CVE-2019-9515

Опубликовано: 13 авг. 2019

Источник: nvd

CVSS3: 7.5

CVSS2: 7.8

EPSS Средний

Описание

Some HTTP/2 implementations are vulnerable to a settings flood, potentially leading to a denial of service. The attacker sends a stream of SETTINGS frames to the peer. Since the RFC requires that the peer reply with one acknowledgement per SETTINGS frame, an empty SETTINGS frame is almost equivalent in behavior to a ping. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both.

Ссылки

http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00031.html
Mailing List
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00032.html
Mailing List
Third Party Advisory
http://seclists.org/fulldisclosure/2019/Aug/16
Mailing List
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:2766
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:2796
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:2861
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:2925
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:2939
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:2955
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:3892
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:4018
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:4019
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:4020
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:4021
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:4040
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:4041
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:4042
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:4045
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:4352
Third Party Advisory
https://access.redhat.com/errata/RHSA-2020:0727
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:a:apple:swiftnio:*:*:*:*:*:*:*:*

Версия от 1.0.0 (включая) до 1.4.0 (включая)

Одно из

cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*

Версия от 10.12 (включая)

cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*

Версия от 14.04 (включая)

Конфигурация 2

Одно из

cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:*

Версия от 6.0.0 (включая) до 6.2.3 (включая)

cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:*

Версия от 7.0.0 (включая) до 7.1.6 (включая)

cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:*

Версия от 8.0.0 (включая) до 8.0.3 (включая)

Конфигурация 3

Одно из

cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*

Конфигурация 4

Одно из

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

Конфигурация 5

Одно из

cpe:2.3:a:synology:skynas:-:*:*:*:*:*:*:*

cpe:2.3:o:synology:diskstation_manager:6.2:*:*:*:*:*:*:*

Конфигурация 6

Одновременно

cpe:2.3:o:synology:vs960hd_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:synology:vs960hd:-:*:*:*:*:*:*:*

Конфигурация 7

Одно из

cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*

cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*

Конфигурация 8

Одно из

cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*

cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*

Конфигурация 9

Одно из

cpe:2.3:a:redhat:jboss_core_services:1.0:*:*:*:*:*:*:*

cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.2.0:*:*:*:*:*:*:*

cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.3.0:*:*:*:*:*:*:*

cpe:2.3:a:redhat:openshift_container_platform:4.1:*:*:*:*:*:*:*

cpe:2.3:a:redhat:openshift_service_mesh:1.0:*:*:*:*:*:*:*

cpe:2.3:a:redhat:openstack:14:*:*:*:*:*:*:*

cpe:2.3:a:redhat:quay:3.0.0:*:*:*:*:*:*:*

cpe:2.3:a:redhat:single_sign-on:7.3:*:*:*:*:*:*:*

cpe:2.3:a:redhat:software_collections:1.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*

Конфигурация 10

cpe:2.3:a:oracle:graalvm:19.2.0:*:*:*:enterprise:*:*:*

Конфигурация 11

Одно из

cpe:2.3:a:mcafee:web_gateway:*:*:*:*:*:*:*:*

Версия от 7.7.2.0 (включая) до 7.7.2.24 (исключая)

cpe:2.3:a:mcafee:web_gateway:*:*:*:*:*:*:*:*

Версия от 7.8.2.0 (включая) до 7.8.2.13 (исключая)

cpe:2.3:a:mcafee:web_gateway:*:*:*:*:*:*:*:*

Версия от 8.1.0 (включая) до 8.2.0 (исключая)

Конфигурация 12

Одно из