Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    41 vulnerabilities by grpc

    CVE-2026-33186 (GCVE-0-2026-33186)

    Vulnerability from nvd – Published: 2026-03-20 22:23 – Updated: 2026-07-02 12:04
    VLAI
    Title
    gRPC-Go has an authorization bypass via missing leading slash in :path
    Summary
    gRPC-Go is the Go language implementation of gRPC. Versions prior to 1.79.3 have an authorization bypass resulting from improper input validation of the HTTP/2 `:path` pseudo-header. The gRPC-Go server was too lenient in its routing logic, accepting requests where the `:path` omitted the mandatory leading slash (e.g., `Service/Method` instead of `/Service/Method`). While the server successfully routed these requests to the correct handler, authorization interceptors (including the official `grpc/authz` package) evaluated the raw, non-canonical path string. Consequently, "deny" rules defined using canonical paths (starting with `/`) failed to match the incoming request, allowing it to bypass the policy if a fallback "allow" rule was present. This affects gRPC-Go servers that use path-based authorization interceptors, such as the official RBAC implementation in `google.golang.org/grpc/authz` or custom interceptors relying on `info.FullMethod` or `grpc.Method(ctx)`; AND that have a security policy contains specific "deny" rules for canonical paths but allows other requests by default (a fallback "allow" rule). The vulnerability is exploitable by an attacker who can send raw HTTP/2 frames with malformed `:path` headers directly to the gRPC server. The fix in version 1.79.3 ensures that any request with a `:path` that does not start with a leading slash is immediately rejected with a `codes.Unimplemented` error, preventing it from reaching authorization interceptors or handlers with a non-canonical path string. While upgrading is the most secure and recommended path, users can mitigate the vulnerability using one of the following methods: Use a validating interceptor (recommended mitigation); infrastructure-level normalization; and/or policy hardening.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-285 - Improper Authorization
    • CWE-551 - Incorrect Behavior Order: Authorization Before Parsing and Canonicalization
    Assigner
    References
    URL Tags
    https://github.com/grpc/grpc-go/security/advisori… x_refsource_CONFIRM
    https://access.redhat.com/security/cve/CVE-2026-33186 vdb-entryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=2449833 issue-trackingx_refsource_REDHAT
    https://security.access.redhat.com/data/csaf/v2/v… x_sadp-csaf-vex
    https://access.redhat.com/errata/RHSA-2026:29079 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:26997 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:27076 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:17789 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:28047 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:20436 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:18068 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:20322 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:26999 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:19719 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:27856 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:22937 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:19135 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:22450 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:10107 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:19721 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:19720 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:27712 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:10705 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:10706 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:23228 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:19353 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:22714 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:19207 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:9872 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:34364 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:22423 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:22347 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:21769 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:23345 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:6428 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:29854 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:26568 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:8433 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:22645 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:25127 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:13548 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:8151 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:11408 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:11803 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:13829 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:7110 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:11070 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:7128 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:13791 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:27893 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:27901 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:27957 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:27892 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:6174 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:6802 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:22485 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:24977 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:10698 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:19712 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:10155 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:10158 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:21696 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:21697 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:12283 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:21691 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:21692 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:28893 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:25009 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:15092 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:23234 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:28964 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:23235 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:14775 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:25045 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:29082 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:20088 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:20089 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:10105 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:17598 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:17599 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:21657 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:25182 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:21658 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:27001 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:17448 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:25183 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:12119 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:12118 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:8449 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:23246 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:20041 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:20042 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:27004 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:23247 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:25201 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:10093 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:10094 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:21703 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:27063 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:17468 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:24535 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:21704 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:25195 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:25194 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:6564 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:24759 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:17474 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:21709 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:24506 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:20034 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:20035 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:25187 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:7245 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:23241 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:17475 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:21710 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:22800 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:10175 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:20946 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:20943 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:26519 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:24484 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:21932 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:21931 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:8483 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:9440 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:8484 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:9448 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:8490 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:9453 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:8491 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:8493 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:9388 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:9385 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:26416 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:26420 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:26413 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:12279 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:26412 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:12277 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:11916 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:11856 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:21017 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:24853 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:19375 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:22465 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:11996 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:10131 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:10125 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:10130 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:10126 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:10172 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:10153 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:8338 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:22959 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:22961 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:24536 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:19099 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:12116 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:12337 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:19108 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:17459 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:17123 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:22689 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:18585 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:19109 vendor-advisoryx_refsource_REDHAT
    Impacted products
    Vendor Product Version
    grpc grpc-go Affected: < 1.79.3
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.16     cpe:/a:redhat:openshift:4.16::el8
        cpe:/a:redhat:openshift:4.16::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.18     cpe:/a:redhat:openshift:4.18::el8
        cpe:/a:redhat:openshift:4.18::el9
    Create a notification for this product.
    Red Hat Red Hat Satellite 6.16 for RHEL 8     cpe:/a:redhat:satellite:6.16::el8
        cpe:/a:redhat:satellite_capsule:6.16::el8
        cpe:/a:redhat:satellite_maintenance:6.16::el8
        cpe:/a:redhat:satellite_utils:6.16::el8
    Create a notification for this product.
    Red Hat Cryostat 4 on RHEL 9     cpe:/a:redhat:cryostat:4::el9
    Create a notification for this product.
    Red Hat Red Hat OpenStack Platform 17.1     cpe:/a:redhat:openstack:17.1
        cpe:/a:redhat:openstack:17.1::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.19     cpe:/a:redhat:openshift:4.19::el9
    Create a notification for this product.
    Red Hat Red Hat Satellite 6.16 for RHEL 9     cpe:/a:redhat:satellite:6.16::el9
        cpe:/a:redhat:satellite_capsule:6.16::el9
        cpe:/a:redhat:satellite_maintenance:6.16::el9
        cpe:/a:redhat:satellite_utils:6.16::el9
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream EUS (v. 10.0)     cpe:/o:redhat:enterprise_linux_eus:10.0
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream (v. 10)     cpe:/o:redhat:enterprise_linux:10.2
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream (v. 8)     cpe:/a:redhat:enterprise_linux:8::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream EUS (v.9.4)     cpe:/a:redhat:rhel_eus:9.4::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream EUS (v.9.6)     cpe:/a:redhat:rhel_eus:9.6::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream (v. 9)     cpe:/a:redhat:enterprise_linux:9::appstream
    Create a notification for this product.
    Red Hat Red Hat CodeReady Linux Builder EUS (v.9.6)     cpe:/a:redhat:rhel_eus:9.6::crb
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)     cpe:/a:redhat:enterprise_linux:9::crb
    Create a notification for this product.
    Red Hat DevWorkspace Operator 0.4     cpe:/a:redhat:devworkspace:0.40::el9
    Create a notification for this product.
    Red Hat Logging Subsystem for Red Hat OpenShift 6.4     cpe:/a:redhat:logging:6.4::el9
    Create a notification for this product.
    Red Hat Multicluster Global Hub 1.3.4     cpe:/a:redhat:multicluster_globalhub:1.3::el9
    Create a notification for this product.
    Red Hat Multicluster Global Hub 1.4.5     cpe:/a:redhat:multicluster_globalhub:1.4::el9
    Create a notification for this product.
    Red Hat Multicluster Global Hub 1.5.4     cpe:/a:redhat:multicluster_globalhub:1.5::el9
    Create a notification for this product.
    Red Hat Multicluster Global Hub 1.6.2     cpe:/a:redhat:multicluster_globalhub:1.6::el9
    Create a notification for this product.
    Red Hat Network Observability (NETOBSERV) 1.11.2     cpe:/a:redhat:network_observ_optr:1.11::el9
    Create a notification for this product.
    Red Hat OpenShift API for Data Protection 1.4     cpe:/a:redhat:openshift_api_data_protection:1.4::el9
    Create a notification for this product.
    Red Hat OpenShift API for Data Protection 1.5     cpe:/a:redhat:openshift_api_data_protection:1.5::el9
    Create a notification for this product.
    Red Hat OpenShift Compliance Operator 1     cpe:/a:redhat:openshift_compliance_operator:1::el9
    Create a notification for this product.
    Red Hat Red Hat Advanced Cluster Management for Kubernetes 2.13     cpe:/a:redhat:acm:2.13::el9
    Create a notification for this product.
    Red Hat Red Hat Advanced Cluster Management for Kubernetes 2.14     cpe:/a:redhat:acm:2.14::el9
    Create a notification for this product.
    Red Hat Red Hat Advanced Cluster Management for Kubernetes 2.15     cpe:/a:redhat:acm:2.15::el9
    Create a notification for this product.
    Red Hat Red Hat Advanced Cluster Management for Kubernetes 2.16     cpe:/a:redhat:acm:2.16::el9
    Create a notification for this product.
    Red Hat Red Hat Advanced Cluster Security for Kubernetes 4.10     cpe:/a:redhat:advanced_cluster_security:4.10::el8
    Create a notification for this product.
    Red Hat Red Hat Advanced Cluster Security for Kubernetes 4.8     cpe:/a:redhat:advanced_cluster_security:4.8::el8
    Create a notification for this product.
    Red Hat Red Hat Advanced Cluster Security for Kubernetes 4.9     cpe:/a:redhat:advanced_cluster_security:4.9::el8
    Create a notification for this product.
    Red Hat Red Hat Container Native Virtualization 4.18     cpe:/a:redhat:container_native_virtualization:4.18::el9
    Create a notification for this product.
    Red Hat Red Hat Container Native Virtualization 4.19     cpe:/a:redhat:container_native_virtualization:4.19::el9
    Create a notification for this product.
    Red Hat Red Hat Container Native Virtualization 4.20     cpe:/a:redhat:container_native_virtualization:4.20::el9
    Create a notification for this product.
    Red Hat Red Hat Container Native Virtualization 4.21     cpe:/a:redhat:container_native_virtualization:4.21::el9
    Create a notification for this product.
    Red Hat Red Hat Developer Hub 1.8     cpe:/a:redhat:rhdh:1.8::el9
    Create a notification for this product.
    Red Hat Red Hat Developer Hub 1.9     cpe:/a:redhat:rhdh:1.9::el9
    Create a notification for this product.
    Red Hat Red Hat Lightspeed (formerly Insights) for Runtimes 1     cpe:/a:redhat:lightspeed_for_runtimes:1.0::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift AI 2.25     cpe:/a:redhat:openshift_ai:2.25::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift AI 3.3     cpe:/a:redhat:openshift_ai:3.3::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Builds 1.6.5     cpe:/a:redhat:openshift_builds:1.6::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Builds 1.7.3     cpe:/a:redhat:openshift_builds:1.7::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.12     cpe:/a:redhat:openshift:4.12::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.13     cpe:/a:redhat:openshift:4.13::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.14     cpe:/a:redhat:openshift:4.14::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.15     cpe:/a:redhat:openshift:4.15::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.17     cpe:/a:redhat:openshift:4.17::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.20     cpe:/a:redhat:openshift:4.20::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.21     cpe:/a:redhat:openshift:4.21::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Dev Spaces 3.27     cpe:/a:redhat:openshift_devspaces:3.27::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift GitOps 1.18     cpe:/a:redhat:openshift_gitops:1.18::el8
    Create a notification for this product.
    Red Hat Red Hat OpenShift GitOps 1.19     cpe:/a:redhat:openshift_gitops:1.19::el8
    Create a notification for this product.
    Red Hat Red Hat OpenShift Pipelines 1.21     cpe:/a:redhat:openshift_pipelines:1.21::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Pipelines 1.2     cpe:/a:redhat:openshift_pipelines:1.20::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Service Mesh 2.6     cpe:/a:redhat:service_mesh:2.6::el8
    Create a notification for this product.
    Red Hat Red Hat OpenShift Service Mesh 3.0     cpe:/a:redhat:service_mesh:3.0::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Service Mesh 3.1     cpe:/a:redhat:service_mesh:3.1::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Service Mesh 3.2     cpe:/a:redhat:service_mesh:3.2::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Service Mesh 3.3     cpe:/a:redhat:service_mesh:3.3::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift distributed tracing 3.9.3     cpe:/a:redhat:openshift_distributed_tracing:3.9::el9
    Create a notification for this product.
    Red Hat Red Hat Openshift Data Foundation 4.16     cpe:/a:redhat:openshift_data_foundation:4.16::el9
    Create a notification for this product.
    Red Hat Red Hat Openshift Data Foundation 4.18     cpe:/a:redhat:openshift_data_foundation:4.18::el9
    Create a notification for this product.
    Red Hat Red Hat Openshift Data Foundation 4.19     cpe:/a:redhat:openshift_data_foundation:4.19::el9
    Create a notification for this product.
    Red Hat Red Hat Openshift Data Foundation 4.2     cpe:/a:redhat:openshift_data_foundation:4.20::el9
    Create a notification for this product.
    Red Hat Red Hat Quay 3.10     cpe:/a:redhat:quay:3.10::el8
    Create a notification for this product.
    Red Hat Red Hat Quay 3.12     cpe:/a:redhat:quay:3.12::el8
    Create a notification for this product.
    Red Hat Red Hat Quay 3.14     cpe:/a:redhat:quay:3.14::el8
    Create a notification for this product.
    Red Hat Red Hat Quay 3.15     cpe:/a:redhat:quay:3.15::el8
    Create a notification for this product.
    Red Hat Red Hat Quay 3.16     cpe:/a:redhat:quay:3.16::el9
    Create a notification for this product.
    Red Hat Red Hat Quay 3.17     cpe:/a:redhat:quay:3.17::el9
    Create a notification for this product.
    Red Hat Red Hat Quay 3.9     cpe:/a:redhat:quay:3.9::el8
    Create a notification for this product.
    Red Hat Red Hat Trusted Artifact Signer 1.3     cpe:/a:redhat:trusted_artifact_signer:1.3::el9
    Create a notification for this product.
    Red Hat Red Hat Web Terminal 1.13     cpe:/a:redhat:webterminal:1.13::el9
    Create a notification for this product.
    Red Hat Red Hat Web Terminal 1.14     cpe:/a:redhat:webterminal:1.14::el9
    Create a notification for this product.
    Red Hat Red Hat Web Terminal 1.15     cpe:/a:redhat:webterminal:1.15::el9
    Create a notification for this product.
    Red Hat multicluster engine for Kubernetes 2.10     cpe:/a:redhat:multicluster_engine:2.10::el9
    Create a notification for this product.
    Red Hat multicluster engine for Kubernetes 2.11     cpe:/a:redhat:multicluster_engine:2.11::el9
    Create a notification for this product.
    Red Hat multicluster engine for Kubernetes 2.6     cpe:/a:redhat:multicluster_engine:2.6::el8
    Create a notification for this product.
    Red Hat multicluster engine for Kubernetes 2.8     cpe:/a:redhat:multicluster_engine:2.8::el9
    Create a notification for this product.
    Red Hat multicluster engine for Kubernetes 2.9     cpe:/a:redhat:multicluster_engine:2.9::el9
    Create a notification for this product.
    Red Hat Assisted Installer for Red Hat OpenShift Container Platform 2     cpe:/a:redhat:assisted_installer:2
    Create a notification for this product.
    Red Hat cert-manager Operator for Red Hat OpenShift     cpe:/a:redhat:cert_manager:1
    Create a notification for this product.
    Red Hat Cryostat 4     cpe:/a:redhat:cryostat:4
    Create a notification for this product.
    Red Hat Deployment Validation Operator     cpe:/a:redhat:deployment_validator_operator
    Create a notification for this product.
    Red Hat Dynamic Accelerator Slicer Operator for Red Hat OpenShift     cpe:/a:redhat:dynamic_accelerator_slicer:1
    Create a notification for this product.
    Red Hat ExternalDNS Operator     cpe:/a:redhat:ext_dns_optr:1
    Create a notification for this product.
    Red Hat File Integrity Operator     cpe:/a:redhat:openshift_file_integrity_operator:1
    Create a notification for this product.
    Red Hat Gatekeeper 3     cpe:/a:redhat:gatekeeper:3
    Create a notification for this product.
    Red Hat Job Set Tech Preview     cpe:/a:redhat:job_set:0
    Create a notification for this product.
    Red Hat Kernel Module Management Operator for Red Hat Openshift     cpe:/a:redhat:kernel_module_management:2
    Create a notification for this product.
    Red Hat Kube Descheduler Operator     cpe:/a:redhat:kube_descheduler_operator:4
    Create a notification for this product.
    Red Hat Leader Worker Set     cpe:/a:redhat:leader_worker_set:1
    Create a notification for this product.
    Red Hat Logging Subsystem for Red Hat OpenShift     cpe:/a:redhat:logging:5
    Create a notification for this product.
    Red Hat Logical Volume Manager Storage     cpe:/a:redhat:lvms:4
    Create a notification for this product.
    Red Hat Migration Toolkit for Containers     cpe:/a:redhat:rhmt:1
    Create a notification for this product.
    Red Hat Migration Toolkit for Virtualization     cpe:/a:redhat:migration_toolkit_virtualization:2
    Create a notification for this product.
    Red Hat Multicluster Engine for Kubernetes     cpe:/a:redhat:multicluster_engine
    Create a notification for this product.
    Red Hat Multicluster Global Hub     cpe:/a:redhat:multicluster_globalhub
    Create a notification for this product.
    Red Hat OpenShift API for Data Protection     cpe:/a:redhat:openshift_api_data_protection:1
    Create a notification for this product.
    Red Hat OpenShift Developer Tools and Services     cpe:/a:redhat:ocp_tools
    Create a notification for this product.
    Red Hat OpenShift Lightspeed     cpe:/a:redhat:openshift_lightspeed
    Create a notification for this product.
