1. Home
  2. Vulnerabilities
  3. CVE-2019-9516

CVE-2019-9516

CVSS v3.1 6.5 (Medium)
65% Progress
CVSS v2.0 6.8 (Medium)
68% Progress
EPSS 0.70 % (81th)
0.70% Progress
Affected Products 22
Advisories 38
Info CVSS EPSS CAPEC Affected Configurations References Security Advisories Packages & Software OVAL Tools, Exploits & PoC Graph Web & Social Timeline

Some HTTP/2 implementations are vulnerable to a header leak, potentially leading to a denial of service. The attacker sends a stream of headers with a 0-length header name and 0-length header value, optionally Huffman encoded into 1-byte or greater headers. Some implementations allocate memory for these headers and keep the allocation alive until the session dies. This can consume excess memory.

Weaknesses
CWE-400
Uncontrolled Resource Consumption
CWE-770
Allocation of Resources Without Limits or Throttling
CVE Status
PUBLISHED
CNA
CERT/CC
Published Date
2019-08-13 21:15:12
(5 years ago)
Updated Date
2023-11-07 03:13:42
(10 months ago)

Affected Products

Apache

Apple

Canonical

Debian

F5

Fedoraproject

Mcafee

Nodejs

Opensuse

Oracle

Redhat

Synology

Configuration #1

AND
    CPE23 From Up To
OR  
  Apple Swiftnio from 1.0.0 version and 1.4.0 and prior versions cpe:2.3:a:apple:swiftnio >= 1.0.0 <= 1.4.0
OR  
  Running on/with
  Apple Mac Os X from 10.12 version cpe:2.3:o:apple:mac_os_x >= 10.12
OR  
  Running on/with
  Canonical Ubuntu Linux from 14.04 version cpe:2.3:o:canonical:ubuntu_linux >= 14.04

Configuration #2

    CPE23 From Up To
  Apache Traffic Server from 6.0.0 version and 6.2.3 and prior versions cpe:2.3:a:apache:traffic_server >= 6.0.0 <= 6.2.3
  Apache Traffic Server from 7.0.0 version and 7.1.6 and prior versions cpe:2.3:a:apache:traffic_server >= 7.0.0 <= 7.1.6
  Apache Traffic Server from 8.0.0 version and 8.0.3 and prior versions cpe:2.3:a:apache:traffic_server >= 8.0.0 <= 8.0.3

Configuration #3

    CPE23 From Up To
  Canonical Ubuntu Linux 16.04 cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts
  Canonical Ubuntu Linux 18.04 cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts
  Canonical Ubuntu Linux 19.04 cpe:2.3:o:canonical:ubuntu_linux:19.04

Configuration #4

    CPE23 From Up To
  Debian Linux 9.0 cpe:2.3:o:debian:debian_linux:9.0
  Debian Linux 10.0 cpe:2.3:o:debian:debian_linux:10.0
  Fedoraproject Fedora 30 cpe:2.3:o:fedoraproject:fedora:30

Configuration #5

    CPE23 From Up To
  Synology Diskstation Manager 6.2 cpe:2.3:a:synology:diskstation_manager:6.2
  Synology Skynas cpe:2.3:a:synology:skynas:-

Configuration #6

AND
    CPE23 From Up To
OR  
  Synology Vs960hd Firmware cpe:2.3:o:synology:vs960hd_firmware:-
OR  
  Running on/with
  Synology Vs960hd cpe:2.3:h:synology:vs960hd:-

Configuration #7

    CPE23 From Up To
  Debian Linux 9.0 cpe:2.3:o:debian:debian_linux:9.0
  Debian Linux 10.0 cpe:2.3:o:debian:debian_linux:10.0

Configuration #8

    CPE23 From Up To
  Fedoraproject Fedora 29 cpe:2.3:o:fedoraproject:fedora:29
  Fedoraproject Fedora 30 cpe:2.3:o:fedoraproject:fedora:30
  Fedoraproject Fedora 32 cpe:2.3:o:fedoraproject:fedora:32

Configuration #9

    CPE23 From Up To
  Opensuse Leap 15.0 cpe:2.3:o:opensuse:leap:15.0
  Opensuse Leap 15.1 cpe:2.3:o:opensuse:leap:15.1

Configuration #10

    CPE23 From Up To
  Redhat Jboss Core Services 1.0 cpe:2.3:a:redhat:jboss_core_services:1.0
  Redhat Jboss Enterprise Application Platform 7.2.0 cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.2.0
  Redhat Jboss Enterprise Application Platform 7.3.0 cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.3.0
  Redhat Openshift Service Mesh 1.0 cpe:2.3:a:redhat:openshift_service_mesh:1.0
  Redhat Quay 3.0.0 cpe:2.3:a:redhat:quay:3.0.0
  Redhat Software Collections 1.0 cpe:2.3:a:redhat:software_collections:1.0
  Redhat Enterprise Linux 8.0 cpe:2.3:o:redhat:enterprise_linux:8.0

Configuration #11

    CPE23 From Up To
  Oracle Graalvm 19.2.0 cpe:2.3:a:oracle:graalvm:19.2.0:*:*:*:enterprise

Configuration #12

    CPE23 From Up To
  Mcafee Web Gateway from 7.7.2.0 version and prior 7.7.2.24 version cpe:2.3:a:mcafee:web_gateway >= 7.7.2.0 < 7.7.2.24
  Mcafee Web Gateway from 7.8.2.0 version and prior 7.8.2.13 version cpe:2.3:a:mcafee:web_gateway >= 7.8.2.0 < 7.8.2.13
  Mcafee Web Gateway from 8.1.0 version and prior 8.2.0 version cpe:2.3:a:mcafee:web_gateway >= 8.1.0 < 8.2.0

Configuration #13

    CPE23 From Up To
  F5 Nginx from 1.9.5 version and prior 1.16.1 version cpe:2.3:a:f5:nginx >= 1.9.5 < 1.16.1
  F5 Nginx from 1.17.0 version and 1.17.2 and prior versions cpe:2.3:a:f5:nginx >= 1.17.0 <= 1.17.2

Configuration #14

    CPE23 From Up To
  Nodejs Node.js from 8.0.0 version and prior 8.16.1 version cpe:2.3:a:nodejs:node.js::*:*:*:lts >= 8.0.0 < 8.16.1
  Nodejs Node.js from 10.0.0 version and prior 10.16.3 version cpe:2.3:a:nodejs:node.js::*:*:*:lts >= 10.0.0 < 10.16.3
  Nodejs Node.js from 12.0.0 version and prior 12.8.1 version cpe:2.3:a:nodejs:node.js::*:*:*:- >= 12.0.0 < 12.8.1