Details of VAR-201908-0264

ID

VAR-201908-0264

CVE

CVE-2019-9514

TITLE

HTTP/2 implementations do not robustly handle abnormal traffic and resource exhaustion

Trust: 0.8

sources: CERT/CC: VU#605641

DESCRIPTION

Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service. The attacker opens a number of streams and sends an invalid request over each stream that should solicit a stream of RST_STREAM frames from the peer. Depending on how the peer queues the RST_STREAM frames, this can consume excess memory, CPU, or both. Multiple HTTP/2 implementations are vulnerable to a variety of denial-of-service (DoS) attacks. HTTP/2 is the second version of the hypertext transfer protocol, which is mainly used to ensure the communication between the client and the server. A resource management error vulnerability exists in HTTP/2. An attacker could exploit this vulnerability to cause a denial of service. it exists that Twisted incorrectly validated or sanitized certain URIs or HTTP methods. A remote attacker could use this issue to inject invalid characters and possibly perform header injection attacks. (CVE-2019-12387). Red Hat A-MQ is a standards compliant messaging system that is tailored for use in mission critical applications. It includes bug fixes, which are documented in the patch notes accompanying the package on the download page. See the download link given in the references section below. Installation instructions are located in the download section of the customer portal. The References section of this erratum contains a download link (you must log in to download the update). -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: Red Hat JBoss Enterprise Application Platform 7.2.5 on RHEL 8 security update Advisory ID: RHSA-2019:4020-01 Product: Red Hat JBoss Enterprise Application Platform Advisory URL: https://access.redhat.com/errata/RHSA-2019:4020 Issue date: 2019-11-26 CVE Names: CVE-2019-9511 CVE-2019-9512 CVE-2019-9514 CVE-2019-9515 CVE-2019-14838 CVE-2019-14843 ===================================================================== 1. Summary: An update is now available for Red Hat JBoss Enterprise Application Platform 7.2 for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat JBoss EAP 7.2 for RHEL 8 - noarch, x86_64 3. Description: Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.2.5 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.2.4, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.2.5 Release Notes for information about the most significant bug fixes and enhancements included in this release. Security Fix(es): * undertow: HTTP/2: large amount of data requests leads to denial of service (CVE-2019-9511) * undertow: HTTP/2: flood using PING frames results in unbounded memory growth (CVE-2019-9512) * undertow: HTTP/2: flood using HEADERS frames results in unbounded memory growth (CVE-2019-9514) * undertow: HTTP/2: flood using SETTINGS frames results in unbounded memory growth (CVE-2019-9515) * wildfly-core: Incorrect privileges for 'Monitor', 'Auditor' and 'Deployer' user by default (CVE-2019-14838) * wildfly: wildfly-security-manager: security manager authorization bypass (CVE-2019-14843) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: Before applying this update, ensure all previously released errata relevant to your system have been applied. For details about how to apply this update, see: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1735645 - CVE-2019-9512 HTTP/2: flood using PING frames results in unbounded memory growth 1735744 - CVE-2019-9514 HTTP/2: flood using HEADERS frames results in unbounded memory growth 1735745 - CVE-2019-9515 HTTP/2: flood using SETTINGS frames results in unbounded memory growth 1741860 - CVE-2019-9511 HTTP/2: large amount of data requests leads to denial of service 1751227 - CVE-2019-14838 wildfly-core: Incorrect privileges for 'Monitor', 'Auditor' and 'Deployer' user by default 1752980 - CVE-2019-14843 wildfly-security-manager: security manager authorization bypass 6. JIRA issues fixed (https://issues.jboss.org/): JBEAP-17075 - (7.2.z) Upgrade yasson from 1.0.2.redhat-00001 to 1.0.5 JBEAP-17220 - (7.2.x) HHH-13504 Upgrade ByteBuddy to 1.9.11 JBEAP-17365 - [GSS](7.2.z) Upgrade RESTEasy from 3.6.1.SP6 to 3.6.1.SP7 JBEAP-17476 - [GSS](7.2.z) Upgrade Generic JMS RA 2.0.2.Final JBEAP-17478 - [GSS](7.2.z) Upgrade JBoss Remoting from 5.0.14.SP1 to 5.0.16.Final JBEAP-17483 - [GSS](7.2.z) Upgrade Apache CXF from 3.2.9 to 3.2.10 JBEAP-17495 - (7.2.z) Upgrade PicketLink from 2.5.5.SP12-redhat-00007 to 2.5.5.SP12-redhat-00009 JBEAP-17496 - (7.2.z) Upgrade PicketLink bindings from 2.5.5.SP12-redhat-00007 to 2.5.5.SP12-redhat-00009 JBEAP-17513 - [GSS](7.2.z) Upgrade Hibernate ORM from 5.3.11.SP1 to 5.3.13 JBEAP-17521 - (7.2.z) Upgrade picketbox from 5.0.3.Final-redhat-00004 to 5.0.3.Final-redhat-00005 JBEAP-17523 - [GSS](7.2.z) Upgrade wildfly-core from 6.0.16 to 6.0.17 JBEAP-17547 - [GSS](7.2.z) Upgrade Elytron-Tool from 1.4.3 to 1.4.4.Final JBEAP-17548 - [GSS](7.2.z) Upgrade Elytron from 1.6.4.Final-redhat-00001 to 1.6.5.Final-redhat-00001 JBEAP-17560 - [GSS](7.2.z) Upgrade HAL from 3.0.16 to 3.0.17 JBEAP-17579 - [GSS](7.2.z) Upgrade JBoss MSC from 1.4.8 to 1.4.11 JBEAP-17582 - [GSS](7.2.z) Upgrade JSF based on Mojarra 2.3.5.SP3-redhat-00002 to 2.3.5.SP3-redhat-00003 JBEAP-17605 - Tracker bug for the EAP 7.2.5 release for RHEL-8 JBEAP-17631 - [GSS](7.2.z) Upgrade Undertow from 2.0.25.SP1 to 2.0.26.SP3 JBEAP-17647 - [GSS](7.2.z) Upgrade IronJacamar from 1.4.17.Final to 1.4.18.Final JBEAP-17665 - [GSS](7.2.z) Upgrade XNIO from 3.7.3.Final-redhat-00001 to 3.7.6.Final JBEAP-17722 - [GSS](7.2.z) Upgrade wildfly-http-client from 1.0.15.Final-redhat-00001 to 1.0.17.Final JBEAP-17874 - (7.2.z) Upgrade to wildfly-openssl 1.0.8 JBEAP-17880 - (7.2.z) Upgrade XNIO from 3.7.6.Final-redhat-00001 to 3.7.6.SP1 7. Package List: Red Hat JBoss EAP 7.2 for RHEL 8: Source: eap7-apache-cxf-3.2.10-1.redhat_00001.1.el8eap.src.rpm eap7-byte-buddy-1.9.11-1.redhat_00002.1.el8eap.src.rpm eap7-glassfish-jsf-2.3.5-5.SP3_redhat_00003.1.el8eap.src.rpm eap7-hal-console-3.0.17-2.Final_redhat_00001.1.el8eap.src.rpm eap7-hibernate-5.3.13-1.Final_redhat_00001.1.el8eap.src.rpm eap7-ironjacamar-1.4.18-1.Final_redhat_00001.1.el8eap.src.rpm eap7-jboss-genericjms-2.0.2-1.Final_redhat_00001.1.el8eap.src.rpm eap7-jboss-msc-1.4.11-1.Final_redhat_00001.1.el8eap.src.rpm eap7-jboss-remoting-5.0.16-2.Final_redhat_00001.1.el8eap.src.rpm eap7-jboss-server-migration-1.3.1-6.Final_redhat_00006.1.el8eap.src.rpm eap7-jboss-xnio-base-3.7.6-2.SP1_redhat_00001.1.el8eap.src.rpm eap7-picketbox-5.0.3-6.Final_redhat_00005.1.el8eap.src.rpm eap7-picketlink-bindings-2.5.5-20.SP12_redhat_00009.1.el8eap.src.rpm eap7-picketlink-federation-2.5.5-20.SP12_redhat_00009.1.el8eap.src.rpm eap7-resteasy-3.6.1-7.SP7_redhat_00001.1.el8eap.src.rpm eap7-undertow-2.0.26-2.SP3_redhat_00001.1.el8eap.src.rpm eap7-wildfly-7.2.5-4.GA_redhat_00002.1.el8eap.src.rpm eap7-wildfly-elytron-1.6.5-1.Final_redhat_00001.1.el8eap.src.rpm eap7-wildfly-elytron-tool-1.4.4-1.Final_redhat_00001.1.el8eap.src.rpm eap7-wildfly-http-client-1.0.17-1.Final_redhat_00001.1.el8eap.src.rpm eap7-wildfly-openssl-1.0.8-1.Final_redhat_00001.1.el8eap.src.rpm eap7-wildfly-openssl-linux-x86_64-1.0.8-5.Final_redhat_00001.1.el8eap.src.rpm eap7-yasson-1.0.5-1.redhat_00001.1.el8eap.src.rpm noarch: eap7-apache-cxf-3.2.10-1.redhat_00001.1.el8eap.noarch.rpm eap7-apache-cxf-rt-3.2.10-1.redhat_00001.1.el8eap.noarch.rpm eap7-apache-cxf-services-3.2.10-1.redhat_00001.1.el8eap.noarch.rpm eap7-apache-cxf-tools-3.2.10-1.redhat_00001.1.el8eap.noarch.rpm eap7-byte-buddy-1.9.11-1.redhat_00002.1.el8eap.noarch.rpm eap7-glassfish-jsf-2.3.5-5.SP3_redhat_00003.1.el8eap.noarch.rpm eap7-hal-console-3.0.17-2.Final_redhat_00001.1.el8eap.noarch.rpm eap7-hibernate-5.3.13-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-hibernate-core-5.3.13-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-hibernate-entitymanager-5.3.13-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-hibernate-envers-5.3.13-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-hibernate-java8-5.3.13-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-ironjacamar-1.4.18-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-ironjacamar-common-api-1.4.18-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-ironjacamar-common-impl-1.4.18-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-ironjacamar-common-spi-1.4.18-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-ironjacamar-core-api-1.4.18-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-ironjacamar-core-impl-1.4.18-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-ironjacamar-deployers-common-1.4.18-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-ironjacamar-jdbc-1.4.18-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-ironjacamar-validator-1.4.18-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-jboss-genericjms-2.0.2-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-jboss-msc-1.4.11-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-jboss-remoting-5.0.16-2.Final_redhat_00001.1.el8eap.noarch.rpm