CVE-2019-9512

HIGH

Description

Some HTTP/2 implementations are vulnerable to ping floods, potentially leading to a denial of service. The attacker sends continual pings to an HTTP/2 peer, causing the peer to build an internal queue of responses. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both.

ID	Name	Product	Family	Severity
143594	Debian DLA-2485-1 : golang-golang-x-net-dev security update (Ping Flood) (Reset Flood)	Nessus	Debian Local Security Checks	high
138340	Arista Networks CloudVision Portal Multiple Vulnerabilities (SA0043)	Nessus	Misc.	high
135883	FreeBSD : py-twisted -- multiple vulnerabilities (9fbaefb3-837e-11ea-b5b4-641c67a117d8) (Ping Flood) (Reset Flood) (Settings Flood)	Nessus	FreeBSD Local Security Checks	high
135030	Kubernetes 1.13.x < 1.13.10 / 1.14.x < 1.14.6 / 1.15.x < 1.15.3 DoS	Nessus	Misc.	high
134758	Ubuntu 16.04 LTS / 18.04 LTS / 19.10 : Twisted vulnerabilities (USN-4308-1) (Ping Flood) (Reset Flood) (Settings Flood)	Nessus	Ubuntu Local Security Checks	high
134419	Arista Networks EOS Multiple Vulnerabilities (SA0043)	Nessus	Misc.	high
133487	RHEL 7 : containernetworking-plugins (RHSA-2020:0406)	Nessus	Red Hat Local Security Checks	high
132767	SUSE SLES12 Security Update : nodejs12 (SUSE-SU-2020:0059-1) (0-Length Headers Leak) (Data Dribble) (Empty Frames Flood) (Internal Data Buffering) (Ping Flood) (Reset Flood) (Resource Loop) (Settings Flood)	Nessus	SuSE Local Security Checks	medium
132668	Oracle Linux 8 : container-tools:1.0 (ELSA-2019-4273) (Ping Flood) (Reset Flood)	Nessus	Oracle Linux Local Security Checks	high
132667	Oracle Linux 8 : container-tools:ol8 (ELSA-2019-4269) (Ping Flood) (Reset Flood)	Nessus	Oracle Linux Local Security Checks	medium
132314	Red Hat JBoss Enterprise Application Platform 7.x < 7.2.5 Multiple Vulnerabilities	Nessus	CGI abuses	medium
132235	RHEL 8 : container-tools:1.0 (RHSA-2019:4273) (Ping Flood) (Reset Flood)	Nessus	Red Hat Local Security Checks	high
132234	RHEL 8 : container-tools:rhel8 (RHSA-2019:4269) (Ping Flood) (Reset Flood)	Nessus	Red Hat Local Security Checks	medium
131529	RHEL 8 : Red Hat Single Sign-On 7.3.5 (RHSA-2019:4042) (Ping Flood) (Reset Flood) (Settings Flood)	Nessus	Red Hat Local Security Checks	medium
131528	RHEL 7 : Red Hat Single Sign-On 7.3.5 (RHSA-2019:4041) (Ping Flood) (Reset Flood) (Settings Flood)	Nessus	Red Hat Local Security Checks	medium
131527	RHEL 6 : Red Hat Single Sign-On 7.3.5 (RHSA-2019:4040) (Ping Flood) (Reset Flood) (Settings Flood)	Nessus	Red Hat Local Security Checks	medium
131524	RHEL 8 : JBoss EAP (RHSA-2019:4020) (Data Dribble) (Ping Flood) (Reset Flood) (Settings Flood)	Nessus	Red Hat Local Security Checks	medium
131523	RHEL 7 : JBoss EAP (RHSA-2019:4019) (Data Dribble) (Ping Flood) (Reset Flood) (Settings Flood)	Nessus	Red Hat Local Security Checks	medium
131522	RHEL 6 : JBoss EAP (RHSA-2019:4018) (Data Dribble) (Ping Flood) (Reset Flood) (Settings Flood)	Nessus	Red Hat Local Security Checks	medium
131154	RHEL 7 : OpenShift Container Platform 3.11 HTTP/2 (RHSA-2019:3906) (Ping Flood) (Reset Flood)	Nessus	Red Hat Local Security Checks	high
130418	RHEL 7 : OpenShift Container Platform 4.1 (RHSA-2019:3265) (Ping Flood) (Reset Flood)	Nessus	Red Hat Local Security Checks	high
130385	RHEL 7 : OpenShift Container Platform 4.2 (RHSA-2019:3245) (Ping Flood) (Reset Flood)	Nessus	Red Hat Local Security Checks	high
130185	RHEL 7 : OpenShift Container Platform 3.9 (RHSA-2019:2769) (Ping Flood) (Reset Flood)	Nessus	Red Hat Local Security Checks	medium
