian CVElist Bug Report Logs: nginx: CVE-2019-9511 CVE-2019-9513 CVE-2019-9516url:https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=aa3f98e7e42f366cb232cf3ada195106

Trust: 0.1

title:Ubuntu Security Notice: nginx vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-4099-1

Trust: 0.1

title:Debian Security Advisories: DSA-4505-1 nginx -- security updateurl:https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=b38c3ef2fccf5f32d01340c117d4ef05

Trust: 0.1

title:Red Hat: Important: nodejs:10 security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20192925 - Security Advisory

Trust: 0.1

title:Arch Linux Issues: url:https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues&qid=CVE-2019-9516

Trust: 0.1

title:Red Hat: Important: rh-nodejs8-nodejs security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20192955 - Security Advisory

Trust: 0.1

title:Red Hat: Important: rh-nodejs10-nodejs security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20192939 - Security Advisory

Trust: 0.1

title:Arch Linux Advisories: [ASA-201908-13] nginx: denial of serviceurl:https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories&qid=ASA-201908-13

Trust: 0.1

title:Amazon Linux AMI: ALAS-2019-1299url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami&qid=ALAS-2019-1299

Trust: 0.1

title:Arch Linux Advisories: [ASA-201908-12] nginx-mainline: denial of serviceurl:https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories&qid=ASA-201908-12

Trust: 0.1

title:Amazon Linux 2: ALAS2-2019-1342url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux2&qid=ALAS2-2019-1342

Trust: 0.1

title:Red Hat: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 Security Releaseurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20193935 - Security Advisory

Trust: 0.1

title:Red Hat: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 Security Release on RHEL 6url:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20193932 - Security Advisory

Trust: 0.1

title:Red Hat: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 Security Release on RHEL 7url:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20193933 - Security Advisory

Trust: 0.1

title:Red Hat: Important: Red Hat AMQ Broker 7.4.3 release and security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20201445 - Security Advisory

Trust: 0.1

title:Red Hat: Important: Red Hat AMQ Broker 7.6 release and security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20200922 - Security Advisory

Trust: 0.1

title:Red Hat: Important: Red Hat Fuse 7.6.0 security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20200983 - Security Advisory

Trust: 0.1

title:IBM: IBM Security Bulletin: Version 8.15.0 of Node.js included in IBM Cloud Event Management 2.3.0 has several security vulnerabilities.url:https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=3b9c6b5fbfb51d956856e88dff5a7acd

Trust: 0.1

title:IBM: IBM Security Bulletin: Node.js vulnerabilities affect IBM Spectrum Control (formerly Tivoli Storage Productivity Center) (CVE-2019-9511, CVE-2019-9512, CVE-2019-9513, CVE-2019-9514, CVE-2019-9515, CVE-2019-9516, CVE-2019-9517, CVE-2019-9518)url:https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=5ad9418973cac91ba73c01ad16b1f5a4

Trust: 0.1

title:IBM: IBM Security Bulletin: Multiple vulnerabilities affect IBM® SDK for Node.js™ in IBM Cloudurl:https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=89d19e42a01e098dd5f88e0433d2bb5d

Trust: 0.1

title:IBM: Security Bulletin: IBM Cloud Transformation Advisor is affected by a Node.js vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=8f76cfb8f0c5ea84a0bc28705788f854

Trust: 0.1

title:IBM: IBM Security Bulletin: Multiple vulnerabilities in Node.js affect IBM Cloud App Managementurl:https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=1ce0280dd79176d32c26f34906d1d4de

Trust: 0.1

title:IBM: IBM Security Bulletin: Multiple vulnerabilities in Node.js affect IBM Cloud App Managementurl:https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=b76ff63209def4a949aa18bdf6b518b8

Trust: 0.1

title:IBM: IBM Security Bulletin: Multiple vulnerabilities in Node.js affect IBM iurl:https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=247686da02fe524817c1939b0f6b6a5c

Trust: 0.1

title:Fortinet Security Advisories: HTTP/2 Multiple DoS Attacks (VU#605641)url:https://vulmon.com/vendoradvisory?qidtp=fortinet_security_advisories&qid=FG-IR-19-225