eap7-jboss-server-migration-1.3.1-6.Final_redhat_00006.1.el8eap.noarch.rpm eap7-jboss-server-migration-cli-1.3.1-6.Final_redhat_00006.1.el8eap.noarch.rpm eap7-jboss-server-migration-core-1.3.1-6.Final_redhat_00006.1.el8eap.noarch.rpm eap7-jboss-server-migration-eap6.4-1.3.1-6.Final_redhat_00006.1.el8eap.noarch.rpm eap7-jboss-server-migration-eap6.4-to-eap7.2-1.3.1-6.Final_redhat_00006.1.el8eap.noarch.rpm eap7-jboss-server-migration-eap7.0-1.3.1-6.Final_redhat_00006.1.el8eap.noarch.rpm eap7-jboss-server-migration-eap7.0-to-eap7.2-1.3.1-6.Final_redhat_00006.1.el8eap.noarch.rpm eap7-jboss-server-migration-eap7.1-1.3.1-6.Final_redhat_00006.1.el8eap.noarch.rpm eap7-jboss-server-migration-eap7.1-to-eap7.2-1.3.1-6.Final_redhat_00006.1.el8eap.noarch.rpm eap7-jboss-server-migration-eap7.2-1.3.1-6.Final_redhat_00006.1.el8eap.noarch.rpm eap7-jboss-server-migration-wildfly10.0-1.3.1-6.Final_redhat_00006.1.el8eap.noarch.rpm eap7-jboss-server-migration-wildfly10.0-to-eap7.2-1.3.1-6.Final_redhat_00006.1.el8eap.noarch.rpm eap7-jboss-server-migration-wildfly10.1-1.3.1-6.Final_redhat_00006.1.el8eap.noarch.rpm eap7-jboss-server-migration-wildfly10.1-to-eap7.2-1.3.1-6.Final_redhat_00006.1.el8eap.noarch.rpm eap7-jboss-server-migration-wildfly11.0-1.3.1-6.Final_redhat_00006.1.el8eap.noarch.rpm eap7-jboss-server-migration-wildfly11.0-to-eap7.2-1.3.1-6.Final_redhat_00006.1.el8eap.noarch.rpm eap7-jboss-server-migration-wildfly12.0-1.3.1-6.Final_redhat_00006.1.el8eap.noarch.rpm eap7-jboss-server-migration-wildfly12.0-to-eap7.2-1.3.1-6.Final_redhat_00006.1.el8eap.noarch.rpm eap7-jboss-server-migration-wildfly13.0-server-1.3.1-6.Final_redhat_00006.1.el8eap.noarch.rpm eap7-jboss-server-migration-wildfly14.0-server-1.3.1-6.Final_redhat_00006.1.el8eap.noarch.rpm eap7-jboss-server-migration-wildfly8.2-1.3.1-6.Final_redhat_00006.1.el8eap.noarch.rpm eap7-jboss-server-migration-wildfly8.2-to-eap7.2-1.3.1-6.Final_redhat_00006.1.el8eap.noarch.rpm eap7-jboss-server-migration-wildfly9.0-1.3.1-6.Final_redhat_00006.1.el8eap.noarch.rpm eap7-jboss-server-migration-wildfly9.0-to-eap7.2-1.3.1-6.Final_redhat_00006.1.el8eap.noarch.rpm eap7-jboss-xnio-base-3.7.6-2.SP1_redhat_00001.1.el8eap.noarch.rpm eap7-picketbox-5.0.3-6.Final_redhat_00005.1.el8eap.noarch.rpm eap7-picketbox-infinispan-5.0.3-6.Final_redhat_00005.1.el8eap.noarch.rpm eap7-picketlink-api-2.5.5-20.SP12_redhat_00009.1.el8eap.noarch.rpm eap7-picketlink-bindings-2.5.5-20.SP12_redhat_00009.1.el8eap.noarch.rpm eap7-picketlink-common-2.5.5-20.SP12_redhat_00009.1.el8eap.noarch.rpm eap7-picketlink-config-2.5.5-20.SP12_redhat_00009.1.el8eap.noarch.rpm eap7-picketlink-federation-2.5.5-20.SP12_redhat_00009.1.el8eap.noarch.rpm eap7-picketlink-idm-api-2.5.5-20.SP12_redhat_00009.1.el8eap.noarch.rpm eap7-picketlink-idm-impl-2.5.5-20.SP12_redhat_00009.1.el8eap.noarch.rpm eap7-picketlink-idm-simple-schema-2.5.5-20.SP12_redhat_00009.1.el8eap.noarch.rpm eap7-picketlink-impl-2.5.5-20.SP12_redhat_00009.1.el8eap.noarch.rpm eap7-picketlink-wildfly8-2.5.5-20.SP12_redhat_00009.1.el8eap.noarch.rpm eap7-resteasy-3.6.1-7.SP7_redhat_00001.1.el8eap.noarch.rpm eap7-resteasy-atom-provider-3.6.1-7.SP7_redhat_00001.1.el8eap.noarch.rpm eap7-resteasy-cdi-3.6.1-7.SP7_redhat_00001.1.el8eap.noarch.rpm eap7-resteasy-client-3.6.1-7.SP7_redhat_00001.1.el8eap.noarch.rpm eap7-resteasy-client-microprofile-3.6.1-7.SP7_redhat_00001.1.el8eap.noarch.rpm eap7-resteasy-crypto-3.6.1-7.SP7_redhat_00001.1.el8eap.noarch.rpm eap7-resteasy-jackson-provider-3.6.1-7.SP7_redhat_00001.1.el8eap.noarch.rpm eap7-resteasy-jackson2-provider-3.6.1-7.SP7_redhat_00001.1.el8eap.noarch.rpm eap7-resteasy-jaxb-provider-3.6.1-7.SP7_redhat_00001.1.el8eap.noarch.rpm eap7-resteasy-jaxrs-3.6.1-7.SP7_redhat_00001.1.el8eap.noarch.rpm eap7-resteasy-jettison-provider-3.6.1-7.SP7_redhat_00001.1.el8eap.noarch.rpm eap7-resteasy-jose-jwt-3.6.1-7.SP7_redhat_00001.1.el8eap.noarch.rpm eap7-resteasy-jsapi-3.6.1-7.SP7_redhat_00001.1.el8eap.noarch.rpm eap7-resteasy-json-binding-provider-3.6.1-7.SP7_redhat_00001.1.el8eap.noarch.rpm eap7-resteasy-json-p-provider-3.6.1-7.SP7_redhat_00001.1.el8eap.noarch.rpm eap7-resteasy-multipart-provider-3.6.1-7.SP7_redhat_00001.1.el8eap.noarch.rpm eap7-resteasy-rxjava2-3.6.1-7.SP7_redhat_00001.1.el8eap.noarch.rpm eap7-resteasy-spring-3.6.1-7.SP7_redhat_00001.1.el8eap.noarch.rpm eap7-resteasy-validator-provider-11-3.6.1-7.SP7_redhat_00001.1.el8eap.noarch.rpm eap7-resteasy-yaml-provider-3.6.1-7.SP7_redhat_00001.1.el8eap.noarch.rpm eap7-undertow-2.0.26-2.SP3_redhat_00001.1.el8eap.noarch.rpm eap7-wildfly-7.2.5-4.GA_redhat_00002.1.el8eap.noarch.rpm eap7-wildfly-elytron-1.6.5-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-wildfly-elytron-tool-1.4.4-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-wildfly-http-client-common-1.0.17-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-wildfly-http-ejb-client-1.0.17-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-wildfly-http-naming-client-1.0.17-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-wildfly-http-transaction-client-1.0.17-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-wildfly-javadocs-7.2.5-4.GA_redhat_00002.1.el8eap.noarch.rpm eap7-wildfly-modules-7.2.5-4.GA_redhat_00002.1.el8eap.noarch.rpm eap7-wildfly-openssl-1.0.8-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-wildfly-openssl-java-1.0.8-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-yasson-1.0.5-1.redhat_00001.1.el8eap.noarch.rpm x86_64: eap7-wildfly-openssl-linux-x86_64-1.0.8-5.Final_redhat_00001.1.el8eap.x86_64.rpm eap7-wildfly-openssl-linux-x86_64-debuginfo-1.0.8-5.Final_redhat_00001.1.el8eap.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 8. References: https://access.redhat.com/security/cve/CVE-2019-9511 https://access.redhat.com/security/cve/CVE-2019-9512 https://access.redhat.com/security/cve/CVE-2019-9514 https://access.redhat.com/security/cve/CVE-2019-9515 https://access.redhat.com/security/cve/CVE-2019-14838 https://access.redhat.com/security/cve/CVE-2019-14843 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.2/ https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.2/html-single/installation_guide/ 9. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXd2ER9zjgjWX9erEAQi1nA//e/jdUS+GE7oei/yPvjlAKslkR7KbSyAi 4u4w9dQImFgMkxulKqE9r0Tap3ZsiWexVEEJdHBWX7EY84RfrriHRMC0AAxmDZxs jnWhtYQK9uERcWM5pa/ACwRAe218/204USjS8sLwRhWBOTnHVLHO53bPJiz+lG8o KPFuGHgzjVwKnfysJkK7em//Uf1IujwjUk2bE2VYdwhESvgH1KcMebjYTtr2uvS3 An9aAOwmBvUZhD2CSmZjDLVefTyFJBsG0+asLAdQzYQgLfHwYOpCdI3+vifUZ7Vq X1xeise2mgzJmYTsrbcrbeyeoZMCSfyiXzcJIVC165AxmPNVSELXDwi3Yd3NZma5 UTwYB8Wk69/hGEH4Qy6KQeOC0FdN8hqZxbd1zQauHCcBzOPIoQKUqM2iq8pdICI5 rz222ke6S/GGoUgl6zHHwd9/g/MQTZze+cj1KBsQpUQV04eIQkoUMkOJMX8m7J+z Oq2ZywqOwbpjQFFfU5A99OWivBaR2T+j1DZaKnlinCJy17Yw/rxUqBAcJEYal2jZ dG8i0ff5NZoG4kRr7yeYgxzGkwia4m7aSqP8vghhCWWc84wKb6TACjJqub8o6dnc Zvzldas6wdnUV8ewwv2iyIbO6juWjDa94o2H6jbVx16anlkepHVTdTHWJ85dUHIE K2lmfSkSJk0= =+f4c -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . JIRA issues fixed (https://issues.jboss.org/): KEYCLOAK-11792 - keycloak-spring-boot-2-adapter is missing from Red Hat maven and incremental client adapter zip 6. Description: AMQ Broker is a high-performance messaging implementation based on ActiveMQ Artemis. It uses an asynchronous journal for fast message persistence, and supports multiple languages, protocols, and platforms. Description: The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Bug Fix(es): * avc: podman run --security-opt label=type:svirt_qemu_net_t (BZ#1764318) * backport json-file logging support to 1.4.2 (BZ#1770176) * Selinux won't allow SCTP inter pod communication (BZ#1774382) 4. Description: Red Hat Single Sign-On 7.3 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. JIRA issues fixed (https://issues.jboss.org/): KEYCLOAK-11815 - Tracker bug for the RH-SSO 7.3.5 release for RHEL6 7. 8) - aarch64, noarch, ppc64le, s390x, x86_64 3. Description: Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: nodejs (10.16.3). For the stable distribution (buster), these problems have been fixed in version 1.11.6-1+deb10u1. We recommend that you upgrade your golang-1.11 packages. For the detailed security status of golang-1.11 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/golang-1.11 Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl1ZlroACgkQEMKTtsN8 TjZChQ//Vz4y63s3LD3Vz7oJLjchohCR9kHInoJcLM09osvIwBvi5rl/MnsEPUpP 8aMsDt50fZk/YhWSWQsmMCIQT+5CtjUOVbYnThHY5Hy+TpfgwVfe4JHIui5SEqDt 7K0VH7lIgkAncQc+wFzZALwPC+FgkZWyUk/4RuVXybiO8RgB9NMIXANl8PRK47b0 GxKJDT/Q84lksxhrFV0ib34+IPbF3mKAkxwx0FR9COEDBxBxKSQshY+imjtFo2NG YHgwXyGuR9zOcyR8ObTsYaXOPQj8Kd/XZCeWN97Ii6UHWrSG4PvhjQzJfeV/NmJc +kUfM7jzvg8PcGptOLPgbMlMt+XDwNwmPQC54RNyIv36OiYquMZSss3TweL2NV3Y z/1CqG0A4qx9/KqZcgEpIOTgeyUc7LHgO8WEWkS5QcozWxaWC9/RoJZQ8spG5Ztd leeDkzxkBSFoJJ3PBVRWGwzCMB7z6ePegw+/X4zdtBjQTb9TRMI0aj3MUyXOykrC NkEj+QgAdZ8B9sIhke4gCEnvbsx5+L8lyVVZsVQ7yIgklXyMXwXqRKANtVAWVEU+ 1367B1bGAxYfRWhE+HlAX6e6aKMyqRWi6/jb55MxOq3KTAljcIxSBZVBU+6Tpcd+ C5nG/4ox6oKlJMjOLt5/lWPiN2OVm0iJkyF154M9JjXKAz35gAk=5Pta -----END PGP SIGNATURE-----

