mirror of
https://github.com/CVEProject/cvelist.git
synced 2025-07-29 05:56:59 +00:00
412 lines
16 KiB
JSON
412 lines
16 KiB
JSON
{
|
|
"CVE_data_meta": {
|
|
"AKA": "HTTP/2 Ping Flood",
|
|
"ASSIGNER": "cert@cert.org",
|
|
"ID": "CVE-2019-9512",
|
|
"STATE": "PUBLIC",
|
|
"TITLE": "Some HTTP/2 implementations are vulnerable to ping floods, potentially leading to a denial of service"
|
|
},
|
|
"affects": {
|
|
"vendor": {
|
|
"vendor_data": [
|
|
{
|
|
"product": {
|
|
"product_data": [
|
|
{
|
|
"product_name": "n/a",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_value": "n/a"
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
},
|
|
"vendor_name": "n/a"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"credit": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "Thanks to Jonathan Looney of Netflix for reporting this vulnerability."
|
|
}
|
|
],
|
|
"data_format": "MITRE",
|
|
"data_type": "CVE",
|
|
"data_version": "4.0",
|
|
"description": {
|
|
"description_data": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "Some HTTP/2 implementations are vulnerable to ping floods, potentially leading to a denial of service. The attacker sends continual pings to an HTTP/2 peer, causing the peer to build an internal queue of responses. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both."
|
|
}
|
|
]
|
|
},
|
|
"generator": {
|
|
"engine": "Vulnogram 0.0.7"
|
|
},
|
|
"impact": {
|
|
"cvss": {
|
|
"attackComplexity": "LOW",
|
|
"attackVector": "NETWORK",
|
|
"availabilityImpact": "HIGH",
|
|
"baseScore": 7.5,
|
|
"baseSeverity": "HIGH",
|
|
"confidentialityImpact": "NONE",
|
|
"integrityImpact": "NONE",
|
|
"privilegesRequired": "NONE",
|
|
"scope": "UNCHANGED",
|
|
"userInteraction": "NONE",
|
|
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
|
|
"version": "3.0"
|
|
}
|
|
},
|
|
"problemtype": {
|
|
"problemtype_data": [
|
|
{
|
|
"description": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "CWE-400 Uncontrolled Resource Consumption"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
"references": {
|
|
"reference_data": [
|
|
{
|
|
"name": "VU#605641",
|
|
"refsource": "CERT-VN",
|
|
"url": "https://kb.cert.org/vuls/id/605641/"
|
|
},
|
|
{
|
|
"name": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md",
|
|
"refsource": "MISC",
|
|
"url": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md"
|
|
},
|
|
{
|
|
"refsource": "MLIST",
|
|
"name": "[trafficserver-dev] 20190813 Apache Traffic Server is vulnerable to various HTTP/2 attacks",
|
|
"url": "https://lists.apache.org/thread.html/bde52309316ae798186d783a5e29f4ad1527f61c9219a289d0eee0a7@%3Cdev.trafficserver.apache.org%3E"
|
|
},
|
|
{
|
|
"refsource": "MLIST",
|
|
"name": "[trafficserver-users] 20190813 Apache Traffic Server is vulnerable to various HTTP/2 attacks",
|
|
"url": "https://lists.apache.org/thread.html/392108390cef48af647a2e47b7fd5380e050e35ae8d1aa2030254c04@%3Cusers.trafficserver.apache.org%3E"
|
|
},
|
|
{
|
|
"refsource": "MLIST",
|
|