Trust: 0.1

title:bogeitingressurl:https://github.com/lieshoujieyuan/bogeitingress

Trust: 0.1

title:DC-4-Vulnhub-Walkthroughurl:https://github.com/vshaliii/DC-4-Vulnhub-Walkthrough

Trust: 0.1

title: - url:https://github.com/khulnasoft-lab/awesome-security

Trust: 0.1

title:Threatposturl:https://threatpost.com/http-bugs/147405/

Trust: 0.1

sources: VULMON: CVE-2019-9516 // CNNVD: CNNVD-201908-938

EXTERNAL IDS

db:NVDid:CVE-2019-9516

Trust: 2.8

db:CERT/CCid:VU#605641

Trust: 2.6

db:MCAFEEid:SB10296

Trust: 1.8

db:CNNVDid:CNNVD-201908-938

Trust: 0.7

db:PACKETSTORMid:156941

Trust: 0.7

db:AUSCERTid:ESB-2019.3116

Trust: 0.6

db:AUSCERTid:ESB-2019.3213

Trust: 0.6

db:AUSCERTid:ESB-2019.4788

Trust: 0.6

db:AUSCERTid:ESB-2019.3129

Trust: 0.6

db:AUSCERTid:ESB-2020.1076

Trust: 0.6

db:AUSCERTid:ESB-2019.3597.3

Trust: 0.6

db:AUSCERTid:ESB-2019.4645

Trust: 0.6

db:AUSCERTid:ESB-2019.4403

Trust: 0.6

db:AUSCERTid:ESB-2020.1335

Trust: 0.6

db:AUSCERTid:ESB-2019.3597.2

Trust: 0.6

db:AUSCERTid:ESB-2019.3299

Trust: 0.6

db:AUSCERTid:ESB-2020.0100

Trust: 0.6

db:AUSCERTid:ESB-2020.1030

Trust: 0.6

db:PACKETSTORMid:154190

Trust: 0.6

db:PACKETSTORMid:155414

Trust: 0.6

db:PACKETSTORMid:157214

Trust: 0.6

db:PACKETSTORMid:156852

Trust: 0.6

db:PACKETSTORMid:154697

Trust: 0.1

db:PACKETSTORMid:154698

Trust: 0.1

db:VULHUBid:VHN-160951

Trust: 0.1

db:VULMONid:CVE-2019-9516

Trust: 0.1

db:PACKETSTORMid:154712

Trust: 0.1

db:PACKETSTORMid:155417

Trust: 0.1

db:PACKETSTORMid:154470

Trust: 0.1

db:PACKETSTORMid:154725

Trust: 0.1

db:PACKETSTORMid:155416

Trust: 0.1

db:PACKETSTORMid:154471

Trust: 0.1

db:PACKETSTORMid:154058

Trust: 0.1

db:PACKETSTORMid:154693

Trust: 0.1

db:PACKETSTORMid:154663

Trust: 0.1

sources: CERT/CC: VU#605641 // VULHUB: VHN-160951 // VULMON: CVE-2019-9516 // PACKETSTORM: 154712 // PACKETSTORM: 155417 // PACKETSTORM: 154470 // PACKETSTORM: 154725 // PACKETSTORM: 156941 // PACKETSTORM: 155416 // PACKETSTORM: 154471 // PACKETSTORM: 154058 // PACKETSTORM: 154693 // PACKETSTORM: 154663 // CNNVD: CNNVD-201908-938 // NVD: CVE-2019-9516

REFERENCES

url:https://github.com/netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md