Trust: 2.7

sources: NVD: CVE-2019-9514 // CERT/CC: VU#605641 // VULHUB: VHN-160949 // VULMON: CVE-2019-9514 // PACKETSTORM: 155728 // PACKETSTORM: 155479 // PACKETSTORM: 155520 // PACKETSTORM: 155484 // PACKETSTORM: 157214 // PACKETSTORM: 155704 // PACKETSTORM: 155705 // PACKETSTORM: 155517 // PACKETSTORM: 154663 // PACKETSTORM: 154135

AFFECTED PRODUCTS

vendor:	redhat	model:	software collections	scope:	eq	version:	1.0	Trust: 1.0
vendor:	fedoraproject	model:	fedora	scope:	eq	version:	30	Trust: 1.0
vendor:	redhat	model:	enterprise linux workstation	scope:	eq	version:	7.0	Trust: 1.0
vendor:	apache	model:	traffic server	scope:	lte	version:	8.0.3	Trust: 1.0
vendor:	debian	model:	linux	scope:	eq	version:	9.0	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	gte	version:	11.6.1	Trust: 1.0
vendor:	redhat	model:	quay	scope:	eq	version:	3.0.0	Trust: 1.0
vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	16.04	Trust: 1.0
vendor:	mcafee	model:	web gateway	scope:	lt	version:	7.7.2.24	Trust: 1.0
vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	19.04	Trust: 1.0
vendor:	redhat	model:	openshift service mesh	scope:	eq	version:	1.0	Trust: 1.0
vendor:	apache	model:	traffic server	scope:	gte	version:	6.0.0	Trust: 1.0
vendor:	redhat	model:	openstack	scope:	eq	version:	14	Trust: 1.0
vendor:	apache	model:	traffic server	scope:	gte	version:	8.0.0	Trust: 1.0
vendor:	oracle	model:	graalvm	scope:	eq	version:	19.2.0	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	gte	version:	13.1.0	Trust: 1.0
vendor:	redhat	model:	openshift container platform	scope:	eq	version:	3.10	Trust: 1.0
vendor:	synology	model:	diskstation manager	scope:	eq	version:	6.2	Trust: 1.0
vendor:	nodejs	model:	node.js	scope:	lte	version:	10.12.0	Trust: 1.0
vendor:	redhat	model:	openshift container platform	scope:	eq	version:	4.2	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	gte	version:	14.0.0	Trust: 1.0
vendor:	redhat	model:	developer tools	scope:	eq	version:	1.0	Trust: 1.0
vendor:	apple	model:	swiftnio	scope:	gte	version:	1.0.0	Trust: 1.0
vendor:	redhat	model:	single sign-on	scope:	eq	version:	7.3	Trust: 1.0
vendor:	nodejs	model:	node.js	scope:	gte	version:	10.0.0	Trust: 1.0
vendor:	nodejs	model:	node.js	scope:	lt	version:	10.16.3	Trust: 1.0
vendor:	mcafee	model:	web gateway	scope:	gte	version:	7.7.2.0	Trust: 1.0
vendor:	nodejs	model:	node.js	scope:	gte	version:	8.9.0	Trust: 1.0
vendor:	redhat	model:	openshift container platform	scope:	eq	version:	4.1	Trust: 1.0
vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	18.04	Trust: 1.0
vendor:	redhat	model:	openshift container platform	scope:	eq	version:	3.9	Trust: 1.0
vendor:	nodejs	model:	node.js	scope:	lt	version:	8.16.1	Trust: 1.0
vendor:	synology	model:	vs960hd	scope:	eq	version:	-	Trust: 1.0
vendor:	nodejs	model:	node.js	scope:	lt	version:	12.8.1	Trust: 1.0
vendor:	mcafee	model:	web gateway	scope:	gte	version:	8.1.0	Trust: 1.0
vendor:	apache	model:	traffic server	scope:	gte	version:	7.0.0	Trust: 1.0
vendor:	mcafee	model:	web gateway	scope:	lt	version:	8.2.0	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	gte	version:	12.1.0	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	gte	version:	15.0.0	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	gte	version:	14.1.0	Trust: 1.0
vendor:	opensuse	model:	leap	scope:	eq	version:	15.1	Trust: 1.0
vendor:	mcafee	model:	web gateway	scope:	gte	version:	7.8.2.0	Trust: 1.0
vendor:	netapp	model:	trident	scope:	eq	version:	-	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	lt	version:	11.6.5.1	Trust: 1.0
vendor:	nodejs	model:	node.js	scope:	lte	version:	8.8.1	Trust: 1.0
vendor:	redhat	model:	openshift container platform	scope:	eq	version:	3.11	Trust: 1.0
vendor:	fedoraproject	model:	fedora	scope:	eq	version:	29	Trust: 1.0
vendor:	netapp	model:	cloud insights	scope:	eq	version:	-	Trust: 1.0
vendor:	redhat	model:	enterprise linux server	scope:	eq	version:	7.0	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	lt	version:	13.1.3.2	Trust: 1.0
vendor:	opensuse	model:	leap	scope:	eq	version:	15.0	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	lt	version:	15.0.1.1	Trust: 1.0
vendor:	apache	model:	traffic server	scope:	lte	version:	6.2.3	Trust: 1.0
vendor:	redhat	model:	jboss core services	scope:	eq	version:	1.0	Trust: 1.0
vendor:	synology	model:	skynas	scope:	eq	version:	-	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	lt	version:	12.1.5.1	Trust: 1.0
vendor:	redhat	model:	jboss enterprise application platform	scope:	eq	version:	7.3.0	Trust: 1.0
vendor:	redhat	model:	enterprise linux	scope:	eq	version:	8.0	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	lt	version:	14.1.2.1	Trust: 1.0
vendor:	nodejs	model:	node.js	scope:	gte	version:	8.0.0	Trust: 1.0
vendor:	apple	model:	swiftnio	scope:	lte	version:	1.4.0	Trust: 1.0
vendor:	nodejs	model:	node.js	scope:	gte	version:	10.13.0	Trust: 1.0
vendor:	redhat	model:	jboss enterprise application platform	scope:	eq	version:	7.2.0	Trust: 1.0
vendor:	mcafee	model:	web gateway	scope:	lt	version:	7.8.2.13	Trust: 1.0
vendor:	debian	model:	linux	scope:	eq	version:	10.0	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	lt	version:	14.0.1.1	Trust: 1.0
vendor:	nodejs	model:	node.js	scope:	gte	version:	12.0.0	Trust: 1.0
vendor:	apache	model:	traffic server	scope:	lte	version:	7.1.6	Trust: 1.0
vendor:	redhat	model:	enterprise linux eus	scope:	eq	version:	8.1	Trust: 1.0
vendor:	akamai	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	amazon	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	apache traffic server	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	apple	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	cloudflare	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	envoy	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	facebook	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	go programming language	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	litespeed	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	microsoft	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	netty	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	node js	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	synology	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	twisted	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	ubuntu	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	grpc	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	nghttp2	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	nginx	model:	-	scope:	-	version:	-	Trust: 0.8

sources: CERT/CC: VU#605641 // NVD: CVE-2019-9514

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-9514
value:	HIGH
Trust: 1.0
cret@cert.org:	CVE-2019-9514
value:	HIGH
Trust: 1.0
CNNVD:	CNNVD-201908-931
value:	HIGH
Trust: 0.6
VULHUB:	VHN-160949
value:	HIGH
Trust: 0.1
VULMON:	CVE-2019-9514
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2019-9514
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1
VULHUB:	VHN-160949
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2019-9514
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0
cret@cert.org:	CVE-2019-9514
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.0
Trust: 1.0

sources: VULHUB: VHN-160949 // VULMON: CVE-2019-9514 // CNNVD: CNNVD-201908-931 // NVD: CVE-2019-9514 // NVD: CVE-2019-9514