    Red Hat OpenShift Pipelines     cpe:/a:redhat:openshift_pipelines:1
    Create a notification for this product.
    Red Hat OpenShift Run Once Duration Override Operator     cpe:/a:redhat:run_once_duration_override_operator:1
    Create a notification for this product.
    Red Hat OpenShift Secondary Scheduler Operator     cpe:/a:redhat:openshift_secondary_scheduler:1
    Create a notification for this product.
    Red Hat OpenShift Serverless     cpe:/a:redhat:serverless:1
    Create a notification for this product.
    Red Hat OpenShift Service Mesh 2     cpe:/a:redhat:service_mesh:2
    Create a notification for this product.
    Red Hat Red Hat Advanced Cluster Management for Kubernetes 2     cpe:/a:redhat:acm:2
    Create a notification for this product.
    Red Hat Red Hat AI Inference Server     cpe:/a:redhat:ai_inference_server:3
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2     cpe:/a:redhat:ansible_automation_platform:2
    Create a notification for this product.
    Red Hat Red Hat Build of Podman Desktop     cpe:/a:redhat:podman_desktop:1
    Create a notification for this product.
    Red Hat Red Hat Build of Podman Desktop - Tech Preview     cpe:/a:redhat:podman_desktop:0
    Create a notification for this product.
    Red Hat Red Hat Certification Program for Red Hat Enterprise Linux 9     cpe:/a:redhat:certifications:9
    Create a notification for this product.
    Red Hat Red Hat Connectivity Link 1     cpe:/a:redhat:connectivity_link:1
    Create a notification for this product.
    Red Hat Red Hat Edge Manager 1     cpe:/a:redhat:edge_manager:1
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 10     cpe:/o:redhat:enterprise_linux:10
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 7     cpe:/o:redhat:enterprise_linux:7
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8     cpe:/o:redhat:enterprise_linux:8
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9     cpe:/o:redhat:enterprise_linux:9
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AI (RHEL AI) 3     cpe:/a:redhat:enterprise_linux_ai:3
    Create a notification for this product.
    Red Hat Red Hat OpenShift AI (RHOAI)     cpe:/a:redhat:openshift_ai
    Create a notification for this product.
    Red Hat Red Hat OpenShift Cluster Manager CLI     cpe:/a:redhat:openshift_cluster_manager_cli:1
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4     cpe:/a:redhat:openshift:4
    Create a notification for this product.
    Red Hat Red Hat Openshift Data Foundation 4     cpe:/a:redhat:openshift_data_foundation:4
    Create a notification for this product.
    Red Hat Red Hat OpenShift GitOps     cpe:/a:redhat:openshift_gitops:1
    Create a notification for this product.
    Red Hat Red Hat OpenShift Virtualization 4     cpe:/a:redhat:container_native_virtualization:4
    Create a notification for this product.
    Red Hat Red Hat OpenStack Platform 16.2     cpe:/a:redhat:openstack:16.2
    Create a notification for this product.
    Red Hat Red Hat Quay 3     cpe:/a:redhat:quay:3
    Create a notification for this product.
    Red Hat Red Hat Satellite 6     cpe:/a:redhat:satellite:6
    Create a notification for this product.
    Red Hat Red Hat Trusted Artifact Signer     cpe:/a:redhat:trusted_artifact_signer:1
    Create a notification for this product.
    Red Hat Security Profiles Operator     cpe:/a:redhat:openshift_security_profiles_operator:1
    Create a notification for this product.
    Red Hat Self Node Remediation Operator     cpe:/a:redhat:workload_availability_snr:0
    Create a notification for this product.
    Red Hat Storage-Based Remediation     cpe:/a:redhat:workload_availability_sbr:0
    Create a notification for this product.
    Red Hat Zero Trust Workload Identity Manager - Tech Preview     cpe:/a:redhat:zero_trust_workload_identity_manager:0
    Create a notification for this product.
    Red Hat Builds for Red Hat OpenShift     cpe:/a:redhat:openshift_builds:1
    Create a notification for this product.
    Red Hat Confidential Compute Attestation     cpe:/a:redhat:confidential_compute_attestation:1
    Create a notification for this product.
    Red Hat Custom Metric Autoscaler operator for Red Hat Openshift     cpe:/a:redhat:openshift_custom_metrics_autoscaler:2
    Create a notification for this product.
    Red Hat External Secrets Operator for Red Hat OpenShift     cpe:/a:redhat:external_secrets_operator:1
    Create a notification for this product.
    Red Hat Machine Deletion Remediation Operator     cpe:/a:redhat:workload_availability_mdr:0
    Create a notification for this product.
    Red Hat Migration Toolkit for Applications 8     cpe:/a:redhat:migration_toolkit_applications:8
    Create a notification for this product.
    Red Hat OpenShift Service Mesh 3     cpe:/a:redhat:service_mesh:3
    Create a notification for this product.
    Red Hat Power monitoring for Red Hat OpenShift     cpe:/a:redhat:openshift_power_monitoring
    Create a notification for this product.
    Red Hat Red Hat 3scale API Management Platform 2     cpe:/a:redhat:red_hat_3scale_amp:2
    Create a notification for this product.
    Red Hat Red Hat Build of Kueue     cpe:/a:redhat:kueue_operator:1
    Create a notification for this product.
    Red Hat Red Hat OpenShift Dev Workspaces Operator     cpe:/a:redhat:devworkspace
    Create a notification for this product.
    Red Hat Red Hat OpenShift for Windows Containers     cpe:/a:redhat:windows_machine_config
    Create a notification for this product.
    Red Hat Red Hat OpenStack Platform 18.0     cpe:/a:redhat:openstack:18.0
    Create a notification for this product.
    Red Hat Red Hat Service Interconnect 1     cpe:/a:redhat:service_interconnect:1
    Create a notification for this product.
    Red Hat Red Hat Trusted Profile Analyzer     cpe:/a:redhat:trusted_profile_analyzer:2
    Create a notification for this product.
    Red Hat Service Telemetry Framework 1.5     cpe:/a:redhat:stf:1.5
    Create a notification for this product.
    Red Hat Zero Trust Workload Identity Manager     cpe:/a:redhat:zero_trust_workload_identity_manager:1
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-33186",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-24T18:08:38.989284Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-24T18:09:13.422Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:/a:redhat:openshift:4.16::el8",
                  "cpe:/a:redhat:openshift:4.16::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift Container Platform 4.16",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift:4.18::el8",
                  "cpe:/a:redhat:openshift:4.18::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift Container Platform 4.18",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:satellite:6.16::el8",
                  "cpe:/a:redhat:satellite_capsule:6.16::el8",
                  "cpe:/a:redhat:satellite_maintenance:6.16::el8",
                  "cpe:/a:redhat:satellite_utils:6.16::el8"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Satellite 6.16 for RHEL 8",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:cryostat:4::el9"
                ],
                "defaultStatus": "affected",
                "product": "Cryostat 4 on RHEL 9",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openstack:17.1",
                  "cpe:/a:redhat:openstack:17.1::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenStack Platform 17.1",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift:4.19::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift Container Platform 4.19",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:satellite:6.16::el9",
                  "cpe:/a:redhat:satellite_capsule:6.16::el9",
                  "cpe:/a:redhat:satellite_maintenance:6.16::el9",
                  "cpe:/a:redhat:satellite_utils:6.16::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Satellite 6.16 for RHEL 9",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux_eus:10.0"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:10.2"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream (v. 10)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:enterprise_linux:8::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream (v. 8)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_eus:9.4::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream EUS (v.9.4)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_eus:9.6::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream EUS (v.9.6)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:enterprise_linux:9::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream (v. 9)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_eus:9.6::crb"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat CodeReady Linux Builder EUS (v.9.6)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:enterprise_linux:9::crb"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:devworkspace:0.40::el9"
                ],
                "defaultStatus": "affected",
                "product": "DevWorkspace Operator 0.4",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:logging:6.4::el9"
                ],
                "defaultStatus": "affected",
                "product": "Logging Subsystem for Red Hat OpenShift 6.4",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:multicluster_globalhub:1.3::el9"
                ],
                "defaultStatus": "affected",
                "product": "Multicluster Global Hub 1.3.4",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:multicluster_globalhub:1.4::el9"
                ],
                "defaultStatus": "affected",
                "product": "Multicluster Global Hub 1.4.5",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:multicluster_globalhub:1.5::el9"
                ],
                "defaultStatus": "affected",
                "product": "Multicluster Global Hub 1.5.4",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:multicluster_globalhub:1.6::el9"
                ],
                "defaultStatus": "affected",
                "product": "Multicluster Global Hub 1.6.2",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:network_observ_optr:1.11::el9"
                ],
                "defaultStatus": "affected",
                "product": "Network Observability (NETOBSERV) 1.11.2",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift_api_data_protection:1.4::el9"
                ],
                "defaultStatus": "affected",
                "product": "OpenShift API for Data Protection 1.4",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift_api_data_protection:1.5::el9"
                ],
                "defaultStatus": "affected",
                "product": "OpenShift API for Data Protection 1.5",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift_compliance_operator:1::el9"
                ],
                "defaultStatus": "affected",
                "product": "OpenShift Compliance Operator 1",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:acm:2.13::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Advanced Cluster Management for Kubernetes 2.13",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:acm:2.14::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Advanced Cluster Management for Kubernetes 2.14",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:acm:2.15::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Advanced Cluster Management for Kubernetes 2.15",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:acm:2.16::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Advanced Cluster Management for Kubernetes 2.16",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:advanced_cluster_security:4.10::el8"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Advanced Cluster Security for Kubernetes 4.10",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:advanced_cluster_security:4.8::el8"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Advanced Cluster Security for Kubernetes 4.8",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:advanced_cluster_security:4.9::el8"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Advanced Cluster Security for Kubernetes 4.9",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:container_native_virtualization:4.18::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Container Native Virtualization 4.18",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:container_native_virtualization:4.19::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Container Native Virtualization 4.19",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:container_native_virtualization:4.20::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Container Native Virtualization 4.20",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:container_native_virtualization:4.21::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Container Native Virtualization 4.21",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhdh:1.8::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Developer Hub 1.8",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhdh:1.9::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Developer Hub 1.9",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:lightspeed_for_runtimes:1.0::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Lightspeed (formerly Insights) for Runtimes 1",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift_ai:2.25::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift AI 2.25",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift_ai:3.3::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift AI 3.3",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift_builds:1.6::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift Builds 1.6.5",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift_builds:1.7::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift Builds 1.7.3",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift:4.12::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift Container Platform 4.12",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift:4.13::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift Container Platform 4.13",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift:4.14::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift Container Platform 4.14",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift:4.15::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift Container Platform 4.15",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift:4.17::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift Container Platform 4.17",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift:4.20::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift Container Platform 4.20",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift:4.21::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift Container Platform 4.21",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift_devspaces:3.27::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift Dev Spaces 3.27",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift_gitops:1.18::el8"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift GitOps 1.18",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift_gitops:1.19::el8"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift GitOps 1.19",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift_pipelines:1.21::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift Pipelines 1.21",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift_pipelines:1.20::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift Pipelines 1.2",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:service_mesh:2.6::el8"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift Service Mesh 2.6",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:service_mesh:3.0::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift Service Mesh 3.0",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:service_mesh:3.1::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift Service Mesh 3.1",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:service_mesh:3.2::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift Service Mesh 3.2",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:service_mesh:3.3::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift Service Mesh 3.3",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift_distributed_tracing:3.9::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift distributed tracing 3.9.3",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift_data_foundation:4.16::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Openshift Data Foundation 4.16",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift_data_foundation:4.18::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Openshift Data Foundation 4.18",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift_data_foundation:4.19::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Openshift Data Foundation 4.19",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift_data_foundation:4.20::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Openshift Data Foundation 4.2",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:quay:3.10::el8"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Quay 3.10",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:quay:3.12::el8"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Quay 3.12",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:quay:3.14::el8"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Quay 3.14",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:quay:3.15::el8"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Quay 3.15",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:quay:3.16::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Quay 3.16",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:quay:3.17::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Quay 3.17",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:quay:3.9::el8"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Quay 3.9",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:trusted_artifact_signer:1.3::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Trusted Artifact Signer 1.3",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:webterminal:1.13::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Web Terminal 1.13",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:webterminal:1.14::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Web Terminal 1.14",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:webterminal:1.15::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Web Terminal 1.15",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:multicluster_engine:2.10::el9"
                ],
                "defaultStatus": "affected",
                "product": "multicluster engine for Kubernetes 2.10",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:multicluster_engine:2.11::el9"
                ],
                "defaultStatus": "affected",
                "product": "multicluster engine for Kubernetes 2.11",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:multicluster_engine:2.6::el8"
                ],
                "defaultStatus": "affected",
                "product": "multicluster engine for Kubernetes 2.6",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:multicluster_engine:2.8::el9"
                ],
                "defaultStatus": "affected",
                "product": "multicluster engine for Kubernetes 2.8",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:multicluster_engine:2.9::el9"
                ],
                "defaultStatus": "affected",
                "product": "multicluster engine for Kubernetes 2.9",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:assisted_installer:2"
                ],
                "defaultStatus": "affected",
                "product": "Assisted Installer for Red Hat OpenShift Container Platform 2",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:cert_manager:1"
                ],
                "defaultStatus": "affected",
                "product": "cert-manager Operator for Red Hat OpenShift",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:cryostat:4"
                ],
                "defaultStatus": "affected",
                "product": "Cryostat 4",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:deployment_validator_operator"
                ],
                "defaultStatus": "affected",
                "product": "Deployment Validation Operator",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:dynamic_accelerator_slicer:1"
                ],
                "defaultStatus": "affected",
                "product": "Dynamic Accelerator Slicer Operator for Red Hat OpenShift",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:ext_dns_optr:1"
                ],
                "defaultStatus": "affected",
                "product": "ExternalDNS Operator",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift_file_integrity_operator:1"
                ],
                "defaultStatus": "affected",
                "product": "File Integrity Operator",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:gatekeeper:3"
                ],
                "defaultStatus": "affected",
                "product": "Gatekeeper 3",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:job_set:0"
                ],
                "defaultStatus": "affected",
                "product": "Job Set Tech Preview",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:kernel_module_management:2"
                ],
                "defaultStatus": "affected",
                "product": "Kernel Module Management Operator for Red Hat Openshift",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:kube_descheduler_operator:4"
                ],
                "defaultStatus": "affected",
                "product": "Kube Descheduler Operator",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:leader_worker_set:1"
                ],
                "defaultStatus": "affected",
                "product": "Leader Worker Set",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:logging:5"
                ],
                "defaultStatus": "affected",
                "product": "Logging Subsystem for Red Hat OpenShift",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:lvms:4"
                ],
                "defaultStatus": "affected",
                "product": "Logical Volume Manager Storage",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhmt:1"
                ],
                "defaultStatus": "affected",
                "product": "Migration Toolkit for Containers",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:migration_toolkit_virtualization:2"
                ],
                "defaultStatus": "affected",
                "product": "Migration Toolkit for Virtualization",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:multicluster_engine"
                ],
                "defaultStatus": "affected",
                "product": "Multicluster Engine for Kubernetes",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:multicluster_globalhub"
                ],
                "defaultStatus": "affected",
                "product": "Multicluster Global Hub",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift_api_data_protection:1"
                ],
                "defaultStatus": "affected",
                "product": "OpenShift API for Data Protection",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:ocp_tools"
                ],
                "defaultStatus": "affected",
                "product": "OpenShift Developer Tools and Services",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift_lightspeed"
                ],
                "defaultStatus": "affected",
                "product": "OpenShift Lightspeed",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift_pipelines:1"
                ],
                "defaultStatus": "affected",
                "product": "OpenShift Pipelines",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:run_once_duration_override_operator:1"
                ],
                "defaultStatus": "affected",
                "product": "OpenShift Run Once Duration Override Operator",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift_secondary_scheduler:1"
                ],
                "defaultStatus": "affected",
                "product": "OpenShift Secondary Scheduler Operator",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:serverless:1"
                ],
                "defaultStatus": "affected",
                "product": "OpenShift Serverless",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:service_mesh:2"
                ],
                "defaultStatus": "affected",
                "product": "OpenShift Service Mesh 2",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:acm:2"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Advanced Cluster Management for Kubernetes 2",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:ai_inference_server:3"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat AI Inference Server",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:ansible_automation_platform:2"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Ansible Automation Platform 2",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:podman_desktop:1"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Build of Podman Desktop",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:podman_desktop:0"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Build of Podman Desktop - Tech Preview",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:certifications:9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Certification Program for Red Hat Enterprise Linux 9",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:connectivity_link:1"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Connectivity Link 1",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:edge_manager:1"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Edge Manager 1",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:10"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux 10",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:7"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux 7",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:8"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux 8",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux 9",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:enterprise_linux_ai:3"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AI (RHEL AI) 3",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift_ai"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift AI (RHOAI)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift_cluster_manager_cli:1"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift Cluster Manager CLI",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift:4"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift Container Platform 4",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift_data_foundation:4"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Openshift Data Foundation 4",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift_gitops:1"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift GitOps",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:container_native_virtualization:4"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift Virtualization 4",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openstack:16.2"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenStack Platform 16.2",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:quay:3"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Quay 3",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:satellite:6"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Satellite 6",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:trusted_artifact_signer:1"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Trusted Artifact Signer",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift_security_profiles_operator:1"
                ],
                "defaultStatus": "affected",
                "product": "Security Profiles Operator",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:workload_availability_snr:0"
                ],
                "defaultStatus": "affected",
                "product": "Self Node Remediation Operator",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:workload_availability_sbr:0"
                ],
                "defaultStatus": "affected",
                "product": "Storage-Based Remediation",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:zero_trust_workload_identity_manager:0"
                ],
                "defaultStatus": "affected",
                "product": "Zero Trust Workload Identity Manager - Tech Preview",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift_builds:1"
                ],
                "defaultStatus": "unaffected",
                "product": "Builds for Red Hat OpenShift",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:confidential_compute_attestation:1"
                ],
                "defaultStatus": "unaffected",
                "product": "Confidential Compute Attestation",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift_custom_metrics_autoscaler:2"
                ],
                "defaultStatus": "unaffected",
                "product": "Custom Metric Autoscaler operator for Red Hat Openshift",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:external_secrets_operator:1"
                ],
                "defaultStatus": "unaffected",
                "product": "External Secrets Operator for Red Hat OpenShift",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:workload_availability_mdr:0"
                ],
                "defaultStatus": "unaffected",
                "product": "Machine Deletion Remediation Operator",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:migration_toolkit_applications:8"
                ],
                "defaultStatus": "unaffected",
                "product": "Migration Toolkit for Applications 8",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:service_mesh:3"
                ],
                "defaultStatus": "unaffected",
                "product": "OpenShift Service Mesh 3",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift_power_monitoring"
                ],
                "defaultStatus": "unaffected",
                "product": "Power monitoring for Red Hat OpenShift",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:red_hat_3scale_amp:2"
                ],
                "defaultStatus": "unaffected",
                "product": "Red Hat 3scale API Management Platform 2",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:kueue_operator:1"
                ],
                "defaultStatus": "unaffected",
                "product": "Red Hat Build of Kueue",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:devworkspace"
                ],
                "defaultStatus": "unaffected",
                "product": "Red Hat OpenShift Dev Workspaces Operator",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:windows_machine_config"
                ],
                "defaultStatus": "unaffected",
                "product": "Red Hat OpenShift for Windows Containers",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openstack:18.0"
                ],
                "defaultStatus": "unaffected",
                "product": "Red Hat OpenStack Platform 18.0",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:service_interconnect:1"
                ],
                "defaultStatus": "unaffected",
                "product": "Red Hat Service Interconnect 1",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:trusted_profile_analyzer:2"
                ],
                "defaultStatus": "unaffected",
                "product": "Red Hat Trusted Profile Analyzer",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:stf:1.5"
                ],
                "defaultStatus": "unaffected",
                "product": "Service Telemetry Framework 1.5",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:zero_trust_workload_identity_manager:1"
                ],
                "defaultStatus": "unaffected",
                "product": "Zero Trust Workload Identity Manager",
                "vendor": "Red Hat"
              }
            ],
            "datePublic": "2026-03-20T22:23:32.147Z",
            "descriptions": [
              {
                "lang": "en",
                "value": "A flaw was found in gRPC-Go, the Go language implementation of gRPC. This vulnerability, an authorization bypass, is caused by improper input validation of the HTTP/2 `:path` pseudo-header. A remote attacker can exploit this by sending raw HTTP/2 frames with a malformed `:path` that omits the mandatory leading slash. This allows the attacker to bypass defined security policies, potentially leading to unauthorized access to services or information disclosure."