Trust: 2.6

url:https://www.synology.com/security/advisory/synology_sa_19_33

Trust: 2.6

url:https://access.redhat.com/errata/rhsa-2019:3932

Trust: 2.5

url:https://access.redhat.com/errata/rhsa-2019:3933

Trust: 2.5

url:https://usn.ubuntu.com/4099-1/

Trust: 2.5

url:https://www.debian.org/security/2019/dsa-4505

Trust: 2.4

url:https://access.redhat.com/errata/rhsa-2019:3935

Trust: 2.4

url:https://access.redhat.com/errata/rhsa-2019:2745

Trust: 1.9

url:https://access.redhat.com/errata/rhsa-2019:2746

Trust: 1.9

url:https://access.redhat.com/errata/rhsa-2019:2925

Trust: 1.9

url:https://access.redhat.com/errata/rhsa-2019:2939

Trust: 1.9

url:https://access.redhat.com/errata/rhsa-2019:2955

Trust: 1.9

url:https://access.redhat.com/errata/rhsa-2019:2966

Trust: 1.9

url:https://seclists.org/bugtraq/2019/aug/24

Trust: 1.8

url:https://seclists.org/bugtraq/2019/aug/40

Trust: 1.8

url:https://kb.cert.org/vuls/id/605641/

Trust: 1.8

url:https://security.netapp.com/advisory/ntap-20190823-0002/

Trust: 1.8

url:https://security.netapp.com/advisory/ntap-20190823-0005/

Trust: 1.8

url:http://seclists.org/fulldisclosure/2019/aug/16

Trust: 1.8

url:https://access.redhat.com/errata/rhsa-2019:2775

Trust: 1.8

url:https://access.redhat.com/errata/rhsa-2019:2799

Trust: 1.8

url:https://access.redhat.com/errata/rhsa-2019:2946

Trust: 1.8

url:https://access.redhat.com/errata/rhsa-2019:2950

Trust: 1.8

url:http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00032.html

Trust: 1.8

url:http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00031.html

Trust: 1.8

url:http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00035.html

Trust: 1.8

url:http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00014.html

Trust: 1.8

url:https://kc.mcafee.com/corporate/index?page=content&id=sb10296

Trust: 1.7

url:https://blogs.akamai.com/sitr/2019/08/http2-vulnerabilities.html

Trust: 1.6

url:https://nvd.nist.gov/vuln/detail/cve-2019-9516

Trust: 1.6

url:https://support.f5.com/csp/article/k02591030

Trust: 1.2

url:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4zqghe3wtylyayjeidjvf2figqtaypmc/

Trust: 1.0

url:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/bp556leg3wenhzi5taq6zebftjb4e2is/

Trust: 1.0

url:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/cmnfx5mnyrwwimo4btkyqcgudmho3axp/

Trust: 1.0

url:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/h472d5hpxn6rrxcnfml3bk5oyc52cxf2/

Trust: 1.0

url:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/popaec4fwl4uu4ldegpy5npalu24ffqd/

Trust: 1.0

url:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/tazzevtcn2b4wt6aibj7xgyjmbtorju5/

Trust: 1.0

url:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/xhtku7yq5eep2xnsav4m4vj7qcbojmod/

Trust: 1.0

url:https://support.f5.com/csp/article/k02591030?utm_source=f5support&amp%3butm_medium=rss

Trust: 1.0

url:https://nvd.nist.gov/vuln/detail/cve-2019-9513

Trust: 0.9

url:https://access.redhat.com/security/updates/classification/#important

Trust: 0.9

url:https://access.redhat.com/security/cve/cve-2019-9516

Trust: 0.9

url:https://access.redhat.com/security/cve/cve-2019-9513

Trust: 0.9

url:https://access.redhat.com/security/team/contact/

Trust: 0.9

url:https://www.redhat.com/mailman/listinfo/rhsa-announce

Trust: 0.9

url:https://bugzilla.redhat.com/):

Trust: 0.9

url:https://vuls.cert.org/confluence/pages/viewpage.action?pageid=56393752

Trust: 0.8

url:https://tools.ietf.org/html/rfc7540

Trust: 0.8

url:https://tools.ietf.org/html/rfc7541

Trust: 0.8

url:https://blog.cloudflare.com/on-the-recent-http-2-dos-attacks/

Trust: 0.8

url:https://blog.litespeedtech.com/2019/08/15/litespeed-addresses-http-2-dos-advisories/

Trust: 0.8

url:https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-9511https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-9512https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-9513https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-9514https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-9518

Trust: 0.8

url:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/bp556leg3wenhzi5taq6zebftjb4e2is/

Trust: 0.8

url:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/cmnfx5mnyrwwimo4btkyqcgudmho3axp/

Trust: 0.8

url:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/xhtku7yq5eep2xnsav4m4vj7qcbojmod/

Trust: 0.8

url:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4zqghe3wtylyayjeidjvf2figqtaypmc/

Trust: 0.8

url:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/popaec4fwl4uu4ldegpy5npalu24ffqd/

Trust: 0.8

url:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/tazzevtcn2b4wt6aibj7xgyjmbtorju5/