PROBLEMTYPE DATA

problemtype:	CWE-400	Trust: 1.1
problemtype:	CWE-770	Trust: 1.1

sources: VULHUB: VHN-160949 // NVD: CVE-2019-9514

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201908-931

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201908-931

PATCH

title:	HTTP/2 Remedial measures to achieve security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=96615	Trust: 0.6
title:	Red Hat: Important: container-tools:1.0 security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20194273 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: go-toolset-1.11 and go-toolset-1.11-golang security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20192682 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: OpenShift Container Platform 3.11 HTTP/2 security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20193906 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: Red Hat OpenShift Container Platform 4.1 openshift RPM security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20192661 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: OpenShift Container Platform 4.2 security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20193245 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: go-toolset:rhel8 security and bug fix update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20192726 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: OpenShift Container Platform 4.1 security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20193265 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: containernetworking-plugins security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20200406 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: OpenShift Container Platform 4.1.20 golang security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20193131 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: OpenShift Container Platform 3.9 security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20192769 - Security Advisory	Trust: 0.1
title:	Debian CVElist Bug Report Logs: golang-1.13: CVE-2019-14809	url:	https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=4f1284fb5317a7db524840483ee9db6f	Trust: 0.1
title:	Red Hat: Important: OpenShift Container Platform 3.10 security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20192690 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: OpenShift Container Platform 4.1.18 gRPC security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20192861 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: container-tools:rhel8 security and bug fix update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20194269 - Security Advisory	Trust: 0.1
title:	Red Hat: CVE-2019-9514	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database&qid=CVE-2019-9514	Trust: 0.1
title:	Red Hat: Important: Red Hat OpenShift Enterprise 4.1.15 gRPC security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20192766 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: Red Hat Quay v3.1.1 security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20192966 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: Red Hat Single Sign-On 7.3.5 security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20194045 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.2.5 security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20194021 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: OpenShift Container Platform 4.1.14 security and bug fix update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20192594 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.2.5 on RHEL 6 security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20194018 - Security Advisory	Trust: 0.1
title:	Debian CVElist Bug Report Logs: CVE-2019-9512 CVE-2019-9514 CVE-2019-9515	url:	https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=7cb587dafb04d397dd392a7f09dec1d9	Trust: 0.1
title:	Debian CVElist Bug Report Logs: CVE-2019-9512 CVE-2019-9514 CVE-2019-9515	url:	https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=84ba5eefbc1d57b08d1c61852a12e026	Trust: 0.1
title:	Amazon Linux AMI: ALAS-2019-1270	url:	https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami&qid=ALAS-2019-1270	Trust: 0.1
title:	Debian Security Advisories: DSA-4503-1 golang-1.11 -- security update	url:	https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=99481074beb7ec3119ad722cad3dd9cc	Trust: 0.1
title:	Debian Security Advisories: DSA-4508-1 h2o -- security update	url:	https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=728a827d177258876055a9107f821dfe	Trust: 0.1
title:	Red Hat: Important: Red Hat Single Sign-On 7.3.5 security update on RHEL 7	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20194041 - Security Advisory	Trust: 0.1
title:	Arch Linux Issues:	url:	https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues&qid=CVE-2019-9514	Trust: 0.1
title:	Red Hat: Important: Red Hat Single Sign-On 7.3.5 security update on RHEL 8	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20194042 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: Red Hat Single Sign-On 7.3.5 security update on RHEL 6	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20194040 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.2.5 on RHEL 7 security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20194019 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.2.5 on RHEL 8 security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20194020 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: nodejs:10 security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20192925 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: rh-nodejs8-nodejs security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20192955 - Security Advisory	Trust: 0.1
title:	Debian Security Advisories: DSA-4520-1 trafficserver -- security update	url:	https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=3b21ecf9ab12cf6e0b56a2ef2ccf56b8	Trust: 0.1
title:	Red Hat: Important: Red Hat JBoss Fuse/A-MQ 6.3 R14 security and bug fix update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20194352 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: EAP Continuous Delivery Technical Preview Release 18 security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20202565 - Security Advisory	Trust: 0.1
title:	Apple: SwiftNIO HTTP/2 1.5.0	url:	https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=39f63f0751cdcda5bff86ad147e8e1d5	Trust: 0.1
title:	Arch Linux Advisories: [ASA-201908-15] go: multiple issues	url:	https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories&qid=ASA-201908-15	Trust: 0.1
title:	Red Hat: Important: rh-nodejs10-nodejs security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20192939 - Security Advisory	Trust: 0.1
title:	Ubuntu Security Notice: twisted vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-4308-1	Trust: 0.1
title:	Arch Linux Advisories: [ASA-201908-16] go-pie: multiple issues	url:	https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories&qid=ASA-201908-16	Trust: 0.1
title:	Red Hat: Important: Red Hat Data Grid 7.3.3 security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20200727 - Security Advisory	Trust: 0.1
title:	Debian Security Advisories: DSA-4669-1 nodejs -- security update	url:	https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=0919b27d8bf334fac6a8fbea7195b6b0	Trust: 0.1
title:	Red Hat: Important: Red Hat AMQ Broker 7.4.3 release and security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20201445 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: Red Hat AMQ Broker 7.6 release and security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20200922 - Security Advisory	Trust: 0.1
title:	Amazon Linux 2: ALAS2-2019-1272	url:	https://vulmon.com/vendoradvisory?qidtp=amazon_linux2&qid=ALAS2-2019-1272	Trust: 0.1
title:	Red Hat: Important: Red Hat Fuse 7.6.0 security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20200983 - Security Advisory	Trust: 0.1
title:	IBM: Security Bulletin: IBM Cloud Transformation Advisor is affected by vulnerabilities in WebSphere Application Server Liberty (CVE-2019-9515, CVE-2019-9518, CVE-2019-9517, CVE-2019-9512, CVE-2019-9514, CVE-2019-9513)	url:	https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=cbf2ee0b22e92590472860fdb3718cab	Trust: 0.1
title:	Red Hat: Important: Red Hat Process Automation Manager 7.8.0 Security Update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20203197 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: Red Hat Fuse 7.5.0 security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20193892 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: Red Hat Decision Manager 7.8.0 Security Update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20203196 - Security Advisory	Trust: 0.1
title:	IBM: IBM Security Bulletin: Version 8.15.0 of Node.js included in IBM Cloud Event Management 2.3.0 has several security vulnerabilities.	url:	https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=3b9c6b5fbfb51d956856e88dff5a7acd	Trust: 0.1
title:	IBM: IBM Security Bulletin: Multiple vulnerabilities affect IBM® SDK for Node.js™ in IBM Cloud	url:	https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=89d19e42a01e098dd5f88e0433d2bb5d	Trust: 0.1
title:	IBM: IBM Security Bulletin: Node.js vulnerabilities affect IBM Spectrum Control (formerly Tivoli Storage Productivity Center) (CVE-2019-9511, CVE-2019-9512, CVE-2019-9513, CVE-2019-9514, CVE-2019-9515, CVE-2019-9516, CVE-2019-9517, CVE-2019-9518)	url:	https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=5ad9418973cac91ba73c01ad16b1f5a4	Trust: 0.1
title:	IBM: IBM Security Bulletin: Multiple vulnerabilities in Node.js affect IBM i	url:	https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=247686da02fe524817c1939b0f6b6a5c	Trust: 0.1
title:	IBM: Security Bulletin: IBM Cloud Transformation Advisor is affected by a Node.js vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=8f76cfb8f0c5ea84a0bc28705788f854	Trust: 0.1
title:	IBM: IBM Security Bulletin: Multiple vulnerabilities in Node.js affect IBM Cloud App Management	url:	https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=1ce0280dd79176d32c26f34906d1d4de	Trust: 0.1
title:	IBM: IBM Security Bulletin: Multiple vulnerabilities in Node.js affect IBM Cloud App Management	url:	https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=b76ff63209def4a949aa18bdf6b518b8	Trust: 0.1
title:	Red Hat: Important: Red Hat build of Thorntail 2.5.1 security and bug fix update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20202067 - Security Advisory	Trust: 0.1
title:	Fortinet Security Advisories: HTTP/2 Multiple DoS Attacks (VU#605641)	url:	https://vulmon.com/vendoradvisory?qidtp=fortinet_security_advisories&qid=FG-IR-19-225	Trust: 0.1
title:	metarget	url:	https://github.com/brant-ruan/metarget	Trust: 0.1
title:	Symantec Threat Intelligence Blog	url:	https://www.symantec.com/blogs/threat-intelligence/microsoft-patch-tuesday-august-2019	Trust: 0.1
title:	BleepingComputer	url:	https://www.bleepingcomputer.com/news/security/severe-flaws-in-kubernetes-expose-all-servers-to-dos-attacks/	Trust: 0.1
title:	Threatpost	url:	https://threatpost.com/http-bugs/147405/	Trust: 0.1

