1. Home
  2. Vulnerabilities
  3. CVE-2019-9514

CVE-2019-9514

CVSS v3.1 7.5 (High)
75% Progress
CVSS v2.0 7.8 (High)
78% Progress
EPSS 79.23 % (98th)
79.23% Progress
Affected Products 31
Advisories 53
Info CVSS EPSS CAPEC Affected Configurations References Security Advisories Packages & Software OVAL Tools, Exploits & PoC Graph Web & Social Timeline

Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service. The attacker opens a number of streams and sends an invalid request over each stream that should solicit a stream of RST_STREAM frames from the peer. Depending on how the peer queues the RST_STREAM frames, this can consume excess memory, CPU, or both.

Weaknesses
CWE-400
Uncontrolled Resource Consumption
CWE-770
Allocation of Resources Without Limits or Throttling
Related CVEs
CVE Status
PUBLISHED
CNA
CERT/CC
Published Date
2019-08-13 21:15:12
(5 years ago)
Updated Date
2023-11-07 03:13:42
(10 months ago)

Affected Products

Apache

Apple

Canonical

Debian

F5

Fedoraproject

Mcafee

Netapp

Nodejs

Opensuse

Oracle

Redhat

Synology

Configuration #1

AND
    CPE23 From Up To
OR  
  Apple Swiftnio from 1.0.0 version and 1.4.0 and prior versions cpe:2.3:a:apple:swiftnio >= 1.0.0 <= 1.4.0
OR  
  Running on/with
  Apple Mac Os X from 10.12 version cpe:2.3:o:apple:mac_os_x >= 10.12
OR  
  Running on/with
  Canonical Ubuntu Linux from 14.04 version cpe:2.3:o:canonical:ubuntu_linux >= 14.04

Configuration #2

    CPE23 From Up To
  Apache Traffic Server from 6.0.0 version and 6.2.3 and prior versions cpe:2.3:a:apache:traffic_server >= 6.0.0 <= 6.2.3
  Apache Traffic Server from 7.0.0 version and 7.1.6 and prior versions cpe:2.3:a:apache:traffic_server >= 7.0.0 <= 7.1.6
  Apache Traffic Server from 8.0.0 version and 8.0.3 and prior versions cpe:2.3:a:apache:traffic_server >= 8.0.0 <= 8.0.3

Configuration #3

    CPE23 From Up To
  Debian Linux 10.0 cpe:2.3:o:debian:debian_linux:10.0

Configuration #4

    CPE23 From Up To
  Canonical Ubuntu Linux 16.04 cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts
  Canonical Ubuntu Linux 18.04 cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts
  Canonical Ubuntu Linux 19.04 cpe:2.3:o:canonical:ubuntu_linux:19.04

Configuration #5

    CPE23 From Up To
  Debian Linux 9.0 cpe:2.3:o:debian:debian_linux:9.0
  Debian Linux 10.0 cpe:2.3:o:debian:debian_linux:10.0

Configuration #6

    CPE23 From Up To
  Synology Diskstation Manager 6.2 cpe:2.3:a:synology:diskstation_manager:6.2
  Synology Skynas cpe:2.3:a:synology:skynas:-

Configuration #7

AND
    CPE23 From Up To
OR  
  Synology Vs960hd Firmware cpe:2.3:o:synology:vs960hd_firmware:-
OR  
  Running on/with
  Synology Vs960hd cpe:2.3:h:synology:vs960hd:-

Configuration #8

    CPE23 From Up To
  Fedoraproject Fedora 29 cpe:2.3:o:fedoraproject:fedora:29
  Fedoraproject Fedora 30 cpe:2.3:o:fedoraproject:fedora:30

Configuration #9

    CPE23 From Up To
  Opensuse Leap 15.0 cpe:2.3:o:opensuse:leap:15.0
  Opensuse Leap 15.1 cpe:2.3:o:opensuse:leap:15.1