"name": "[trafficserver-announce] 20190813 Apache Traffic Server is vulnerable to various HTTP/2 attacks",
|
|
"url": "https://lists.apache.org/thread.html/ad3d01e767199c1aed8033bb6b3f5bf98c011c7c536f07a5d34b3c19@%3Cannounce.trafficserver.apache.org%3E"
|
|
},
|
|
{
|
|
"refsource": "BUGTRAQ",
|
|
"name": "20190814 APPLE-SA-2019-08-13-5 SwiftNIO HTTP/2 1.5.0",
|
|
"url": "https://seclists.org/bugtraq/2019/Aug/24"
|
|
},
|
|
{
|
|
"refsource": "FULLDISC",
|
|
"name": "20190816 APPLE-SA-2019-08-13-5 SwiftNIO HTTP/2 1.5.0",
|
|
"url": "http://seclists.org/fulldisclosure/2019/Aug/16"
|
|
},
|
|
{
|
|
"refsource": "CONFIRM",
|
|
"name": "https://www.synology.com/security/advisory/Synology_SA_19_33",
|
|
"url": "https://www.synology.com/security/advisory/Synology_SA_19_33"
|
|
},
|
|
{
|
|
"refsource": "BUGTRAQ",
|
|
"name": "20190819 [SECURITY] [DSA 4503-1] golang-1.11 security update",
|
|
"url": "https://seclists.org/bugtraq/2019/Aug/31"
|
|
},
|
|
{
|
|
"refsource": "DEBIAN",
|
|
"name": "DSA-4503",
|
|
"url": "https://www.debian.org/security/2019/dsa-4503"
|
|
},
|
|
{
|
|
"refsource": "CONFIRM",
|
|
"name": "https://support.f5.com/csp/article/K98053339",
|
|
"url": "https://support.f5.com/csp/article/K98053339"
|
|
},
|
|
{
|
|
"refsource": "MLIST",
|
|
"name": "[oss-security] 20190819 [ANNOUNCE] Security release of Kubernetes v1.15.3, v1.14.6, v1.13.10 - CVE-2019-9512 and CVE-2019-9514",
|
|
"url": "http://www.openwall.com/lists/oss-security/2019/08/20/1"
|
|
},
|
|
{
|
|
"refsource": "CONFIRM",
|
|
"name": "https://security.netapp.com/advisory/ntap-20190823-0001/",
|
|
"url": "https://security.netapp.com/advisory/ntap-20190823-0001/"
|
|
},
|
|
{
|
|
"refsource": "CONFIRM",
|
|
"name": "https://security.netapp.com/advisory/ntap-20190823-0004/",
|
|
"url": "https://security.netapp.com/advisory/ntap-20190823-0004/"
|
|
},
|
|
{
|
|
"refsource": "CONFIRM",
|
|
"name": "https://security.netapp.com/advisory/ntap-20190823-0005/",
|
|
"url": "https://security.netapp.com/advisory/ntap-20190823-0005/"
|
|
},
|
|
{
|
|
"refsource": "SUSE",
|
|
"name": "openSUSE-SU-2019:2000",
|
|
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00076.html"
|
|
},
|
|
{
|
|
"refsource": "FEDORA",
|
|
"name": "FEDORA-2019-5a6a7bc12c",
|
|
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CMNFX5MNYRWWIMO4BTKYQCGUDMHO3AXP/"
|
|
},
|
|
{
|
|
"refsource": "FEDORA",
|
|
"name": "FEDORA-2019-6a2980de56",
|
|
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4ZQGHE3WTYLYAYJEIDJVF2FIGQTAYPMC/"
|
|
},
|
|
{
|
|
"refsource": "BUGTRAQ",
|
|
"name": "20190825 [SECURITY] [DSA 4508-1] h2o security update",
|
|
"url": "https://seclists.org/bugtraq/2019/Aug/43"
|
|
},
|
|
{
|
|
"refsource": "DEBIAN",
|
|
"name": "DSA-4508",
|
|
"url": "https://www.debian.org/security/2019/dsa-4508"
|
|
},
|
|
{
|
|
"refsource": "SUSE",
|
|
"name": "openSUSE-SU-2019:2056",
|
|
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00002.html"
|
|
},
|
|
{
|
|
"refsource": "SUSE",
|
|
"name": "openSUSE-SU-2019:2072",
|
|
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00011.html"
|
|