sources: VULMON: CVE-2019-9514 // CNNVD: CNNVD-201908-931

EXTERNAL IDS

db:	NVD	id:	CVE-2019-9514	Trust: 2.8
db:	CERT/CC	id:	VU#605641	Trust: 2.6
db:	MCAFEE	id:	SB10296	Trust: 1.8
db:	OPENWALL	id:	OSS-SECURITY/2019/08/20/1	Trust: 1.8
db:	OPENWALL	id:	OSS-SECURITY/2023/10/18/8	Trust: 1.0
db:	CNNVD	id:	CNNVD-201908-931	Trust: 0.7
db:	PACKETSTORM	id:	158651	Trust: 0.7
db:	PACKETSTORM	id:	155728	Trust: 0.7
db:	PACKETSTORM	id:	155520	Trust: 0.7
db:	PACKETSTORM	id:	155484	Trust: 0.7
db:	PACKETSTORM	id:	157214	Trust: 0.7
db:	PACKETSTORM	id:	155705	Trust: 0.7
db:	PACKETSTORM	id:	154135	Trust: 0.7
db:	PACKETSTORM	id:	157741	Trust: 0.6
db:	PACKETSTORM	id:	156852	Trust: 0.6
db:	PACKETSTORM	id:	156209	Trust: 0.6
db:	PACKETSTORM	id:	156941	Trust: 0.6
db:	PACKETSTORM	id:	158095	Trust: 0.6
db:	PACKETSTORM	id:	156628	Trust: 0.6
db:	PACKETSTORM	id:	155352	Trust: 0.6
db:	PACKETSTORM	id:	155396	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.4238	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.4737	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.4332	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.4324	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.1544	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.1030	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.2619	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.4533	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.0643	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.1766	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.3152	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.1076	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.0994	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.3114	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.3597.2	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.0007	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.4645	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.4596	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.4586	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.0100	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.4788	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.2071	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.4697	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.4484	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.1335	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.1427	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.4368	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.4665	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.0832	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.3597.3	Trust: 0.6
db:	CS-HELP	id:	SB2022072128	Trust: 0.6
db:	ICS CERT	id:	ICSA-19-346-01	Trust: 0.6
db:	NSFOCUS	id:	43921	Trust: 0.6
db:	PACKETSTORM	id:	158650	Trust: 0.1
db:	VULHUB	id:	VHN-160949	Trust: 0.1
db:	VULMON	id:	CVE-2019-9514	Trust: 0.1
db:	PACKETSTORM	id:	155479	Trust: 0.1
db:	PACKETSTORM	id:	155704	Trust: 0.1
db:	PACKETSTORM	id:	155517	Trust: 0.1
db:	PACKETSTORM	id:	154663	Trust: 0.1

sources: CERT/CC: VU#605641 // VULHUB: VHN-160949 // VULMON: CVE-2019-9514 // PACKETSTORM: 155728 // PACKETSTORM: 155479 // PACKETSTORM: 155520 // PACKETSTORM: 155484 // PACKETSTORM: 157214 // PACKETSTORM: 155704 // PACKETSTORM: 155705 // PACKETSTORM: 155517 // PACKETSTORM: 154663 // PACKETSTORM: 154135 // CNNVD: CNNVD-201908-931 // NVD: CVE-2019-9514