Configuration #10

    CPE23 From Up To
  Redhat Developer Tools 1.0 cpe:2.3:a:redhat:developer_tools:1.0
  Redhat Jboss Core Services 1.0 cpe:2.3:a:redhat:jboss_core_services:1.0
  Redhat Jboss Enterprise Application Platform 7.2.0 cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.2.0
  Redhat Jboss Enterprise Application Platform 7.3.0 cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.3.0
  Redhat Openshift Container Platform 3.9 cpe:2.3:a:redhat:openshift_container_platform:3.9
  Redhat Openshift Container Platform 3.10 cpe:2.3:a:redhat:openshift_container_platform:3.10
  Redhat Openshift Container Platform 3.11 cpe:2.3:a:redhat:openshift_container_platform:3.11
  Redhat Openshift Container Platform 4.1 cpe:2.3:a:redhat:openshift_container_platform:4.1
  Redhat Openshift Container Platform 4.2 cpe:2.3:a:redhat:openshift_container_platform:4.2
  Redhat Openshift Service Mesh 1.0 cpe:2.3:a:redhat:openshift_service_mesh:1.0
  Redhat Openstack 14 cpe:2.3:a:redhat:openstack:14
  Redhat Quay 3.0.0 cpe:2.3:a:redhat:quay:3.0.0
  Redhat Single Sign-on 7.3 cpe:2.3:a:redhat:single_sign-on:7.3
  Redhat Software Collections 1.0 cpe:2.3:a:redhat:software_collections:1.0
  Redhat Enterprise Linux 8.0 cpe:2.3:o:redhat:enterprise_linux:8.0
  Redhat Enterprise Linux Eus 8.1 cpe:2.3:o:redhat:enterprise_linux_eus:8.1
  Redhat Enterprise Linux Server 7.0 cpe:2.3:o:redhat:enterprise_linux_server:7.0
  Redhat Enterprise Linux Workstation 7.0 cpe:2.3:o:redhat:enterprise_linux_workstation:7.0

Configuration #11

    CPE23 From Up To
  Oracle Graalvm 19.2.0 cpe:2.3:a:oracle:graalvm:19.2.0:*:*:*:enterprise

Configuration #12

    CPE23 From Up To
  Mcafee Web Gateway from 7.7.2.0 version and prior 7.7.2.24 version cpe:2.3:a:mcafee:web_gateway >= 7.7.2.0 < 7.7.2.24
  Mcafee Web Gateway from 7.8.2.0 version and prior 7.8.2.13 version cpe:2.3:a:mcafee:web_gateway >= 7.8.2.0 < 7.8.2.13
  Mcafee Web Gateway from 8.1.0 version and prior 8.2.0 version cpe:2.3:a:mcafee:web_gateway >= 8.1.0 < 8.2.0

Configuration #13

    CPE23 From Up To
  Netapp Cloud Insights cpe:2.3:a:netapp:cloud_insights:-
  Netapp Trident cpe:2.3:a:netapp:trident:-

Configuration #14

    CPE23 From Up To
  F5 Big-ip Local Traffic Manager from 11.6.1 version and prior 11.6.5.1 version cpe:2.3:a:f5:big-ip_local_traffic_manager >= 11.6.1 < 11.6.5.1
  F5 Big-ip Local Traffic Manager from 12.1.0 version and prior 12.1.5.1 version cpe:2.3:a:f5:big-ip_local_traffic_manager >= 12.1.0 < 12.1.5.1
  F5 Big-ip Local Traffic Manager from 13.1.0 version and prior 13.1.3.2 version cpe:2.3:a:f5:big-ip_local_traffic_manager >= 13.1.0 < 13.1.3.2
  F5 Big-ip Local Traffic Manager from 14.0.0 version and prior 14.0.1.1 version cpe:2.3:a:f5:big-ip_local_traffic_manager >= 14.0.0 < 14.0.1.1
  F5 Big-ip Local Traffic Manager from 14.1.0 version and prior 14.1.2.1 version cpe:2.3:a:f5:big-ip_local_traffic_manager >= 14.1.0 < 14.1.2.1
  F5 Big-ip Local Traffic Manager from 15.0.0 version and prior 15.0.1.1 version cpe:2.3:a:f5:big-ip_local_traffic_manager >= 15.0.0 < 15.0.1.1

Configuration #15

    CPE23 From Up To
  Nodejs Node.js from 8.0.0 version and 8.8.1 and prior versions cpe:2.3:a:nodejs:node.js::*:*:*:- >= 8.0.0 <= 8.8.1
  Nodejs Node.js from 8.9.0 version and prior 8.16.1 version cpe:2.3:a:nodejs:node.js::*:*:*:lts >= 8.9.0 < 8.16.1
  Nodejs Node.js from 10.0.0 version and 10.12.0 and prior versions cpe:2.3:a:nodejs:node.js::*:*:*:- >= 10.0.0 <= 10.12.0
  Nodejs Node.js from 10.13.0 version and prior 10.16.3 version cpe:2.3:a:nodejs:node.js::*:*:*:lts >= 10.13.0 < 10.16.3
  Nodejs Node.js from 12.0.0 version and prior 12.8.1 version cpe:2.3:a:nodejs:node.js::*:*:*:- >= 12.0.0 < 12.8.1