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "namespace": "https://access.redhat.com/security/updates/classification/",
                    "value": "Important"
                  },
                  "type": "Red Hat severity rating"
                }
              },
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 9.1,
                  "baseSeverity": "CRITICAL",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
                  "version": "3.1"
                },
                "format": "CVSS"
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-551",
                    "description": "Incorrect Behavior Order: Authorization Before Parsing and Canonicalization",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-02T12:04:40.957Z",
              "orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
              "shortName": "redhat-SADP"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2026-33186"
              },
              {
                "name": "RHBZ#2449833",
                "tags": [
                  "issue-tracking",
                  "x_refsource_REDHAT"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2449833"
              },
              {
                "tags": [
                  "x_sadp-csaf-vex"
                ],
                "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-33186.json"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:29079"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:26997"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:27076"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:17789"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:28047"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:20436"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:18068"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:20322"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:26999"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:19719"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:27856"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:22937"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:19135"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:22450"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:10107"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:19721"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:19720"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:27712"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:10705"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:10706"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:23228"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:19353"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:22714"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:19207"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:9872"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:34364"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:22423"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:22347"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:21769"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:23345"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:6428"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:29854"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:26568"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:8433"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:22645"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:25127"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:13548"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:8151"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:11408"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:11803"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:13829"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:7110"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:11070"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:7128"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:13791"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:27893"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:27901"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:27957"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:27892"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:6174"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:6802"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:22485"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:24977"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:10698"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:19712"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:10155"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:10158"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:21696"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:21697"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:12283"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:21691"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:21692"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:28893"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:25009"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:15092"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:23234"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:28964"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:23235"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:14775"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:25045"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:29082"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:20088"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:20089"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:10105"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:17598"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:17599"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:21657"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:25182"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:21658"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:27001"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:17448"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:25183"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:12119"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:12118"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:8449"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:23246"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:20041"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:20042"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:27004"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:23247"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:25201"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:10093"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:10094"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:21703"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:27063"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:17468"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:24535"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:21704"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:25195"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:25194"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:6564"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:24759"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:17474"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:21709"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:24506"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:20034"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:20035"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:25187"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:7245"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:23241"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:17475"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:21710"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:22800"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:10175"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:20946"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:20943"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:26519"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:24484"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:21932"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:21931"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:8483"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:9440"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:8484"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:9448"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:8490"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:9453"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:8491"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:8493"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:9388"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:9385"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:26416"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:26420"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:26413"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:12279"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:26412"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:12277"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:11916"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:11856"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:21017"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:24853"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:19375"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:22465"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:11996"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:10131"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:10125"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:10130"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:10126"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:10172"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:10153"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:8338"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:22959"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:22961"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:24536"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:19099"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:12116"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:12337"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:19108"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:17459"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:17123"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:22689"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:18585"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:19109"
              }
            ],
            "solutions": [
              {
                "lang": "en",
                "value": "RHSA-2026:29079: Red Hat OpenShift Container Platform 4.16"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:26997: Red Hat OpenShift Container Platform 4.18"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:27076: Red Hat Satellite 6.16 for RHEL 8, Red Hat Satellite 6.16 for RHEL 9"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:17789: Cryostat 4 on RHEL 9"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:28047: Red Hat OpenStack Platform 17.1"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:20436: Red Hat OpenShift Container Platform 4.16"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:18068: Red Hat OpenShift Container Platform 4.18"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:20322: Red Hat OpenShift Container Platform 4.19"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:26999: Red Hat OpenShift Container Platform 4.19"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:19719: Red Hat Enterprise Linux AppStream EUS (v. 10.0)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:27856: Red Hat Enterprise Linux AppStream EUS (v. 10.0)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:22937: Red Hat Enterprise Linux AppStream (v. 10)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:19135: Red Hat Enterprise Linux AppStream (v. 10)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:22450: Red Hat Enterprise Linux AppStream (v. 10)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:10107: Red Hat Enterprise Linux AppStream (v. 8)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:19721: Red Hat Enterprise Linux AppStream EUS (v.9.4)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:19720: Red Hat Enterprise Linux AppStream EUS (v.9.6)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:27712: Red Hat Enterprise Linux AppStream EUS (v.9.6)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:10705: Red Hat CodeReady Linux Builder EUS (v.9.6), Red Hat Enterprise Linux AppStream EUS (v.9.6)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:10706: Red Hat Enterprise Linux AppStream (v. 9), Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:23228: Red Hat Enterprise Linux AppStream (v. 9)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:19353: Red Hat Enterprise Linux AppStream (v. 9)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:22714: Red Hat Enterprise Linux AppStream (v. 9)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:19207: Red Hat Enterprise Linux AppStream (v. 9), Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:9872: DevWorkspace Operator 0.4"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:34364: Logging Subsystem for Red Hat OpenShift 6.4"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:22423: Multicluster Global Hub 1.3.4"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:22347: Multicluster Global Hub 1.4.5"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:21769: Multicluster Global Hub 1.5.4"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:23345: Multicluster Global Hub 1.6.2"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:6428: Network Observability (NETOBSERV) 1.11.2"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:29854: OpenShift API for Data Protection 1.4"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:26568: OpenShift API for Data Protection 1.5"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:8433: OpenShift Compliance Operator 1"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:22645: Red Hat Advanced Cluster Management for Kubernetes 2.13"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:25127: Red Hat Advanced Cluster Management for Kubernetes 2.14"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:13548: Red Hat Advanced Cluster Management for Kubernetes 2.15"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:8151: Red Hat Advanced Cluster Management for Kubernetes 2.15"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:11408: Red Hat Advanced Cluster Management for Kubernetes 2.15"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:11803: Red Hat Advanced Cluster Management for Kubernetes 2.16"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:13829: Red Hat Advanced Cluster Security for Kubernetes 4.10"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:7110: Red Hat Advanced Cluster Security for Kubernetes 4.8"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:11070: Red Hat Advanced Cluster Security for Kubernetes 4.8"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:7128: Red Hat Advanced Cluster Security for Kubernetes 4.9"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:13791: Red Hat Advanced Cluster Security for Kubernetes 4.9"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:27893: Red Hat Container Native Virtualization 4.18"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:27901: Red Hat Container Native Virtualization 4.19"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:27957: Red Hat Container Native Virtualization 4.20"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:27892: Red Hat Container Native Virtualization 4.21"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:6174: Red Hat Developer Hub 1.8"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:6802: Red Hat Developer Hub 1.9"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:22485: Red Hat Lightspeed (formerly Insights) for Runtimes 1"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:24977: Red Hat OpenShift AI 2.25"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:10698: Red Hat OpenShift AI 2.25"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:19712: Red Hat OpenShift AI 3.3"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:10155: Red Hat OpenShift Builds 1.6.5"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:10158: Red Hat OpenShift Builds 1.7.3"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:21696: Red Hat OpenShift Container Platform 4.12"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:21697: Red Hat OpenShift Container Platform 4.12"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:12283: Red Hat OpenShift Container Platform 4.12"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:21691: Red Hat OpenShift Container Platform 4.13"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:21692: Red Hat OpenShift Container Platform 4.13"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:28893: Red Hat OpenShift Container Platform 4.14"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:25009: Red Hat OpenShift Container Platform 4.14"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:15092: Red Hat OpenShift Container Platform 4.14"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:23234: Red Hat OpenShift Container Platform 4.15"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:28964: Red Hat OpenShift Container Platform 4.15"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:23235: Red Hat OpenShift Container Platform 4.15"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:14775: Red Hat OpenShift Container Platform 4.15"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:25045: Red Hat OpenShift Container Platform 4.16"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:29082: Red Hat OpenShift Container Platform 4.16"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:20088: Red Hat OpenShift Container Platform 4.16"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:20089: Red Hat OpenShift Container Platform 4.16"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:10105: Red Hat OpenShift Container Platform 4.16"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:17598: Red Hat OpenShift Container Platform 4.17"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:17599: Red Hat OpenShift Container Platform 4.17"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:21657: Red Hat OpenShift Container Platform 4.18"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:25182: Red Hat OpenShift Container Platform 4.18"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:21658: Red Hat OpenShift Container Platform 4.18"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:27001: Red Hat OpenShift Container Platform 4.18"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:17448: Red Hat OpenShift Container Platform 4.18"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:25183: Red Hat OpenShift Container Platform 4.18"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:12119: Red Hat OpenShift Container Platform 4.18"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:12118: Red Hat OpenShift Container Platform 4.18"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:8449: Red Hat OpenShift Container Platform 4.18"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:23246: Red Hat OpenShift Container Platform 4.19"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:20041: Red Hat OpenShift Container Platform 4.19"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:20042: Red Hat OpenShift Container Platform 4.19"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:27004: Red Hat OpenShift Container Platform 4.19"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:23247: Red Hat OpenShift Container Platform 4.19"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:25201: Red Hat OpenShift Container Platform 4.19"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:10093: Red Hat OpenShift Container Platform 4.19"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:10094: Red Hat OpenShift Container Platform 4.19"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:21703: Red Hat OpenShift Container Platform 4.20"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:27063: Red Hat OpenShift Container Platform 4.20"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:17468: Red Hat OpenShift Container Platform 4.20"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:24535: Red Hat OpenShift Container Platform 4.20"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:21704: Red Hat OpenShift Container Platform 4.20"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:25195: Red Hat OpenShift Container Platform 4.20"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:25194: Red Hat OpenShift Container Platform 4.20"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:6564: Red Hat OpenShift Container Platform 4.20"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:24759: Red Hat OpenShift Container Platform 4.20"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:17474: Red Hat OpenShift Container Platform 4.21"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:21709: Red Hat OpenShift Container Platform 4.21"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:24506: Red Hat OpenShift Container Platform 4.21"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:20034: Red Hat OpenShift Container Platform 4.21"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:20035: Red Hat OpenShift Container Platform 4.21"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:25187: Red Hat OpenShift Container Platform 4.21"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:7245: Red Hat OpenShift Container Platform 4.21"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:23241: Red Hat OpenShift Container Platform 4.21"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:17475: Red Hat OpenShift Container Platform 4.21"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:21710: Red Hat OpenShift Container Platform 4.21"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:22800: Red Hat OpenShift Container Platform 4.21"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:10175: Red Hat OpenShift Dev Spaces 3.27"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:20946: Red Hat OpenShift GitOps 1.18"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:20943: Red Hat OpenShift GitOps 1.19"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:26519: Red Hat OpenShift Pipelines 1.21"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:24484: Red Hat OpenShift Pipelines 1.21"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:21932: Red Hat OpenShift Pipelines 1.2"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:21931: Red Hat OpenShift Pipelines 1.2"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:8483: Red Hat OpenShift Service Mesh 2.6"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:9440: Red Hat OpenShift Service Mesh 3.0"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:8484: Red Hat OpenShift Service Mesh 3.0"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:9448: Red Hat OpenShift Service Mesh 3.1"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:8490: Red Hat OpenShift Service Mesh 3.1"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:9453: Red Hat OpenShift Service Mesh 3.2"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:8491: Red Hat OpenShift Service Mesh 3.2"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:8493: Red Hat OpenShift Service Mesh 3.3"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:9388: Red Hat OpenShift distributed tracing 3.9.3"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:9385: Red Hat OpenShift distributed tracing 3.9.3"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:26416: Red Hat Openshift Data Foundation 4.16"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:26420: Red Hat Openshift Data Foundation 4.18"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:26413: Red Hat Openshift Data Foundation 4.19"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:12279: Red Hat Openshift Data Foundation 4.19"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:26412: Red Hat Openshift Data Foundation 4.2"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:12277: Red Hat Openshift Data Foundation 4.2"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:11916: Red Hat Quay 3.10"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:11856: Red Hat Quay 3.12"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:21017: Red Hat Quay 3.14"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:24853: Red Hat Quay 3.15"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:19375: Red Hat Quay 3.16"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:22465: Red Hat Quay 3.17"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:11996: Red Hat Quay 3.9"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:10131: Red Hat Trusted Artifact Signer 1.3"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:10125: Red Hat Trusted Artifact Signer 1.3"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:10130: Red Hat Trusted Artifact Signer 1.3"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:10126: Red Hat Trusted Artifact Signer 1.3"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:10172: Red Hat Trusted Artifact Signer 1.3"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:10153: Red Hat Trusted Artifact Signer 1.3"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:8338: Red Hat Web Terminal 1.13"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:22959: Red Hat Web Terminal 1.14"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:22961: Red Hat Web Terminal 1.15"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:24536: multicluster engine for Kubernetes 2.10"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:19099: multicluster engine for Kubernetes 2.10"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:12116: multicluster engine for Kubernetes 2.10"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:12337: multicluster engine for Kubernetes 2.11"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:19108: multicluster engine for Kubernetes 2.11"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:17459: multicluster engine for Kubernetes 2.6"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:17123: multicluster engine for Kubernetes 2.8"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:22689: multicluster engine for Kubernetes 2.8"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:18585: multicluster engine for Kubernetes 2.9"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:19109: multicluster engine for Kubernetes 2.9"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2026-03-20T23:02:27.802Z",
                "value": "Reported to Red Hat."
              },
              {
                "lang": "en",
                "time": "2026-03-20T22:23:32.147Z",
                "value": "Made public."
              }
            ],
            "title": "google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation",
            "workarounds": [
              {
                "lang": "en",
                "value": "To mitigate this issue, implement infrastructure-level normalization to ensure all incoming HTTP/2 `:path` headers are properly formatted with a leading slash before reaching the gRPC-Go server. This can be achieved by configuring a reverse proxy or API gateway to validate and normalize the `:path` header. Ensure that any such intermediary is properly configured and restarted to apply the changes, which may temporarily impact service availability."
