QwikSec

Security Database

CVE

CWE

Training

CVE-2019-9513

Published: Aug 13, 2019

Modified: Aug 4, 2024

PUBLISHED

CVSS v3.0

7.5

HIGH

Description

Some HTTP/2 implementations are vulnerable to resource loops, potentially leading to a denial of service. The attacker creates multiple request streams and continually shuffles the priority of the streams in a way that causes substantial churn to the priority tree. This can consume excess CPU.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

Weaknesses (CWE)

CVSS v3.0 Details

CVSS v3.0 Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

References

third-party-advisory

x_refsource_CERT-VN

vendor-advisory

x_refsource_UBUNTU

FEDORA-2019-befd924cfe

vendor-advisory

x_refsource_FEDORA

20190822 [SECURITY] [DSA 4505-1] nginx security update

mailing-list

x_refsource_BUGTRAQ

FEDORA-2019-81985a8858

vendor-advisory

x_refsource_FEDORA

vendor-advisory

x_refsource_DEBIAN

FEDORA-2019-5a6a7bc12c

vendor-advisory

x_refsource_FEDORA

FEDORA-2019-6a2980de56

vendor-advisory

x_refsource_FEDORA

FEDORA-2019-8a437d5c2f

vendor-advisory

x_refsource_FEDORA

20190902 [SECURITY] [DSA 4511-1] nghttp2 security update

mailing-list

x_refsource_BUGTRAQ

vendor-advisory

x_refsource_DEBIAN

FEDORA-2019-7a0b45fdc4

vendor-advisory

x_refsource_FEDORA

vendor-advisory

x_refsource_REDHAT

openSUSE-SU-2019:2120

vendor-advisory

x_refsource_SUSE

openSUSE-SU-2019:2114

vendor-advisory

x_refsource_SUSE

openSUSE-SU-2019:2115

vendor-advisory

x_refsource_SUSE

vendor-advisory

x_refsource_REDHAT

vendor-advisory

x_refsource_REDHAT

vendor-advisory

x_refsource_REDHAT

vendor-advisory

x_refsource_REDHAT

vendor-advisory

x_refsource_REDHAT

vendor-advisory

x_refsource_REDHAT

vendor-advisory

x_refsource_REDHAT

openSUSE-SU-2019:2232

vendor-advisory

x_refsource_SUSE

openSUSE-SU-2019:2234

vendor-advisory

x_refsource_SUSE

vendor-advisory

x_refsource_REDHAT

vendor-advisory

x_refsource_REDHAT

openSUSE-SU-2019:2264

vendor-advisory

x_refsource_SUSE

vendor-advisory

x_refsource_REDHAT

vendor-advisory

x_refsource_REDHAT

vendor-advisory

x_refsource_REDHAT

vendor-advisory

x_refsource_REDHAT

vendor-advisory

x_refsource_DEBIAN

https://www.oracle.com/security-alerts/cpuoct2020.html

x_refsource_MISC

https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md

x_refsource_MISC

https://www.synology.com/security/advisory/Synology_SA_19_33

x_refsource_CONFIRM

https://support.f5.com/csp/article/K02591030

x_refsource_CONFIRM

https://security.netapp.com/advisory/ntap-20190823-0002/

x_refsource_CONFIRM

https://security.netapp.com/advisory/ntap-20190823-0005/

x_refsource_CONFIRM

https://kc.mcafee.com/corporate/index?page=content&id=SB10296

x_refsource_CONFIRM

https://support.f5.com/csp/article/K02591030?utm_source=f5support&amp%3Butm_medium=RSS

x_refsource_CONFIRM

https://www.oracle.com/security-alerts/cpujan2021.html

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

CVE-2019-9513 | HIGH (7.5) - Security Vulnerability | QwikSec