Trust: 0.8

url:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/h472d5hpxn6rrxcnfml3bk5oyc52cxf2/

Trust: 0.8

url:https://access.redhat.com/security/cve/cve-2019-9511

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2019-9511

Trust: 0.8

url:https://support.f5.com/csp/article/k02591030?utm_source=f5support&utm_medium=rss

Trust: 0.7

url:https://access.redhat.com/articles/11258

Trust: 0.7

url:https://access.redhat.com/security/team/key/

Trust: 0.7

url:https://nvd.nist.gov/vuln/detail/cve-2019-9514

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2019-9517

Trust: 0.6

url:https://access.redhat.com/security/cve/cve-2019-9517

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2019-9512

Trust: 0.6

url:http2-cves/

Trust: 0.6

url:https://www.cloudfoundry.org/blog/various-

Trust: 0.6

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9518

Trust: 0.6

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9517

Trust: 0.6

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9516

Trust: 0.6

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9515

Trust: 0.6

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9514

Trust: 0.6

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9513

Trust: 0.6

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9512

Trust: 0.6

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9511

Trust: 0.6

url:https://support.f5.com/csp/article/k50233772

Trust: 0.6

url:http://mailman.nginx.org/pipermail/nginx-announce/2019/000249.html

Trust: 0.6

url:https://www.suse.com/support/update/announcement/2019/suse-su-201914246-1.html

Trust: 0.6

url:https://www.suse.com/support/update/announcement/2020/suse-su-20200059-1.html

Trust: 0.6

url:https://www.suse.com/support/update/announcement/2019/suse-su-20192254-1.html

Trust: 0.6

url:https://packetstormsecurity.com/files/157214/red-hat-security-advisory-2020-1445-01.html

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.4645/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.4403/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.3597.2/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.4788/

Trust: 0.6

url:https://packetstormsecurity.com/files/154190/debian-security-advisory-4505-1.html

Trust: 0.6

url:https://pivotal.io/security/cve-2019-9517

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-node-js-affect-ibm-spectrum-protect-plus-cve-2019-15606-cve-2019-15604-cve-2019-15605-cve-2019-9511-cve-2019-9516-cve-2019-9512-cve-2019-9517-cve-2019-951/

Trust: 0.6

url:https://support.apple.com/en-us/ht210436

Trust: 0.6

url:https://www.ibm.com/support/pages/node/1143454

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.3116/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.3213/

Trust: 0.6

url:https://packetstormsecurity.com/files/156852/red-hat-security-advisory-2020-0922-01.html

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-kubernetes-affect-ibm-infosphere-information-server/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.3299/

Trust: 0.6

url:https://packetstormsecurity.com/files/156941/red-hat-security-advisory-2020-0983-01.html

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.1335/

Trust: 0.6

url:https://www.ibm.com/support/pages/node/1072144

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.3597.3/

Trust: 0.6

url:https://packetstormsecurity.com/files/155414/red-hat-security-advisory-2019-3935-01.html

Trust: 0.6

url:https://www.ibm.com/support/pages/node/1150960

Trust: 0.6

url:https://www.ibm.com/support/pages/node/1137466

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.0100/

Trust: 0.6

url:https://www.ibm.com/support/pages/node/1167160

Trust: 0.6

url:https://vigilance.fr/vulnerability/http-2-multiple-vulnerabilities-30040

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.3129/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.1076/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.1030/

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2019-9515

Trust: 0.5

url:https://access.redhat.com/security/cve/cve-2019-9512

Trust: 0.5

url:https://access.redhat.com/security/cve/cve-2019-9514

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2019-9518

Trust: 0.5

url:https://access.redhat.com/security/cve/cve-2019-9515

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2019-9518

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2019-0197

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2018-5407

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2018-17199

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2018-17189

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2018-0737

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2018-17199

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2018-0737

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-0217

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2018-0734

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-0217

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-0197

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2018-17189

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2018-5407

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-0196

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-0196

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2018-0734

Trust: 0.2

url:https://kc.mcafee.com/corporate/index?page=content&amp;id=sb10296

Trust: 0.1

url:https://support.f5.com/csp/article/k02591030?utm_source=f5support&amp;amp;utm_medium=rss

