Details of VAR-201908-0421

ID

VAR-201908-0421

CVE

CVE-2019-9511

TITLE

HTTP/2 implementations do not robustly handle abnormal traffic and resource exhaustion

Trust: 0.8

sources: CERT/CC: VU#605641

DESCRIPTION

Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service. The attacker requests a large amount of data from a specified resource over multiple streams. They manipulate window size and stream priority to force the server to queue the data in 1-byte chunks. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both. Multiple HTTP/2 implementations are vulnerable to a variety of denial-of-service (DoS) attacks. HTTP/2 is the second version of the hypertext transfer protocol, which is mainly used to ensure the communication between the client and the server. A resource management error vulnerability exists in HTTP/2. An attacker could exploit this vulnerability to cause a denial of service. The following advisory data is extracted from: https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_5856.json Red Hat officially shut down their mailing list notifications October 10, 2023. Due to this, Packet Storm has recreated the below data as a reference point to raise awareness. It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment. Description: Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. Solution: Before applying this update, ensure all previously released errata relevant to your system have been applied. JIRA issues fixed (https://issues.jboss.org/): JBEAP-17075 - (7.2.z) Upgrade yasson from 1.0.2.redhat-00001 to 1.0.5 JBEAP-17220 - (7.2.x) HHH-13504 Upgrade ByteBuddy to 1.9.11 JBEAP-17365 - [GSS](7.2.z) Upgrade RESTEasy from 3.6.1.SP6 to 3.6.1.SP7 JBEAP-17476 - [GSS](7.2.z) Upgrade Generic JMS RA 2.0.2.Final JBEAP-17478 - [GSS](7.2.z) Upgrade JBoss Remoting from 5.0.14.SP1 to 5.0.16.Final JBEAP-17483 - [GSS](7.2.z) Upgrade Apache CXF from 3.2.9 to 3.2.10 JBEAP-17495 - (7.2.z) Upgrade PicketLink from 2.5.5.SP12-redhat-00007 to 2.5.5.SP12-redhat-00009 JBEAP-17496 - (7.2.z) Upgrade PicketLink bindings from 2.5.5.SP12-redhat-00007 to 2.5.5.SP12-redhat-00009 JBEAP-17513 - [GSS](7.2.z) Upgrade Hibernate ORM from 5.3.11.SP1 to 5.3.13 JBEAP-17521 - (7.2.z) Upgrade picketbox from 5.0.3.Final-redhat-00004 to 5.0.3.Final-redhat-00005 JBEAP-17523 - [GSS](7.2.z) Upgrade wildfly-core from 6.0.16 to 6.0.17 JBEAP-17547 - [GSS](7.2.z) Upgrade Elytron-Tool from 1.4.3 to 1.4.4.Final JBEAP-17548 - [GSS](7.2.z) Upgrade Elytron from 1.6.4.Final-redhat-00001 to 1.6.5.Final-redhat-00001 JBEAP-17560 - [GSS](7.2.z) Upgrade HAL from 3.0.16 to 3.0.17 JBEAP-17579 - [GSS](7.2.z) Upgrade JBoss MSC from 1.4.8 to 1.4.11 JBEAP-17582 - [GSS](7.2.z) Upgrade JSF based on Mojarra 2.3.5.SP3-redhat-00002 to 2.3.5.SP3-redhat-00003 JBEAP-17605 - Tracker bug for the EAP 7.2.5 release for RHEL-8 JBEAP-17631 - [GSS](7.2.z) Upgrade Undertow from 2.0.25.SP1 to 2.0.26.SP3 JBEAP-17647 - [GSS](7.2.z) Upgrade IronJacamar from 1.4.17.Final to 1.4.18.Final JBEAP-17665 - [GSS](7.2.z) Upgrade XNIO from 3.7.3.Final-redhat-00001 to 3.7.6.Final JBEAP-17722 - [GSS](7.2.z) Upgrade wildfly-http-client from 1.0.15.Final-redhat-00001 to 1.0.17.Final JBEAP-17874 - (7.2.z) Upgrade to wildfly-openssl 1.0.8 JBEAP-17880 - (7.2.z) Upgrade XNIO from 3.7.6.Final-redhat-00001 to 3.7.6.SP1 7. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: rh-nodejs8-nodejs security update Advisory ID: RHSA-2019:2955-01 Product: Red Hat Software Collections Advisory URL: https://access.redhat.com/errata/RHSA-2019:2955 Issue date: 2019-10-02 CVE Names: CVE-2019-9511 CVE-2019-9512 CVE-2019-9513 CVE-2019-9514 CVE-2019-9515 CVE-2019-9516 CVE-2019-9517 CVE-2019-9518 ==================================================================== 1. Summary: An update for rh-nodejs8-nodejs is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - aarch64, noarch, ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5) - noarch, ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6) - noarch, ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7) - noarch, ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64 3. Description: Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: rh-nodejs8-nodejs (8.16.1). Security Fix(es): * HTTP/2: large amount of data requests leads to denial of service (CVE-2019-9511) * HTTP/2: flood using PING frames results in unbounded memory growth (CVE-2019-9512) * HTTP/2: flood using PRIORITY frames results in excessive resource consumption (CVE-2019-9513) * HTTP/2: flood using HEADERS frames results in unbounded memory growth (CVE-2019-9514) * HTTP/2: flood using SETTINGS frames results in unbounded memory growth (CVE-2019-9515) * HTTP/2: 0-length headers lead to denial of service (CVE-2019-9516) * HTTP/2: request for large response leads to denial of service (CVE-2019-9517) * HTTP/2: flood using empty frames results in excessive resource consumption (CVE-2019-9518) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1735645 - CVE-2019-9512 HTTP/2: flood using PING frames results in unbounded memory growth 1735741 - CVE-2019-9513 HTTP/2: flood using PRIORITY frames results in excessive resource consumption 1735744 - CVE-2019-9514 HTTP/2: flood using HEADERS frames results in unbounded memory growth 1735745 - CVE-2019-9515 HTTP/2: flood using SETTINGS frames results in unbounded memory growth 1735749 - CVE-2019-9518 HTTP/2: flood using empty frames results in excessive resource consumption 1741860 - CVE-2019-9511 HTTP/2: large amount of data requests leads to denial of service 1741864 - CVE-2019-9516 HTTP/2: 0-length headers lead to denial of service 1741868 - CVE-2019-9517 HTTP/2: request for large response leads to denial of service 6. Package List: Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7): Source: rh-nodejs8-3.0-5.el7.src.rpm rh-nodejs8-nodejs-8.16.1-2.el7.src.rpm aarch64: rh-nodejs8-3.0-5.el7.aarch64.rpm rh-nodejs8-nodejs-8.16.1-2.el7.aarch64.rpm rh-nodejs8-nodejs-debuginfo-8.16.1-2.el7.aarch64.rpm rh-nodejs8-nodejs-devel-8.16.1-2.el7.aarch64.rpm rh-nodejs8-npm-6.4.1-8.16.1.2.el7.aarch64.rpm rh-nodejs8-runtime-3.0-5.el7.aarch64.rpm rh-nodejs8-scldevel-3.0-5.el7.aarch64.rpm noarch: rh-nodejs8-nodejs-docs-8.16.1-2.el7.noarch.rpm ppc64le: rh-nodejs8-3.0-5.el7.ppc64le.rpm rh-nodejs8-nodejs-8.16.1-2.el7.ppc64le.rpm rh-nodejs8-nodejs-debuginfo-8.16.1-2.el7.ppc64le.rpm rh-nodejs8-nodejs-devel-8.16.1-2.el7.ppc64le.rpm rh-nodejs8-npm-6.4.1-8.16.1.2.el7.ppc64le.rpm rh-nodejs8-runtime-3.0-5.el7.ppc64le.rpm rh-nodejs8-scldevel-3.0-5.el7.ppc64le.rpm s390x: rh-nodejs8-3.0-5.el7.s390x.rpm rh-nodejs8-nodejs-8.16.1-2.el7.s390x.rpm rh-nodejs8-nodejs-debuginfo-8.16.1-2.el7.s390x.rpm rh-nodejs8-nodejs-devel-8.16.1-2.el7.s390x.rpm rh-nodejs8-npm-6.4.1-8.16.1.2.el7.s390x.rpm rh-nodejs8-runtime-3.0-5.el7.s390x.rpm rh-nodejs8-scldevel-3.0-5.el7.s390x.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7): Source: rh-nodejs8-3.0-5.el7.src.rpm rh-nodejs8-nodejs-8.16.1-2.el7.src.rpm aarch64: rh-nodejs8-3.0-5.el7.aarch64.rpm rh-nodejs8-nodejs-8.16.1-2.el7.aarch64.rpm rh-nodejs8-nodejs-debuginfo-8.16.1-2.el7.aarch64.rpm rh-nodejs8-nodejs-devel-8.16.1-2.el7.aarch64.rpm rh-nodejs8-npm-6.4.1-8.16.1.2.el7.aarch64.rpm rh-nodejs8-runtime-3.0-5.el7.aarch64.rpm rh-nodejs8-scldevel-3.0-5.el7.aarch64.rpm noarch: rh-nodejs8-nodejs-docs-8.16.1-2.el7.noarch.rpm ppc64le: rh-nodejs8-3.0-5.el7.ppc64le.rpm rh-nodejs8-nodejs-8.16.1-2.el7.ppc64le.rpm rh-nodejs8-nodejs-debuginfo-8.16.1-2.el7.ppc64le.rpm rh-nodejs8-nodejs-devel-8.16.1-2.el7.ppc64le.rpm rh-nodejs8-npm-6.4.1-8.16.1.2.el7.ppc64le.rpm rh-nodejs8-runtime-3.0-5.el7.ppc64le.rpm rh-nodejs8-scldevel-3.0-5.el7.ppc64le.rpm s390x: rh-nodejs8-3.0-5.el7.s390x.rpm rh-nodejs8-nodejs-8.16.1-2.el7.s390x.rpm rh-nodejs8-nodejs-debuginfo-8.16.1-2.el7.s390x.rpm rh-nodejs8-nodejs-devel-8.16.1-2.el7.s390x.rpm rh-nodejs8-npm-6.4.1-8.16.1.2.el7.s390x.rpm rh-nodejs8-runtime-3.0-5.el7.s390x.rpm rh-nodejs8-scldevel-3.0-5.el7.s390x.rpm x86_64: rh-nodejs8-3.0-5.el7.x86_64.rpm rh-nodejs8-nodejs-8.16.1-2.el7.x86_64.rpm rh-nodejs8-nodejs-debuginfo-8.16.1-2.el7.x86_64.rpm rh-nodejs8-nodejs-devel-8.16.1-2.el7.x86_64.rpm rh-nodejs8-npm-6.4.1-8.16.1.2.el7.x86_64.rpm rh-nodejs8-runtime-3.0-5.el7.x86_64.rpm rh-nodejs8-scldevel-3.0-5.el7.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5): Source: rh-nodejs8-3.0-5.el7.src.rpm rh-nodejs8-nodejs-8.16.1-2.el7.src.rpm noarch: rh-nodejs8-nodejs-docs-8.16.1-2.el7.noarch.rpm ppc64le: rh-nodejs8-3.0-5.el7.ppc64le.rpm rh-nodejs8-nodejs-8.16.1-2.el7.ppc64le.rpm rh-nodejs8-nodejs-debuginfo-8.16.1-2.el7.ppc64le.rpm rh-nodejs8-nodejs-devel-8.16.1-2.el7.ppc64le.rpm rh-nodejs8-npm-6.4.1-8.16.1.2.el7.ppc64le.rpm rh-nodejs8-runtime-3.0-5.el7.ppc64le.rpm rh-nodejs8-scldevel-3.0-5.el7.ppc64le.rpm s390x: rh-nodejs8-3.0-5.el7.s390x.rpm rh-nodejs8-nodejs-8.16.1-2.el7.s390x.rpm rh-nodejs8-nodejs-debuginfo-8.16.1-2.el7.s390x.rpm rh-nodejs8-nodejs-devel-8.16.1-2.el7.s390x.rpm rh-nodejs8-npm-6.4.1-8.16.1.2.el7.s390x.rpm rh-nodejs8-runtime-3.0-5.el7.s390x.rpm rh-nodejs8-scldevel-3.0-5.el7.s390x.rpm x86_64: rh-nodejs8-3.0-5.el7.x86_64.rpm rh-nodejs8-nodejs-8.16.1-2.el7.x86_64.rpm rh-nodejs8-nodejs-debuginfo-8.16.1-2.el7.x86_64.rpm rh-nodejs8-nodejs-devel-8.16.1-2.el7.x86_64.rpm rh-nodejs8-npm-6.4.1-8.16.1.2.el7.x86_64.rpm rh-nodejs8-runtime-3.0-5.el7.x86_64.rpm rh-nodejs8-scldevel-3.0-5.el7.