QwikSec

Security Database

CVE

CWE

Training

CVE-2019-9515

Published: Aug 13, 2019

Modified: Aug 4, 2024

PUBLISHED

CVSS v3.0

7.5

HIGH

Description

Some HTTP/2 implementations are vulnerable to a settings flood, potentially leading to a denial of service. The attacker sends a stream of SETTINGS frames to the peer. Since the RFC requires that the peer reply with one acknowledgement per SETTINGS frame, an empty SETTINGS frame is almost equivalent in behavior to a ping. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

Weaknesses (CWE)

CVSS v3.0 Details

CVSS v3.0 Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

References

third-party-advisory

x_refsource_CERT-VN

https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md

x_refsource_MISC

[trafficserver-dev] 20190813 Apache Traffic Server is vulnerable to various HTTP/2 attacks

mailing-list

x_refsource_MLIST

[trafficserver-users] 20190813 Apache Traffic Server is vulnerable to various HTTP/2 attacks

mailing-list

x_refsource_MLIST

[trafficserver-announce] 20190813 Apache Traffic Server is vulnerable to various HTTP/2 attacks

mailing-list

x_refsource_MLIST

20190814 APPLE-SA-2019-08-13-5 SwiftNIO HTTP/2 1.5.0

mailing-list

x_refsource_BUGTRAQ

20190816 APPLE-SA-2019-08-13-5 SwiftNIO HTTP/2 1.5.0

mailing-list

x_refsource_FULLDISC

https://www.synology.com/security/advisory/Synology_SA_19_33

x_refsource_CONFIRM

https://support.f5.com/csp/article/K50233772

x_refsource_CONFIRM

https://security.netapp.com/advisory/ntap-20190823-0005/

x_refsource_CONFIRM

FEDORA-2019-5a6a7bc12c

vendor-advisory

x_refsource_FEDORA

FEDORA-2019-6a2980de56

vendor-advisory

x_refsource_FEDORA

20190825 [SECURITY] [DSA 4508-1] h2o security update

mailing-list

x_refsource_BUGTRAQ

vendor-advisory

x_refsource_DEBIAN

vendor-advisory

x_refsource_DEBIAN

20190910 [SECURITY] [DSA 4520-1] trafficserver security update

mailing-list

x_refsource_BUGTRAQ

openSUSE-SU-2019:2114

vendor-advisory

x_refsource_SUSE

openSUSE-SU-2019:2115

vendor-advisory

x_refsource_SUSE

https://kc.mcafee.com/corporate/index?page=content&id=SB10296

x_refsource_CONFIRM

vendor-advisory

x_refsource_REDHAT

vendor-advisory

x_refsource_REDHAT

vendor-advisory

x_refsource_REDHAT

vendor-advisory

x_refsource_REDHAT

vendor-advisory

x_refsource_REDHAT

vendor-advisory

x_refsource_REDHAT

https://support.f5.com/csp/article/K50233772?utm_source=f5support&amp%3Butm_medium=RSS

x_refsource_CONFIRM

vendor-advisory

x_refsource_REDHAT

vendor-advisory

x_refsource_REDHAT

vendor-advisory

x_refsource_REDHAT

vendor-advisory

x_refsource_REDHAT

vendor-advisory

x_refsource_REDHAT

vendor-advisory

x_refsource_REDHAT

vendor-advisory

x_refsource_REDHAT

vendor-advisory

x_refsource_REDHAT

vendor-advisory

x_refsource_REDHAT

vendor-advisory

x_refsource_REDHAT

vendor-advisory

x_refsource_REDHAT

vendor-advisory

x_refsource_UBUNTU

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.