              }
            ],
            "x_adpType": "supplier",
            "x_generator": {
              "engine": "sadp-cli 1.0.0"
            }
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "grpc-go",
              "vendor": "grpc",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 1.79.3"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "gRPC-Go is the Go language implementation of gRPC. Versions prior to 1.79.3 have an authorization bypass resulting from improper input validation of the HTTP/2 `:path` pseudo-header. The gRPC-Go server was too lenient in its routing logic, accepting requests where the `:path` omitted the mandatory leading slash (e.g., `Service/Method` instead of `/Service/Method`). While the server successfully routed these requests to the correct handler, authorization interceptors (including the official `grpc/authz` package) evaluated the raw, non-canonical path string. Consequently, \"deny\" rules defined using canonical paths (starting with `/`) failed to match the incoming request, allowing it to bypass the policy if a fallback \"allow\" rule was present. This affects gRPC-Go servers that use path-based authorization interceptors, such as the official RBAC implementation in `google.golang.org/grpc/authz` or custom interceptors relying on `info.FullMethod` or `grpc.Method(ctx)`; AND that have a security policy contains specific \"deny\" rules for canonical paths but allows other requests by default (a fallback \"allow\" rule). The vulnerability is exploitable by an attacker who can send raw HTTP/2 frames with malformed `:path` headers directly to the gRPC server. The fix in version 1.79.3 ensures that any request with a `:path` that does not start with a leading slash is immediately rejected with a `codes.Unimplemented` error, preventing it from reaching authorization interceptors or handlers with a non-canonical path string. While upgrading is the most secure and recommended path, users can mitigate the vulnerability using one of the following methods: Use a validating interceptor (recommended mitigation); infrastructure-level normalization; and/or policy hardening."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 9.1,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-285",
                  "description": "CWE-285: Improper Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-20T22:23:32.147Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/grpc/grpc-go/security/advisories/GHSA-p77j-4mvh-x3m3",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/grpc/grpc-go/security/advisories/GHSA-p77j-4mvh-x3m3"
            }
          ],
          "source": {
            "advisory": "GHSA-p77j-4mvh-x3m3",
            "discovery": "UNKNOWN"
          },
          "title": "gRPC-Go has an authorization bypass via missing leading slash in :path"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-33186",
        "datePublished": "2026-03-20T22:23:32.147Z",
        "dateReserved": "2026-03-17T22:16:36.720Z",
        "dateUpdated": "2026-07-02T12:04:40.957Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-11407 (GCVE-0-2024-11407)

    Vulnerability from nvd – Published: 2024-11-26 16:59 – Updated: 2024-11-26 21:04
    VLAI
    Title
    Denial of Service through Data corruption in gRPC-C++
    Summary
    There exists a denial of service through Data corruption in gRPC-C++ - gRPC-C++ servers with transmit zero copy enabled through the channel arg GRPC_ARG_TCP_TX_ZEROCOPY_ENABLED can experience data corruption issues. The data sent by the application may be corrupted before transmission over the network thus leading the receiver to receive an incorrect set of bytes causing RPC requests to fail. We recommend upgrading past commit e9046b2bbebc0cb7f5dc42008f807f6c7e98e791
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    grpc gRPC-C++ Affected: 1.60.0 , ≤ 1.66.1 (semver)
    Create a notification for this product.
    Date Public
    2024-09-11 22:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-11407",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-26T21:04:48.999010Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-26T21:04:58.031Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://github.com/grpc/grpc",
              "defaultStatus": "unaffected",
              "packageName": "grpc",
              "product": "gRPC-C++",
              "programFiles": [
                "src/core/lib/event_engine/posix_engine/posix_endpoint.cc"
              ],
              "repo": "https://github.com/grpc/grpc",
              "vendor": "grpc",
              "versions": [
                {
                  "lessThanOrEqual": "1.66.1",
                  "status": "affected",
                  "version": "1.60.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "datePublic": "2024-09-11T22:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "There exists a denial of service through Data corruption in gRPC-C++ -\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003egRPC-C++ servers with transmit zero copy enabled through the channel arg GRPC_ARG_TCP_TX_ZEROCOPY_ENABLED can experience data corruption issues. The data sent by the application may be corrupted before transmission over the network thus leading the receiver to receive an incorrect set of bytes causing RPC requests to fail. We recommend upgrading past commit\u0026nbsp;e9046b2bbebc0cb7f5dc42008f807f6c7e98e791\u003c/span\u003e\u003cbr\u003e"
                }
              ],
              "value": "There exists a denial of service through Data corruption in gRPC-C++ -\u00a0gRPC-C++ servers with transmit zero copy enabled through the channel arg GRPC_ARG_TCP_TX_ZEROCOPY_ENABLED can experience data corruption issues. The data sent by the application may be corrupted before transmission over the network thus leading the receiver to receive an incorrect set of bytes causing RPC requests to fail. We recommend upgrading past commit\u00a0e9046b2bbebc0cb7f5dc42008f807f6c7e98e791"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-263",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-263 Force Use of Corrupted Files"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NO",
                "Recovery": "AUTOMATIC",
                "Safety": "NEGLIGIBLE",
                "attackComplexity": "HIGH",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 6.9,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "LOW",
                "providerUrgency": "GREEN",
                "subAvailabilityImpact": "HIGH",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "PASSIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/S:N/AU:N/R:A/RE:L/U:Green",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "LOW"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-682",
                  "description": "CWE-682 Incorrect Calculation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-11-26T16:59:49.718Z",
            "orgId": "14ed7db2-1595-443d-9d34-6215bf890778",
            "shortName": "Google"
          },
          "references": [
            {
              "url": "https://github.com/grpc/grpc/commit/e9046b2bbebc0cb7f5dc42008f807f6c7e98e791"
            }
          ],
          "source": {
            "discovery": "INTERNAL"
          },
          "title": "Denial of Service through Data corruption in gRPC-C++",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778",
        "assignerShortName": "Google",
        "cveId": "CVE-2024-11407",
        "datePublished": "2024-11-26T16:59:49.718Z",
        "dateReserved": "2024-11-19T12:52:20.982Z",
        "dateUpdated": "2024-11-26T21:04:58.031Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-7246 (GCVE-0-2024-7246)

    Vulnerability from nvd – Published: 2024-08-06 10:14 – Updated: 2024-08-06 13:17
    VLAI
    Title
    HPACK table poisoning in gRPC C++, Python & Ruby
    Summary
    It's possible for a gRPC client communicating with a HTTP/2 proxy to poison the HPACK table between the proxy and the backend such that other clients see failed requests. It's also possible to use this vulnerability to leak other clients HTTP header keys, but not values. This occurs because the error status for a misencoded header is not cleared between header reads, resulting in subsequent (incrementally indexed) added headers in the first request being poisoned until cleared from the HPACK table. Please update to a fixed version of gRPC as soon as possible. This bug has been fixed in 1.58.3, 1.59.5, 1.60.2, 1.61.3, 1.62.3, 1.63.2, 1.64.3, 1.65.4.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-440 - Expected Behavior Violation
    Assigner
    References
    Impacted products
    Vendor Product Version
    Google gRPC Affected: 1.53.0 (custom)
    Affected: 1.53.1 (custom)
    Affected: 1.53.2 (custom)
    Affected: 1.54.0 (custom)
    Affected: 1.54.1 (custom)
    Affected: 1.54.3 (custom)
    Affected: 1.55.0 (custom)
    Affected: 1.55.1 (custom)
    Affected: 1.55.3 (custom)
    Affected: 1.55.4 (custom)
    Affected: 1.56.0 (custom)
    Affected: 1.56.1 (custom)
    Affected: 1.56.2 (custom)
    Affected: 1.56.3 (custom)
    Affected: 1.56.4 (custom)
    Affected: 1.57.0 (custom)
    Affected: 1.57.1 (custom)
    Affected: 1.58.0 (custom)
    Affected: 1.58.1 (custom)
    Affected: 1.58.2 (custom)
    Affected: 1.59.0 (custom)
    Affected: 1.59.1 (custom)
    Affected: 1.59.2 (custom)
    Affected: 1.59.3 (custom)
    Affected: 1.59.4 (custom)
    Affected: 1.60.0 (custom)
    Affected: 1.60.1 (custom)
    Affected: 1.61.0 (custom)
    Affected: 1.61.1 (custom)
    Affected: 1.62.0 (custom)
    Affected: 1.61.2 (custom)
    Affected: 1.62.1 (custom)
    Affected: 1.62.2 (custom)
    Affected: 1.63.0 (custom)
    Affected: 1.63.1 (custom)
    Affected: 1.64.0 (custom)
    Affected: 1.64.1 (custom)
    Affected: 1.64.2 (custom)
    Affected: 1.65.0 (custom)
    Affected: 1.65.1 (custom)
    Affected: 1.65.2 (custom)
    Affected: 1.65.3 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-7246",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-06T13:17:43.627852Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-06T13:17:59.082Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "gRPC",
              "repo": "https://github.com/grpc",
              "vendor": "Google",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.53.0",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "1.53.1",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "1.53.2",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "1.54.0",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "1.54.1",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "1.54.3",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "1.55.0",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "1.55.1",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "1.55.3",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "1.55.4",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "1.56.0",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "1.56.1",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "1.56.2",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "1.56.3",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "1.56.4",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "1.57.0",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "1.57.1",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "1.58.0",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "1.58.1",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "1.58.2",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "1.59.0",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "1.59.1",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "1.59.2",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "1.59.3",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "1.59.4",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "1.60.0",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "1.60.1",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "1.61.0",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "1.61.1",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "1.62.0",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "1.61.2",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "1.62.1",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "1.62.2",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "1.63.0",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "1.63.1",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "1.64.0",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "1.64.1",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "1.64.2",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "1.65.0",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "1.65.1",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "1.65.2",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "1.65.3",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eIt\u0027s possible for a gRPC client communicating with a HTTP/2 proxy to poison the HPACK table between the proxy and the backend such that other clients see failed requests. It\u0027s also possible to use this vulnerability to leak other clients HTTP header keys, but not values.\u003c/p\u003e\u003cp\u003eThis occurs because the error status for a misencoded header is not cleared between header reads, resulting in subsequent (incrementally indexed) added headers in the first request being poisoned until cleared from the HPACK table.\u003c/p\u003ePlease update to a fixed version of gRPC as soon as possible. This bug has been fixed in 1.58.3, 1.59.5, 1.60.2, 1.61.3, 1.62.3, 1.63.2, 1.64.3, 1.65.4.\u003cbr\u003e"
                }
              ],
              "value": "It\u0027s possible for a gRPC client communicating with a HTTP/2 proxy to poison the HPACK table between the proxy and the backend such that other clients see failed requests. It\u0027s also possible to use this vulnerability to leak other clients HTTP header keys, but not values.\n\nThis occurs because the error status for a misencoded header is not cleared between header reads, resulting in subsequent (incrementally indexed) added headers in the first request being poisoned until cleared from the HPACK table.\n\nPlease update to a fixed version of gRPC as soon as possible. This bug has been fixed in 1.58.3, 1.59.5, 1.60.2, 1.61.3, 1.62.3, 1.63.2, 1.64.3, 1.65.4."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-220",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-220 Client-Server Protocol Manipulation"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "HIGH",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "LOW",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-440",
                  "description": "CWE-440: Expected Behavior Violation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-08-06T10:14:28.492Z",
            "orgId": "14ed7db2-1595-443d-9d34-6215bf890778",
            "shortName": "Google"
          },
          "references": [
            {
              "url": "https://github.com/grpc/grpc/issues/36245"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "HPACK table poisoning in gRPC C++, Python \u0026 Ruby",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778",
        "assignerShortName": "Google",
        "cveId": "CVE-2024-7246",
        "datePublished": "2024-08-06T10:14:28.492Z",
        "dateReserved": "2024-07-29T20:41:21.403Z",
        "dateUpdated": "2024-08-06T13:17:59.082Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-37168 (GCVE-0-2024-37168)

    Vulnerability from nvd – Published: 2024-06-10 21:32 – Updated: 2024-08-02 03:50
    VLAI
    Title
    @grpc/grpc-js can allocate memory for incoming messages well above configured limits
    Summary
    @grpc/grps-js implements the core functionality of gRPC purely in JavaScript, without a C++ addon. Prior to versions 1.10.9, 1.9.15, and 1.8.22, there are two separate code paths in which memory can be allocated per message in excess of the `grpc.max_receive_message_length` channel option: If an incoming message has a size on the wire greater than the configured limit, the entire message is buffered before it is discarded; and/or if an incoming message has a size within the limit on the wire but decompresses to a size greater than the limit, the entire message is decompressed into memory, and on the server is not discarded. This has been patched in versions 1.10.9, 1.9.15, and 1.8.22.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-789 - Memory Allocation with Excessive Size Value
    Assigner
    Impacted products
    Vendor Product Version
    grpc grpc-node Affected: >= 1.10.0, < 1.10.9
    Affected: >= 1.9.0, < 1.9.15
    Affected: < 1.8.22
    Create a notification for this product.
    grpc grpc Affected: 1.10.0 , < 1.10.9 (custom)
    Affected: 1.9.0 , < 1.9.15 (custom)
    Affected: 0 , < 1.8.22 (custom)
        cpe:2.3:a:grpc:grpc:1.10.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:grpc:grpc:1.10.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "grpc",
                "vendor": "grpc",
                "versions": [
                  {
                    "lessThan": "1.10.9",
                    "status": "affected",
                    "version": "1.10.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "1.9.15",
                    "status": "affected",
                    "version": "1.9.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "1.8.22",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-37168",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-06-11T14:03:13.988919Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-11T14:05:45.075Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T03:50:55.550Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "https://github.com/grpc/grpc-node/security/advisories/GHSA-7v5v-9h63-cj86",
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/grpc/grpc-node/security/advisories/GHSA-7v5v-9h63-cj86"
              },
              {
                "name": "https://github.com/grpc/grpc-node/commit/08b0422dae56467ecae1007e899efe66a8c4a650",
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/grpc/grpc-node/commit/08b0422dae56467ecae1007e899efe66a8c4a650"
              },
              {
                "name": "https://github.com/grpc/grpc-node/commit/674f4e351a619fd4532f84ae6dff96b8ee4e1ed3",
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/grpc/grpc-node/commit/674f4e351a619fd4532f84ae6dff96b8ee4e1ed3"
              },
              {
                "name": "https://github.com/grpc/grpc-node/commit/a8a020339c7eab1347a343a512ad17a4aea4bfdb",
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/grpc/grpc-node/commit/a8a020339c7eab1347a343a512ad17a4aea4bfdb"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "grpc-node",
              "vendor": "grpc",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003e= 1.10.0, \u003c 1.10.9"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 1.9.0, \u003c 1.9.15"
                },
                {
                  "status": "affected",
                  "version": "\u003c 1.8.22"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "@grpc/grps-js implements the core functionality of gRPC purely in JavaScript, without a C++ addon. Prior to versions 1.10.9, 1.9.15, and 1.8.22, there are two separate code paths in which memory can be allocated per message in excess of the `grpc.max_receive_message_length` channel option: If an incoming message has a size on the wire greater than the configured limit, the entire message is buffered before it is discarded; and/or if an incoming message has a size within the limit on the wire but decompresses to a size greater than the limit, the entire message is decompressed into memory, and on the server is not discarded. This has been patched in versions 1.10.9, 1.9.15, and 1.8.22.\n"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-789",
                  "description": "CWE-789: Memory Allocation with Excessive Size Value",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-06-10T21:32:06.403Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/grpc/grpc-node/security/advisories/GHSA-7v5v-9h63-cj86",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/grpc/grpc-node/security/advisories/GHSA-7v5v-9h63-cj86"
            },
            {
              "name": "https://github.com/grpc/grpc-node/commit/08b0422dae56467ecae1007e899efe66a8c4a650",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/grpc/grpc-node/commit/08b0422dae56467ecae1007e899efe66a8c4a650"
            },
            {
              "name": "https://github.com/grpc/grpc-node/commit/674f4e351a619fd4532f84ae6dff96b8ee4e1ed3",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/grpc/grpc-node/commit/674f4e351a619fd4532f84ae6dff96b8ee4e1ed3"
            },
            {
              "name": "https://github.com/grpc/grpc-node/commit/a8a020339c7eab1347a343a512ad17a4aea4bfdb",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/grpc/grpc-node/commit/a8a020339c7eab1347a343a512ad17a4aea4bfdb"
            }
          ],
          "source": {
            "advisory": "GHSA-7v5v-9h63-cj86",
            "discovery": "UNKNOWN"
          },
          "title": "@grpc/grpc-js can allocate memory for incoming messages well above configured limits"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2024-37168",
        "datePublished": "2024-06-10T21:32:06.403Z",
        "dateReserved": "2024-06-03T17:29:38.330Z",
        "dateUpdated": "2024-08-02T03:50:55.550Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-44487 (GCVE-0-2023-44487)

    Vulnerability from nvd – Published: 2023-10-10 00:00 – Updated: 2026-05-12 10:52
    VLAI CISA KEVIntel
    Summary
    The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
    SSVC
    Exploitation: active Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-400 - Uncontrolled Resource Consumption
    Assigner
    References
    URL Tags
    https://github.com/dotnet/core/blob/e4613450ea0da…
    https://blog.cloudflare.com/technical-breakdown-h…
    https://aws.amazon.com/security/security-bulletin…
    https://cloud.google.com/blog/products/identity-s…
    https://www.nginx.com/blog/http-2-rapid-reset-att…
    https://cloud.google.com/blog/products/identity-s…
    https://news.ycombinator.com/item?id=37831062
    https://blog.cloudflare.com/zero-day-rapid-reset-…
    https://www.phoronix.com/news/HTTP2-Rapid-Reset-Attack
    https://github.com/envoyproxy/envoy/pull/30055
    https://github.com/haproxy/haproxy/issues/2312
    https://github.com/eclipse/jetty.project/issues/10679
    https://forums.swift.org/t/swift-nio-http2-securi…
    https://github.com/nghttp2/nghttp2/pull/1961
    https://github.com/netty/netty/commit/58f75f665aa…
    https://github.com/alibaba/tengine/issues/1872
    https://github.com/apache/tomcat/tree/main/java/o…
    https://news.ycombinator.com/item?id=37830987
    https://news.ycombinator.com/item?id=37830998
    https://github.com/caddyserver/caddy/issues/5877
    https://www.bleepingcomputer.com/news/security/ne…
    https://github.com/bcdannyboy/CVE-2023-44487
    https://github.com/grpc/grpc-go/pull/6703
    https://github.com/icing/mod_h2/blob/0a864782af0a…
    https://github.com/nghttp2/nghttp2/releases/tag/v1.57.0
    https://mailman.nginx.org/pipermail/nginx-devel/2…
    https://my.f5.com/manage/s/article/K000137106
    https://msrc.microsoft.com/blog/2023/10/microsoft…
    https://bugzilla.proxmox.com/show_bug.cgi?id=4988
    https://cgit.freebsd.org/ports/commit/?id=c64c329…
    http://www.openwall.com/lists/oss-security/2023/10/10/7 mailing-list
    http://www.openwall.com/lists/oss-security/2023/10/10/6 mailing-list
    https://seanmonstar.com/post/730794151136935936/h…