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6): Source: rh-nodejs8-3.0-5.el7.src.rpm rh-nodejs8-nodejs-8.16.1-2.el7.src.rpm noarch: rh-nodejs8-nodejs-docs-8.16.1-2.el7.noarch.rpm ppc64le: rh-nodejs8-3.0-5.el7.ppc64le.rpm rh-nodejs8-nodejs-8.16.1-2.el7.ppc64le.rpm rh-nodejs8-nodejs-debuginfo-8.16.1-2.el7.ppc64le.rpm rh-nodejs8-nodejs-devel-8.16.1-2.el7.ppc64le.rpm rh-nodejs8-npm-6.4.1-8.16.1.2.el7.ppc64le.rpm rh-nodejs8-runtime-3.0-5.el7.ppc64le.rpm rh-nodejs8-scldevel-3.0-5.el7.ppc64le.rpm s390x: rh-nodejs8-3.0-5.el7.s390x.rpm rh-nodejs8-nodejs-8.16.1-2.el7.s390x.rpm rh-nodejs8-nodejs-debuginfo-8.16.1-2.el7.s390x.rpm rh-nodejs8-nodejs-devel-8.16.1-2.el7.s390x.rpm rh-nodejs8-npm-6.4.1-8.16.1.2.el7.s390x.rpm rh-nodejs8-runtime-3.0-5.el7.s390x.rpm rh-nodejs8-scldevel-3.0-5.el7.s390x.rpm x86_64: rh-nodejs8-3.0-5.el7.x86_64.rpm rh-nodejs8-nodejs-8.16.1-2.el7.x86_64.rpm rh-nodejs8-nodejs-debuginfo-8.16.1-2.el7.x86_64.rpm rh-nodejs8-nodejs-devel-8.16.1-2.el7.x86_64.rpm rh-nodejs8-npm-6.4.1-8.16.1.2.el7.x86_64.rpm rh-nodejs8-runtime-3.0-5.el7.x86_64.rpm rh-nodejs8-scldevel-3.0-5.el7.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7): Source: rh-nodejs8-3.0-5.el7.src.rpm rh-nodejs8-nodejs-8.16.1-2.el7.src.rpm noarch: rh-nodejs8-nodejs-docs-8.16.1-2.el7.noarch.rpm ppc64le: rh-nodejs8-3.0-5.el7.ppc64le.rpm rh-nodejs8-nodejs-8.16.1-2.el7.ppc64le.rpm rh-nodejs8-nodejs-debuginfo-8.16.1-2.el7.ppc64le.rpm rh-nodejs8-nodejs-devel-8.16.1-2.el7.ppc64le.rpm rh-nodejs8-npm-6.4.1-8.16.1.2.el7.ppc64le.rpm rh-nodejs8-runtime-3.0-5.el7.ppc64le.rpm rh-nodejs8-scldevel-3.0-5.el7.ppc64le.rpm s390x: rh-nodejs8-3.0-5.el7.s390x.rpm rh-nodejs8-nodejs-8.16.1-2.el7.s390x.rpm rh-nodejs8-nodejs-debuginfo-8.16.1-2.el7.s390x.rpm rh-nodejs8-nodejs-devel-8.16.1-2.el7.s390x.rpm rh-nodejs8-npm-6.4.1-8.16.1.2.el7.s390x.rpm rh-nodejs8-runtime-3.0-5.el7.s390x.rpm rh-nodejs8-scldevel-3.0-5.el7.s390x.rpm x86_64: rh-nodejs8-3.0-5.el7.x86_64.rpm rh-nodejs8-nodejs-8.16.1-2.el7.x86_64.rpm rh-nodejs8-nodejs-debuginfo-8.16.1-2.el7.x86_64.rpm rh-nodejs8-nodejs-devel-8.16.1-2.el7.x86_64.rpm rh-nodejs8-npm-6.4.1-8.16.1.2.el7.x86_64.rpm rh-nodejs8-runtime-3.0-5.el7.x86_64.rpm rh-nodejs8-scldevel-3.0-5.el7.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7): Source: rh-nodejs8-3.0-5.el7.src.rpm rh-nodejs8-nodejs-8.16.1-2.el7.src.rpm noarch: rh-nodejs8-nodejs-docs-8.16.1-2.el7.noarch.rpm x86_64: rh-nodejs8-3.0-5.el7.x86_64.rpm rh-nodejs8-nodejs-8.16.1-2.el7.x86_64.rpm rh-nodejs8-nodejs-debuginfo-8.16.1-2.el7.x86_64.rpm rh-nodejs8-nodejs-devel-8.16.1-2.el7.x86_64.rpm rh-nodejs8-npm-6.4.1-8.16.1.2.el7.x86_64.rpm rh-nodejs8-runtime-3.0-5.el7.x86_64.rpm rh-nodejs8-scldevel-3.0-5.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2019-9511 https://access.redhat.com/security/cve/CVE-2019-9512 https://access.redhat.com/security/cve/CVE-2019-9513 https://access.redhat.com/security/cve/CVE-2019-9514 https://access.redhat.com/security/cve/CVE-2019-9515 https://access.redhat.com/security/cve/CVE-2019-9516 https://access.redhat.com/security/cve/CVE-2019-9517 https://access.redhat.com/security/cve/CVE-2019-9518 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXZSz+NzjgjWX9erEAQhrnQ//YWmbjNrYsOnrqBPWZDBil0Basr6JUpEe YoTqouv9A7gkpSoYLoCRE0E3tsTxHlQwJR91vlr/dPEtHbsF52YEGrumAQCK4H6b nEhOj2pH9UG+FcPUBkyHzNQXcWYLZ9vaxVCW4gUpxm0QggyigAOdIImlZkTGgcrI mWReipMFC8hBARJU/vQ0bCCj6LfOYnx4h2pu6Jzy+vkeVJDoCNAxGT5FwfaMZTUy T0y8dpzWSq/vg2Xd3JaYnoh70a8k62kEMH3VmCBNNU3aiMiXBeBMlS1i/q00IOJ+ fy/1STMJGt1tj6xfYNsZY5E+CPVm0ZvVlKfRi8DpxPWXI48a712XZ/XONYb2jDnt pmkNM62ZdjZahQwXyC+y8havivg7LcEzxV0G2yfkNIqM33Zplz0h4BOCmLuT4I84 BMylBIrODsw70uWbc1DcPsF8vhmxryGfNNQ9FCk+jH52lRi3YnWkhRBThY+rpAqZ qmfTb4m2kD0s45q85Xv87N9F2tZJjhfYQ0U2LyHkbQov0CFkNu4YcElKMclBvvvc lzostLzxOJYt/l3qgXp+RlQNnlQG/jsFrEmmhskjzFJ8a9fhtBWNFxMcQ+SDBrUK HSNNzBwQhHam6OPCqpyWYvFT/bRbHucyMI6pGZmpc+MQ5cMAjP1A0incXot30UDD wV7rh6lCkE8=S8e1 -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . Description: Nginx is a web server and a reverse proxy server for HTTP, SMTP, POP3 (Post Office Protocol 3) and IMAP protocols, with a focus on high concurrency, performance and low memory usage. You must restart the JBoss server process for the update to take effect. The References section of this erratum contains a download link (you must log in to download the update) 4. Description: This release adds the new Apache HTTP Server 2.4.37 packages that are part of the JBoss Core Services offering. This release serves as a replacement for Red Hat JBoss Core Services Pack Apache Server 2.4.29 and includes bug fixes and enhancements. Refer to the Release Notes for information on the most significant bug fixes and enhancements included in this release. After installing the updated packages, the httpd daemon will be restarted automatically. 8) - aarch64, noarch, ppc64le, s390x, x86_64 3

