var-201908-0421
Vulnerability from variot
Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service. The attacker requests a large amount of data from a specified resource over multiple streams. They manipulate window size and stream priority to force the server to queue the data in 1-byte chunks. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both. Multiple HTTP/2 implementations are vulnerable to a variety of denial-of-service (DoS) attacks. A resource management error vulnerability exists in HTTP/2. ========================================================================== Ubuntu Security Notice USN-6754-1 April 25, 2024
nghttp2 vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 23.10
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS (Available with Ubuntu Pro)
- Ubuntu 16.04 LTS (Available with Ubuntu Pro)
Summary:
Several security issues were fixed in nghttp2. A remote attacker could possibly use this issue to cause nghttp2 to consume resources, leading to a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2019-9511, CVE-2019-9513)
It was discovered that nghttp2 incorrectly handled request cancellation. A remote attacker could possibly use this issue to cause nghttp2 to consume resources, leading to a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2023-44487)
It was discovered that nghttp2 could be made to process an unlimited number of HTTP/2 CONTINUATION frames. A remote attacker could possibly use this issue to cause nghttp2 to consume resources, leading to a denial of service. (CVE-2024-28182)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 23.10: libnghttp2-14 1.55.1-1ubuntu0.2 nghttp2 1.55.1-1ubuntu0.2 nghttp2-client 1.55.1-1ubuntu0.2 nghttp2-proxy 1.55.1-1ubuntu0.2 nghttp2-server 1.55.1-1ubuntu0.2
Ubuntu 22.04 LTS: libnghttp2-14 1.43.0-1ubuntu0.2 nghttp2 1.43.0-1ubuntu0.2 nghttp2-client 1.43.0-1ubuntu0.2 nghttp2-proxy 1.43.0-1ubuntu0.2 nghttp2-server 1.43.0-1ubuntu0.2
Ubuntu 20.04 LTS: libnghttp2-14 1.40.0-1ubuntu0.3 nghttp2 1.40.0-1ubuntu0.3 nghttp2-client 1.40.0-1ubuntu0.3 nghttp2-proxy 1.40.0-1ubuntu0.3 nghttp2-server 1.40.0-1ubuntu0.3
Ubuntu 18.04 LTS (Available with Ubuntu Pro): libnghttp2-14 1.30.0-1ubuntu1+esm2 nghttp2 1.30.0-1ubuntu1+esm2 nghttp2-client 1.30.0-1ubuntu1+esm2 nghttp2-proxy 1.30.0-1ubuntu1+esm2 nghttp2-server 1.30.0-1ubuntu1+esm2
Ubuntu 16.04 LTS (Available with Ubuntu Pro): libnghttp2-14 1.7.1-1ubuntu0.1~esm2 nghttp2 1.7.1-1ubuntu0.1~esm2 nghttp2-client 1.7.1-1ubuntu0.1~esm2 nghttp2-proxy 1.7.1-1ubuntu0.1~esm2 nghttp2-server 1.7.1-1ubuntu0.1~esm2
In general, a standard system update will make all the necessary changes.
The following advisory data is extracted from:
https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_5856.json
Red Hat officially shut down their mailing list notifications October 10, 2023. Due to this, Packet Storm has recreated the below data as a reference point to raise awareness. It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.
Description:
Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. 8) - aarch64, ppc64le, s390x, x86_64
- Description:
libnghttp2 is a library implementing the Hypertext Transfer Protocol version 2 (HTTP/2) protocol in C. Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied. 7) - noarch, x86_64
- Description:
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language.
The following packages have been upgraded to a later upstream version: rh-nodejs8-nodejs (8.16.1).
Bug Fix(es):
- Fixed repository mirror credentials properly escaped to allow special characters
- Fixed repository mirror UI cancel button enabled
-
Fixed repository mirror UI change next sync date
-
Solution:
Please download the release images via:
quay.io/redhat/quay:v3.1.1 quay.io/redhat/clair-jwt:v3.1.1 quay.io/redhat/quay-builder:v3.1.1
- Description:
This release adds the new Apache HTTP Server 2.4.37 packages that are part of the JBoss Core Services offering.
This release serves as a replacement for Red Hat JBoss Core Services Pack Apache Server 2.4.29 and includes bug fixes and enhancements. Refer to the Release Notes for information on the most significant bug fixes and enhancements included in this release. After installing the updated packages, the httpd daemon will be restarted automatically. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Important: rh-nginx112-nginx security update Advisory ID: RHSA-2019:2746-01 Product: Red Hat Software Collections Advisory URL: https://access.redhat.com/errata/RHSA-2019:2746 Issue date: 2019-09-12 CVE Names: CVE-2019-9511 CVE-2019-9513 CVE-2019-9516 ==================================================================== 1. Summary:
An update for rh-nginx112-nginx is now available for Red Hat Software Collections.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - aarch64, ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4) - ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5) - ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6) - ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7) - ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - x86_64
- Description:
nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage.
Security Fix(es):
-
HTTP/2: large amount of data request leads to denial of service (CVE-2019-9511)
-
HTTP/2: flood using PRIORITY frames resulting in excessive resource consumption (CVE-2019-9513)
-
HTTP/2: 0-length headers leads to denial of service (CVE-2019-9516)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
The rh-nginx112-nginx service must be restarted for this update to take effect.
- Bugs fixed (https://bugzilla.redhat.com/):
1735741 - CVE-2019-9513 HTTP/2: flood using PRIORITY frames resulting in excessive resource consumption 1741860 - CVE-2019-9511 HTTP/2: large amount of data request leads to denial of service 1741864 - CVE-2019-9516 HTTP/2: 0-length headers leads to denial of service
- Package List:
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):
Source: rh-nginx112-nginx-1.12.1-3.el7.1.src.rpm
aarch64: rh-nginx112-nginx-1.12.1-3.el7.1.aarch64.rpm rh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.aarch64.rpm rh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.aarch64.rpm rh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.aarch64.rpm rh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.aarch64.rpm rh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.aarch64.rpm
ppc64le: rh-nginx112-nginx-1.12.1-3.el7.1.ppc64le.rpm rh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.ppc64le.rpm rh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.ppc64le.rpm rh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.ppc64le.rpm rh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.ppc64le.rpm rh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.ppc64le.rpm
s390x: rh-nginx112-nginx-1.12.1-3.el7.1.s390x.rpm rh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.s390x.rpm rh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.s390x.rpm rh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.s390x.rpm rh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.s390x.rpm rh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.s390x.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):
Source: rh-nginx112-nginx-1.12.1-3.el7.1.src.rpm
aarch64: rh-nginx112-nginx-1.12.1-3.el7.1.aarch64.rpm rh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.aarch64.rpm rh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.aarch64.rpm rh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.aarch64.rpm rh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.aarch64.rpm rh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.aarch64.rpm
ppc64le: rh-nginx112-nginx-1.12.1-3.el7.1.ppc64le.rpm rh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.ppc64le.rpm rh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.ppc64le.rpm rh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.ppc64le.rpm rh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.ppc64le.rpm rh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.ppc64le.rpm
s390x: rh-nginx112-nginx-1.12.1-3.el7.1.s390x.rpm rh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.s390x.rpm rh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.s390x.rpm rh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.s390x.rpm rh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.s390x.rpm rh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.s390x.rpm
x86_64: rh-nginx112-nginx-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-mod-http-perl-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4):
Source: rh-nginx112-nginx-1.12.1-3.el7.1.src.rpm
ppc64le: rh-nginx112-nginx-1.12.1-3.el7.1.ppc64le.rpm rh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.ppc64le.rpm rh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.ppc64le.rpm rh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.ppc64le.rpm rh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.ppc64le.rpm rh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.ppc64le.rpm
s390x: rh-nginx112-nginx-1.12.1-3.el7.1.s390x.rpm rh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.s390x.rpm rh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.s390x.rpm rh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.s390x.rpm rh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.s390x.rpm rh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.s390x.rpm
x86_64: rh-nginx112-nginx-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-mod-http-perl-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5):
Source: rh-nginx112-nginx-1.12.1-3.el7.1.src.rpm
ppc64le: rh-nginx112-nginx-1.12.1-3.el7.1.ppc64le.rpm rh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.ppc64le.rpm rh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.ppc64le.rpm rh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.ppc64le.rpm rh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.ppc64le.rpm rh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.ppc64le.rpm
s390x: rh-nginx112-nginx-1.12.1-3.el7.1.s390x.rpm rh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.s390x.rpm rh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.s390x.rpm rh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.s390x.rpm rh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.s390x.rpm rh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.s390x.rpm
x86_64: rh-nginx112-nginx-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-mod-http-perl-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6):
Source: rh-nginx112-nginx-1.12.1-3.el7.1.src.rpm
ppc64le: rh-nginx112-nginx-1.12.1-3.el7.1.ppc64le.rpm rh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.ppc64le.rpm rh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.ppc64le.rpm rh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.ppc64le.rpm rh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.ppc64le.rpm rh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.ppc64le.rpm
s390x: rh-nginx112-nginx-1.12.1-3.el7.1.s390x.rpm rh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.s390x.rpm rh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.s390x.rpm rh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.s390x.rpm rh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.s390x.rpm rh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.s390x.rpm
x86_64: rh-nginx112-nginx-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-mod-http-perl-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7):
Source: rh-nginx112-nginx-1.12.1-3.el7.1.src.rpm
ppc64le: rh-nginx112-nginx-1.12.1-3.el7.1.ppc64le.rpm rh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.ppc64le.rpm rh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.ppc64le.rpm rh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.ppc64le.rpm rh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.ppc64le.rpm rh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.ppc64le.rpm
s390x: rh-nginx112-nginx-1.12.1-3.el7.1.s390x.rpm rh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.s390x.rpm rh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.s390x.rpm rh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.s390x.rpm rh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.s390x.rpm rh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.s390x.rpm
x86_64: rh-nginx112-nginx-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-mod-http-perl-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):
Source: rh-nginx112-nginx-1.12.1-3.el7.1.src.rpm
x86_64: rh-nginx112-nginx-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-mod-http-perl-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2019-9511 https://access.redhat.com/security/cve/CVE-2019-9513 https://access.redhat.com/security/cve/CVE-2019-9516 https://access.redhat.com/security/updates/classification/#important
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBXXo0dNzjgjWX9erEAQhefQ//dizpNyk55ohd3bzckhrY1IwL4dPGUqa9 PPhd+kqZlhQYr8VqABpda7hXEg65TUrrz8eM8BESmoNc/4vdUjzbO0KI5ByM2zgS ieDmP/4dcZtKlYH6TmSaRMZ5+D1jdgcoP6nkwuC/4a+b0HyB+9P6z/Prn94RLM5d kbhKEU1nLqNW7KjxSYtHU8Nc0n34WeXKiNaLHviV7dFbC0Pxhlt0W/2CpNDsgvco rGHbK6pWsajWGdYZ78zSrnmAIGn6R84LEK8kRcCzzm0c7ehewC4vkSghdCqfqLC2 PO2koEfNNYRPSA8WgEZYBjVAIkGJz7mhDBN99kOQjf3VDpgPmOa+NJ0pDel6F7Nv oEx8ruGYQzLt0z2aCaY7lavHJ4isCJOHE7hvyqgumDmpkC14bxNrhjy+65o6fQVS 7RrzBtPtRTR2UAH0NhkKTXDjVS7NK+OIEcb1mj19DUvMUXDHLaZfYos0erqqf9j/ issNZShxG2rbCBlDZRC875AAeby/0k0ETYg8VeqazhtSaNF2wx0ZnanoOQ+skFaO 7QmNe8O4vrk5A0yFhSjVrYNj2A51XplqXdrdmaN6FEKGm0WEd3BkLEX352bo5NHt fXpdT29tQwd5IHBsx5Ti3ik2lzxIRzRChed8Hnu4xHs/j++rJMNkQ39ku8kmqXVL pTuQ2UprbLU=PAtT -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201908-0421",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "traffic server",
"scope": "lte",
"trust": 1.0,
"vendor": "apache",
"version": "6.2.3"
},
{
"model": "nginx",
"scope": "lt",
"trust": 1.0,
"vendor": "f5",
"version": "1.16.1"
},
{
"model": "traffic server",
"scope": "gte",
"trust": 1.0,
"vendor": "apache",
"version": "6.0.0"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "19.04"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "10.0"
},
{
"model": "enterprise communications broker",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "3.2.0"
},
{
"model": "node.js",
"scope": "gte",
"trust": 1.0,
"vendor": "nodejs",
"version": "8.0.0"
},
{
"model": "node.js",
"scope": "gte",
"trust": 1.0,
"vendor": "nodejs",
"version": "10.0.0"
},
{
"model": "traffic server",
"scope": "gte",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.0"
},
{
"model": "graalvm",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.2.0"
},
{
"model": "quay",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "3.0.0"
},
{
"model": "node.js",
"scope": "lte",
"trust": 1.0,
"vendor": "nodejs",
"version": "8.8.1"
},
{
"model": "nginx",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "1.17.0"
},
{
"model": "jboss enterprise application platform",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.3.0"
},
{
"model": "web gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "mcafee",
"version": "7.7.2.0"
},
{
"model": "node.js",
"scope": "lt",
"trust": 1.0,
"vendor": "nodejs",
"version": "12.8.1"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "29"
},
{
"model": "traffic server",
"scope": "lte",
"trust": 1.0,
"vendor": "apache",
"version": "8.0.3"
},
{
"model": "software collections",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "1.0"
},
{
"model": "node.js",
"scope": "lt",
"trust": 1.0,
"vendor": "nodejs",
"version": "10.16.3"
},
{
"model": "node.js",
"scope": "gte",
"trust": 1.0,
"vendor": "nodejs",
"version": "10.13.0"
},
{
"model": "vs960hd",
"scope": "eq",
"trust": 1.0,
"vendor": "synology",
"version": null
},
{
"model": "web gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "mcafee",
"version": "8.1.0"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "30"
},
{
"model": "nginx",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "1.17.2"
},
{
"model": "diskstation manager",
"scope": "eq",
"trust": 1.0,
"vendor": "synology",
"version": "6.2"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"model": "web gateway",
"scope": "lt",
"trust": 1.0,
"vendor": "mcafee",
"version": "7.8.2.13"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "18.04"
},
{
"model": "node.js",
"scope": "lt",
"trust": 1.0,
"vendor": "nodejs",
"version": "8.16.1"
},
{
"model": "swiftnio",
"scope": "lte",
"trust": 1.0,
"vendor": "apple",
"version": "1.4.0"
},
{
"model": "leap",
"scope": "eq",
"trust": 1.0,
"vendor": "opensuse",
"version": "15.0"
},
{
"model": "skynas",
"scope": "eq",
"trust": 1.0,
"vendor": "synology",
"version": null
},
{
"model": "openshift service mesh",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "1.0"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "16.04"
},
{
"model": "node.js",
"scope": "gte",
"trust": 1.0,
"vendor": "nodejs",
"version": "12.0.0"
},
{
"model": "jboss enterprise application platform",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.2.0"
},
{
"model": "web gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "mcafee",
"version": "7.8.2.0"
},
{
"model": "node.js",
"scope": "lte",
"trust": 1.0,
"vendor": "nodejs",
"version": "10.12.0"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "8.0"
},
{
"model": "traffic server",
"scope": "lte",
"trust": 1.0,
"vendor": "apache",
"version": "7.1.6"
},
{
"model": "traffic server",
"scope": "gte",
"trust": 1.0,
"vendor": "apache",
"version": "8.0.0"
},
{
"model": "enterprise communications broker",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "3.1.0"
},
{
"model": "nginx",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "1.9.5"
},
{
"model": "leap",
"scope": "eq",
"trust": 1.0,
"vendor": "opensuse",
"version": "15.1"
},
{
"model": "web gateway",
"scope": "lt",
"trust": 1.0,
"vendor": "mcafee",
"version": "8.2.0"
},
{
"model": "swiftnio",
"scope": "gte",
"trust": 1.0,
"vendor": "apple",
"version": "1.0.0"
},
{
"model": "jboss core services",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "1.0"
},
{
"model": "node.js",
"scope": "gte",
"trust": 1.0,
"vendor": "nodejs",
"version": "8.9.0"
},
{
"model": "web gateway",
"scope": "lt",
"trust": 1.0,
"vendor": "mcafee",
"version": "7.7.2.24"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "akamai",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "amazon",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "apache traffic server",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "apple",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "cloudflare",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "envoy",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "facebook",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "go programming language",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "litespeed",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "microsoft",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "netty",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "node js",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "synology",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "twisted",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "ubuntu",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "grpc",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "nghttp2",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "nginx",
"version": null
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#605641"
},
{
"db": "NVD",
"id": "CVE-2019-9511"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "180394"
},
{
"db": "PACKETSTORM",
"id": "154401"
},
{
"db": "PACKETSTORM",
"id": "155414"
},
{
"db": "PACKETSTORM",
"id": "154712"
},
{
"db": "PACKETSTORM",
"id": "155417"
},
{
"db": "PACKETSTORM",
"id": "154725"
},
{
"db": "PACKETSTORM",
"id": "155416"
},
{
"db": "PACKETSTORM",
"id": "154471"
}
],
"trust": 0.8
},
"cve": "CVE-2019-9511",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2019-9511",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-160946",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2019-9511",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "cret@cert.org",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2019-9511",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-9511",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "cret@cert.org",
"id": "CVE-2019-9511",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-160946",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-160946"
},
{
"db": "NVD",
"id": "CVE-2019-9511"
},
{
"db": "NVD",
"id": "CVE-2019-9511"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service. The attacker requests a large amount of data from a specified resource over multiple streams. They manipulate window size and stream priority to force the server to queue the data in 1-byte chunks. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both. Multiple HTTP/2 implementations are vulnerable to a variety of denial-of-service (DoS) attacks. A resource management error vulnerability exists in HTTP/2. ==========================================================================\nUbuntu Security Notice USN-6754-1\nApril 25, 2024\n\nnghttp2 vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 23.10\n- Ubuntu 22.04 LTS\n- Ubuntu 20.04 LTS\n- Ubuntu 18.04 LTS (Available with Ubuntu Pro)\n- Ubuntu 16.04 LTS (Available with Ubuntu Pro)\n\nSummary:\n\nSeveral security issues were fixed in nghttp2. A remote attacker could possibly use this issue to cause\nnghttp2 to consume resources, leading to a denial of service. This issue\nonly affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2019-9511,\nCVE-2019-9513)\n\nIt was discovered that nghttp2 incorrectly handled request cancellation. A\nremote attacker could possibly use this issue to cause nghttp2 to consume\nresources, leading to a denial of service. This issue only affected Ubuntu\n16.04 LTS and Ubuntu 18.04 LTS. (CVE-2023-44487)\n\nIt was discovered that nghttp2 could be made to process an unlimited number\nof HTTP/2 CONTINUATION frames. A remote attacker could possibly use this\nissue to cause nghttp2 to consume resources, leading to a denial of\nservice. (CVE-2024-28182)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 23.10:\n libnghttp2-14 1.55.1-1ubuntu0.2\n nghttp2 1.55.1-1ubuntu0.2\n nghttp2-client 1.55.1-1ubuntu0.2\n nghttp2-proxy 1.55.1-1ubuntu0.2\n nghttp2-server 1.55.1-1ubuntu0.2\n\nUbuntu 22.04 LTS:\n libnghttp2-14 1.43.0-1ubuntu0.2\n nghttp2 1.43.0-1ubuntu0.2\n nghttp2-client 1.43.0-1ubuntu0.2\n nghttp2-proxy 1.43.0-1ubuntu0.2\n nghttp2-server 1.43.0-1ubuntu0.2\n\nUbuntu 20.04 LTS:\n libnghttp2-14 1.40.0-1ubuntu0.3\n nghttp2 1.40.0-1ubuntu0.3\n nghttp2-client 1.40.0-1ubuntu0.3\n nghttp2-proxy 1.40.0-1ubuntu0.3\n nghttp2-server 1.40.0-1ubuntu0.3\n\nUbuntu 18.04 LTS (Available with Ubuntu Pro):\n libnghttp2-14 1.30.0-1ubuntu1+esm2\n nghttp2 1.30.0-1ubuntu1+esm2\n nghttp2-client 1.30.0-1ubuntu1+esm2\n nghttp2-proxy 1.30.0-1ubuntu1+esm2\n nghttp2-server 1.30.0-1ubuntu1+esm2\n\nUbuntu 16.04 LTS (Available with Ubuntu Pro):\n libnghttp2-14 1.7.1-1ubuntu0.1~esm2\n nghttp2 1.7.1-1ubuntu0.1~esm2\n nghttp2-client 1.7.1-1ubuntu0.1~esm2\n nghttp2-proxy 1.7.1-1ubuntu0.1~esm2\n nghttp2-server 1.7.1-1ubuntu0.1~esm2\n\nIn general, a standard system update will make all the necessary changes. \n\nThe following advisory data is extracted from:\n\nhttps://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_5856.json\n\nRed Hat officially shut down their mailing list notifications October 10, 2023. Due to this, Packet Storm has recreated the below data as a reference point to raise awareness. It must be noted that due to an inability to easily track revision updates without crawling Red Hat\u0027s archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment. \n\n\n\n\nDescription:\n\nRed Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. 8) - aarch64, ppc64le, s390x, x86_64\n\n3. Description:\n\nlibnghttp2 is a library implementing the Hypertext Transfer Protocol\nversion 2 (HTTP/2) protocol in C. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. 7) - noarch, x86_64\n\n3. Description:\n\nNode.js is a software development platform for building fast and scalable\nnetwork applications in the JavaScript programming language. \n\nThe following packages have been upgraded to a later upstream version:\nrh-nodejs8-nodejs (8.16.1). \n\nBug Fix(es):\n\n* Fixed repository mirror credentials properly escaped to allow special\ncharacters\n* Fixed repository mirror UI cancel button enabled\n* Fixed repository mirror UI change next sync date\n\n3. Solution:\n\nPlease download the release images via:\n\nquay.io/redhat/quay:v3.1.1\nquay.io/redhat/clair-jwt:v3.1.1\nquay.io/redhat/quay-builder:v3.1.1\n\n4. Description:\n\nThis release adds the new Apache HTTP Server 2.4.37 packages that are part\nof the JBoss Core Services offering. \n\nThis release serves as a replacement for Red Hat JBoss Core Services Pack\nApache Server 2.4.29 and includes bug fixes and enhancements. Refer to the\nRelease Notes for information on the most significant bug fixes and\nenhancements included in this release. After installing the updated\npackages, the httpd daemon will be restarted automatically. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Important: rh-nginx112-nginx security update\nAdvisory ID: RHSA-2019:2746-01\nProduct: Red Hat Software Collections\nAdvisory URL: https://access.redhat.com/errata/RHSA-2019:2746\nIssue date: 2019-09-12\nCVE Names: CVE-2019-9511 CVE-2019-9513 CVE-2019-9516\n====================================================================\n1. Summary:\n\nAn update for rh-nginx112-nginx is now available for Red Hat Software\nCollections. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - aarch64, ppc64le, s390x, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4) - ppc64le, s390x, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5) - ppc64le, s390x, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6) - ppc64le, s390x, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7) - ppc64le, s390x, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - x86_64\n\n3. Description:\n\nnginx is a web and proxy server supporting HTTP and other protocols, with a\nfocus on high concurrency, performance, and low memory usage. \n\nSecurity Fix(es):\n\n* HTTP/2: large amount of data request leads to denial of service\n(CVE-2019-9511)\n\n* HTTP/2: flood using PRIORITY frames resulting in excessive resource\nconsumption (CVE-2019-9513)\n\n* HTTP/2: 0-length headers leads to denial of service (CVE-2019-9516)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe rh-nginx112-nginx service must be restarted for this update to take\neffect. \n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1735741 - CVE-2019-9513 HTTP/2: flood using PRIORITY frames resulting in excessive resource consumption\n1741860 - CVE-2019-9511 HTTP/2: large amount of data request leads to denial of service\n1741864 - CVE-2019-9516 HTTP/2: 0-length headers leads to denial of service\n\n6. Package List:\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-nginx112-nginx-1.12.1-3.el7.1.src.rpm\n\naarch64:\nrh-nginx112-nginx-1.12.1-3.el7.1.aarch64.rpm\nrh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.aarch64.rpm\nrh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.aarch64.rpm\nrh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.aarch64.rpm\nrh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.aarch64.rpm\nrh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.aarch64.rpm\n\nppc64le:\nrh-nginx112-nginx-1.12.1-3.el7.1.ppc64le.rpm\nrh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.ppc64le.rpm\nrh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.ppc64le.rpm\nrh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.ppc64le.rpm\nrh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.ppc64le.rpm\nrh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.ppc64le.rpm\n\ns390x:\nrh-nginx112-nginx-1.12.1-3.el7.1.s390x.rpm\nrh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.s390x.rpm\nrh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.s390x.rpm\nrh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.s390x.rpm\nrh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.s390x.rpm\nrh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.s390x.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-nginx112-nginx-1.12.1-3.el7.1.src.rpm\n\naarch64:\nrh-nginx112-nginx-1.12.1-3.el7.1.aarch64.rpm\nrh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.aarch64.rpm\nrh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.aarch64.rpm\nrh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.aarch64.rpm\nrh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.aarch64.rpm\nrh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.aarch64.rpm\n\nppc64le:\nrh-nginx112-nginx-1.12.1-3.el7.1.ppc64le.rpm\nrh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.ppc64le.rpm\nrh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.ppc64le.rpm\nrh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.ppc64le.rpm\nrh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.ppc64le.rpm\nrh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.ppc64le.rpm\n\ns390x:\nrh-nginx112-nginx-1.12.1-3.el7.1.s390x.rpm\nrh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.s390x.rpm\nrh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.s390x.rpm\nrh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.s390x.rpm\nrh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.s390x.rpm\nrh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.s390x.rpm\n\nx86_64:\nrh-nginx112-nginx-1.12.1-3.el7.1.x86_64.rpm\nrh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.x86_64.rpm\nrh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.x86_64.rpm\nrh-nginx112-nginx-mod-http-perl-1.12.1-3.el7.1.x86_64.rpm\nrh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.x86_64.rpm\nrh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.x86_64.rpm\nrh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4):\n\nSource:\nrh-nginx112-nginx-1.12.1-3.el7.1.src.rpm\n\nppc64le:\nrh-nginx112-nginx-1.12.1-3.el7.1.ppc64le.rpm\nrh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.ppc64le.rpm\nrh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.ppc64le.rpm\nrh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.ppc64le.rpm\nrh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.ppc64le.rpm\nrh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.ppc64le.rpm\n\ns390x:\nrh-nginx112-nginx-1.12.1-3.el7.1.s390x.rpm\nrh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.s390x.rpm\nrh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.s390x.rpm\nrh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.s390x.rpm\nrh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.s390x.rpm\nrh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.s390x.rpm\n\nx86_64:\nrh-nginx112-nginx-1.12.1-3.el7.1.x86_64.rpm\nrh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.x86_64.rpm\nrh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.x86_64.rpm\nrh-nginx112-nginx-mod-http-perl-1.12.1-3.el7.1.x86_64.rpm\nrh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.x86_64.rpm\nrh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.x86_64.rpm\nrh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5):\n\nSource:\nrh-nginx112-nginx-1.12.1-3.el7.1.src.rpm\n\nppc64le:\nrh-nginx112-nginx-1.12.1-3.el7.1.ppc64le.rpm\nrh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.ppc64le.rpm\nrh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.ppc64le.rpm\nrh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.ppc64le.rpm\nrh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.ppc64le.rpm\nrh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.ppc64le.rpm\n\ns390x:\nrh-nginx112-nginx-1.12.1-3.el7.1.s390x.rpm\nrh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.s390x.rpm\nrh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.s390x.rpm\nrh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.s390x.rpm\nrh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.s390x.rpm\nrh