Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

CVE ID:CVE-2019-9515
Description:Some HTTP/2 implementations are vulnerable to a settings flood, potentially leading to a denial of service. The attacker sends a stream of SETTINGS frames to the peer. Since the RFC requires that the peer reply with one acknowledgement per SETTINGS frame, an empty SETTINGS frame is almost equivalent in behavior to a ping. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both.
Test IDs: None available
Cross References: Common Vulnerability Exposure (CVE) ID: CVE-2019-9515
Bugtraq: 20190814 APPLE-SA-2019-08-13-5 SwiftNIO HTTP/2 1.5.0 (Google Search)
https://seclists.org/bugtraq/2019/Aug/24
Bugtraq: 20190825 [SECURITY] [DSA 4508-1] h2o security update (Google Search)
https://seclists.org/bugtraq/2019/Aug/43
Bugtraq: 20190910 [SECURITY] [DSA 4520-1] trafficserver security update (Google Search)
https://seclists.org/bugtraq/2019/Sep/18
CERT/CC vulnerability note: VU#605641
https://kb.cert.org/vuls/id/605641/
Debian Security Information: DSA-4508 (Google Search)
https://www.debian.org/security/2019/dsa-4508
Debian Security Information: DSA-4520 (Google Search)
https://www.debian.org/security/2019/dsa-4520
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CMNFX5MNYRWWIMO4BTKYQCGUDMHO3AXP/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4ZQGHE3WTYLYAYJEIDJVF2FIGQTAYPMC/
http://seclists.org/fulldisclosure/2019/Aug/16
https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md
https://lists.apache.org/thread.html/ad3d01e767199c1aed8033bb6b3f5bf98c011c7c536f07a5d34b3c19@%3Cannounce.trafficserver.apache.org%3E
https://lists.apache.org/thread.html/bde52309316ae798186d783a5e29f4ad1527f61c9219a289d0eee0a7@%3Cdev.trafficserver.apache.org%3E
https://lists.apache.org/thread.html/392108390cef48af647a2e47b7fd5380e050e35ae8d1aa2030254c04@%3Cusers.trafficserver.apache.org%3E
RedHat Security Advisories: RHSA-2019:2766
https://access.redhat.com/errata/RHSA-2019:2766
RedHat Security Advisories: RHSA-2019:2796
https://access.redhat.com/errata/RHSA-2019:2796
RedHat Security Advisories: RHSA-2019:2861
https://access.redhat.com/errata/RHSA-2019:2861
RedHat Security Advisories: RHSA-2019:2925
https://access.redhat.com/errata/RHSA-2019:2925
RedHat Security Advisories: RHSA-2019:2939
https://access.redhat.com/errata/RHSA-2019:2939
RedHat Security Advisories: RHSA-2019:2955
https://access.redhat.com/errata/RHSA-2019:2955
RedHat Security Advisories: RHSA-2019:3892
https://access.redhat.com/errata/RHSA-2019:3892
RedHat Security Advisories: RHSA-2019:4018
https://access.redhat.com/errata/RHSA-2019:4018
RedHat Security Advisories: RHSA-2019:4019
https://access.redhat.com/errata/RHSA-2019:4019
RedHat Security Advisories: RHSA-2019:4020
https://access.redhat.com/errata/RHSA-2019:4020
RedHat Security Advisories: RHSA-2019:4021
https://access.redhat.com/errata/RHSA-2019:4021
RedHat Security Advisories: RHSA-2019:4040
https://access.redhat.com/errata/RHSA-2019:4040
RedHat Security Advisories: RHSA-2019:4041
https://access.redhat.com/errata/RHSA-2019:4041
RedHat Security Advisories: RHSA-2019:4042
https://access.redhat.com/errata/RHSA-2019:4042
RedHat Security Advisories: RHSA-2019:4045
https://access.redhat.com/errata/RHSA-2019:4045
RedHat Security Advisories: RHSA-2019:4352
https://access.redhat.com/errata/RHSA-2019:4352
RedHat Security Advisories: RHSA-2020:0727
https://access.redhat.com/errata/RHSA-2020:0727
SuSE Security Announcement: openSUSE-SU-2019:2114 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00032.html
SuSE Security Announcement: openSUSE-SU-2019:2115 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00031.html
https://usn.ubuntu.com/4308-1/




© 1998-2021 E-Soft Inc. All rights reserved.