Trust: 2.43

sources: NVD: CVE-2019-9511 // CERT/CC: VU#605641 // VULHUB: VHN-160946 // PACKETSTORM: 180394 // PACKETSTORM: 155479 // PACKETSTORM: 154712 // PACKETSTORM: 154533 // PACKETSTORM: 155483 // PACKETSTORM: 158095 // PACKETSTORM: 155416 // PACKETSTORM: 154663

AFFECTED PRODUCTS

vendor:	redhat	model:	software collections	scope:	eq	version:	1.0	Trust: 1.0
vendor:	fedoraproject	model:	fedora	scope:	eq	version:	30	Trust: 1.0
vendor:	apache	model:	traffic server	scope:	lte	version:	8.0.3	Trust: 1.0
vendor:	debian	model:	linux	scope:	eq	version:	9.0	Trust: 1.0
vendor:	redhat	model:	quay	scope:	eq	version:	3.0.0	Trust: 1.0
vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	16.04	Trust: 1.0
vendor:	mcafee	model:	web gateway	scope:	lt	version:	7.7.2.24	Trust: 1.0
vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	19.04	Trust: 1.0
vendor:	redhat	model:	openshift service mesh	scope:	eq	version:	1.0	Trust: 1.0
vendor:	apache	model:	traffic server	scope:	gte	version:	6.0.0	Trust: 1.0
vendor:	f5	model:	nginx	scope:	lte	version:	1.17.2	Trust: 1.0
vendor:	apache	model:	traffic server	scope:	gte	version:	8.0.0	Trust: 1.0
vendor:	f5	model:	nginx	scope:	gte	version:	1.17.0	Trust: 1.0
vendor:	oracle	model:	graalvm	scope:	eq	version:	19.2.0	Trust: 1.0
vendor:	oracle	model:	enterprise communications broker	scope:	eq	version:	3.2.0	Trust: 1.0
vendor:	synology	model:	diskstation manager	scope:	eq	version:	6.2	Trust: 1.0
vendor:	nodejs	model:	node.js	scope:	lte	version:	10.12.0	Trust: 1.0
vendor:	f5	model:	nginx	scope:	lt	version:	1.16.1	Trust: 1.0
vendor:	apple	model:	swiftnio	scope:	gte	version:	1.0.0	Trust: 1.0
vendor:	oracle	model:	enterprise communications broker	scope:	eq	version:	3.1.0	Trust: 1.0
vendor:	nodejs	model:	node.js	scope:	gte	version:	10.0.0	Trust: 1.0
vendor:	nodejs	model:	node.js	scope:	lt	version:	10.16.3	Trust: 1.0
vendor:	mcafee	model:	web gateway	scope:	gte	version:	7.7.2.0	Trust: 1.0
vendor:	nodejs	model:	node.js	scope:	gte	version:	8.9.0	Trust: 1.0
vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	18.04	Trust: 1.0
vendor:	nodejs	model:	node.js	scope:	lt	version:	8.16.1	Trust: 1.0
vendor:	synology	model:	vs960hd	scope:	eq	version:	-	Trust: 1.0
vendor:	mcafee	model:	web gateway	scope:	gte	version:	8.1.0	Trust: 1.0
vendor:	apache	model:	traffic server	scope:	gte	version:	7.0.0	Trust: 1.0
vendor:	mcafee	model:	web gateway	scope:	lt	version:	8.2.0	Trust: 1.0
vendor:	f5	model:	nginx	scope:	gte	version:	1.9.5	Trust: 1.0
vendor:	opensuse	model:	leap	scope:	eq	version:	15.1	Trust: 1.0
vendor:	mcafee	model:	web gateway	scope:	gte	version:	7.8.2.0	Trust: 1.0
vendor:	nodejs	model:	node.js	scope:	lte	version:	8.8.1	Trust: 1.0
vendor:	fedoraproject	model:	fedora	scope:	eq	version:	29	Trust: 1.0
vendor:	opensuse	model:	leap	scope:	eq	version:	15.0	Trust: 1.0
vendor:	apache	model:	traffic server	scope:	lte	version:	6.2.3	Trust: 1.0
vendor:	redhat	model:	jboss core services	scope:	eq	version:	1.0	Trust: 1.0
vendor:	synology	model:	skynas	scope:	eq	version:	-	Trust: 1.0
vendor:	redhat	model:	jboss enterprise application platform	scope:	eq	version:	7.3.0	Trust: 1.0
vendor:	redhat	model:	enterprise linux	scope:	eq	version:	8.0	Trust: 1.0
vendor:	nodejs	model:	node.js	scope:	gte	version:	8.0.0	Trust: 1.0
vendor:	nodejs	model:	node.js	scope:	gte	version:	10.13.0	Trust: 1.0
vendor:	apple	model:	swiftnio	scope:	lte	version:	1.4.0	Trust: 1.0
vendor:	mcafee	model:	web gateway	scope:	lt	version:	7.8.2.13	Trust: 1.0
vendor:	debian	model:	linux	scope:	eq	version:	10.0	Trust: 1.0
vendor:	nodejs	model:	node.js	scope:	lt	version:	12.8.1	Trust: 1.0
vendor:	nodejs	model:	node.js	scope:	gte	version:	12.0.0	Trust: 1.0
vendor:	apache	model:	traffic server	scope:	lte	version:	7.1.6	Trust: 1.0
vendor:	redhat	model:	jboss enterprise application platform	scope:	eq	version:	7.2.0	Trust: 1.0