129995	RHEL 7 / 8 : OpenShift Container Platform 4.1.20 golang (RHSA-2019:3131) (Ping Flood) (Reset Flood)	Nessus	Red Hat Local Security Checks	high
129514	Oracle Linux 8 : nodejs:10 (ELSA-2019-2925) (0-Length Headers Leak) (Data Dribble) (Empty Frames Flood) (Internal Data Buffering) (Ping Flood) (Reset Flood) (Resource Loop) (Settings Flood)	Nessus	Oracle Linux Local Security Checks	high
129480	RHEL 8 : nodejs:10 (RHSA-2019:2925) (0-Length Headers Leak) (Data Dribble) (Empty Frames Flood) (Internal Data Buffering) (Ping Flood) (Reset Flood) (Resource Loop) (Settings Flood)	Nessus	Red Hat Local Security Checks	high
129437	EulerOS 2.0 SP8 : golang (EulerOS-SA-2019-2078)	Nessus	Huawei Local Security Checks	high
129318	F5 Networks BIG-IP : HTTP/2 Ping Flood vulnerability (K98053339) (Ping Flood)	Nessus	F5 Networks Local Security Checks	high
129265	RHEL 7 : OpenShift Container Platform 3.11 (RHSA-2019:2817) (Ping Flood) (Reset Flood)	Nessus	Red Hat Local Security Checks	medium
129124	EulerOS 2.0 SP5 : golang (EulerOS-SA-2019-1967)	Nessus	Huawei Local Security Checks	high
129036	Oracle Linux 8 : go-toolset:ol8 (ELSA-2019-2726) (Ping Flood) (Reset Flood)	Nessus	Oracle Linux Local Security Checks	high
128863	openSUSE Security Update : go1.12 (openSUSE-2019-2130) (Ping Flood) (Reset Flood)	Nessus	SuSE Local Security Checks	high
128849	RHEL 7 : OpenShift Container Platform 3.10 (RHSA-2019:2690) (Ping Flood) (Reset Flood)	Nessus	Red Hat Local Security Checks	medium
128669	openSUSE Security Update : nodejs8 (openSUSE-2019-2115) (0-Length Headers Leak) (Data Dribble) (Empty Frames Flood) (Internal Data Buffering) (Ping Flood) (Reset Flood) (Resource Loop) (Settings Flood)	Nessus	SuSE Local Security Checks	high
128668	openSUSE Security Update : nodejs10 (openSUSE-2019-2114) (0-Length Headers Leak) (Data Dribble) (Empty Frames Flood) (Internal Data Buffering) (Ping Flood) (Reset Flood) (Resource Loop) (Settings Flood)	Nessus	SuSE Local Security Checks	high
128666	RHEL 8 : go-toolset:rhel8 (RHSA-2019:2726) (Ping Flood) (Reset Flood)	Nessus	Red Hat Local Security Checks	high
128659	RHEL 7 : go-toolset-1.11 and go-toolset-1.11-golang (RHSA-2019:2682) (Ping Flood) (Reset Flood)	Nessus	Red Hat Local Security Checks	high
128657	RHEL 7 / 8 : Red Hat OpenShift Container Platform 4.1 openshift RPM (RHSA-2019:2661) (Ping Flood) (Reset Flood)	Nessus	Red Hat Local Security Checks	high
128621	Debian DSA-4520-1 : trafficserver - security update (Empty Frames Flood) (Ping Flood) (Reset Flood) (Settings Flood)	Nessus	Debian Local Security Checks	high
128605	openSUSE Security Update : go1.12 (openSUSE-2019-2085) (Ping Flood) (Reset Flood)	Nessus	SuSE Local Security Checks	high
128571	Fedora 29 : golang (2019-65db7ad6c7) (Ping Flood) (Reset Flood)	Nessus	Fedora Local Security Checks	high
128567	Fedora 30 : golang (2019-55d101a740) (Ping Flood) (Reset Flood)	Nessus	Fedora Local Security Checks	high
128541	openSUSE Security Update : go1.11 (openSUSE-2019-2072) (Ping Flood) (Reset Flood)	Nessus	SuSE Local Security Checks	high
128468	SUSE SLES15 Security Update : nodejs8 (SUSE-SU-2019:2260-1) (0-Length Headers Leak) (Data Dribble) (Empty Frames Flood) (Internal Data Buffering) (Ping Flood) (Reset Flood) (Resource Loop) (Settings Flood)	Nessus	SuSE Local Security Checks	high
128467	SUSE SLES15 Security Update : nodejs10 (SUSE-SU-2019:2259-1) (0-Length Headers Leak) (Data Dribble) (Empty Frames Flood) (Internal Data Buffering) (Ping Flood) (Reset Flood) (Resource Loop) (Settings Flood)	Nessus	SuSE Local Security Checks	high
