Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

CVE ID:CVE-2019-9518
Description:Some HTTP/2 implementations are vulnerable to a flood of empty frames, potentially leading to a denial of service. The attacker sends a stream of frames with an empty payload and without the end-of-stream flag. These frames can be DATA, HEADERS, CONTINUATION and/or PUSH_PROMISE. The peer spends time processing each frame disproportionate to attack bandwidth. This can consume excess CPU.
Test IDs: None available
Cross References: Common Vulnerability Exposure (CVE) ID: CVE-2019-9518
Bugtraq: 20190814 APPLE-SA-2019-08-13-5 SwiftNIO HTTP/2 1.5.0 (Google Search)
Bugtraq: 20190910 [SECURITY] [DSA 4520-1] trafficserver security update (Google Search)
CERT/CC vulnerability note: VU#605641
Debian Security Information: DSA-4520 (Google Search)
RedHat Security Advisories: RHSA-2019:2925
RedHat Security Advisories: RHSA-2019:2939
RedHat Security Advisories: RHSA-2019:2955
RedHat Security Advisories: RHSA-2019:3892
RedHat Security Advisories: RHSA-2019:4352
RedHat Security Advisories: RHSA-2020:0727
SuSE Security Announcement: openSUSE-SU-2019:2114 (Google Search)
SuSE Security Announcement: openSUSE-SU-2019:2115 (Google Search)

© 1998-2021 E-Soft Inc. All rights reserved.