vendor:	akamai	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	amazon	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	apache traffic server	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	apple	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	cloudflare	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	envoy	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	facebook	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	go programming language	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	litespeed	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	microsoft	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	netty	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	node js	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	synology	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	twisted	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	ubuntu	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	grpc	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	nghttp2	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	nginx	model:	-	scope:	-	version:	-	Trust: 0.8

sources: CERT/CC: VU#605641 // NVD: CVE-2019-9511

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-9511
value:	HIGH
Trust: 1.0
cret@cert.org:	CVE-2019-9511
value:	HIGH
Trust: 1.0
CNNVD:	CNNVD-201908-924
value:	HIGH
Trust: 0.6
VULHUB:	VHN-160946
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2019-9511
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-160946
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2019-9511
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0
cret@cert.org:	CVE-2019-9511
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.0
Trust: 1.0

sources: VULHUB: VHN-160946 // CNNVD: CNNVD-201908-924 // NVD: CVE-2019-9511 // NVD: CVE-2019-9511

PROBLEMTYPE DATA

problemtype:	CWE-400	Trust: 1.1
problemtype:	CWE-770	Trust: 1.1

sources: VULHUB: VHN-160946 // NVD: CVE-2019-9511

THREAT TYPE

remote

Trust: 0.7

sources: PACKETSTORM: 180394 // CNNVD: CNNVD-201908-924

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201908-924

PATCH

title:

HTTP/2 Remedial measures to achieve security vulnerabilities

url:

http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=96609

Trust: 0.6

sources: CNNVD: CNNVD-201908-924

EXTERNAL IDS

db:	CERT/CC	id:	VU#605641	Trust: 2.5
db:	NVD	id:	CVE-2019-9511	Trust: 2.5
db:	MCAFEE	id:	SB10296	Trust: 1.7
db:	PACKETSTORM	id:	158636	Trust: 0.7
db:	PACKETSTORM	id:	154117	Trust: 0.7
db:	CNNVD	id:	CNNVD-201908-924	Trust: 0.7
db:	PACKETSTORM	id:	158095	Trust: 0.7
db:	AUSCERT	id:	ESB-2019.3116	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.2071	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.4788	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.1544	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.3129	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.2588	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.4343	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.3597.3	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.4645	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.4403	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.1335	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.3597.2	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.1766	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.4484	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.0100	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.1030	Trust: 0.6
db:	PACKETSTORM	id:	155484	Trust: 0.6
db:	PACKETSTORM	id:	155414	Trust: 0.6
db:	PACKETSTORM	id:	157214	Trust: 0.6
db:	PACKETSTORM	id:	156852	Trust: 0.6
db:	PACKETSTORM	id:	157741	Trust: 0.6
db:	NSFOCUS	id:	43918	Trust: 0.6
db:	PACKETSTORM	id:	154712	Trust: 0.2
db:	PACKETSTORM	id:	154663	Trust: 0.2
db:	PACKETSTORM	id:	154533	Trust: 0.2
db:	PACKETSTORM	id:	154725	Trust: 0.1
db:	PACKETSTORM	id:	154284	Trust: 0.1
db:	PACKETSTORM	id:	154693	Trust: 0.1
db:	PACKETSTORM	id:	154401	Trust: 0.1
db:	PACKETSTORM	id:	154510	Trust: 0.1
db:	PACKETSTORM	id:	154471	Trust: 0.1
db:	PACKETSTORM	id:	154699	Trust: 0.1
db:	PACKETSTORM	id:	154190	Trust: 0.1
db:	PACKETSTORM	id:	154470	Trust: 0.1
db:	PACKETSTORM	id:	154848	Trust: 0.1
db:	VULHUB	id:	VHN-160946	Trust: 0.1
db:	PACKETSTORM	id:	180394	Trust: 0.1
db:	PACKETSTORM	id:	155479	Trust: 0.1
db:	PACKETSTORM	id:	155483	Trust: 0.1
db:	PACKETSTORM	id:	155416	Trust: 0.1