},
|
|
{
|
|
"refsource": "FEDORA",
|
|
"name": "FEDORA-2019-55d101a740",
|
|
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LYO6E3H34C346D2E443GLXK7OK6KIYIQ/"
|
|
},
|
|
{
|
|
"refsource": "FEDORA",
|
|
"name": "FEDORA-2019-65db7ad6c7",
|
|
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BBP27PZGSY6OP6D26E5FW4GZKBFHNU7/"
|
|
},
|
|
{
|
|
"refsource": "SUSE",
|
|
"name": "openSUSE-SU-2019:2085",
|
|
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00021.html"
|
|
},
|
|
{
|
|
"refsource": "REDHAT",
|
|
"name": "RHSA-2019:2682",
|
|
"url": "https://access.redhat.com/errata/RHSA-2019:2682"
|
|
},
|
|
{
|
|
"refsource": "DEBIAN",
|
|
"name": "DSA-4520",
|
|
"url": "https://www.debian.org/security/2019/dsa-4520"
|
|
},
|
|
{
|
|
"refsource": "REDHAT",
|
|
"name": "RHSA-2019:2726",
|
|
"url": "https://access.redhat.com/errata/RHSA-2019:2726"
|
|
},
|
|
{
|
|
"refsource": "BUGTRAQ",
|
|
"name": "20190910 [SECURITY] [DSA 4520-1] trafficserver security update",
|
|
"url": "https://seclists.org/bugtraq/2019/Sep/18"
|
|
},
|
|
{
|
|
"refsource": "REDHAT",
|
|
"name": "RHSA-2019:2594",
|
|
"url": "https://access.redhat.com/errata/RHSA-2019:2594"
|
|
},
|
|
{
|
|
"refsource": "SUSE",
|
|
"name": "openSUSE-SU-2019:2114",
|
|
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00032.html"
|
|
},
|
|
{
|
|
"refsource": "SUSE",
|
|
"name": "openSUSE-SU-2019:2115",
|
|
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00031.html"
|
|
},
|
|
{
|
|
"refsource": "REDHAT",
|
|
"name": "RHSA-2019:2661",
|
|
"url": "https://access.redhat.com/errata/RHSA-2019:2661"
|
|
},
|
|
{
|
|
"refsource": "CONFIRM",
|
|
"name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10296",
|
|
"url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10296"
|
|
},
|
|
{
|
|
"refsource": "REDHAT",
|
|
"name": "RHSA-2019:2690",
|
|
"url": "https://access.redhat.com/errata/RHSA-2019:2690"
|
|
},
|
|
{
|
|
"refsource": "REDHAT",
|
|
"name": "RHSA-2019:2766",
|
|
"url": "https://access.redhat.com/errata/RHSA-2019:2766"
|
|
},
|
|
{
|
|
"refsource": "SUSE",
|
|
"name": "openSUSE-SU-2019:2130",
|
|
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00038.html"
|
|
},
|
|
{
|
|
"refsource": "REDHAT",
|
|
"name": "RHSA-2019:2796",
|
|
"url": "https://access.redhat.com/errata/RHSA-2019:2796"
|
|
},
|
|
{
|
|
"refsource": "REDHAT",
|
|
"name": "RHSA-2019:2861",
|
|
"url": "https://access.redhat.com/errata/RHSA-2019:2861"
|
|
},
|
|
{
|
|
"refsource": "REDHAT",
|
|
"name": "RHSA-2019:2925",
|
|
"url": "https://access.redhat.com/errata/RHSA-2019:2925"
|
|
},
|
|
{
|
|
"refsource": "REDHAT",
|
|
"name": "RHSA-2019:2939",
|
|
"url": "https://access.redhat.com/errata/RHSA-2019:2939"
|
|
},
|
|
{
|
|
"refsource": "REDHAT",
|
|
"name": "RHSA-2019:2955",
|
|
"url": "https://access.redhat.com/errata/RHSA-2019:2955"
|
|
},
|
|
{
|
|
"refsource": "REDHAT",
|
|
"name": "RHSA-2019:2966",
|
|
"url": "https://access.redhat.com/errata/RHSA-2019:2966"
|
|
},
|
|
{
|
|
"refsource": "CONFIRM",
|
|
