mirror of
https://github.com/0xMarcio/cve.git
synced 2025-11-30 18:56:19 +00:00
1.4 KiB
1.4 KiB
CVE-2019-9516
Description
Some HTTP/2 implementations are vulnerable to a header leak, potentially leading to a denial of service. The attacker sends a stream of headers with a 0-length header name and 0-length header value, optionally Huffman encoded into 1-byte or greater headers. Some implementations allocate memory for these headers and keep the allocation alive until the session dies. This can consume excess memory.
POC
Reference
- https://kb.cert.org/vuls/id/605641/
- https://kc.mcafee.com/corporate/index?page=content&id=SB10296
- https://usn.ubuntu.com/4099-1/
Github
- https://github.com/ARPSyndicate/cvemon
- https://github.com/ChiomaDibor/Vulnerability-Management-of-a-Web-Server-Using-Nessus-and-Patch-Management-with-Ansible
- https://github.com/Cybervixy/Vulnerability-Management
- https://github.com/Oju-kwu/Vulnerability-Management-Lab
- https://github.com/Teedico/Nessus_Vulnerability_Assessment
- https://github.com/flyniu666/ingress-nginx-0.21-1.19.5
- https://github.com/rmtec/modeswitcher
- https://github.com/vshaliii/DC-4-Vulnhub-Walkthrough