Unknown
CVE-2019-9515
CVE ID
AttackerKB requires a CVE ID in order to pull vulnerability data and references from the CVE list and the National Vulnerability Database. If available, please supply below:
Add References:
CVE-2019-9515
MITRE ATT&CK
Collection
Command and Control
Credential Access
Defense Evasion
Discovery
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation
Topic Tags
Description
Some HTTP/2 implementations are vulnerable to a settings flood, potentially leading to a denial of service. The attacker sends a stream of SETTINGS frames to the peer. Since the RFC requires that the peer reply with one acknowledgement per SETTINGS frame, an empty SETTINGS frame is almost equivalent in behavior to a ping. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both.
Add Assessment
No one has assessed this topic. Be the first to add your voice to the community.
CVSS V3 Severity and Metrics
General Information
Vendors
- apache,
- apple,
- canonical,
- debian,
- f5,
- fedoraproject,
- mcafee,
- nodejs,
- opensuse,
- oracle,
- redhat,
- synology
Products
- big-ip local traffic manager,
- debian linux 10.0,
- debian linux 9.0,
- diskstation manager 6.2,
- enterprise linux 8.0,
- fedora 29,
- fedora 30,
- graalvm 19.2.0,
- jboss core services 1.0,
- jboss enterprise application platform 7.2.0,
- jboss enterprise application platform 7.3.0,
- leap 15.0,
- leap 15.1,
- node.js,
- openshift container platform 4.1,
- openshift service mesh 1.0,
- openstack 14,
- quay 3.0.0,
- single sign-on 7.3,
- skynas -,
- software collections 1.0,
- swiftnio,
- traffic server,
- ubuntu linux 16.04,
- ubuntu linux 18.04,
- ubuntu linux 19.04,
- vs960hd firmware -,
- web gateway
References
Advisory
Additional Info
Technical Analysis
Report as Emergent Threat Response
Report as Exploited in the Wild
CVE ID
AttackerKB requires a CVE ID in order to pull vulnerability data and references from the CVE list and the National Vulnerability Database. If available, please supply below: