CVE-2019-9513

HIGH

Description

Some HTTP/2 implementations are vulnerable to resource loops, potentially leading to a denial of service. The attacker creates multiple request streams and continually shuffles the priority of the streams in a way that causes substantial churn to the priority tree. This can consume excess CPU.

ID	Name	Product	Family	Severity
132767	SUSE SLES12 Security Update : nodejs12 (SUSE-SU-2020:0059-1) (0-Length Headers Leak) (Data Dribble) (Empty Frames Flood) (Internal Data Buffering) (Ping Flood) (Reset Flood) (Resource Loop) (Settings Flood)	Nessus	SuSE Local Security Checks	medium
131216	RHEL 7 : JBoss Core Services (RHSA-2019:3933) (0-Length Headers Leak) (Data Dribble) (Internal Data Buffering) (Resource Loop)	Nessus	Red Hat Local Security Checks	medium
131215	RHEL 6 : JBoss Core Services (RHSA-2019:3932) (0-Length Headers Leak) (Data Dribble) (Internal Data Buffering) (Resource Loop)	Nessus	Red Hat Local Security Checks	medium
129957	RHEL 8 : openshift (RHSA-2019:3041) (Data Dribble) (Resource Loop)	Nessus	Red Hat Local Security Checks	high
129790	Amazon Linux 2 : nghttp2 (ALAS-2019-1298) (Data Dribble) (Resource Loop)	Nessus	Amazon Linux Local Security Checks	high
129675	SUSE SLES15 Security Update : nginx (SUSE-SU-2019:2559-1) (0-Length Headers Leak) (Data Dribble) (Resource Loop)	Nessus	SuSE Local Security Checks	high
129667	openSUSE Security Update : nginx (openSUSE-2019-2264) (0-Length Headers Leak) (Data Dribble) (Resource Loop)	Nessus	SuSE Local Security Checks	high
129569	Amazon Linux AMI : nginx (ALAS-2019-1299) (0-Length Headers Leak) (Data Dribble) (Resource Loop)	Nessus	Amazon Linux Local Security Checks	high
129568	Amazon Linux AMI : nghttp2 (ALAS-2019-1298) (Data Dribble) (Resource Loop)	Nessus	Amazon Linux Local Security Checks	high
129524	openSUSE Security Update : nghttp2 (openSUSE-2019-2234) (Data Dribble) (Resource Loop)	Nessus	SuSE Local Security Checks	high
129522	openSUSE Security Update : nghttp2 (openSUSE-2019-2232) (Data Dribble) (Resource Loop)	Nessus	SuSE Local Security Checks	high
129514	Oracle Linux 8 : nodejs:10 (ELSA-2019-2925) (0-Length Headers Leak) (Data Dribble) (Empty Frames Flood) (Internal Data Buffering) (Ping Flood) (Reset Flood) (Resource Loop) (Settings Flood)	Nessus	Oracle Linux Local Security Checks	high
129480	RHEL 8 : nodejs:10 (RHSA-2019:2925) (0-Length Headers Leak) (Data Dribble) (Empty Frames Flood) (Internal Data Buffering) (Ping Flood) (Reset Flood) (Resource Loop) (Settings Flood)	Nessus	Red Hat Local Security Checks	high
129443	EulerOS 2.0 SP8 : nginx (EulerOS-SA-2019-2084)	Nessus	Huawei Local Security Checks	high
129401	SUSE SLED15 / SLES15 Security Update : nghttp2 (SUSE-SU-2019:2473-1) (Data Dribble) (Resource Loop)	Nessus	SuSE Local Security Checks	high
129089	RHEL 8 : nginx:1.14 (RHSA-2019:2799) (0-Length Headers Leak) (Data Dribble) (Resource Loop)	Nessus	Red Hat Local Security Checks	high
129087	Oracle Linux 8 : nginx:1.14 (ELSA-2019-2799) (0-Length Headers Leak) (Data Dribble) (Resource Loop)	Nessus	Oracle Linux Local Security Checks	high
128671	openSUSE Security Update : nginx (openSUSE-2019-2120) (0-Length Headers Leak) (Data Dribble) (Resource Loop)	Nessus	SuSE Local Security Checks	medium
128669	openSUSE Security Update : nodejs8 (openSUSE-2019-2115) (0-Length Headers Leak) (Data Dribble) (Empty Frames Flood) (Internal Data Buffering) (Ping Flood) (Reset Flood) (Resource Loop) (Settings Flood)	Nessus	SuSE Local Security Checks	high
128668	openSUSE Security Update : nodejs10 (openSUSE-2019-2114) (0-Length Headers Leak) (Data Dribble) (Empty Frames Flood) (Internal Data Buffering) (Ping Flood) (Reset Flood) (Resource Loop) (Settings Flood)	Nessus	SuSE Local Security Checks	high
128655	Oracle Linux 8 : nghttp2 (ELSA-2019-2692) (Data Dribble) (Resource Loop)	Nessus	Oracle Linux Local Security Checks	high
128627	RHEL 8 : nghttp2 (RHSA-2019:2692) (Data Dribble) (Resource Loop)	Nessus	Red Hat Local Security Checks	high
128544	SUSE SLES15 Security Update : nginx (SUSE-SU-2019:2309-1) (0-Length Headers Leak) (Data Dribble) (Resource Loop)	Nessus	SuSE Local Security Checks	medium
128482	Fedora 29 : 1:nginx (2019-7a0b45fdc4) (0-Length Headers Leak) (Data Dribble) (Resource Loop)	Nessus	Fedora Local Security Checks	high
128468	SUSE SLES15 Security Update : nodejs8 (SUSE-SU-2019:2260-1) (0-Length Headers Leak) (Data Dribble) (Empty Frames Flood) (Internal Data Buffering) (Ping Flood) (Reset Flood) (Resource Loop) (Settings Flood)	Nessus	SuSE Local Security Checks	high
128467	SUSE SLES15 Security Update : nodejs10 (SUSE-SU-2019:2259-1) (0-Length Headers Leak) (Data Dribble) (Empty Frames Flood) (Internal Data Buffering) (Ping Flood) (Reset Flood) (Resource Loop) (Settings Flood)	Nessus	SuSE Local Security Checks	high
128429	Debian DSA-4511-1 : nghttp2 - security update (Data Dribble) (Resource Loop)	Nessus	Debian Local Security Checks	high
128411	SUSE SLES12 Security Update : nodejs10 (SUSE-SU-2019:2254-1) (0-Length Headers Leak) (Data Dribble) (Empty Frames Flood) (Internal Data Buffering) (Ping Flood) (Reset Flood) (Resource Loop) (Settings Flood)	Nessus	SuSE Local Security Checks	high
128297	Fedora 29 : nghttp2 (2019-8a437d5c2f) (Data Dribble) (Resource Loop)	Nessus	Fedora Local Security Checks	high
128133	Fedora 29 : 1:nodejs (2019-6a2980de56) (0-Length Headers Leak) (Empty Frames Flood) (Internal Data Buffering) (Ping Flood) (Reset Flood) (Resource Loop) (Settings Flood)	Nessus	Fedora Local Security Checks	high
128131	Fedora 30 : 1:nodejs (2019-5a6a7bc12c) (0-Length Headers Leak) (Empty Frames Flood) (Internal Data Buffering) (Ping Flood) (Reset Flood) (Resource Loop) (Settings Flood)	Nessus	Fedora Local Security Checks	high
128085	Fedora 30 : nghttp2 (2019-81985a8858) (Data Dribble) (Resource Loop)	Nessus	Fedora Local Security Checks	high
128083	Debian DSA-4505-1 : nginx - security update (0-Length Headers Leak) (Data Dribble) (Resource Loop)	Nessus	Debian Local Security Checks	high
128067	Fedora 30 : 1:nginx (2019-befd924cfe) (0-Length Headers Leak) (Data Dribble) (Resource Loop)	Nessus	Fedora Local Security Checks	high
128043	FreeBSD : Node.js -- multiple vulnerabilities (c97a940b-c392-11e9-bb38-000d3ab229d6) (0-Length Headers Leak) (Data Dribble) (Empty Frames Flood) (Internal Data Buffering) (Ping Flood) (Reset Flood) (Resource Loop) (Settings Flood)	Nessus	FreeBSD Local Security Checks	high
128024	Ubuntu 16.04 LTS / 18.04 LTS / 19.04 : nginx vulnerabilities (USN-4099-1) (0-Length Headers Leak) (Data Dribble) (Resource Loop)	Nessus	Ubuntu Local Security Checks	high
127950	FreeBSD : NGINX -- Multiple vulnerabilities (87679fcb-be60-11e9-9051-4c72b94353b5) (0-Length Headers Leak) (Data Dribble) (Resource Loop)	Nessus	FreeBSD Local Security Checks	high
127945	FreeBSD : nghttp2 -- multiple vulnerabilities (121fec01-c042-11e9-a73f-b36f5969f162) (Data Dribble) (Resource Loop)	Nessus	FreeBSD Local Security Checks	high
98668	nginx 1.9.5 < 1.16.1 Multiple Vulnerabilties	Web Application Scanning	Component Vulnerability	high
98667	nginx 1.17.x < 1.17.3 Multiple Vulnerabilties	Web Application Scanning	Component Vulnerability	high
127907	nginx 1.9.5 < 1.16.1 / 1.17.x < 1.17.3 Multiple Vulnerabilties	Nessus	Web Servers	high
701146	nginx < 1.16.1 (stable) / 1.17.3 (mainline) Multiple DoS	Nessus Network Monitor	Web Servers	high
127850	KB4512517: Windows 10 Version 1607 and Windows Server 2016 August 2019 Security Update	Nessus	Windows : Microsoft Bulletins	critical
127849	KB4512516: Windows 10 Version 1709 August 2019 Security Update	Nessus	Windows : Microsoft Bulletins	critical
127848	KB4512508: Windows 10 Version 1903 August 2019 Security Update	Nessus	Windows : Microsoft Bulletins	critical
127847	KB4512507: Windows 10 Version 1703 August 2019 Security Update	Nessus	Windows : Microsoft Bulletins	critical
127845	KB4512501: Windows 10 Version 1803 August 2019 Security Update	Nessus	Windows : Microsoft Bulletins	critical
127844	KB4512497: Windows 10 August 2019 Security Update	Nessus	Windows : Microsoft Bulletins	critical
127841	KB4511553: Windows 10 Version 1809 and Windows Server 2019 August 2019 Security Update	Nessus	Windows : Microsoft Bulletins	critical

CVE-2019-9513

Description

References

Details

Risk Information

CVSS v2.0

CVSS v3.0