    https://github.com/microsoft/CBL-Mariner/pull/6381
    https://groups.google.com/g/golang-announce/c/iNN…
    https://github.com/facebook/proxygen/pull/466
    https://gist.github.com/adulau/7c2bfb8e9cdbe4b35a…
    https://github.com/micrictor/http2-rst-stream
    https://edg.io/lp/blog/resets-leaks-ddos-and-the-…
    https://openssf.org/blog/2023/10/10/http-2-rapid-…
    https://github.com/h2o/h2o/security/advisories/GH…
    https://github.com/h2o/h2o/pull/3291
    https://github.com/nodejs/node/pull/50121
    https://github.com/dotnet/announcements/issues/277
    https://github.com/golang/go/issues/63417
    https://github.com/advisories/GHSA-vx74-f528-fxqg
    https://github.com/apache/trafficserver/pull/10564
    https://msrc.microsoft.com/update-guide/vulnerabi…
    https://tomcat.apache.org/security-10.html#Fixed_…
    https://lists.apache.org/thread/5py8h42mxfsn8l1wy…
    https://www.openwall.com/lists/oss-security/2023/…
    https://www.haproxy.com/blog/haproxy-is-not-affec…
    https://github.com/opensearch-project/data-preppe…
    https://github.com/kubernetes/kubernetes/pull/121120
    https://github.com/oqtane/oqtane.framework/discus…
    https://github.com/advisories/GHSA-xpw8-rcwv-8f8p
    https://netty.io/news/2023/10/10/4-1-100-Final.html
    https://www.cisa.gov/news-events/alerts/2023/10/1…
    https://www.theregister.com/2023/10/10/http2_rapi…
    https://blog.qualys.com/vulnerabilities-threat-re…
    https://news.ycombinator.com/item?id=37837043
    https://github.com/kazu-yamamoto/http2/issues/93
    https://martinthomson.github.io/h2-stream-limits/…
    https://github.com/kazu-yamamoto/http2/commit/f61…
    https://github.com/apache/httpd/blob/afcdbeebbff4…
    https://www.debian.org/security/2023/dsa-5522 vendor-advisory
    https://www.debian.org/security/2023/dsa-5521 vendor-advisory
    https://access.redhat.com/security/cve/cve-2023-44487
    https://github.com/ninenines/cowboy/issues/1615
    https://github.com/varnishcache/varnish-cache/iss…
    https://github.com/tempesta-tech/tempesta/issues/1986
    https://blog.vespa.ai/cve-2023-44487/
    https://github.com/etcd-io/etcd/issues/16740
    https://www.darkreading.com/cloud/internet-wide-z…
    https://istio.io/latest/news/security/istio-secur…
    https://github.com/junkurihara/rust-rpxy/issues/97
    https://bugzilla.suse.com/show_bug.cgi?id=1216123
    https://bugzilla.redhat.com/show_bug.cgi?id=2242803
    https://ubuntu.com/security/CVE-2023-44487
    https://community.traefik.io/t/is-traefik-vulnera…
    https://github.com/advisories/GHSA-qppj-fm5r-hxr3
    https://github.com/apache/httpd-site/pull/10
    https://github.com/projectcontour/contour/pull/5826
    https://github.com/linkerd/website/pull/1695/comm…
    https://github.com/line/armeria/pull/5232
    https://blog.litespeedtech.com/2023/10/11/rapid-r…
    https://security.paloaltonetworks.com/CVE-2023-44487
    https://github.com/akka/akka-http/issues/4323
    https://github.com/openresty/openresty/issues/930
    https://github.com/apache/apisix/issues/10320
    https://github.com/Azure/AKS/issues/3947
    https://github.com/Kong/kong/discussions/11741
    https://github.com/arkrwn/PoC/tree/main/CVE-2023-44487
    https://www.netlify.com/blog/netlify-successfully…
    https://github.com/caddyserver/caddy/releases/tag…
    https://lists.debian.org/debian-lts-announce/2023… mailing-list
    http://www.openwall.com/lists/oss-security/2023/10/13/4 mailing-list
    http://www.openwall.com/lists/oss-security/2023/10/13/9 mailing-list
    https://arstechnica.com/security/2023/10/how-ddos…
    https://lists.w3.org/Archives/Public/ietf-http-wg…
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisory
    https://linkerd.io/2023/10/12/linkerd-cve-2023-44487/
    https://lists.debian.org/debian-lts-announce/2023… mailing-list
    https://security.netapp.com/advisory/ntap-2023101…
    https://lists.debian.org/debian-lts-announce/2023… mailing-list
    http://www.openwall.com/lists/oss-security/2023/10/18/4 mailing-list
    http://www.openwall.com/lists/oss-security/2023/10/18/8 mailing-list
    http://www.openwall.com/lists/oss-security/2023/10/19/6 mailing-list
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisory
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisory
    http://www.openwall.com/lists/oss-security/2023/10/20/8 mailing-list
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisory
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisory
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisory
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisory
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisory
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisory
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisory
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisory
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisory
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisory
    https://lists.debian.org/debian-lts-announce/2023… mailing-list
    https://www.debian.org/security/2023/dsa-5540 vendor-advisory
    https://lists.debian.org/debian-lts-announce/2023… mailing-list
    https://discuss.hashicorp.com/t/hcsec-2023-32-vau…
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisory
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisory
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisory
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisory
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisory
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisory
    https://lists.debian.org/debian-lts-announce/2023… mailing-list
    https://www.debian.org/security/2023/dsa-5549 vendor-advisory
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisory
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisory
    https://www.debian.org/security/2023/dsa-5558 vendor-advisory
    https://lists.debian.org/debian-lts-announce/2023… mailing-list
    https://security.gentoo.org/glsa/202311-09 vendor-advisory
    https://www.debian.org/security/2023/dsa-5570 vendor-advisory
    https://security.netapp.com/advisory/ntap-2024042…
    https://security.netapp.com/advisory/ntap-2024062…
    https://security.netapp.com/advisory/ntap-2024062…
    https://github.com/grpc/grpc/releases/tag/v1.59.2
    https://sec.cloudapps.cisco.com/security/center/c…
    https://www.cisa.gov/known-exploited-vulnerabilit… government-resource
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_transferred
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_transferred
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_transferred
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_transferred
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_transferred
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_transferred
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_transferred
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_transferred
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_transferred
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_transferred
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_transferred
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_transferred
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_transferred
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_transferred
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_transferred
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_transferred
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_transferred
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_transferred
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_transferred
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_transferred
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_transferred
    https://www.vicarius.io/vsociety/posts/rapid-rese…
    http://www.openwall.com/lists/oss-security/2025/08/13/6
    https://cert-portal.siemens.com/productcert/html/…
    https://cert-portal.siemens.com/productcert/html/…
    https://cert-portal.siemens.com/productcert/html/…
    https://cert-portal.siemens.com/productcert/html/…
    https://cert-portal.siemens.com/productcert/html/…
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:ietf:http:2.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "http",
                "vendor": "ietf",
                "versions": [
                  {
                    "status": "affected",
                    "version": "2.0"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.5,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-44487",
                    "options": [
                      {
                        "Exploitation": "active"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-23T20:34:21.334116Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              },
              {
                "other": {
                  "content": {
                    "dateAdded": "2023-10-10",
                    "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-44487"
                  },
                  "type": "kev"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-400",
                    "description": "CWE-400 Uncontrolled Resource Consumption",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-21T23:05:35.187Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "government-resource"
                ],
                "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-44487"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2023-10-10T00:00:00.000Z",
                "value": "CVE-2023-44487 added to CISA KEV"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-04T21:08:27.383Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/dotnet/core/blob/e4613450ea0da7fd2fc6b61dfb2c1c1dec1ce9ec/release-notes/6.0/6.0.23/6.0.23.md?plain=1#L73"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://aws.amazon.com/security/security-bulletins/AWS-2023-011/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://cloud.google.com/blog/products/identity-security/how-it-works-the-novel-http2-rapid-reset-ddos-attack"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://cloud.google.com/blog/products/identity-security/google-cloud-mitigated-largest-ddos-attack-peaking-above-398-million-rps/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://news.ycombinator.com/item?id=37831062"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://blog.cloudflare.com/zero-day-rapid-reset-http2-record-breaking-ddos-attack/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.phoronix.com/news/HTTP2-Rapid-Reset-Attack"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/envoyproxy/envoy/pull/30055"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/haproxy/haproxy/issues/2312"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/eclipse/jetty.project/issues/10679"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://forums.swift.org/t/swift-nio-http2-security-update-cve-2023-44487-http-2-dos/67764"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/nghttp2/nghttp2/pull/1961"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/netty/netty/commit/58f75f665aa81a8cbcf6ffa74820042a285c5e61"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/alibaba/tengine/issues/1872"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/apache/tomcat/tree/main/java/org/apache/coyote/http2"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://news.ycombinator.com/item?id=37830987"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://news.ycombinator.com/item?id=37830998"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/caddyserver/caddy/issues/5877"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.bleepingcomputer.com/news/security/new-http-2-rapid-reset-zero-day-attack-breaks-ddos-records/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/bcdannyboy/CVE-2023-44487"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/grpc/grpc-go/pull/6703"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/icing/mod_h2/blob/0a864782af0a942aa2ad4ed960a6b32cd35bcf0a/mod_http2/README.md?plain=1#L239-L244"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/nghttp2/nghttp2/releases/tag/v1.57.0"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://mailman.nginx.org/pipermail/nginx-devel/2023-October/S36Q5HBXR7CAIMPLLPRSSSYR4PCMWILK.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://my.f5.com/manage/s/article/K000137106"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://msrc.microsoft.com/blog/2023/10/microsoft-response-to-distributed-denial-of-service-ddos-attacks-against-http/2/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://bugzilla.proxmox.com/show_bug.cgi?id=4988"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://cgit.freebsd.org/ports/commit/?id=c64c329c2c1752f46b73e3e6ce9f4329be6629f9"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://seanmonstar.com/post/730794151136935936/hyper-http2-rapid-reset-unaffected"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/microsoft/CBL-Mariner/pull/6381"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/facebook/proxygen/pull/466"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://gist.github.com/adulau/7c2bfb8e9cdbe4b35a5e131c66a0c088"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/micrictor/http2-rst-stream"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://edg.io/lp/blog/resets-leaks-ddos-and-the-tale-of-a-hidden-cve"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://openssf.org/blog/2023/10/10/http-2-rapid-reset-vulnerability-highlights-need-for-rapid-response/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/h2o/h2o/security/advisories/GHSA-2m7v-gc89-fjqf"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/h2o/h2o/pull/3291"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/nodejs/node/pull/50121"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/dotnet/announcements/issues/277"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/golang/go/issues/63417"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/advisories/GHSA-vx74-f528-fxqg"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/apache/trafficserver/pull/10564"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-44487"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.14"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87q"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.openwall.com/lists/oss-security/2023/10/10/6"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/opensearch-project/data-prepper/issues/3474"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/kubernetes/kubernetes/pull/121120"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/oqtane/oqtane.framework/discussions/3367"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/advisories/GHSA-xpw8-rcwv-8f8p"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://netty.io/news/2023/10/10/4-1-100-Final.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.theregister.com/2023/10/10/http2_rapid_reset_zeroday/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://blog.qualys.com/vulnerabilities-threat-research/2023/10/10/cve-2023-44487-http-2-rapid-reset-attack"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://news.ycombinator.com/item?id=37837043"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/kazu-yamamoto/http2/issues/93"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://martinthomson.github.io/h2-stream-limits/draft-thomson-httpbis-h2-stream-limits.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/kazu-yamamoto/http2/commit/f61d41a502bd0f60eb24e1ce14edc7b6df6722a1"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/apache/httpd/blob/afcdbeebbff4b0c50ea26cdd16e178c0d1f24152/modules/http2/h2_mplx.c#L1101-L1113"
              },
              {
                "name": "DSA-5522",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2023/dsa-5522"
              },
              {
                "name": "DSA-5521",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2023/dsa-5521"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/security/cve/cve-2023-44487"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/ninenines/cowboy/issues/1615"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/varnishcache/varnish-cache/issues/3996"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/tempesta-tech/tempesta/issues/1986"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://blog.vespa.ai/cve-2023-44487/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/etcd-io/etcd/issues/16740"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.darkreading.com/cloud/internet-wide-zero-day-bug-fuels-largest-ever-ddos-event"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://istio.io/latest/news/security/istio-security-2023-004/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/junkurihara/rust-rpxy/issues/97"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://bugzilla.suse.com/show_bug.cgi?id=1216123"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242803"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://ubuntu.com/security/CVE-2023-44487"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://community.traefik.io/t/is-traefik-vulnerable-to-cve-2023-44487/20125"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/advisories/GHSA-qppj-fm5r-hxr3"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/apache/httpd-site/pull/10"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/projectcontour/contour/pull/5826"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/linkerd/website/pull/1695/commits/4b9c6836471bc8270ab48aae6fd2181bc73fd632"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/line/armeria/pull/5232"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://blog.litespeedtech.com/2023/10/11/rapid-reset-http-2-vulnerablilty/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.paloaltonetworks.com/CVE-2023-44487"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/akka/akka-http/issues/4323"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/openresty/openresty/issues/930"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/apache/apisix/issues/10320"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/Azure/AKS/issues/3947"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/Kong/kong/discussions/11741"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/arkrwn/PoC/tree/main/CVE-2023-44487"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.netlify.com/blog/netlify-successfully-mitigates-cve-2023-44487/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/caddyserver/caddy/releases/tag/v2.7.5"
              },
              {
                "name": "[debian-lts-announce] 20231013 [SECURITY] [DLA 3617-1] tomcat9 security update",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html"
              },
              {
                "name": "[oss-security] 20231013 Re: CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2023/10/13/4"
              },
              {
                "name": "[oss-security] 20231013 Re: CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2023/10/13/9"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://arstechnica.com/security/2023/10/how-ddosers-used-the-http-2-protocol-to-deliver-attacks-of-unprecedented-size/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.w3.org/Archives/Public/ietf-http-wg/2023OctDec/0025.html"
              },
              {
                "name": "FEDORA-2023-ed2642fd58",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://linkerd.io/2023/10/12/linkerd-cve-2023-44487/"
              },
              {
                "name": "[debian-lts-announce] 20231016 [SECURITY] [DLA 3621-1] nghttp2 security update",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00023.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20231016-0001/"
              },
              {
                "name": "[debian-lts-announce] 20231016 [SECURITY] [DLA 3617-2] tomcat9 regression update",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00024.html"
              },
              {
                "name": "[oss-security] 20231018 Vulnerability in Jenkins",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2023/10/18/4"
              },
              {
                "name": "[oss-security] 20231018 Re: CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2023/10/18/8"
              },
              {
                "name": "[oss-security] 20231019 CVE-2023-45802: Apache HTTP Server: HTTP/2 stream memory not reclaimed right away on RST",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2023/10/19/6"
              },
              {
                "name": "FEDORA-2023-54fadada12",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3/"
              },
              {
                "name": "FEDORA-2023-5ff7bf1dd8",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ/"
              },
              {
                "name": "[oss-security] 20231020 Re: CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2023/10/20/8"
              },
              {
                "name": "FEDORA-2023-17efd3f2cd",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH/"
              },
              {
                "name": "FEDORA-2023-d5030c983c",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5/"
              },
              {
                "name": "FEDORA-2023-0259c3f26f",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ/"
              },
              {
                "name": "FEDORA-2023-2a9214af5f",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4/"
              },
              {
                "name": "FEDORA-2023-e9c04d81c1",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y/"
              },
              {
                "name": "FEDORA-2023-f66fc0f62a",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG/"
              },
              {
                "name": "FEDORA-2023-4d2fd884ea",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU/"
              },
              {
                "name": "FEDORA-2023-b2c50535cb",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL/"
              },
              {
                "name": "FEDORA-2023-fe53e13b5b",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/"
              },
              {
                "name": "FEDORA-2023-4bf641255e",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/"
              },
              {
                "name": "[debian-lts-announce] 20231030 [SECURITY] [DLA 3641-1] jetty9 security update",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00045.html"
              },
              {
                "name": "DSA-5540",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2023/dsa-5540"
              },
              {
                "name": "[debian-lts-announce] 20231031 [SECURITY] [DLA 3638-1] h2o security update",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00047.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://discuss.hashicorp.com/t/hcsec-2023-32-vault-consul-and-boundary-affected-by-http-2-rapid-reset-denial-of-service-vulnerability-cve-2023-44487/59715"
              },
              {
                "name": "FEDORA-2023-1caffb88af",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU/"
              },
              {
                "name": "FEDORA-2023-3f70b8d406",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK/"
              },
              {
                "name": "FEDORA-2023-7b52921cae",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A/"
              },
              {
                "name": "FEDORA-2023-7934802344",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT/"
              },
              {
                "name": "FEDORA-2023-dbe64661af",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ/"
              },
              {
                "name": "FEDORA-2023-822aab0a5a",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/"
              },
              {
                "name": "[debian-lts-announce] 20231105 [SECURITY] [DLA 3645-1] trafficserver security update",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00001.html"
              },
              {
                "name": "DSA-5549",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2023/dsa-5549"
              },
              {
                "name": "FEDORA-2023-c0c6a91330",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2MBEPPC36UBVOZZNAXFHKLFGSLCMN5LI/"
              },
              {
                "name": "FEDORA-2023-492b7be466",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WE2I52RHNNU42PX6NZ2RBUHSFFJ2LVZX/"
              },
              {
                "name": "DSA-5558",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2023/dsa-5558"
              },
              {
                "name": "[debian-lts-announce] 20231119 [SECURITY] [DLA 3656-1] netty security update",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00012.html"
              },
              {
                "name": "GLSA-202311-09",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/202311-09"
              },
              {
                "name": "DSA-5570",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2023/dsa-5570"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20240426-0007/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20240621-0007/"
              },
              {
                "url": "https://www.vicarius.io/vsociety/posts/rapid-reset-cve-2023-44487-dos-in-http2-understanding-the-root-cause"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2025/08/13/6"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "defaultStatus": "unknown",
                "product": "RUGGEDCOM APE1808",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SIMATIC S7-1500 CPU 1518-4 PN/DP MFP",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "V3.1.5",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SIMATIC S7-1500 CPU 1518-4 PN/DP MFP",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "V3.1.5",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "V3.1.5",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "V3.1.5",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SINEC NMS",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V3.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SIPLUS S7-1500 CPU 1518-4 PN/DP MFP",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "V3.1.5",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-12T10:52:23.784Z",
              "orgId": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e",
              "shortName": "siemens-SADP"
            },
            "references": [
              {
                "url": "https://cert-portal.siemens.com/productcert/html/ssa-832273.html"
              },
              {
                "url": "https://cert-portal.siemens.com/productcert/html/ssa-341067.html"
              },
              {
                "url": "https://cert-portal.siemens.com/productcert/html/ssa-784301.html"
              },
              {
                "url": "https://cert-portal.siemens.com/productcert/html/ssa-915275.html"
              },
              {
                "url": "https://cert-portal.siemens.com/productcert/html/ssa-082556.html"
              }
            ],
            "x_adpType": "supplier"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-06-07T20:05:34.376Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://github.com/dotnet/core/blob/e4613450ea0da7fd2fc6b61dfb2c1c1dec1ce9ec/release-notes/6.0/6.0.23/6.0.23.md?plain=1#L73"
            },
            {
              "url": "https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack/"
            },
            {
              "url": "https://aws.amazon.com/security/security-bulletins/AWS-2023-011/"
            },
            {
              "url": "https://cloud.google.com/blog/products/identity-security/how-it-works-the-novel-http2-rapid-reset-ddos-attack"
            },
            {
              "url": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/"
            },
            {
              "url": "https://cloud.google.com/blog/products/identity-security/google-cloud-mitigated-largest-ddos-attack-peaking-above-398-million-rps/"
            },
            {
              "url": "https://news.ycombinator.com/item?id=37831062"
            },
            {
              "url": "https://blog.cloudflare.com/zero-day-rapid-reset-http2-record-breaking-ddos-attack/"
            },
            {
              "url": "https://www.phoronix.com/news/HTTP2-Rapid-Reset-Attack"
            },
            {
              "url": "https://github.com/envoyproxy/envoy/pull/30055"
            },
            {
              "url": "https://github.com/haproxy/haproxy/issues/2312"
            },
            {
              "url": "https://github.com/eclipse/jetty.project/issues/10679"
            },
            {
              "url": "https://forums.swift.org/t/swift-nio-http2-security-update-cve-2023-44487-http-2-dos/67764"
            },
            {
              "url": "https://github.com/nghttp2/nghttp2/pull/1961"
            },
            {
              "url": "https://github.com/netty/netty/commit/58f75f665aa81a8cbcf6ffa74820042a285c5e61"
            },
            {
              "url": "https://github.com/alibaba/tengine/issues/1872"
            },
            {
              "url": "https://github.com/apache/tomcat/tree/main/java/org/apache/coyote/http2"
            },
            {
              "url": "https://news.ycombinator.com/item?id=37830987"
            },
            {
              "url": "https://news.ycombinator.com/item?id=37830998"
            },
            {
              "url": "https://github.com/caddyserver/caddy/issues/5877"
            },
            {
              "url": "https://www.bleepingcomputer.com/news/security/new-http-2-rapid-reset-zero-day-attack-breaks-ddos-records/"
            },
            {
              "url": "https://github.com/bcdannyboy/CVE-2023-44487"
            },
            {
              "url": "https://github.com/grpc/grpc-go/pull/6703"
            },
            {
              "url": "https://github.com/icing/mod_h2/blob/0a864782af0a942aa2ad4ed960a6b32cd35bcf0a/mod_http2/README.md?plain=1#L239-L244"
            },
            {
              "url": "https://github.com/nghttp2/nghttp2/releases/tag/v1.57.0"
            },
            {
              "url": "https://mailman.nginx.org/pipermail/nginx-devel/2023-October/S36Q5HBXR7CAIMPLLPRSSSYR4PCMWILK.html"
            },
            {
              "url": "https://my.f5.com/manage/s/article/K000137106"
            },
            {
              "url": "https://msrc.microsoft.com/blog/2023/10/microsoft-response-to-distributed-denial-of-service-ddos-attacks-against-http/2/"
            },
            {
              "url": "https://bugzilla.proxmox.com/show_bug.cgi?id=4988"
            },
            {
              "url": "https://cgit.freebsd.org/ports/commit/?id=c64c329c2c1752f46b73e3e6ce9f4329be6629f9"
            },
            {
              "name": "[oss-security] 20231010 Re: CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations",
              "tags": [
                "mailing-list"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2023/10/10/7"
            },
            {
              "name": "[oss-security] 20231010 CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations",
              "tags": [
                "mailing-list"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2023/10/10/6"
            },
            {
              "url": "https://seanmonstar.com/post/730794151136935936/hyper-http2-rapid-reset-unaffected"
            },
            {
              "url": "https://github.com/microsoft/CBL-Mariner/pull/6381"
            },
            {
              "url": "https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo"
            },
            {
              "url": "https://github.com/facebook/proxygen/pull/466"
            },
            {
              "url": "https://gist.github.com/adulau/7c2bfb8e9cdbe4b35a5e131c66a0c088"
            },
            {
              "url": "https://github.com/micrictor/http2-rst-stream"
            },
            {
              "url": "https://edg.io/lp/blog/resets-leaks-ddos-and-the-tale-of-a-hidden-cve"
            },
            {
              "url": "https://openssf.org/blog/2023/10/10/http-2-rapid-reset-vulnerability-highlights-need-for-rapid-response/"
            },
            {
              "url": "https://github.com/h2o/h2o/security/advisories/GHSA-2m7v-gc89-fjqf"
            },
            {
              "url": "https://github.com/h2o/h2o/pull/3291"
            },
            {
              "url": "https://github.com/nodejs/node/pull/50121"
            },
            {
              "url": "https://github.com/dotnet/announcements/issues/277"
            },
            {
              "url": "https://github.com/golang/go/issues/63417"
            },
            {
              "url": "https://github.com/advisories/GHSA-vx74-f528-fxqg"
            },
            {
              "url": "https://github.com/apache/trafficserver/pull/10564"
            },
            {
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-44487"
            },
            {
              "url": "https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.14"
            },
            {
              "url": "https://lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87q"
            },
            {
              "url": "https://www.openwall.com/lists/oss-security/2023/10/10/6"
            },
            {
              "url": "https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487"
            },
            {
              "url": "https://github.com/opensearch-project/data-prepper/issues/3474"
            },
            {
              "url": "https://github.com/kubernetes/kubernetes/pull/121120"
            },
            {
              "url": "https://github.com/oqtane/oqtane.framework/discussions/3367"
            },
            {
              "url": "https://github.com/advisories/GHSA-xpw8-rcwv-8f8p"
            },
            {
              "url": "https://netty.io/news/2023/10/10/4-1-100-Final.html"
            },
            {
              "url": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487"
            },
            {
              "url": "https://www.theregister.com/2023/10/10/http2_rapid_reset_zeroday/"
            },
            {
              "url": "https://blog.qualys.com/vulnerabilities-threat-research/2023/10/10/cve-2023-44487-http-2-rapid-reset-attack"
            },
            {
              "url": "https://news.ycombinator.com/item?id=37837043"
            },
            {
              "url": "https://github.com/kazu-yamamoto/http2/issues/93"
            },
            {
              "url": "https://martinthomson.github.io/h2-stream-limits/draft-thomson-httpbis-h2-stream-limits.html"
            },
            {
              "url": "https://github.com/kazu-yamamoto/http2/commit/f61d41a502bd0f60eb24e1ce14edc7b6df6722a1"
            },
            {
              "url": "https://github.com/apache/httpd/blob/afcdbeebbff4b0c50ea26cdd16e178c0d1f24152/modules/http2/h2_mplx.c#L1101-L1113"
            },
            {
              "name": "DSA-5522",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.debian.org/security/2023/dsa-5522"
            },
            {
              "name": "DSA-5521",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.debian.org/security/2023/dsa-5521"
            },
            {
              "url": "https://access.redhat.com/security/cve/cve-2023-44487"
            },
            {
              "url": "https://github.com/ninenines/cowboy/issues/1615"
            },
            {
              "url": "https://github.com/varnishcache/varnish-cache/issues/3996"
            },
            {
              "url": "https://github.com/tempesta-tech/tempesta/issues/1986"
            },
            {
              "url": "https://blog.vespa.ai/cve-2023-44487/"
            },
            {
              "url": "https://github.com/etcd-io/etcd/issues/16740"
            },
            {
              "url": "https://www.darkreading.com/cloud/internet-wide-zero-day-bug-fuels-largest-ever-ddos-event"
            },
            {
              "url": "https://istio.io/latest/news/security/istio-security-2023-004/"
            },
            {
              "url": "https://github.com/junkurihara/rust-rpxy/issues/97"
            },
            {
              "url": "https://bugzilla.suse.com/show_bug.cgi?id=1216123"
            },
            {
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242803"
            },
            {
              "url": "https://ubuntu.com/security/CVE-2023-44487"
            },
            {
              "url": "https://community.traefik.io/t/is-traefik-vulnerable-to-cve-2023-44487/20125"
            },
            {
              "url": "https://github.com/advisories/GHSA-qppj-fm5r-hxr3"
            },
            {
              "url": "https://github.com/apache/httpd-site/pull/10"
            },
            {
              "url": "https://github.com/projectcontour/contour/pull/5826"
            },
            {
              "url": "https://github.com/linkerd/website/pull/1695/commits/4b9c6836471bc8270ab48aae6fd2181bc73fd632"
            },
            {
              "url": "https://github.com/line/armeria/pull/5232"
            },
            {
              "url": "https://blog.litespeedtech.com/2023/10/11/rapid-reset-http-2-vulnerablilty/"
            },
            {
              "url": "https://security.paloaltonetworks.com/CVE-2023-44487"
            },
            {
              "url": "https://github.com/akka/akka-http/issues/4323"
            },
            {
              "url": "https://github.com/openresty/openresty/issues/930"
            },
            {
              "url": "https://github.com/apache/apisix/issues/10320"
            },
            {
              "url": "https://github.com/Azure/AKS/issues/3947"
            },
            {
              "url": "https://github.com/Kong/kong/discussions/11741"
            },
            {
              "url": "https://github.com/arkrwn/PoC/tree/main/CVE-2023-44487"
            },
            {
              "url": "https://www.netlify.com/blog/netlify-successfully-mitigates-cve-2023-44487/"
            },
            {
              "url": "https://github.com/caddyserver/caddy/releases/tag/v2.7.5"
            },
            {
              "name": "[debian-lts-announce] 20231013 [SECURITY] [DLA 3617-1] tomcat9 security update",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html"
            },
            {
              "name": "[oss-security] 20231013 Re: CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations",
              "tags": [
                "mailing-list"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2023/10/13/4"
            },
            {
              "name": "[oss-security] 20231013 Re: CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations",
              "tags": [
                "mailing-list"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2023/10/13/9"
            },
            {
              "url": "https://arstechnica.com/security/2023/10/how-ddosers-used-the-http-2-protocol-to-deliver-attacks-of-unprecedented-size/"
            },
            {
              "url": "https://lists.w3.org/Archives/Public/ietf-http-wg/2023OctDec/0025.html"
            },
            {
              "name": "FEDORA-2023-ed2642fd58",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY/"
            },
            {
              "url": "https://linkerd.io/2023/10/12/linkerd-cve-2023-44487/"
            },
            {
              "name": "[debian-lts-announce] 20231016 [SECURITY] [DLA 3621-1] nghttp2 security update",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00023.html"
            },
            {
              "url": "https://security.netapp.com/advisory/ntap-20231016-0001/"
            },
            {
              "name": "[debian-lts-announce] 20231016 [SECURITY] [DLA 3617-2] tomcat9 regression update",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00024.html"
            },
            {
              "name": "[oss-security] 20231018 Vulnerability in Jenkins",
              "tags": [
                "mailing-list"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2023/10/18/4"
            },
            {
              "name": "[oss-security] 20231018 Re: CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations",
              "tags": [
                "mailing-list"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2023/10/18/8"
            },
            {
              "name": "[oss-security] 20231019 CVE-2023-45802: Apache HTTP Server: HTTP/2 stream memory not reclaimed right away on RST",
              "tags": [
                "mailing-list"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2023/10/19/6"
            },
            {
              "name": "FEDORA-2023-54fadada12",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3/"
            },
            {
              "name": "FEDORA-2023-5ff7bf1dd8",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ/"
            },
            {
              "name": "[oss-security] 20231020 Re: CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations",
              "tags": [
                "mailing-list"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2023/10/20/8"
            },
            {
              "name": "FEDORA-2023-17efd3f2cd",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH/"
            },
            {
              "name": "FEDORA-2023-d5030c983c",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5/"
            },
            {
              "name": "FEDORA-2023-0259c3f26f",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ/"
            },
            {
              "name": "FEDORA-2023-2a9214af5f",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4/"
            },
            {
              "name": "FEDORA-2023-e9c04d81c1",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y/"
            },
            {
              "name": "FEDORA-2023-f66fc0f62a",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG/"
            },
            {
              "name": "FEDORA-2023-4d2fd884ea",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU/"
            },
            {
              "name": "FEDORA-2023-b2c50535cb",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL/"
            },
            {
              "name": "FEDORA-2023-fe53e13b5b",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/"
            },
            {
              "name": "FEDORA-2023-4bf641255e",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/"
            },
            {
              "name": "[debian-lts-announce] 20231030 [SECURITY] [DLA 3641-1] jetty9 security update",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00045.html"
            },
            {
              "name": "DSA-5540",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.debian.org/security/2023/dsa-5540"
            },
            {
              "name": "[debian-lts-announce] 20231031 [SECURITY] [DLA 3638-1] h2o security update",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00047.html"
            },
            {
              "url": "https://discuss.hashicorp.com/t/hcsec-2023-32-vault-consul-and-boundary-affected-by-http-2-rapid-reset-denial-of-service-vulnerability-cve-2023-44487/59715"
            },
            {
              "name": "FEDORA-2023-1caffb88af",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU/"
            },
            {
              "name": "FEDORA-2023-3f70b8d406",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK/"
            },
            {
              "name": "FEDORA-2023-7b52921cae",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A/"
            },
            {
              "name": "FEDORA-2023-7934802344",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT/"
            },
            {
              "name": "FEDORA-2023-dbe64661af",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ/"
            },
            {
              "name": "FEDORA-2023-822aab0a5a",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/"
            },
            {
              "name": "[debian-lts-announce] 20231105 [SECURITY] [DLA 3645-1] trafficserver security update",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00001.html"
            },
            {
              "name": "DSA-5549",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.debian.org/security/2023/dsa-5549"
            },
            {
              "name": "FEDORA-2023-c0c6a91330",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2MBEPPC36UBVOZZNAXFHKLFGSLCMN5LI/"
            },
            {
              "name": "FEDORA-2023-492b7be466",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WE2I52RHNNU42PX6NZ2RBUHSFFJ2LVZX/"
            },
            {
              "name": "DSA-5558",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.debian.org/security/2023/dsa-5558"
            },
            {
              "name": "[debian-lts-announce] 20231119 [SECURITY] [DLA 3656-1] netty security update",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00012.html"
            },
            {
              "name": "GLSA-202311-09",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://security.gentoo.org/glsa/202311-09"
            },
            {
              "name": "DSA-5570",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.debian.org/security/2023/dsa-5570"
            },
            {
              "url": "https://security.netapp.com/advisory/ntap-20240426-0007/"
            },
            {
              "url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
            },
            {
              "url": "https://security.netapp.com/advisory/ntap-20240621-0007/"
            },
            {
              "url": "https://github.com/grpc/grpc/releases/tag/v1.59.2"
            },
            {
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-http2-reset-d8Kf32vZ"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2023-44487",
        "datePublished": "2023-10-10T00:00:00.000Z",
        "dateReserved": "2023-09-29T00:00:00.000Z",
        "dateUpdated": "2026-05-12T10:52:23.784Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-4785 (GCVE-0-2023-4785)

    Vulnerability from nvd – Published: 2023-09-13 16:31 – Updated: 2026-01-12 15:34
    VLAI
    Title
    Denial of Service in gRPC Core
    Summary
    Lack of error handling in the TCP server in Google's gRPC starting version 1.23 on posix-compatible platforms (ex. Linux) allows an attacker to cause a denial of service by initiating a significant number of connections with the server. Note that gRPC C++ Python, and Ruby are affected, but gRPC Java, and Go are NOT affected.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Google gRPC Unaffected: 0 , < 1.23 (custom)
    Unaffected: 1.57
    Affected: 1.56.0 , ≤ 1.56.1 (custom)
    Affected: 1.55.0 , ≤ 1.55.2 (custom)
    Affected: 1.54.0 , ≤ 1.54.2 (custom)
    Affected: 1.53.0 , ≤ 1.53.1 (custom)
    Create a notification for this product.