128462	openSUSE Security Update : go1.12 (openSUSE-2019-2056) (Ping Flood) (Reset Flood)	Nessus	SuSE Local Security Checks	high
128411	SUSE SLES12 Security Update : nodejs10 (SUSE-SU-2019:2254-1) (0-Length Headers Leak) (Data Dribble) (Empty Frames Flood) (Internal Data Buffering) (Ping Flood) (Reset Flood) (Resource Loop) (Settings Flood)	Nessus	SuSE Local Security Checks	high
128293	Amazon Linux AMI : golang (ALAS-2019-1270) (Ping Flood) (Reset Flood)	Nessus	Amazon Linux Local Security Checks	high
128286	Amazon Linux 2 : golang (ALAS-2019-1272) (Ping Flood) (Reset Flood)	Nessus	Amazon Linux Local Security Checks	high
128181	Debian DSA-4508-1 : h2o - security update (Ping Flood) (Reset Flood) (Settings Flood)	Nessus	Debian Local Security Checks	high
128147	SUSE SLED15 / SLES15 Security Update : go1.12 (SUSE-SU-2019:2214-1) (Ping Flood) (Reset Flood)	Nessus	SuSE Local Security Checks	high
128146	SUSE SLED15 / SLES15 Security Update : go1.11 (SUSE-SU-2019:2213-1) (Ping Flood) (Reset Flood)	Nessus	SuSE Local Security Checks	high
128142	openSUSE Security Update : go1.12 (openSUSE-2019-2000) (Ping Flood) (Reset Flood)	Nessus	SuSE Local Security Checks	high
128136	FreeBSD : h2o -- multiple HTTP/2 vulnerabilities (73b1e734-c74e-11e9-8052-0028f8d09152) (Ping Flood) (Reset Flood) (Settings Flood)	Nessus	FreeBSD Local Security Checks	high
128135	FreeBSD : h2o -- multiple HTTP/2 vulnerabilities (72a5579e-c765-11e9-8052-0028f8d09152) (Ping Flood) (Reset Flood) (Settings Flood)	Nessus	FreeBSD Local Security Checks	high
128133	Fedora 29 : 1:nodejs (2019-6a2980de56) (0-Length Headers Leak) (Empty Frames Flood) (Internal Data Buffering) (Ping Flood) (Reset Flood) (Resource Loop) (Settings Flood)	Nessus	Fedora Local Security Checks	high
128131	Fedora 30 : 1:nodejs (2019-5a6a7bc12c) (0-Length Headers Leak) (Empty Frames Flood) (Internal Data Buffering) (Ping Flood) (Reset Flood) (Resource Loop) (Settings Flood)	Nessus	Fedora Local Security Checks	high
128043	FreeBSD : Node.js -- multiple vulnerabilities (c97a940b-c392-11e9-bb38-000d3ab229d6) (0-Length Headers Leak) (Data Dribble) (Empty Frames Flood) (Internal Data Buffering) (Ping Flood) (Reset Flood) (Resource Loop) (Settings Flood)	Nessus	FreeBSD Local Security Checks	high
127947	FreeBSD : traefik -- Denial of service in HTTP/2 (41f4baac-bf77-11e9-8d2f-5404a68ad561) (Ping Flood) (Reset Flood)	Nessus	FreeBSD Local Security Checks	high
127930	Debian DSA-4503-1 : golang-1.11 - security update (Ping Flood) (Reset Flood)	Nessus	Debian Local Security Checks	high
127850	KB4512517: Windows 10 Version 1607 and Windows Server 2016 August 2019 Security Update	Nessus	Windows : Microsoft Bulletins	critical
127849	KB4512516: Windows 10 Version 1709 August 2019 Security Update	Nessus	Windows : Microsoft Bulletins	critical
127848	KB4512508: Windows 10 Version 1903 August 2019 Security Update	Nessus	Windows : Microsoft Bulletins	critical
127847	KB4512507: Windows 10 Version 1703 August 2019 Security Update	Nessus	Windows : Microsoft Bulletins	critical
127845	KB4512501: Windows 10 Version 1803 August 2019 Security Update	Nessus	Windows : Microsoft Bulletins	critical
127844	KB4512497: Windows 10 August 2019 Security Update	Nessus	Windows : Microsoft Bulletins	critical
127841	KB4511553: Windows 10 Version 1809 and Windows Server 2019 August 2019 Security Update	Nessus	Windows : Microsoft Bulletins	critical

CVE-2019-9512

Description

References

Details

Risk Information

CVSS v2.0

CVSS v3.0