REFERENCES

url:	https://www.debian.org/security/2019/dsa-4503	Trust: 3.0
url:	https://github.com/netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md	Trust: 2.6
url:	https://www.synology.com/security/advisory/synology_sa_19_33	Trust: 2.6
url:	https://access.redhat.com/errata/rhsa-2019:4273	Trust: 2.6
url:	https://access.redhat.com/errata/rhsa-2019:4019	Trust: 2.5
url:	https://access.redhat.com/errata/rhsa-2019:4020	Trust: 2.5
url:	https://access.redhat.com/errata/rhsa-2019:4040	Trust: 2.5
url:	https://access.redhat.com/errata/rhsa-2019:4045	Trust: 2.5
url:	https://access.redhat.com/errata/rhsa-2019:4269	Trust: 2.5
url:	https://access.redhat.com/errata/rhsa-2019:4352	Trust: 2.5
url:	https://access.redhat.com/errata/rhsa-2019:3892	Trust: 2.4
url:	https://access.redhat.com/errata/rhsa-2019:4018	Trust: 2.4
url:	https://access.redhat.com/errata/rhsa-2019:4021	Trust: 2.4
url:	https://access.redhat.com/errata/rhsa-2019:4041	Trust: 2.4
url:	https://access.redhat.com/errata/rhsa-2019:4042	Trust: 2.4
url:	https://access.redhat.com/errata/rhsa-2019:2925	Trust: 1.9
url:	https://usn.ubuntu.com/4308-1/	Trust: 1.9
url:	https://seclists.org/bugtraq/2019/aug/24	Trust: 1.8
url:	https://seclists.org/bugtraq/2019/aug/31	Trust: 1.8
url:	https://seclists.org/bugtraq/2019/aug/43	Trust: 1.8
url:	https://seclists.org/bugtraq/2019/sep/18	Trust: 1.8
url:	https://kb.cert.org/vuls/id/605641/	Trust: 1.8
url:	https://security.netapp.com/advisory/ntap-20190823-0001/	Trust: 1.8
url:	https://security.netapp.com/advisory/ntap-20190823-0004/	Trust: 1.8
url:	https://security.netapp.com/advisory/ntap-20190823-0005/	Trust: 1.8
url:	https://support.f5.com/csp/article/k01988340	Trust: 1.8
url:	https://www.debian.org/security/2019/dsa-4508	Trust: 1.8
url:	https://www.debian.org/security/2019/dsa-4520	Trust: 1.8
url:	https://www.debian.org/security/2020/dsa-4669	Trust: 1.8
url:	http://seclists.org/fulldisclosure/2019/aug/16	Trust: 1.8
url:	https://lists.debian.org/debian-lts-announce/2020/12/msg00011.html	Trust: 1.8
url:	http://www.openwall.com/lists/oss-security/2019/08/20/1	Trust: 1.8
url:	https://access.redhat.com/errata/rhsa-2019:2594	Trust: 1.8
url:	https://access.redhat.com/errata/rhsa-2019:2661	Trust: 1.8
url:	https://access.redhat.com/errata/rhsa-2019:2682	Trust: 1.8
url:	https://access.redhat.com/errata/rhsa-2019:2690	Trust: 1.8
url:	https://access.redhat.com/errata/rhsa-2019:2726	Trust: 1.8
url:	https://access.redhat.com/errata/rhsa-2019:2766	Trust: 1.8
url:	https://access.redhat.com/errata/rhsa-2019:2769	Trust: 1.8
url:	https://access.redhat.com/errata/rhsa-2019:2796	Trust: 1.8
url:	https://access.redhat.com/errata/rhsa-2019:2861	Trust: 1.8
url:	https://access.redhat.com/errata/rhsa-2019:2939	Trust: 1.8
url:	https://access.redhat.com/errata/rhsa-2019:2955	Trust: 1.8
url:	https://access.redhat.com/errata/rhsa-2019:2966	Trust: 1.8
url:	https://access.redhat.com/errata/rhsa-2019:3131	Trust: 1.8
url:	https://access.redhat.com/errata/rhsa-2019:3245	Trust: 1.8
url:	https://access.redhat.com/errata/rhsa-2019:3265	Trust: 1.8
url:	https://access.redhat.com/errata/rhsa-2019:3906	Trust: 1.8
url:	https://access.redhat.com/errata/rhsa-2020:0406	Trust: 1.8
url:	https://access.redhat.com/errata/rhsa-2020:0727	Trust: 1.8
url:	http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00076.html	Trust: 1.8
url:	http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00002.html	Trust: 1.8
url:	http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00011.html	Trust: 1.8
url:	http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00021.html	Trust: 1.8
url:	http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00032.html	Trust: 1.8
url:	http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00031.html	Trust: 1.8
url:	http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00038.html	Trust: 1.8
url:	https://kc.mcafee.com/corporate/index?page=content&id=sb10296	Trust: 1.7
url:	https://blogs.akamai.com/sitr/2019/08/http2-vulnerabilities.html	Trust: 1.6
url:	https://nvd.nist.gov/vuln/detail/cve-2019-9514	Trust: 1.6
url:	https://nvd.nist.gov/vuln/detail/cve-2019-9512	Trust: 1.0
url:	http://www.openwall.com/lists/oss-security/2023/10/18/8	Trust: 1.0
url:	https://lists.apache.org/thread.html/ad3d01e767199c1aed8033bb6b3f5bf98c011c7c536f07a5d34b3c19%40%3cannounce.trafficserver.apache.org%3e	Trust: 1.0
url:	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4zqghe3wtylyayjeidjvf2figqtaypmc/	Trust: 1.0
url:	https://lists.apache.org/thread.html/392108390cef48af647a2e47b7fd5380e050e35ae8d1aa2030254c04%40%3cusers.trafficserver.apache.org%3e	Trust: 1.0
url:	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/cmnfx5mnyrwwimo4btkyqcgudmho3axp/	Trust: 1.0
url:	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/lyo6e3h34c346d2e443glxk7ok6kiyiq/	Trust: 1.0
url:	https://support.f5.com/csp/article/k01988340?utm_source=f5support&amp%3butm_medium=rss	Trust: 1.0
url:	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4bbp27pzgsy6op6d26e5fw4gzkbfhnu7/	Trust: 1.0
url:	https://lists.apache.org/thread.html/bde52309316ae798186d783a5e29f4ad1527f61c9219a289d0eee0a7%40%3cdev.trafficserver.apache.org%3e	Trust: 1.0
url:	https://access.redhat.com/security/updates/classification/#important	Trust: 0.9
url:	https://access.redhat.com/security/cve/cve-2019-9512	Trust: 0.9
url:	https://access.redhat.com/security/cve/cve-2019-9514	Trust: 0.9
url:	https://access.redhat.com/security/team/contact/	Trust: 0.9
url:	https://www.redhat.com/mailman/listinfo/rhsa-announce	Trust: 0.9
url:	https://bugzilla.redhat.com/):	Trust: 0.9
url:	https://vuls.cert.org/confluence/pages/viewpage.action?pageid=56393752	Trust: 0.8
url:	https://tools.ietf.org/html/rfc7540	Trust: 0.8
url:	https://tools.ietf.org/html/rfc7541	Trust: 0.8
url:	https://blog.cloudflare.com/on-the-recent-http-2-dos-attacks/	Trust: 0.8
url:	https://blog.litespeedtech.com/2019/08/15/litespeed-addresses-http-2-dos-advisories/	Trust: 0.8
url:	https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-9511https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-9512https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-9513https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-9514https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-9518	Trust: 0.8
url:	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/lyo6e3h34c346d2e443glxk7ok6kiyiq/	Trust: 0.8
url:	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/cmnfx5mnyrwwimo4btkyqcgudmho3axp/	Trust: 0.8
url:	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4bbp27pzgsy6op6d26e5fw4gzkbfhnu7/	Trust: 0.8
url:	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4zqghe3wtylyayjeidjvf2figqtaypmc/	Trust: 0.8
url:	https://lists.apache.org/thread.html/ad3d01e767199c1aed8033bb6b3f5bf98c011c7c536f07a5d34b3c19@%3cannounce.trafficserver.apache.org%3e	Trust: 0.8
url:	https://lists.apache.org/thread.html/bde52309316ae798186d783a5e29f4ad1527f61c9219a289d0eee0a7@%3cdev.trafficserver.apache.org%3e	Trust: 0.8
url:	https://lists.apache.org/thread.html/392108390cef48af647a2e47b7fd5380e050e35ae8d1aa2030254c04@%3cusers.trafficserver.apache.org%3e	Trust: 0.8
url:	https://support.f5.com/csp/article/k01988340?utm_source=f5support&utm_medium=rss	Trust: 0.7
url:	https://nvd.nist.gov/vuln/detail/cve-2019-9515	Trust: 0.7
url:	https://access.redhat.com/security/cve/cve-2019-9515	Trust: 0.7
url:	https://access.redhat.com/articles/11258	Trust: 0.6
url:	https://access.redhat.com/security/team/key/	Trust: 0.6
url:	http2-cves/	Trust: 0.6
url:	https://www.cloudfoundry.org/blog/various-	Trust: 0.6
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9518	Trust: 0.6
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9517	Trust: 0.6
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9516	Trust: 0.6
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9515	Trust: 0.6
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9514	Trust: 0.6
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9513	Trust: 0.6
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9512	Trust: 0.6
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9511	Trust: 0.6
url:	https://support.apple.com/en-au/ht210436	Trust: 0.6
url:	https://support.f5.com/csp/article/k50233772	Trust: 0.6
url:	https://www.ibm.com/support/pages/node/1126605	Trust: 0.6
url:	https://www.suse.com/support/update/announcement/2019/suse-su-201914246-1.html	Trust: 0.6
url:	https://www.ibm.com/support/pages/node/1104951	Trust: 0.6
url:	https://access.redhat.com/errata/rhsa-2019:3905	Trust: 0.6
url:	https://www.us-cert.gov/ics/advisories/icsa-19-346-01	Trust: 0.6
url:	https://www.ibm.com/support/pages/node/1109787	Trust: 0.6
url:	https://www.ibm.com/support/pages/node/1109781	Trust: 0.6
url:	https://www.ibm.com/support/pages/node/1108515	Trust: 0.6
url:	https://www.ibm.com/support/pages/node/1109775	Trust: 0.6
url:	https://www.ibm.com/support/pages/node/1165894	Trust: 0.6
url:	https://www.ibm.com/support/pages/node/1165906	Trust: 0.6
url:	https://www.ibm.com/support/pages/node/1135167	Trust: 0.6
url:	https://www.ibm.com/support/pages/node/1164346	Trust: 0.6
url:	https://www.ibm.com/support/pages/node/1164364	Trust: 0.6
url:	https://www.suse.com/support/update/announcement/2020/suse-su-20200059-1.html	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-dependent-libraries-affect-ibm-db2-leading-to-denial-of-service-or-privilege-escalation/	Trust: 0.6
url:	https://www.ibm.com/support/pages/node/1128387	Trust: 0.6
url:	https://packetstormsecurity.com/files/157214/red-hat-security-advisory-2020-1445-01.html	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.4368/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.4788/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.4586/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.0994/	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-node-js-affect-ibm-spectrum-protect-plus-cve-2019-15606-cve-2019-15604-cve-2019-15605-cve-2019-9511-cve-2019-9516-cve-2019-9512-cve-2019-9517-cve-2019-951/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.4332/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.0643/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.4484/	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-have-been-identified-in-db2-that-affect-the-ibm-performance-management-product/	Trust: 0.6