    grpc grpc Affected: 0 , < 1.23 (custom)
    Affected: 1.57
    Affected: 1.56.0 , ≤ 1.56.1 (custom)
    Affected: 1.55.0 , ≤ 155.2 (custom)
    Affected: 1.54.0 , ≤ 1.54.2 (custom)
    Affected: 1.53.0 , ≤ 1.53.1 (custom)
        cpe:2.3:a:grpc:grpc:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T07:38:00.495Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/grpc/grpc/pull/33656"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/grpc/grpc/pull/33667"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/grpc/grpc/pull/33669"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/grpc/grpc/pull/33670"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/grpc/grpc/pull/33672"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:grpc:grpc:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "grpc",
                "vendor": "grpc",
                "versions": [
                  {
                    "lessThan": "1.23",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  },
                  {
                    "status": "affected",
                    "version": "1.57"
                  },
                  {
                    "lessThanOrEqual": "1.56.1",
                    "status": "affected",
                    "version": "1.56.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThanOrEqual": "155.2",
                    "status": "affected",
                    "version": "1.55.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThanOrEqual": "1.54.2",
                    "status": "affected",
                    "version": "1.54.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThanOrEqual": "1.53.1",
                    "status": "affected",
                    "version": "1.53.0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-4785",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-25T18:02:01.004344Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-25T18:05:52.337Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Posix-compatible platforms"
              ],
              "product": "gRPC",
              "repo": "https://github.com/grpc/grpc",
              "vendor": "Google",
              "versions": [
                {
                  "lessThan": "1.23",
                  "status": "unaffected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "1.57"
                },
                {
                  "changes": [
                    {
                      "at": "1.56.2",
                      "status": "unaffected"
                    }
                  ],
                  "lessThanOrEqual": "1.56.1",
                  "status": "affected",
                  "version": "1.56.0",
                  "versionType": "custom"
                },
                {
                  "changes": [
                    {
                      "at": "1.55.3",
                      "status": "unaffected"
                    }
                  ],
                  "lessThanOrEqual": "1.55.2",
                  "status": "affected",
                  "version": "1.55.0",
                  "versionType": "custom"
                },
                {
                  "changes": [
                    {
                      "at": "1.54.3",
                      "status": "unaffected"
                    }
                  ],
                  "lessThanOrEqual": "1.54.2",
                  "status": "affected",
                  "version": "1.54.0",
                  "versionType": "custom"
                },
                {
                  "changes": [
                    {
                      "at": "1.53.2",
                      "status": "unaffected"
                    }
                  ],
                  "lessThanOrEqual": "1.53.1",
                  "status": "affected",
                  "version": "1.53.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Lack of error handling in the TCP server in Google\u0027s gRPC starting version 1.23 on posix-compatible platforms (ex. Linux) allows an attacker to cause a denial of service by initiating a significant number of connections with the server. Note that gRPC C++ Python, and Ruby are affected, but gRPC Java, and Go are NOT affected.\u0026nbsp;"
                }
              ],
              "value": "Lack of error handling in the TCP server in Google\u0027s gRPC starting version 1.23 on posix-compatible platforms (ex. Linux) allows an attacker to cause a denial of service by initiating a significant number of connections with the server. Note that gRPC C++ Python, and Ruby are affected, but gRPC Java, and Go are NOT affected."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-125",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-125 Flooding"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-248",
                  "description": "CWE-248",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-01-12T15:34:12.725Z",
            "orgId": "14ed7db2-1595-443d-9d34-6215bf890778",
            "shortName": "Google"
          },
          "references": [
            {
              "url": "https://github.com/grpc/grpc/pull/33656"
            },
            {
              "url": "https://github.com/grpc/grpc/pull/33667"
            },
            {
              "url": "https://github.com/grpc/grpc/pull/33669"
            },
            {
              "url": "https://github.com/grpc/grpc/pull/33670"
            },
            {
              "url": "https://github.com/grpc/grpc/pull/33672"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Denial of Service in gRPC Core",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778",
        "assignerShortName": "Google",
        "cveId": "CVE-2023-4785",
        "datePublished": "2023-09-13T16:31:55.664Z",
        "dateReserved": "2023-09-06T04:50:57.530Z",
        "dateUpdated": "2026-01-12T15:34:12.725Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-33953 (GCVE-0-2023-33953)

    Vulnerability from nvd – Published: 2023-08-09 12:54 – Updated: 2024-09-27 18:40
    VLAI
    Title
    Denial-of-Service in gRPC
    Summary
    gRPC contains a vulnerability that allows hpack table accounting errors could lead to unwanted disconnects between clients and servers in exceptional cases/ Three vectors were found that allow the following DOS attacks: - Unbounded memory buffering in the HPACK parser - Unbounded CPU consumption in the HPACK parser The unbounded CPU consumption is down to a copy that occurred per-input-block in the parser, and because that could be unbounded due to the memory copy bug we end up with an O(n^2) parsing loop, with n selected by the client. The unbounded memory buffering bugs: - The header size limit check was behind the string reading code, so we needed to first buffer up to a 4 gigabyte string before rejecting it as longer than 8 or 16kb. - HPACK varints have an encoding quirk whereby an infinite number of 0’s can be added at the start of an integer. gRPC’s hpack parser needed to read all of them before concluding a parse. - gRPC’s metadata overflow check was performed per frame, so that the following sequence of frames could cause infinite buffering: HEADERS: containing a: 1 CONTINUATION: containing a: 2 CONTINUATION: containing a: 3 etc…
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-834 - Excessive Iteration
    • CWE-789 - Memory Allocation with Excessive Size Value
    Assigner
    Impacted products
    Vendor Product Version
    Google gRPC Affected: 0 , < 1.56.1 (custom)
    Create a notification for this product.
    grpc grpc Affected: 0 , < 1.53.2 (custom)
    Affected: 1.54 , < 154.3 (custom)
    Affected: 1.55 , < 1.55.2 (custom)
    Affected: 1.56 , < 1.56.2 (custom)
        cpe:2.3:a:grpc:grpc:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T15:54:14.192Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://cloud.google.com/support/bulletins#gcp-2023-022"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:grpc:grpc:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "grpc",
                "vendor": "grpc",
                "versions": [
                  {
                    "lessThan": "1.53.2",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "154.3",
                    "status": "affected",
                    "version": "1.54",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "1.55.2",
                    "status": "affected",
                    "version": "1.55",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "1.56.2",
                    "status": "affected",
                    "version": "1.56",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-33953",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-27T17:54:21.539206Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-27T18:40:52.297Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "gRPC",
              "vendor": "Google",
              "versions": [
                {
                  "lessThan": "1.56.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "gRPC contains a vulnerability that allows hpack table accounting errors could lead to unwanted disconnects between clients and servers in exceptional cases/\u0026nbsp;Three vectors were found that allow the following DOS attacks:\u003cbr\u003e\u003cbr\u003e- Unbounded memory buffering in the HPACK parser\u003cbr\u003e- Unbounded CPU consumption in the HPACK parser\u003cbr\u003e\u003cbr\u003eThe unbounded CPU consumption is down to a copy that occurred per-input-block in the parser, and because that could be unbounded due to the memory copy bug we end up with an O(n^2) parsing loop, with n selected by the client.\u003cbr\u003e\u003cbr\u003eThe unbounded memory buffering bugs:\u003cbr\u003e\u003cbr\u003e- The header size limit check was behind the string reading code, so we needed to first buffer up to a 4 gigabyte string before rejecting it as longer than 8 or 16kb.\u003cbr\u003e- HPACK varints have an encoding quirk whereby an infinite number of 0\u2019s can be added at the start of an integer. gRPC\u2019s hpack parser needed to read all of them before concluding a parse.\u003cbr\u003e- gRPC\u2019s metadata overflow check was performed per frame, so that the following sequence of frames could cause infinite buffering: HEADERS: containing a: 1 CONTINUATION: containing a: 2 CONTINUATION: containing a: 3 etc\u2026"
                }
              ],
              "value": "gRPC contains a vulnerability that allows hpack table accounting errors could lead to unwanted disconnects between clients and servers in exceptional cases/\u00a0Three vectors were found that allow the following DOS attacks:\n\n- Unbounded memory buffering in the HPACK parser\n- Unbounded CPU consumption in the HPACK parser\n\nThe unbounded CPU consumption is down to a copy that occurred per-input-block in the parser, and because that could be unbounded due to the memory copy bug we end up with an O(n^2) parsing loop, with n selected by the client.\n\nThe unbounded memory buffering bugs:\n\n- The header size limit check was behind the string reading code, so we needed to first buffer up to a 4 gigabyte string before rejecting it as longer than 8 or 16kb.\n- HPACK varints have an encoding quirk whereby an infinite number of 0\u2019s can be added at the start of an integer. gRPC\u2019s hpack parser needed to read all of them before concluding a parse.\n- gRPC\u2019s metadata overflow check was performed per frame, so that the following sequence of frames could cause infinite buffering: HEADERS: containing a: 1 CONTINUATION: containing a: 2 CONTINUATION: containing a: 3 etc\u2026"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-220",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-220 Client-Server Protocol Manipulation"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-834",
                  "description": "CWE-834 Excessive Iteration",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-789",
                  "description": "CWE-789 Memory Allocation with Excessive Size Value",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-08-09T12:54:47.415Z",
            "orgId": "14ed7db2-1595-443d-9d34-6215bf890778",
            "shortName": "Google"
          },
          "references": [
            {
              "url": "https://cloud.google.com/support/bulletins#gcp-2023-022"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Denial-of-Service in gRPC",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778",
        "assignerShortName": "Google",
        "cveId": "CVE-2023-33953",
        "datePublished": "2023-08-09T12:54:47.415Z",
        "dateReserved": "2023-05-24T12:08:31.409Z",
        "dateUpdated": "2024-09-27T18:40:52.297Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-32732 (GCVE-0-2023-32732)

    Vulnerability from nvd – Published: 2023-06-09 10:48 – Updated: 2025-02-13 16:55
    VLAI
    Title
    Denial-of-Service in gRPC
    Summary
    gRPC contains a vulnerability whereby a client can cause a termination of connection between a HTTP2 proxy and a gRPC server: a base64 encoding error for `-bin` suffixed headers will result in a disconnection by the gRPC server, but is typically allowed by HTTP2 proxies. We recommend upgrading beyond the commit in  https://github.com/grpc/grpc/pull/32309 https://www.google.com/url
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-440 - Expected Behavior Violation
    Assigner
    Impacted products
    Vendor Product Version
    Google gRPC Affected: 1.53 , < 1.54 (custom)
    Create a notification for this product.
    grpc grpc Affected: 1.53 , < 1.54 (custom)
        cpe:2.3:a:grpc:grpc:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T15:25:36.637Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/grpc/grpc/pull/32309"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/37IDNVY5AWVH7JDMM2SDTL24ZPPZJNSY/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VWE44J5FG7THHL7XVEVTNIGEYBNKJBLL/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:grpc:grpc:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "grpc",
                "vendor": "grpc",
                "versions": [
                  {
                    "lessThan": "1.54",
                    "status": "affected",
                    "version": "1.53",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-32732",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-26T18:59:27.982940Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-26T19:03:12.183Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "gRPC",
              "vendor": "Google",
              "versions": [
                {
                  "lessThan": "1.54",
                  "status": "affected",
                  "version": "1.53",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "gRPC contains a vulnerability whereby a client can cause a termination of connection between a HTTP2 proxy and a gRPC server: a base64 encoding error for `-bin` suffixed headers will result in a disconnection by the gRPC server, but is typically allowed by HTTP2 proxies. We recommend upgrading beyond the commit in\u0026nbsp;\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.google.com/url?sa=D\u0026amp;q=https%3A%2F%2Fgithub.com%2Fgrpc%2Fgrpc%2Fpull%2F32309\"\u003ehttps://github.com/grpc/grpc/pull/32309\u003c/a\u003e\u003cbr\u003e"
                }
              ],
              "value": "gRPC contains a vulnerability whereby a client can cause a termination of connection between a HTTP2 proxy and a gRPC server: a base64 encoding error for `-bin` suffixed headers will result in a disconnection by the gRPC server, but is typically allowed by HTTP2 proxies. We recommend upgrading beyond the commit in\u00a0 https://github.com/grpc/grpc/pull/32309 https://www.google.com/url"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-220",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-220 Client-Server Protocol Manipulation"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-440",
                  "description": "CWE-440: Expected Behavior Violation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-07-23T02:06:09.201Z",
            "orgId": "14ed7db2-1595-443d-9d34-6215bf890778",
            "shortName": "Google"
          },
          "references": [
            {
              "url": "https://github.com/grpc/grpc/pull/32309"
            },
            {
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/37IDNVY5AWVH7JDMM2SDTL24ZPPZJNSY/"
            },
            {
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VWE44J5FG7THHL7XVEVTNIGEYBNKJBLL/"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Fixes available in these releases:\u003cbr\u003e- 1.52.2: \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://github.com/grpc/grpc/releases/tag/v1.52.2\"\u003ehttps://github.com/grpc/grpc/releases/tag/v1.52.2\u003c/a\u003e\u003cbr\u003e- 1.53.1: \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://github.com/grpc/grpc/releases/tag/v1.53.1\"\u003ehttps://github.com/grpc/grpc/releases/tag/v1.53.1\u003c/a\u003e\u003cbr\u003e- 1.54.2: \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://github.com/grpc/grpc/releases/tag/v1.54.2\"\u003ehttps://github.com/grpc/grpc/releases/tag/v1.54.2\u003c/a\u003e\u003cbr\u003e- 1.55.0: \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://github.com/grpc/grpc/releases/tag/v1.55.0\"\u003ehttps://github.com/grpc/grpc/releases/tag/v1.55.0\u003c/a\u003e\u003cbr\u003e\u003cbr\u003e"
                }
              ],
              "value": "Fixes available in these releases:\n- 1.52.2:  https://github.com/grpc/grpc/releases/tag/v1.52.2 https://github.com/grpc/grpc/releases/tag/v1.52.2 \n- 1.53.1:  https://github.com/grpc/grpc/releases/tag/v1.53.1 https://github.com/grpc/grpc/releases/tag/v1.53.1 \n- 1.54.2:  https://github.com/grpc/grpc/releases/tag/v1.54.2 https://github.com/grpc/grpc/releases/tag/v1.54.2 \n- 1.55.0:  https://github.com/grpc/grpc/releases/tag/v1.55.0 https://github.com/grpc/grpc/releases/tag/v1.55.0"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Denial-of-Service in gRPC",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778",
        "assignerShortName": "Google",
        "cveId": "CVE-2023-32732",
        "datePublished": "2023-06-09T10:48:15.075Z",
        "dateReserved": "2023-05-12T08:58:54.033Z",
        "dateUpdated": "2025-02-13T16:55:01.392Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-32731 (GCVE-0-2023-32731)

    Vulnerability from nvd – Published: 2023-06-09 10:54 – Updated: 2024-09-26 19:12
    VLAI
    Title
    Information leak in gRPC
    Summary
    When gRPC HTTP2 stack raised a header size exceeded error, it skipped parsing the rest of the HPACK frame. This caused any HPACK table mutations to also be skipped, resulting in a desynchronization of HPACK tables between sender and receiver. If leveraged, say, between a proxy and a backend, this could lead to requests from the proxy being interpreted as containing headers from different proxy clients - leading to an information leak that can be used for privilege escalation or data exfiltration. We recommend upgrading beyond the commit contained in  https://github.com/grpc/grpc/pull/33005 https://github.com/grpc/grpc/pull/33005
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-440 - Expected Behavior Violation
    Assigner
    Impacted products
    Vendor Product Version
    Google gRPC Affected: 1.53 , ≤ 1.54 (custom)
    Create a notification for this product.