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.s390x.rpm\n\nx86_64:\nrh-nginx112-nginx-1.12.1-3.el7.1.x86_64.rpm\nrh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.x86_64.rpm\nrh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.x86_64.rpm\nrh-nginx112-nginx-mod-http-perl-1.12.1-3.el7.1.x86_64.rpm\nrh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.x86_64.rpm\nrh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.x86_64.rpm\nrh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6):\n\nSource:\nrh-nginx112-nginx-1.12.1-3.el7.1.src.rpm\n\nppc64le:\nrh-nginx112-nginx-1.12.1-3.el7.1.ppc64le.rpm\nrh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.ppc64le.rpm\nrh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.ppc64le.rpm\nrh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.ppc64le.rpm\nrh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.ppc64le.rpm\nrh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.ppc64le.rpm\n\ns390x:\nrh-nginx112-nginx-1.12.1-3.el7.1.s390x.rpm\nrh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.s390x.rpm\nrh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.s390x.rpm\nrh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.s390x.rpm\nrh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.s390x.rpm\nrh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.s390x.rpm\n\nx86_64:\nrh-nginx112-nginx-1.12.1-3.el7.1.x86_64.rpm\nrh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.x86_64.rpm\nrh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.x86_64.rpm\nrh-nginx112-nginx-mod-http-perl-1.12.1-3.el7.1.x86_64.rpm\nrh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.x86_64.rpm\nrh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.x86_64.rpm\nrh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7):\n\nSource:\nrh-nginx112-nginx-1.12.1-3.el7.1.src.rpm\n\nppc64le:\nrh-nginx112-nginx-1.12.1-3.el7.1.ppc64le.rpm\nrh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.ppc64le.rpm\nrh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.ppc64le.rpm\nrh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.ppc64le.rpm\nrh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.ppc64le.rpm\nrh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.ppc64le.rpm\n\ns390x:\nrh-nginx112-nginx-1.12.1-3.el7.1.s390x.rpm\nrh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.s390x.rpm\nrh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.s390x.rpm\nrh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.s390x.rpm\nrh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.s390x.rpm\nrh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.s390x.rpm\n\nx86_64:\nrh-nginx112-nginx-1.12.1-3.el7.1.x86_64.rpm\nrh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.x86_64.rpm\nrh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.x86_64.rpm\nrh-nginx112-nginx-mod-http-perl-1.12.1-3.el7.1.x86_64.rpm\nrh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.x86_64.rpm\nrh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.x86_64.rpm\nrh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-nginx112-nginx-1.12.1-3.el7.1.src.rpm\n\nx86_64:\nrh-nginx112-nginx-1.12.1-3.el7.1.x86_64.rpm\nrh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.x86_64.rpm\nrh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.x86_64.rpm\nrh-nginx112-nginx-mod-http-perl-1.12.1-3.el7.1.x86_64.rpm\nrh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.x86_64.rpm\nrh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.x86_64.rpm\nrh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2019-9511\nhttps://access.redhat.com/security/cve/CVE-2019-9513\nhttps://access.redhat.com/security/cve/CVE-2019-9516\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2019 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBXXo0dNzjgjWX9erEAQhefQ//dizpNyk55ohd3bzckhrY1IwL4dPGUqa9\nPPhd+kqZlhQYr8VqABpda7hXEg65TUrrz8eM8BESmoNc/4vdUjzbO0KI5ByM2zgS\nieDmP/4dcZtKlYH6TmSaRMZ5+D1jdgcoP6nkwuC/4a+b0HyB+9P6z/Prn94RLM5d\nkbhKEU1nLqNW7KjxSYtHU8Nc0n34WeXKiNaLHviV7dFbC0Pxhlt0W/2CpNDsgvco\nrGHbK6pWsajWGdYZ78zSrnmAIGn6R84LEK8kRcCzzm0c7ehewC4vkSghdCqfqLC2\nPO2koEfNNYRPSA8WgEZYBjVAIkGJz7mhDBN99kOQjf3VDpgPmOa+NJ0pDel6F7Nv\noEx8ruGYQzLt0z2aCaY7lavHJ4isCJOHE7hvyqgumDmpkC14bxNrhjy+65o6fQVS\n7RrzBtPtRTR2UAH0NhkKTXDjVS7NK+OIEcb1mj19DUvMUXDHLaZfYos0erqqf9j/\nissNZShxG2rbCBlDZRC875AAeby/0k0ETYg8VeqazhtSaNF2wx0ZnanoOQ+skFaO\n7QmNe8O4vrk5A0yFhSjVrYNj2A51XplqXdrdmaN6FEKGm0WEd3BkLEX352bo5NHt\nfXpdT29tQwd5IHBsx5Ti3ik2lzxIRzRChed8Hnu4xHs/j++rJMNkQ39ku8kmqXVL\npTuQ2UprbLU=PAtT\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-9511"
},
{
"db": "CERT/CC",
"id": "VU#605641"
},
{
"db": "VULHUB",
"id": "VHN-160946"
},
{
"db": "PACKETSTORM",
"id": "178284"
},
{
"db": "PACKETSTORM",
"id": "180394"
},
{
"db": "PACKETSTORM",
"id": "154401"
},
{
"db": "PACKETSTORM",
"id": "155414"
},
{
"db": "PACKETSTORM",
"id": "154712"
},
{
"db": "PACKETSTORM",
"id": "155417"
},
{
"db": "PACKETSTORM",
"id": "154725"
},
{
"db": "PACKETSTORM",
"id": "155416"
},
{
"db": "PACKETSTORM",
"id": "154471"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-9511",
"trust": 2.0
},
{
"db": "CERT/CC",
"id": "VU#605641",
"trust": 1.9
},
{
"db": "MCAFEE",
"id": "SB10296",
"trust": 1.1
},
{
"db": "PACKETSTORM",
"id": "154725",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "154401",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "154712",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "154471",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "154284",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "158636",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "154693",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "154117",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "154510",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "154663",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "154699",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "154533",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "154190",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "154470",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "154848",
"trust": 0.1
},
{
"db": "CNNVD",
"id": "CNNVD-201908-924",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-160946",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "178284",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "180394",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "155414",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "155417",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "155416",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#605641"
},
{
"db": "VULHUB",
"id": "VHN-160946"
},
{