Trust: 0.1

url:https://cwe.mitre.org/data/definitions/770.html

Trust: 0.1

url:http://tools.cisco.com/security/center/viewalert.x?alertid=60633

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://www.kb.cert.org/vuls/id/605641

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-10174

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2015-9251

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-10184

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-14379

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-11771

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-5427

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-12422

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-3888

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2017-5929

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-12422

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-14439

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-11272

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/red_hat_fuse/7.6/

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-17570

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-3888

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-17570

Trust: 0.1

url:https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions&product=jboss.fuse&version=7.6.0

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2017-5929

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-11771

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-14439

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-3802

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-12814

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-10184

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-12384

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-15756

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-5427

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-15756

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-9251

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2017-16012

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-10174

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-12384

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-11272

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-3802

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-12814

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2017-16012

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2020:0983

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-14379

Trust: 0.1

url:https://support.apple.com/kb/ht201222

Trust: 0.1

url:https://www.apple.com/support/security/pgp/

Trust: 0.1

url:https://github.com/apple/swift-nio-http2/releases/tag/1.5.0.

Trust: 0.1

sources: CERT/CC: VU#605641 // VULHUB: VHN-160951 // VULMON: CVE-2019-9516 // PACKETSTORM: 154712 // PACKETSTORM: 155417 // PACKETSTORM: 154470 // PACKETSTORM: 154725 // PACKETSTORM: 156941 // PACKETSTORM: 155416 // PACKETSTORM: 154471 // PACKETSTORM: 154058 // PACKETSTORM: 154693 // PACKETSTORM: 154663 // CNNVD: CNNVD-201908-938 // NVD: CVE-2019-9516

CREDITS

Red Hat

Trust: 0.9

sources: PACKETSTORM: 154712 // PACKETSTORM: 155417 // PACKETSTORM: 154470 // PACKETSTORM: 154725 // PACKETSTORM: 156941 // PACKETSTORM: 155416 // PACKETSTORM: 154471 // PACKETSTORM: 154693 // PACKETSTORM: 154663

SOURCES

db:CERT/CCid:VU#605641
db:VULHUBid:VHN-160951
db:VULMONid:CVE-2019-9516
db:PACKETSTORMid:154712
db:PACKETSTORMid:155417
db:PACKETSTORMid:154470
db:PACKETSTORMid:154725
db:PACKETSTORMid:156941
db:PACKETSTORMid:155416
db:PACKETSTORMid:154471
db:PACKETSTORMid:154058
db:PACKETSTORMid:154693
db:PACKETSTORMid:154663
db:CNNVDid:CNNVD-201908-938
db:NVDid:CVE-2019-9516

LAST UPDATE DATE

2024-11-20T22:25:37.246000+00:00


SOURCES UPDATE DATE

db:CERT/CCid:VU#605641date:2019-11-19T00:00:00
db:VULHUBid:VHN-160951date:2020-10-22T00:00:00
db:VULMONid:CVE-2019-9516date:2022-08-05T00:00:00
db:CNNVDid:CNNVD-201908-938date:2021-10-29T00:00:00
db:NVDid:CVE-2019-9516date:2023-11-07T03:13:42.893

SOURCES RELEASE DATE

db:CERT/CCid:VU#605641date:2019-08-13T00:00:00
db:VULHUBid:VHN-160951date:2019-08-13T00:00:00
db:VULMONid:CVE-2019-9516date:2019-08-13T00:00:00
db:PACKETSTORMid:154712date:2019-10-02T15:03:59
db:PACKETSTORMid:155417date:2019-11-20T21:11:11
db:PACKETSTORMid:154470date:2019-09-12T14:32:43
db:PACKETSTORMid:154725date:2019-10-03T20:31:49
db:PACKETSTORMid:156941date:2020-03-27T13:16:40
db:PACKETSTORMid:155416date:2019-11-20T20:55:55
db:PACKETSTORMid:154471date:2019-09-12T14:32:51
db:PACKETSTORMid:154058date:2019-08-14T22:22:22
db:PACKETSTORMid:154693date:2019-09-30T22:22:22
db:PACKETSTORMid:154663date:2019-09-30T13:33:33
db:CNNVDid:CNNVD-201908-938date:2019-08-13T00:00:00
db:NVDid:CVE-2019-9516date:2019-08-13T21:15:12.583