url:	http2-implementation-vulnerablility/	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-websphere-liberty-susceptible-to-	Trust: 0.6
url:	https://packetstormsecurity.com/files/155728/red-hat-security-advisory-2019-4352-01.html	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.2619/	Trust: 0.6
url:	https://portal.msrc.microsoft.com/zh-cn/security-guidance/advisory/cve-2019-9514	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.3114/	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-kubernetes-affect-ibm-infosphere-information-server/	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-websphere-application-server-liberty-affect-ibm-spectrum-protect-operations-center-and-client-management-service/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.1335/	Trust: 0.6
url:	https://packetstormsecurity.com/files/157741/red-hat-security-advisory-2020-2067-01.html	Trust: 0.6
url:	https://packetstormsecurity.com/files/156209/red-hat-security-advisory-2020-0406-01.html	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.3597.3/	Trust: 0.6
url:	https://packetstormsecurity.com/files/158095/red-hat-security-advisory-2020-2565-01.html	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.4737/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.0832/	Trust: 0.6
url:	https://www.ibm.com/support/pages/node/1137466	Trust: 0.6
url:	https://vigilance.fr/vulnerability/http-2-multiple-vulnerabilities-30040	Trust: 0.6
url:	https://packetstormsecurity.com/files/155484/red-hat-security-advisory-2019-4019-01.html	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-netty-affect-ibm-operations-analytics-predictive-insights-cve-2019-9514-cve-2019-9512-cve-2019-9518-cve-2019-9515/	Trust: 0.6
url:	http://www.nsfocus.net/vulndb/43921	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.1076/	Trust: 0.6
url:	https://packetstormsecurity.com/files/156628/red-hat-security-advisory-2020-0727-01.html	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-dependent-libraries-affect-ibm-db2-leading-to-denial-of-service-or-privilege-escalation-3/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.1544/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.2071/	Trust: 0.6
url:	https://www.ibm.com/support/pages/node/1127397	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.1427/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.4645/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.3597.2/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.4665/	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-ibm-watson-discovery-for-ibm-cloud-pak-for-data-affected-by-vulnerability-in-netty/	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-netty-affect-ibm-netcool-agile-service-manager/	Trust: 0.6
url:	https://pivotal.io/security/cve-2019-9517	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.4697/	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-ibm-db2-warehouse-has-released-a-fix-in-response-to-multiple-vulnerabilities-found-in-ibm-db2/	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-transformation-advisor-is-affected-by-vulnerabilities-in-websphere-application-server-liberty-cve-2019-9515-cve-2019-9518-cve-2019-9517-cve-2019-9512-cve-2019-9514-c/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.4596/	Trust: 0.6
url:	https://support.apple.com/en-us/ht210436	Trust: 0.6
url:	https://packetstormsecurity.com/files/155520/red-hat-security-advisory-2019-4045-01.html	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-in-ibm-websphere-application-server-affect-ibm-sterling-b2b-integrator/	Trust: 0.6
url:	https://www.ibm.com/support/pages/node/1128279	Trust: 0.6
url:	https://packetstormsecurity.com/files/156852/red-hat-security-advisory-2020-0922-01.html	Trust: 0.6
url:	https://packetstormsecurity.com/files/156941/red-hat-security-advisory-2020-0983-01.html	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.1766/	Trust: 0.6
url:	https://packetstormsecurity.com/files/154135/debian-security-advisory-4503-1.html	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022072128	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.3152/	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-dependent-libraries-affect-ibm-db2-leading-to-denial-of-service-or-privilege-escalation-2/	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-ibm-infosphere-information-server-is-affected-by-multiple-vulnerabilities-in-websphere-application-server-liberty/	Trust: 0.6
url:	https://packetstormsecurity.com/files/158651/red-hat-security-advisory-2020-3197-01.html	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.4324/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.4533/	Trust: 0.6
url:	https://www.ibm.com/support/pages/node/1150960	Trust: 0.6
url:	https://packetstormsecurity.com/files/155396/red-hat-security-advisory-2019-3906-01.html	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.0100/	Trust: 0.6
url:	https://packetstormsecurity.com/files/155705/red-hat-security-advisory-2019-4273-01.html	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.0007/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.4238/	Trust: 0.6
url:	https://packetstormsecurity.com/files/155352/red-hat-security-advisory-2019-3892-01.html	Trust: 0.6
url:	https://www.ibm.com/support/pages/node/1165852	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.1030/	Trust: 0.6
url:	https://www.ibm.com/support/pages/node/1127853	Trust: 0.6
url:	https://www.ibm.com/support/pages/node/1168528	Trust: 0.6
url:	https://issues.jboss.org/):	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2019-9511	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2019-9511	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2019-14843	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2019-14838	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2019-14843	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2019-14838	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2019-9518	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2019-9518	Trust: 0.3
url:	https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.2/html-single/installation_guide/	Trust: 0.2
url:	https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.2/	Trust: 0.2
url:	https://access.redhat.com/documentation/en-us/red_hat_single_sign-on/7.3/	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2019-14837	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2019-14837	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2019-9517	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2019-9517	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2019-9516	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2019-9516	Trust: 0.2
url:	https://kc.mcafee.com/corporate/index?page=content&id=sb10296	Trust: 0.1
url:	https://support.f5.com/csp/article/k01988340?utm_source=f5support&amp;utm_medium=rss	Trust: 0.1
url:	https://cwe.mitre.org/data/definitions/770.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://www.kb.cert.org/vuls/id/605641	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-10173	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-10173	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-0201	Trust: 0.1
url:	https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=jboss.fuse&downloadtype=securitypatches&version=6.3	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-12384	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-0201	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-12384	Trust: 0.1
url:	https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=jboss.amq.broker&downloadtype=securitypatches&version=6.3.0	Trust: 0.1
url:	https://access.redhat.com/documentation/en-us/red_hat_jboss_fuse/6.3/html/release_notes/index	Trust: 0.1
url:	https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=core.service.rhsso&downloadtype=securitypatches&version=7.3	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-0222	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-20444	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-10247	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-20445	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-20444	Trust: 0.1
url:	https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions&product=jboss.amq.broker&version=7.4.3	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-16869	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-0222	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-7238	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2020:1445	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-7238	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-10241	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-10247	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-16869	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-10241	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-20445	Trust: 0.1
url:	https://access.redhat.com/documentation/en-us/red_hat_amq/7.4/	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-16884	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-16884	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-9513	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-9513	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-14809	Trust: 0.1
url:	https://www.debian.org/security/faq	Trust: 0.1
url:	https://www.debian.org/security/	Trust: 0.1
url:	https://security-tracker.debian.org/tracker/golang-1.11	Trust: 0.1