"name": "https://support.f5.com/csp/article/K98053339?utm_source=f5support&utm_medium=RSS",
|
|
"url": "https://support.f5.com/csp/article/K98053339?utm_source=f5support&utm_medium=RSS"
|
|
},
|
|
{
|
|
"refsource": "REDHAT",
|
|
"name": "RHSA-2019:3131",
|
|
"url": "https://access.redhat.com/errata/RHSA-2019:3131"
|
|
},
|
|
{
|
|
"refsource": "REDHAT",
|
|
"name": "RHSA-2019:2769",
|
|
"url": "https://access.redhat.com/errata/RHSA-2019:2769"
|
|
},
|
|
{
|
|
"refsource": "REDHAT",
|
|
"name": "RHSA-2019:3245",
|
|
"url": "https://access.redhat.com/errata/RHSA-2019:3245"
|
|
},
|
|
{
|
|
"refsource": "REDHAT",
|
|
"name": "RHSA-2019:3265",
|
|
"url": "https://access.redhat.com/errata/RHSA-2019:3265"
|
|
},
|
|
{
|
|
"refsource": "REDHAT",
|
|
"name": "RHSA-2019:3892",
|
|
"url": "https://access.redhat.com/errata/RHSA-2019:3892"
|
|
},
|
|
{
|
|
"refsource": "REDHAT",
|
|
"name": "RHSA-2019:3906",
|
|
"url": "https://access.redhat.com/errata/RHSA-2019:3906"
|
|
},
|
|
{
|
|
"refsource": "REDHAT",
|
|
"name": "RHSA-2019:4018",
|
|
"url": "https://access.redhat.com/errata/RHSA-2019:4018"
|
|
},
|
|
{
|
|
"refsource": "REDHAT",
|
|
"name": "RHSA-2019:4019",
|
|
"url": "https://access.redhat.com/errata/RHSA-2019:4019"
|
|
},
|
|
{
|
|
"refsource": "REDHAT",
|
|
"name": "RHSA-2019:4021",
|
|
"url": "https://access.redhat.com/errata/RHSA-2019:4021"
|
|
},
|
|
{
|
|
"refsource": "REDHAT",
|
|
"name": "RHSA-2019:4020",
|
|
"url": "https://access.redhat.com/errata/RHSA-2019:4020"
|
|
},
|
|
{
|
|
"refsource": "REDHAT",
|
|
"name": "RHSA-2019:4045",
|
|
"url": "https://access.redhat.com/errata/RHSA-2019:4045"
|
|
},
|
|
{
|
|
"refsource": "REDHAT",
|
|
"name": "RHSA-2019:4042",
|
|
"url": "https://access.redhat.com/errata/RHSA-2019:4042"
|
|
},
|
|
{
|
|
"refsource": "REDHAT",
|
|
"name": "RHSA-2019:4040",
|
|
"url": "https://access.redhat.com/errata/RHSA-2019:4040"
|
|
},
|
|
{
|
|
"refsource": "REDHAT",
|
|
"name": "RHSA-2019:4041",
|
|
"url": "https://access.redhat.com/errata/RHSA-2019:4041"
|
|
},
|
|
{
|
|
"refsource": "REDHAT",
|
|
"name": "RHSA-2019:4269",
|
|
"url": "https://access.redhat.com/errata/RHSA-2019:4269"
|
|
},
|
|
{
|
|
"refsource": "REDHAT",
|
|
"name": "RHSA-2019:4273",
|
|
"url": "https://access.redhat.com/errata/RHSA-2019:4273"
|
|
},
|
|
{
|
|
"refsource": "REDHAT",
|
|
"name": "RHSA-2019:4352",
|
|
"url": "https://access.redhat.com/errata/RHSA-2019:4352"
|
|
},
|
|
{
|
|
"refsource": "REDHAT",
|
|
"name": "RHSA-2020:0406",
|
|
"url": "https://access.redhat.com/errata/RHSA-2020:0406"
|
|
},
|
|
{
|
|
"refsource": "REDHAT",
|
|
"name": "RHSA-2020:0727",
|
|
"url": "https://access.redhat.com/errata/RHSA-2020:0727"
|
|
},
|
|
{
|
|
"refsource": "UBUNTU",
|
|
"name": "USN-4308-1",
|
|
"url": "https://usn.ubuntu.com/4308-1/"
|
|
},
|
|
{
|
|
"refsource": "MLIST",
|
|
"name": "[debian-lts-announce] 20201208 [SECURITY] [DLA 2485-1] golang-golang-x-net-dev security update",
|
|
"url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00011.html"
|
|
}
|
|
]
|
|
},
|
|
"source": {
|
|
"discovery": "UNKNOWN"
|
|
}
|
|
} |