Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

CVE ID:CVE-2019-9518
Description:Some HTTP/2 implementations are vulnerable to a flood of empty frames, potentially leading to a denial of service. The attacker sends a stream of frames with an empty payload and without the end-of-stream flag. These frames can be DATA, HEADERS, CONTINUATION and/or PUSH_PROMISE. The peer spends time processing each frame disproportionate to attack bandwidth. This can consume excess CPU.
Test IDs: None available
Cross References: Common Vulnerability Exposure (CVE) ID: CVE-2019-9518
Bugtraq: 20190814 APPLE-SA-2019-08-13-5 SwiftNIO HTTP/2 1.5.0 (Google Search)
https://seclists.org/bugtraq/2019/Aug/24
Bugtraq: 20190910 [SECURITY] [DSA 4520-1] trafficserver security update (Google Search)
https://seclists.org/bugtraq/2019/Sep/18
CERT/CC vulnerability note: VU#605641
https://kb.cert.org/vuls/id/605641/
Debian Security Information: DSA-4520 (Google Search)
https://www.debian.org/security/2019/dsa-4520
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CMNFX5MNYRWWIMO4BTKYQCGUDMHO3AXP/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4ZQGHE3WTYLYAYJEIDJVF2FIGQTAYPMC/
http://seclists.org/fulldisclosure/2019/Aug/16
https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md
https://lists.apache.org/thread.html/r99a625fb17032646d96cd23dec49603ff630e9318e44a686d63046bc@%3Ccommits.cassandra.apache.org%3E
https://lists.apache.org/thread.html/rd31230d01fa6aad18bdadc0720acd1747e53690bd35f73a48e7a9b75@%3Ccommits.cassandra.apache.org%3E
https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe@%3Ccommits.druid.apache.org%3E
https://lists.apache.org/thread.html/2653c56545573b528f3f6352a29eccaf498bd6fb2a6a59568d81a61d@%3Cannounce.trafficserver.apache.org%3E
https://lists.apache.org/thread.html/ff5b0821a6985159a832ff6d1a4bd311ac07ecc7db1e2d8bab619107@%3Cdev.trafficserver.apache.org%3E
https://lists.apache.org/thread.html/091b518265bce56a16af87b77c8cfacda902a02079e866f9fdf13b61@%3Cusers.trafficserver.apache.org%3E
RedHat Security Advisories: RHSA-2019:2925
https://access.redhat.com/errata/RHSA-2019:2925
RedHat Security Advisories: RHSA-2019:2939
https://access.redhat.com/errata/RHSA-2019:2939
RedHat Security Advisories: RHSA-2019:2955
https://access.redhat.com/errata/RHSA-2019:2955
RedHat Security Advisories: RHSA-2019:3892
https://access.redhat.com/errata/RHSA-2019:3892
RedHat Security Advisories: RHSA-2019:4352
https://access.redhat.com/errata/RHSA-2019:4352
RedHat Security Advisories: RHSA-2020:0727
https://access.redhat.com/errata/RHSA-2020:0727
SuSE Security Announcement: openSUSE-SU-2019:2114 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00032.html
SuSE Security Announcement: openSUSE-SU-2019:2115 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00031.html




© 1998-2021 E-Soft Inc. All rights reserved.