"db": "PACKETSTORM",
"id": "178284"
},
{
"db": "PACKETSTORM",
"id": "180394"
},
{
"db": "PACKETSTORM",
"id": "154401"
},
{
"db": "PACKETSTORM",
"id": "155414"
},
{
"db": "PACKETSTORM",
"id": "154712"
},
{
"db": "PACKETSTORM",
"id": "155417"
},
{
"db": "PACKETSTORM",
"id": "154725"
},
{
"db": "PACKETSTORM",
"id": "155416"
},
{
"db": "PACKETSTORM",
"id": "154471"
},
{
"db": "NVD",
"id": "CVE-2019-9511"
}
]
},
"id": "VAR-201908-0421",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-160946"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-29T22:35:38.045000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-400",
"trust": 1.1
},
{
"problemtype": "CWE-770",
"trust": 1.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-160946"
},
{
"db": "NVD",
"id": "CVE-2019-9511"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.9,
"url": "https://github.com/netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md"
},
{
"trust": 1.9,
"url": "https://www.synology.com/security/advisory/synology_sa_19_33"
},
{
"trust": 1.6,
"url": "https://blogs.akamai.com/sitr/2019/08/http2-vulnerabilities.html"
},
{
"trust": 1.2,
"url": "https://access.redhat.com/errata/rhsa-2019:2692"
},
{
"trust": 1.2,
"url": "https://access.redhat.com/errata/rhsa-2019:2746"
},
{
"trust": 1.2,
"url": "https://access.redhat.com/errata/rhsa-2019:2955"
},
{
"trust": 1.2,
"url": "https://access.redhat.com/errata/rhsa-2019:2966"
},
{
"trust": 1.2,
"url": "https://access.redhat.com/errata/rhsa-2019:3932"
},
{
"trust": 1.2,
"url": "https://access.redhat.com/errata/rhsa-2019:3933"
},
{
"trust": 1.2,
"url": "https://access.redhat.com/errata/rhsa-2019:3935"
},
{
"trust": 1.1,
"url": "https://seclists.org/bugtraq/2019/aug/40"
},
{
"trust": 1.1,
"url": "https://seclists.org/bugtraq/2019/sep/1"
},
{
"trust": 1.1,
"url": "https://kb.cert.org/vuls/id/605641/"
},
{
"trust": 1.1,
"url": "https://security.netapp.com/advisory/ntap-20190823-0002/"
},
{
"trust": 1.1,
"url": "https://security.netapp.com/advisory/ntap-20190823-0005/"
},
{
"trust": 1.1,
"url": "https://support.f5.com/csp/article/k02591030"
},
{
"trust": 1.1,
"url": "https://www.debian.org/security/2019/dsa-4505"
},
{
"trust": 1.1,
"url": "https://www.debian.org/security/2019/dsa-4511"
},
{
"trust": 1.1,
"url": "https://www.debian.org/security/2020/dsa-4669"
},
{
"trust": 1.1,
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"trust": 1.1,
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"trust": 1.1,
"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/errata/rhsa-2019:2745"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/errata/rhsa-2019:2775"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/errata/rhsa-2019:2799"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/errata/rhsa-2019:2925"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/errata/rhsa-2019:2939"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/errata/rhsa-2019:2949"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/errata/rhsa-2019:3041"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/errata/rhsa-2019:4018"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/errata/rhsa-2019:4019"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/errata/rhsa-2019:4020"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/errata/rhsa-2019:4021"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00032.html"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00031.html"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00035.html"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00003.html"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00005.html"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00014.html"
},
{
"trust": 1.1,
"url": "https://usn.ubuntu.com/4099-1/"
},
{
"trust": 1.0,
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10296"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/xhtku7yq5eep2xnsav4m4vj7qcbojmod/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/popaec4fwl4uu4ldegpy5npalu24ffqd/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/jubyaf6ed3o4xchq5c2hyenjlxyxzc4m/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/tazzevtcn2b4wt6aibj7xgyjmbtorju5/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/lzluypyy3rx4zjdwzrjiksulyrj4pxw7/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/bp556leg3wenhzi5taq6zebftjb4e2is/"
},
{
"trust": 1.0,
"url": "https://support.f5.com/csp/article/k02591030?utm_source=f5support\u0026amp%3butm_medium=rss"
},
{
"trust": 0.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9511"
},
{
"trust": 0.8,
"url": "https://vuls.cert.org/confluence/pages/viewpage.action?pageid=56393752"
},
{
"trust": 0.8,
"url": "https://tools.ietf.org/html/rfc7540"
},
{
"trust": 0.8,
"url": "https://tools.ietf.org/html/rfc7541"
},
{
"trust": 0.8,
"url": "https://blog.cloudflare.com/on-the-recent-http-2-dos-attacks/"
},
{
"trust": 0.8,
"url": "https://blog.litespeedtech.com/2019/08/15/litespeed-addresses-http-2-dos-advisories/"
},
{
"trust": 0.8,
"url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-9511https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-9512https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-9513https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-9514https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-9518"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9513"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.7,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/cve/cve-2019-9511"
},
{
"trust": 0.7,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/cve/cve-2019-9513"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2019-9516"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9516"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9517"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2019-9517"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-0197"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-5407"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-17199"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-17189"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2018-0737"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2018-17199"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-0737"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-0217"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-0734"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-0217"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-0197"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2018-17189"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2018-5407"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-0196"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-0196"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2018-0734"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9514"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-9512"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-9514"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9512"
},
{
"trust": 0.1,
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026amp;id=sb10296"
},
{
"trust": 0.1,
"url": "https://support.f5.com/csp/article/k02591030?utm_source=f5support\u0026amp;amp;utm_medium=rss"
},
{
"trust": 0.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/bp556leg3wenhzi5taq6zebftjb4e2is/"
},
{
"trust": 0.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/xhtku7yq5eep2xnsav4m4vj7qcbojmod/"
},
{
"trust": 0.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/popaec4fwl4uu4ldegpy5npalu24ffqd/"
},
{
"trust": 0.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/lzluypyy3rx4zjdwzrjiksulyrj4pxw7/"
},
{
"trust": 0.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/jubyaf6ed3o4xchq5c2hyenjlxyxzc4m/"
},
{
"trust": 0.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/tazzevtcn2b4wt6aibj7xgyjmbtorju5/"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/nghttp2/1.40.0-1ubuntu0.3"
},
{
"trust": 0.1,
"url": "https://ubuntu.com/security/notices/usn-6754-1"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-44487"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/nghttp2/1.43.0-1ubuntu0.2"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/nghttp2/1.55.1-1ubuntu0.2"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2024-28182"
},
{
"trust": 0.1,
"url": "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.1/html-single/installation_guide/index"
},
{
"trust": 0.1,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1703469"
},
{
"trust": 0.1,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1752980"
},
{
"trust": 0.1,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1807305"
},
{
"trust": 0.1,
"url": "https://issues.redhat.com/browse/jbeap-24826"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2024:5856"
},
{
"trust": 0.1,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1752770"
},
{
"trust": 0.1,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1735745"
},
{
"trust": 0.1,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1735744"
},
{
"trust": 0.1,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1737517"
},
{
"trust": 0.1,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1798524"
},
{
"trust": 0.1,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2041949"
},
{
"trust": 0.1,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2031667"
},
{
"trust": 0.1,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1725807"
},
{
"trust": 0.1,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1758619"
},
{
"trust": 0.1,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1793970"
},
{
"trust": 0.1,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2041959"
},
{
"trust": 0.1,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1798509"
},
{
"trust": 0.1,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2041967"
},
{
"trust": 0.1,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1772464"
},
{
"trust": 0.1,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1775293"
},
{
"trust": 0.1,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1767483"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_5856.json"
},
{
"trust": 0.1,
"url": "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.1"
},
{
"trust": 0.1,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1741860"
},
{
"trust": 0.1,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1735645"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9515"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-9515"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-9518"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9518"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#605641"
},
{
"db": "VULHUB",
"id": "VHN-160946"
},
{
"db": "PACKETSTORM",
"id": "178284"
},
{
"db": "PACKETSTORM",
"id": "180394"
},
{
"db": "PACKETSTORM",
"id": "154401"
},
{
"db": "PACKETSTORM",
"id": "155414"
},
{
"db": "PACKETSTORM",
"id": "154712"
},
{
"db": "PACKETSTORM",
"id": "155417"
},
{
"db": "PACKETSTORM",
"id": "154725"
},
{
"db": "PACKETSTORM",
"id": "155416"
},
{
"db": "PACKETSTORM",
"id": "154471"
},
{
"db": "NVD",
"id": "CVE-2019-9511"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#605641"
},
{
"db": "VULHUB",
"id": "VHN-160946"
},
{
"db": "PACKETSTORM",
"id": "178284"
},
{
"db": "PACKETSTORM",
"id": "180394"
},
{
"db": "PACKETSTORM",
"id": "154401"
},
{
"db": "PACKETSTORM",
"id": "155414"
},
{
"db": "PACKETSTORM",
"id": "154712"
},
{
"db": "PACKETSTORM",
"id": "155417"
},
{
"db": "PACKETSTORM",
"id": "154725"
},
{
"db": "PACKETSTORM",
"id": "155416"
},
{
"db": "PACKETSTORM",
"id": "154471"
},
{
"db": "NVD",
"id": "CVE-2019-9511"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-08-13T00:00:00",
"db": "CERT/CC",
"id": "VU#605641"
},
{
"date": "2019-08-13T00:00:00",
"db": "VULHUB",
"id": "VHN-160946"
},
{
"date": "2024-04-26T15:13:40",
"db": "PACKETSTORM",
"id": "178284"
},
{
"date": "2024-08-27T14:58:09",
"db": "PACKETSTORM",
"id": "180394"
},
{
"date": "2019-09-09T23:04:07",
"db": "PACKETSTORM",
"id": "154401"
},
{
"date": "2019-11-20T23:02:22",
"db": "PACKETSTORM",
"id": "155414"
},
{
"date": "2019-10-02T15:03:59",
"db": "PACKETSTORM",
"id": "154712"
},
{
"date": "2019-11-20T21:11:11",
"db": "PACKETSTORM",
"id": "155417"
},
{
"date": "2019-10-03T20:31:49",
"db": "PACKETSTORM",
"id": "154725"
},
{
"date": "2019-11-20T20:55:55",
"db": "PACKETSTORM",
"id": "155416"
},
{
"date": "2019-09-12T14:32:51",
"db": "PACKETSTORM",
"id": "154471"
},
{
"date": "2019-08-13T21:15:12.223000",
"db": "NVD",
"id": "CVE-2019-9511"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-11-19T00:00:00",
"db": "CERT/CC",
"id": "VU#605641"
},
{
"date": "2020-10-22T00:00:00",
"db": "VULHUB",
"id": "VHN-160946"
},
{
"date": "2024-11-21T04:51:45.930000",
"db": "NVD",
"id": "CVE-2019-9511"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "178284"
},
{
"db": "PACKETSTORM",
"id": "180394"
}
],
"trust": 0.2
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "HTTP/2 implementations do not robustly handle abnormal traffic and resource exhaustion",
"sources": [
{
"db": "CERT/CC",
"id": "VU#605641"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code execution, sql injection",
"sources": [
{
"db": "PACKETSTORM",
"id": "180394"
}
],
"trust": 0.1
}
}
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.