sources: CERT/CC: VU#605641 // VULHUB: VHN-160946 // PACKETSTORM: 180394 // PACKETSTORM: 155479 // PACKETSTORM: 154712 // PACKETSTORM: 154533 // PACKETSTORM: 155483 // PACKETSTORM: 158095 // PACKETSTORM: 155416 // PACKETSTORM: 154663 // CNNVD: CNNVD-201908-924 // NVD: CVE-2019-9511

REFERENCES

url:	https://github.com/netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md	Trust: 2.5
url:	https://www.synology.com/security/advisory/synology_sa_19_33	Trust: 2.5
url:	https://access.redhat.com/errata/rhsa-2019:3933	Trust: 2.4
url:	https://access.redhat.com/errata/rhsa-2019:4018	Trust: 2.4
url:	https://access.redhat.com/errata/rhsa-2019:4020	Trust: 2.4
url:	https://access.redhat.com/errata/rhsa-2019:3932	Trust: 2.3
url:	https://access.redhat.com/errata/rhsa-2019:3935	Trust: 2.3
url:	https://access.redhat.com/errata/rhsa-2019:4019	Trust: 2.3
url:	https://access.redhat.com/errata/rhsa-2019:4021	Trust: 2.3
url:	https://usn.ubuntu.com/4099-1/	Trust: 2.3
url:	https://access.redhat.com/errata/rhsa-2019:2799	Trust: 1.8
url:	https://access.redhat.com/errata/rhsa-2019:2925	Trust: 1.8
url:	https://access.redhat.com/errata/rhsa-2019:2955	Trust: 1.8
url:	https://seclists.org/bugtraq/2019/aug/40	Trust: 1.7
url:	https://seclists.org/bugtraq/2019/sep/1	Trust: 1.7
url:	https://kb.cert.org/vuls/id/605641/	Trust: 1.7
url:	https://security.netapp.com/advisory/ntap-20190823-0002/	Trust: 1.7
url:	https://security.netapp.com/advisory/ntap-20190823-0005/	Trust: 1.7
url:	https://www.debian.org/security/2019/dsa-4505	Trust: 1.7
url:	https://www.debian.org/security/2019/dsa-4511	Trust: 1.7
url:	https://www.debian.org/security/2020/dsa-4669	Trust: 1.7
url:	https://www.oracle.com/security-alerts/cpujan2021.html	Trust: 1.7
url:	https://www.oracle.com/security-alerts/cpuoct2020.html	Trust: 1.7
url:	https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html	Trust: 1.7
url:	https://access.redhat.com/errata/rhsa-2019:2692	Trust: 1.7
url:	https://access.redhat.com/errata/rhsa-2019:2745	Trust: 1.7
url:	https://access.redhat.com/errata/rhsa-2019:2746	Trust: 1.7
url:	https://access.redhat.com/errata/rhsa-2019:2775	Trust: 1.7
url:	https://access.redhat.com/errata/rhsa-2019:2939	Trust: 1.7
url:	https://access.redhat.com/errata/rhsa-2019:2949	Trust: 1.7
url:	https://access.redhat.com/errata/rhsa-2019:2966	Trust: 1.7
url:	https://access.redhat.com/errata/rhsa-2019:3041	Trust: 1.7
url:	http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00032.html	Trust: 1.7
url:	http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00031.html	Trust: 1.7
url:	http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00035.html	Trust: 1.7
url:	http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00003.html	Trust: 1.7
url:	http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00005.html	Trust: 1.7
url:	http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00014.html	Trust: 1.7
url:	https://blogs.akamai.com/sitr/2019/08/http2-vulnerabilities.html	Trust: 1.6
url:	https://kc.mcafee.com/corporate/index?page=content&id=sb10296	Trust: 1.6
url:	https://nvd.nist.gov/vuln/detail/cve-2019-9511	Trust: 1.4
url:	https://support.f5.com/csp/article/k02591030	Trust: 1.1
url:	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/xhtku7yq5eep2xnsav4m4vj7qcbojmod/	Trust: 1.0
url:	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/bp556leg3wenhzi5taq6zebftjb4e2is/	Trust: 1.0
url:	https://support.f5.com/csp/article/k02591030?utm_source=f5support&amp%3butm_medium=rss	Trust: 1.0
url:	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/tazzevtcn2b4wt6aibj7xgyjmbtorju5/	Trust: 1.0
url:	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/jubyaf6ed3o4xchq5c2hyenjlxyxzc4m/	Trust: 1.0
url:	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/popaec4fwl4uu4ldegpy5npalu24ffqd/	Trust: 1.0
url:	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/lzluypyy3rx4zjdwzrjiksulyrj4pxw7/	Trust: 1.0
url:	https://vuls.cert.org/confluence/pages/viewpage.action?pageid=56393752	Trust: 0.8
url:	https://tools.ietf.org/html/rfc7540	Trust: 0.8
url:	https://tools.ietf.org/html/rfc7541	Trust: 0.8
url:	https://blog.cloudflare.com/on-the-recent-http-2-dos-attacks/	Trust: 0.8
url:	https://blog.litespeedtech.com/2019/08/15/litespeed-addresses-http-2-dos-advisories/	Trust: 0.8
url:	https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-9511https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-9512https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-9513https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-9514https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-9518	Trust: 0.8
url:	https://access.redhat.com/security/updates/classification/#important	Trust: 0.8
url:	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/bp556leg3wenhzi5taq6zebftjb4e2is/	Trust: 0.7
url:	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/xhtku7yq5eep2xnsav4m4vj7qcbojmod/	Trust: 0.7
url:	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/popaec4fwl4uu4ldegpy5npalu24ffqd/	Trust: 0.7
url:	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/lzluypyy3rx4zjdwzrjiksulyrj4pxw7/	Trust: 0.7
url:	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/jubyaf6ed3o4xchq5c2hyenjlxyxzc4m/	Trust: 0.7
url:	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/tazzevtcn2b4wt6aibj7xgyjmbtorju5/	Trust: 0.7
url:	https://access.redhat.com/security/cve/cve-2019-9511	Trust: 0.7
url:	https://access.redhat.com/security/team/contact/	Trust: 0.7
url:	https://www.redhat.com/mailman/listinfo/rhsa-announce	Trust: 0.7
url:	https://bugzilla.redhat.com/):	Trust: 0.7
url:	https://access.redhat.com/articles/11258	Trust: 0.6
url:	https://access.redhat.com/security/team/key/	Trust: 0.6
url:	http2-cves/	Trust: 0.6
url:	https://www.cloudfoundry.org/blog/various-	Trust: 0.6
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9518	Trust: 0.6
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9517	Trust: 0.6
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9516	Trust: 0.6
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9515	Trust: 0.6
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9514	Trust: 0.6
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9513	Trust: 0.6
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9512	Trust: 0.6
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9511	Trust: 0.6
url:	https://support.f5.com/csp/article/k02591030?utm_source=f5support&utm_medium=rss	Trust: 0.6
url:	https://support.f5.com/csp/article/k50233772	Trust: 0.6
url:	http://mailman.nginx.org/pipermail/nginx-announce/2019/000249.html	Trust: 0.6
url:	https://www.suse.com/support/update/announcement/2019/suse-su-201914246-1.html	Trust: 0.6
url:	https://security.business.xerox.com/wp-content/uploads/2019/11/cert_xrx19-029_ffpsv2_win10_securitybulletin_nov2019.pdf	Trust: 0.6
url:	https://www.suse.com/support/update/announcement/2020/suse-su-20200059-1.html	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.1544/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.2071/	Trust: 0.6
url:	https://packetstormsecurity.com/files/158636/red-hat-security-advisory-2020-3192-01.html	Trust: 0.6