CREDITS

Red Hat

Trust: 0.9

sources: PACKETSTORM: 155728 // PACKETSTORM: 155479 // PACKETSTORM: 155520 // PACKETSTORM: 155484 // PACKETSTORM: 157214 // PACKETSTORM: 155704 // PACKETSTORM: 155705 // PACKETSTORM: 155517 // PACKETSTORM: 154663

SOURCES

db:	CERT/CC	id:	VU#605641
db:	VULHUB	id:	VHN-160949
db:	VULMON	id:	CVE-2019-9514
db:	PACKETSTORM	id:	155728
db:	PACKETSTORM	id:	155479
db:	PACKETSTORM	id:	155520
db:	PACKETSTORM	id:	155484
db:	PACKETSTORM	id:	157214
db:	PACKETSTORM	id:	155704
db:	PACKETSTORM	id:	155705
db:	PACKETSTORM	id:	155517
db:	PACKETSTORM	id:	154663
db:	PACKETSTORM	id:	154135
db:	CNNVD	id:	CNNVD-201908-931
db:	NVD	id:	CVE-2019-9514

LAST UPDATE DATE

2025-04-28T22:49:54.988000+00:00

SOURCES UPDATE DATE

db:	CERT/CC	id:	VU#605641	date:	2019-11-19T00:00:00
db:	VULHUB	id:	VHN-160949	date:	2020-10-22T00:00:00
db:	VULMON	id:	CVE-2019-9514	date:	2020-12-09T00:00:00
db:	CNNVD	id:	CNNVD-201908-931	date:	2022-07-22T00:00:00
db:	NVD	id:	CVE-2019-9514	date:	2025-01-14T19:29:55.853

SOURCES RELEASE DATE

db:	CERT/CC	id:	VU#605641	date:	2019-08-13T00:00:00
db:	VULHUB	id:	VHN-160949	date:	2019-08-13T00:00:00
db:	VULMON	id:	CVE-2019-9514	date:	2019-08-13T00:00:00
db:	PACKETSTORM	id:	155728	date:	2019-12-19T22:07:40
db:	PACKETSTORM	id:	155479	date:	2019-11-27T15:37:53
db:	PACKETSTORM	id:	155520	date:	2019-12-02T19:20:27
db:	PACKETSTORM	id:	155484	date:	2019-11-27T15:43:14
db:	PACKETSTORM	id:	157214	date:	2020-04-14T15:39:41
db:	PACKETSTORM	id:	155704	date:	2019-12-17T15:42:47
db:	PACKETSTORM	id:	155705	date:	2019-12-17T15:43:02
db:	PACKETSTORM	id:	155517	date:	2019-12-02T19:18:53
db:	PACKETSTORM	id:	154663	date:	2019-09-30T13:33:33
db:	PACKETSTORM	id:	154135	date:	2019-08-19T15:07:50
db:	CNNVD	id:	CNNVD-201908-931	date:	2019-08-13T00:00:00
db:	NVD	id:	CVE-2019-9514	date:	2019-08-13T21:15:12.443