url:	https://packetstormsecurity.com/files/157214/red-hat-security-advisory-2020-1445-01.html	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.4645/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.4403/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.3597.2/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.4788/	Trust: 0.6
url:	https://pivotal.io/security/cve-2019-9517	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-node-js-affect-ibm-spectrum-protect-plus-cve-2019-15606-cve-2019-15604-cve-2019-15605-cve-2019-9511-cve-2019-9516-cve-2019-9512-cve-2019-9517-cve-2019-951/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.4484/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.2588/	Trust: 0.6
url:	https://www.ibm.com/support/pages/node/1143454	Trust: 0.6
url:	https://packetstormsecurity.com/files/154117/ubuntu-security-notice-usn-4099-1.html	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.3116/	Trust: 0.6
url:	https://packetstormsecurity.com/files/156852/red-hat-security-advisory-2020-0922-01.html	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-kubernetes-affect-ibm-infosphere-information-server/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.1766/	Trust: 0.6
url:	https://portal.msrc.microsoft.com/zh-cn/security-guidance/advisory/cve-2019-9511	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.1335/	Trust: 0.6
url:	https://packetstormsecurity.com/files/157741/red-hat-security-advisory-2020-2067-01.html	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.3597.3/	Trust: 0.6
url:	https://packetstormsecurity.com/files/158095/red-hat-security-advisory-2020-2565-01.html	Trust: 0.6
url:	https://packetstormsecurity.com/files/155414/red-hat-security-advisory-2019-3935-01.html	Trust: 0.6
url:	https://www.ibm.com/support/pages/node/1150960	Trust: 0.6
url:	https://www.ibm.com/support/pages/node/1137466	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.4343/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.0100/	Trust: 0.6
url:	http://www.nsfocus.net/vulndb/43918	Trust: 0.6
url:	https://www.ibm.com/support/pages/node/1167160	Trust: 0.6
url:	https://vigilance.fr/vulnerability/http-2-multiple-vulnerabilities-30040	Trust: 0.6
url:	https://packetstormsecurity.com/files/155484/red-hat-security-advisory-2019-4019-01.html	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-vyatta-5600-vrouter-software-patches-release-1801-ze-2/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.3129/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.1030/	Trust: 0.6
url:	https://nvd.nist.gov/vuln/detail/cve-2019-9514	Trust: 0.5
url:	https://nvd.nist.gov/vuln/detail/cve-2019-9515	Trust: 0.5
url:	https://access.redhat.com/security/cve/cve-2019-9512	Trust: 0.5
url:	https://access.redhat.com/security/cve/cve-2019-9514	Trust: 0.5
url:	https://access.redhat.com/security/cve/cve-2019-9515	Trust: 0.5
url:	https://nvd.nist.gov/vuln/detail/cve-2019-9512	Trust: 0.5
url:	https://nvd.nist.gov/vuln/detail/cve-2019-9513	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2019-9516	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2019-9513	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2019-9516	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2019-14838	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2019-14838	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2019-9517	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2019-9517	Trust: 0.3
url:	https://issues.jboss.org/):	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2019-14843	Trust: 0.2
url:	https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.2/html-single/installation_guide/	Trust: 0.2
url:	https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.2/	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2019-14843	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2019-9518	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2019-9518	Trust: 0.2
url:	https://kc.mcafee.com/corporate/index?page=content&id=sb10296	Trust: 0.1
url:	https://support.f5.com/csp/article/k02591030?utm_source=f5support&amp;utm_medium=rss	Trust: 0.1
url:	https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.1/html-single/installation_guide/index	Trust: 0.1
url:	https://bugzilla.redhat.com/show_bug.cgi?id=1703469	Trust: 0.1
url:	https://bugzilla.redhat.com/show_bug.cgi?id=1752980	Trust: 0.1
url:	https://bugzilla.redhat.com/show_bug.cgi?id=1807305	Trust: 0.1
url:	https://issues.redhat.com/browse/jbeap-24826	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2024:5856	Trust: 0.1
url:	https://bugzilla.redhat.com/show_bug.cgi?id=1752770	Trust: 0.1
url:	https://bugzilla.redhat.com/show_bug.cgi?id=1735745	Trust: 0.1
url:	https://bugzilla.redhat.com/show_bug.cgi?id=1735744	Trust: 0.1
url:	https://bugzilla.redhat.com/show_bug.cgi?id=1737517	Trust: 0.1
url:	https://bugzilla.redhat.com/show_bug.cgi?id=1798524	Trust: 0.1
url:	https://bugzilla.redhat.com/show_bug.cgi?id=2041949	Trust: 0.1
url:	https://bugzilla.redhat.com/show_bug.cgi?id=2031667	Trust: 0.1
url:	https://bugzilla.redhat.com/show_bug.cgi?id=1725807	Trust: 0.1
url:	https://bugzilla.redhat.com/show_bug.cgi?id=1758619	Trust: 0.1
url:	https://bugzilla.redhat.com/show_bug.cgi?id=1793970	Trust: 0.1
url:	https://bugzilla.redhat.com/show_bug.cgi?id=2041959	Trust: 0.1
url:	https://bugzilla.redhat.com/show_bug.cgi?id=1798509	Trust: 0.1
url:	https://bugzilla.redhat.com/show_bug.cgi?id=2041967	Trust: 0.1
url:	https://bugzilla.redhat.com/show_bug.cgi?id=1772464	Trust: 0.1
url:	https://bugzilla.redhat.com/show_bug.cgi?id=1775293	Trust: 0.1
url:	https://bugzilla.redhat.com/show_bug.cgi?id=1767483	Trust: 0.1
url:	https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_5856.json	Trust: 0.1
url:	https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.1	Trust: 0.1
url:	https://bugzilla.redhat.com/show_bug.cgi?id=1741860	Trust: 0.1
url:	https://bugzilla.redhat.com/show_bug.cgi?id=1735645	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-11620	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-11619	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2020:2565	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-11619	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-11620	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-19343	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-3805	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-19343	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-3805	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-0197	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-5407	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-17199	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-17189	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2018-0737	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2018-17199	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-0737	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-0217	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-0734	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-0217	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-0197	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2018-17189	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2018-5407	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-0196	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-0196	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2018-0734	Trust: 0.1

CREDITS

Red Hat

Trust: 0.8

sources: PACKETSTORM: 180394 // PACKETSTORM: 155479 // PACKETSTORM: 154712 // PACKETSTORM: 154533 // PACKETSTORM: 155483 // PACKETSTORM: 158095 // PACKETSTORM: 155416 // PACKETSTORM: 154663

SOURCES

db:	CERT/CC	id:	VU#605641
db:	VULHUB	id:	VHN-160946
db:	PACKETSTORM	id:	180394
db:	PACKETSTORM	id:	155479
db:	PACKETSTORM	id:	154712
db:	PACKETSTORM	id:	154533
db:	PACKETSTORM	id:	155483
db:	PACKETSTORM	id:	158095
db:	PACKETSTORM	id:	155416
db:	PACKETSTORM	id:	154663
db:	CNNVD	id:	CNNVD-201908-924
db:	NVD	id:	CVE-2019-9511

LAST UPDATE DATE

2025-04-28T21:21:16.116000+00:00

SOURCES UPDATE DATE

db:	CERT/CC	id:	VU#605641	date:	2019-11-19T00:00:00
db:	VULHUB	id:	VHN-160946	date:	2020-10-22T00:00:00
db:	CNNVD	id:	CNNVD-201908-924	date:	2021-04-14T00:00:00
db:	NVD	id:	CVE-2019-9511	date:	2025-01-14T19:29:55.853

SOURCES RELEASE DATE

db:	CERT/CC	id:	VU#605641	date:	2019-08-13T00:00:00
db:	VULHUB	id:	VHN-160946	date:	2019-08-13T00:00:00
db:	PACKETSTORM	id:	180394	date:	2024-08-27T14:58:09
db:	PACKETSTORM	id:	155479	date:	2019-11-27T15:37:53
db:	PACKETSTORM	id:	154712	date:	2019-10-02T15:03:59
db:	PACKETSTORM	id:	154533	date:	2019-09-19T16:28:51
db:	PACKETSTORM	id:	155483	date:	2019-11-27T15:43:06
db:	PACKETSTORM	id:	158095	date:	2020-06-16T00:54:44
db:	PACKETSTORM	id:	155416	date:	2019-11-20T20:55:55
db:	PACKETSTORM	id:	154663	date:	2019-09-30T13:33:33
db:	CNNVD	id:	CNNVD-201908-924	date:	2019-08-13T00:00:00
db:	NVD	id:	CVE-2019-9511	date:	2019-08-13T21:15:12.223