    grpc grpc Affected: 1.53 , ≤ 1.54 (custom)
        cpe:2.3:a:grpc:grpc:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T15:25:37.017Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/grpc/grpc/pull/32309"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/grpc/grpc/pull/33005"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:grpc:grpc:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "grpc",
                "vendor": "grpc",
                "versions": [
                  {
                    "lessThanOrEqual": "1.54",
                    "status": "affected",
                    "version": "1.53",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-32731",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-26T19:07:16.164767Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-26T19:12:06.245Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "gRPC",
              "repo": "https://github.com/grpc",
              "vendor": "Google",
              "versions": [
                {
                  "lessThanOrEqual": "1.54",
                  "status": "affected",
                  "version": "1.53",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "When gRPC HTTP2 stack raised a header size exceeded error, it skipped parsing the rest of the HPACK frame. This caused any HPACK table mutations to also be skipped, resulting in a desynchronization of HPACK tables between sender and receiver. If leveraged, say, between a proxy and a backend, this could lead to requests from the proxy being interpreted as containing headers from different proxy clients - leading to an information leak that can be used for privilege escalation or data exfiltration. We recommend upgrading beyond the commit contained in\u0026nbsp;\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://github.com/grpc/grpc/pull/33005\"\u003ehttps://github.com/grpc/grpc/pull/33005\u003c/a\u003e\u003cbr\u003e"
                }
              ],
              "value": "When gRPC HTTP2 stack raised a header size exceeded error, it skipped parsing the rest of the HPACK frame. This caused any HPACK table mutations to also be skipped, resulting in a desynchronization of HPACK tables between sender and receiver. If leveraged, say, between a proxy and a backend, this could lead to requests from the proxy being interpreted as containing headers from different proxy clients - leading to an information leak that can be used for privilege escalation or data exfiltration. We recommend upgrading beyond the commit contained in\u00a0 https://github.com/grpc/grpc/pull/33005 https://github.com/grpc/grpc/pull/33005 \n"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-220",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-220 Client-Server Protocol Manipulation"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.4,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-440",
                  "description": "CWE-440: Expected Behavior Violation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-06-13T15:26:24.636Z",
            "orgId": "14ed7db2-1595-443d-9d34-6215bf890778",
            "shortName": "Google"
          },
          "references": [
            {
              "url": "https://github.com/grpc/grpc/pull/32309"
            },
            {
              "url": "https://github.com/grpc/grpc/pull/33005"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Fixes available in these releases:\u003cbr\u003e- 1.52.2: \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://github.com/grpc/grpc/releases/tag/v1.52.2\"\u003ehttps://github.com/grpc/grpc/releases/tag/v1.52.2\u003c/a\u003e\u003cbr\u003e- 1.53.1: \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://github.com/grpc/grpc/releases/tag/v1.53.1\"\u003ehttps://github.com/grpc/grpc/releases/tag/v1.53.1\u003c/a\u003e\u003cbr\u003e- 1.54.2: \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://github.com/grpc/grpc/releases/tag/v1.54.2\"\u003ehttps://github.com/grpc/grpc/releases/tag/v1.54.2\u003c/a\u003e\u003cbr\u003e- 1.55.0: \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://github.com/grpc/grpc/releases/tag/v1.55.0\"\u003ehttps://github.com/grpc/grpc/releases/tag/v1.55.0\u003c/a\u003e\u003cbr\u003e\u003cbr\u003e"
                }
              ],
              "value": "Fixes available in these releases:\n- 1.52.2:  https://github.com/grpc/grpc/releases/tag/v1.52.2 https://github.com/grpc/grpc/releases/tag/v1.52.2 \n- 1.53.1:  https://github.com/grpc/grpc/releases/tag/v1.53.1 https://github.com/grpc/grpc/releases/tag/v1.53.1 \n- 1.54.2:  https://github.com/grpc/grpc/releases/tag/v1.54.2 https://github.com/grpc/grpc/releases/tag/v1.54.2 \n- 1.55.0:  https://github.com/grpc/grpc/releases/tag/v1.55.0 https://github.com/grpc/grpc/releases/tag/v1.55.0 \n\n"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Information leak in gRPC",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778",
        "assignerShortName": "Google",
        "cveId": "CVE-2023-32731",
        "datePublished": "2023-06-09T10:54:08.472Z",
        "dateReserved": "2023-05-12T08:58:54.033Z",
        "dateUpdated": "2024-09-26T19:12:06.245Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-1428 (GCVE-0-2023-1428)

    Vulnerability from nvd – Published: 2023-06-09 10:46 – Updated: 2024-09-26 18:58
    VLAI
    Title
    Denial-of-Service in gRPC
    Summary
    There exists an vulnerability causing an abort() to be called in gRPC.  The following headers cause gRPC's C++ implementation to abort() when called via http2: te: x (x != trailers) :scheme: x (x != http, https) grpclb_client_stats: x (x == anything) On top of sending one of those headers, a later header must be sent that gets the total header size past 8KB. We recommend upgrading past git commit 2485fa94bd8a723e5c977d55a3ce10b301b437f8 or v1.53 and above.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Google gRPC Affected: 1.51 , < 1.53 (custom)
    Create a notification for this product.
    grpc grpc Affected: 1.51.0 , < 1.53.0 (custom)
        cpe:2.3:a:grpc:grpc:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2023-02-28 23:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T05:49:11.535Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/grpc/grpc/commit/2485fa94bd8a723e5c977d55a3ce10b301b437f8"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:grpc:grpc:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "grpc",
                "vendor": "grpc",
                "versions": [
                  {
                    "lessThan": "1.53.0",
                    "status": "affected",
                    "version": "1.51.0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-1428",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-26T18:57:29.444880Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-26T18:58:56.654Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "gRPC",
              "repo": "https://github.com/grpc/grpc",
              "vendor": "Google",
              "versions": [
                {
                  "lessThan": "1.53",
                  "status": "affected",
                  "version": "1.51",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2023-02-28T23:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "There exists an vulnerability causing an abort() to be called in gRPC.\u0026nbsp;\u003cbr\u003e\u003cp\u003eThe following headers cause gRPC\u0027s C++ implementation to abort() when called via http2:\u003c/p\u003e\u003cp\u003e\u003ccode\u003ete: x (x != trailers)\u003c/code\u003e\u003c/p\u003e\u003cp\u003e\u003ccode\u003e:scheme: x (x != http, https)\u003c/code\u003e\u003c/p\u003e\u003cp\u003e\u003ccode\u003egrpclb_client_stats: x (x == anything)\u003c/code\u003e\u003c/p\u003eOn top of sending one of those headers, a later header must be sent that gets the total header size past 8KB. We recommend upgrading past git commit\u0026nbsp;2485fa94bd8a723e5c977d55a3ce10b301b437f8 or v1.53 and above.\u003cbr\u003e\u003cbr\u003e"
                }
              ],
              "value": "There exists an vulnerability causing an abort() to be called in gRPC.\u00a0\nThe following headers cause gRPC\u0027s C++ implementation to abort() when called via http2:\n\nte: x (x != trailers)\n\n:scheme: x (x != http, https)\n\ngrpclb_client_stats: x (x == anything)\n\nOn top of sending one of those headers, a later header must be sent that gets the total header size past 8KB. We recommend upgrading past git commit\u00a02485fa94bd8a723e5c977d55a3ce10b301b437f8 or v1.53 and above.\n\n"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-153",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-153 Input Data Manipulation"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-617",
                  "description": "CWE-617 Reachable Assertion",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-06-09T10:46:54.244Z",
            "orgId": "14ed7db2-1595-443d-9d34-6215bf890778",
            "shortName": "Google"
          },
          "references": [
            {
              "url": "https://github.com/grpc/grpc/commit/2485fa94bd8a723e5c977d55a3ce10b301b437f8"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Fixes available in these releases:\u003cbr\u003e- 1.52.2: \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://github.com/grpc/grpc/releases/tag/v1.52.2\"\u003ehttps://github.com/grpc/grpc/releases/tag/v1.52.2\u003c/a\u003e\u003cbr\u003e- 1.53.1: \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://github.com/grpc/grpc/releases/tag/v1.53.1\"\u003ehttps://github.com/grpc/grpc/releases/tag/v1.53.1\u003c/a\u003e\u003cbr\u003e- 1.54.2: \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://github.com/grpc/grpc/releases/tag/v1.54.2\"\u003ehttps://github.com/grpc/grpc/releases/tag/v1.54.2\u003c/a\u003e\u003cbr\u003e- 1.55.0: \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://github.com/grpc/grpc/releases/tag/v1.55.0\"\u003ehttps://github.com/grpc/grpc/releases/tag/v1.55.0\u003c/a\u003e\u003cbr\u003e\u003cbr\u003e"
                }
              ],
              "value": "Fixes available in these releases:\n- 1.52.2:  https://github.com/grpc/grpc/releases/tag/v1.52.2 https://github.com/grpc/grpc/releases/tag/v1.52.2 \n- 1.53.1:  https://github.com/grpc/grpc/releases/tag/v1.53.1 https://github.com/grpc/grpc/releases/tag/v1.53.1 \n- 1.54.2:  https://github.com/grpc/grpc/releases/tag/v1.54.2 https://github.com/grpc/grpc/releases/tag/v1.54.2 \n- 1.55.0:  https://github.com/grpc/grpc/releases/tag/v1.55.0 https://github.com/grpc/grpc/releases/tag/v1.55.0 \n\n"
            }
          ],
          "source": {
            "discovery": "INTERNAL"
          },
          "title": "Denial-of-Service in gRPC",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778",
        "assignerShortName": "Google",
        "cveId": "CVE-2023-1428",
        "datePublished": "2023-06-09T10:46:54.244Z",
        "dateReserved": "2023-03-16T10:47:22.037Z",
        "dateUpdated": "2024-09-26T18:58:56.654Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-24777 (GCVE-0-2022-24777)

    Vulnerability from nvd – Published: 2022-03-25 16:35 – Updated: 2025-04-23 18:43
    VLAI
    Title
    Denial of Service via reachable assertion in grpc-swift
    Summary
    grpc-swift is the Swift language implementation of gRPC, a remote procedure call (RPC) framework. Prior to version 1.7.2, a grpc-swift server is vulnerable to a denial of service attack via a reachable assertion. This is due to incorrect logic when handling GOAWAY frames. The attack is low-effort: it takes very little resources to construct and send the required sequence of frames. The impact on availability is high as the server will crash, dropping all in flight connections and requests. This issue is fixed in version 1.7.2. There are currently no known workarounds.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    grpc grpc-swift Affected: < 1.7.2
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T04:20:50.490Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/grpc/grpc-swift/security/advisories/GHSA-r6ww-5963-7r95"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/grpc/grpc-swift/commit/858f977f2a51fca2292f384cf7a108dc2e73a3bd"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-24777",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-23T15:56:22.993083Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-23T18:43:40.348Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "grpc-swift",
              "vendor": "grpc",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 1.7.2"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "grpc-swift is the Swift language implementation of gRPC, a remote procedure call (RPC) framework. Prior to version 1.7.2, a grpc-swift server is vulnerable to a denial of service attack via a reachable assertion. This is due to incorrect logic when handling GOAWAY frames. The attack is low-effort: it takes very little resources to construct and send the required sequence of frames. The impact on availability is high as the server will crash, dropping all in flight connections and requests. This issue is fixed in version 1.7.2. There are currently no known workarounds."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-617",
                  "description": "CWE-617: Reachable Assertion",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-03-25T16:35:09.000Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/grpc/grpc-swift/security/advisories/GHSA-r6ww-5963-7r95"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/grpc/grpc-swift/commit/858f977f2a51fca2292f384cf7a108dc2e73a3bd"
            }
          ],
          "source": {
            "advisory": "GHSA-r6ww-5963-7r95",
            "discovery": "UNKNOWN"
          },
          "title": "Denial of Service via reachable assertion in grpc-swift",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security-advisories@github.com",
              "ID": "CVE-2022-24777",
              "STATE": "PUBLIC",
              "TITLE": "Denial of Service via reachable assertion in grpc-swift"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "grpc-swift",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "\u003c 1.7.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "grpc"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "grpc-swift is the Swift language implementation of gRPC, a remote procedure call (RPC) framework. Prior to version 1.7.2, a grpc-swift server is vulnerable to a denial of service attack via a reachable assertion. This is due to incorrect logic when handling GOAWAY frames. The attack is low-effort: it takes very little resources to construct and send the required sequence of frames. The impact on availability is high as the server will crash, dropping all in flight connections and requests. This issue is fixed in version 1.7.2. There are currently no known workarounds."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-617: Reachable Assertion"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://github.com/grpc/grpc-swift/security/advisories/GHSA-r6ww-5963-7r95",
                  "refsource": "CONFIRM",
                  "url": "https://github.com/grpc/grpc-swift/security/advisories/GHSA-r6ww-5963-7r95"
                },
                {
                  "name": "https://github.com/grpc/grpc-swift/commit/858f977f2a51fca2292f384cf7a108dc2e73a3bd",
                  "refsource": "MISC",
                  "url": "https://github.com/grpc/grpc-swift/commit/858f977f2a51fca2292f384cf7a108dc2e73a3bd"
                }
              ]
            },
            "source": {
              "advisory": "GHSA-r6ww-5963-7r95",
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2022-24777",
        "datePublished": "2022-03-25T16:35:09.000Z",
        "dateReserved": "2022-02-10T00:00:00.000Z",
        "dateUpdated": "2025-04-23T18:43:40.348Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2026-33186 (GCVE-0-2026-33186)

    Vulnerability from cvelistv5 – Published: 2026-03-20 22:23 – Updated: 2026-07-02 12:04
    VLAI
    Title
    gRPC-Go has an authorization bypass via missing leading slash in :path
    Summary
    gRPC-Go is the Go language implementation of gRPC. Versions prior to 1.79.3 have an authorization bypass resulting from improper input validation of the HTTP/2 `:path` pseudo-header. The gRPC-Go server was too lenient in its routing logic, accepting requests where the `:path` omitted the mandatory leading slash (e.g., `Service/Method` instead of `/Service/Method`). While the server successfully routed these requests to the correct handler, authorization interceptors (including the official `grpc/authz` package) evaluated the raw, non-canonical path string. Consequently, "deny" rules defined using canonical paths (starting with `/`) failed to match the incoming request, allowing it to bypass the policy if a fallback "allow" rule was present. This affects gRPC-Go servers that use path-based authorization interceptors, such as the official RBAC implementation in `google.golang.org/grpc/authz` or custom interceptors relying on `info.FullMethod` or `grpc.Method(ctx)`; AND that have a security policy contains specific "deny" rules for canonical paths but allows other requests by default (a fallback "allow" rule). The vulnerability is exploitable by an attacker who can send raw HTTP/2 frames with malformed `:path` headers directly to the gRPC server. The fix in version 1.79.3 ensures that any request with a `:path` that does not start with a leading slash is immediately rejected with a `codes.Unimplemented` error, preventing it from reaching authorization interceptors or handlers with a non-canonical path string. While upgrading is the most secure and recommended path, users can mitigate the vulnerability using one of the following methods: Use a validating interceptor (recommended mitigation); infrastructure-level normalization; and/or policy hardening.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-285 - Improper Authorization
    • CWE-551 - Incorrect Behavior Order: Authorization Before Parsing and Canonicalization
    Assigner
    References
    URL Tags
    https://github.com/grpc/grpc-go/security/advisori… x_refsource_CONFIRM
    https://access.redhat.com/security/cve/CVE-2026-33186 vdb-entryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=2449833 issue-trackingx_refsource_REDHAT
    https://security.access.redhat.com/data/csaf/v2/v… x_sadp-csaf-vex
    https://access.redhat.com/errata/RHSA-2026:29079 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:26997 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:27076 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:17789 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:28047 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:20436 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:18068 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:20322 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:26999 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:19719 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:27856 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:22937 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:19135 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:22450 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:10107 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:19721 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:19720 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:27712 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:10705 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:10706 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:23228 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:19353 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:22714 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:19207 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:9872 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:34364 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:22423 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:22347 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:21769 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:23345 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:6428 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:29854 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:26568 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:8433 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:22645 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:25127 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:13548 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:8151 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:11408 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:11803 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:13829 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:7110 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:11070 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:7128 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:13791 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:27893 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:27901 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:27957 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:27892 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:6174 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:6802 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:22485 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:24977 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:10698 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:19712 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:10155 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:10158 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:21696 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:21697 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:12283 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:21691 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:21692 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:28893 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:25009 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:15092 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:23234 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:28964 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:23235 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:14775 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:25045 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:29082 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:20088 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:20089 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:10105 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:17598 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:17599 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:21657 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:25182 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:21658 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:27001 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:17448 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:25183 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:12119 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:12118 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:8449 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:23246 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:20041 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:20042 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:27004 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:23247 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:25201 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:10093 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:10094 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:21703 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:27063 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:17468 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:24535 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:21704 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:25195 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:25194 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:6564 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:24759 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:17474 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:21709 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:24506 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:20034 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:20035 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:25187 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:7245 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:23241 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:17475 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:21710 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:22800 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:10175 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:20946 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:20943 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:26519 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:24484 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:21932 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:21931 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:8483 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:9440 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:8484 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:9448 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:8490 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:9453 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:8491 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:8493 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:9388 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:9385 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:26416 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:26420 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:26413 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:12279 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:26412 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:12277 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:11916 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:11856 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:21017 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:24853 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:19375 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:22465 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:11996 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:10131 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:10125 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:10130 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:10126 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:10172 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:10153 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:8338 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:22959 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:22961 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:24536 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:19099 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:12116 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:12337 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:19108 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:17459 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:17123 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:22689 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:18585 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:19109 vendor-advisoryx_refsource_REDHAT
    Impacted products
    Vendor Product Version
    grpc grpc-go Affected: < 1.79.3
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.16     cpe:/a:redhat:openshift:4.16::el8
        cpe:/a:redhat:openshift:4.16::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.18     cpe:/a:redhat:openshift:4.18::el8
        cpe:/a:redhat:openshift:4.18::el9
    Create a notification for this product.
    Red Hat Red Hat Satellite 6.16 for RHEL 8     cpe:/a:redhat:satellite:6.16::el8
        cpe:/a:redhat:satellite_capsule:6.16::el8
        cpe:/a:redhat:satellite_maintenance:6.16::el8
        cpe:/a:redhat:satellite_utils:6.16::el8
    Create a notification for this product.
    Red Hat Cryostat 4 on RHEL 9     cpe:/a:redhat:cryostat:4::el9
    Create a notification for this product.
    Red Hat Red Hat OpenStack Platform 17.1     cpe:/a:redhat:openstack:17.1
        cpe:/a:redhat:openstack:17.1::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.19     cpe:/a:redhat:openshift:4.19::el9
    Create a notification for this product.
    Red Hat Red Hat Satellite 6.16 for RHEL 9     cpe:/a:redhat:satellite:6.16::el9
        cpe:/a:redhat:satellite_capsule:6.16::el9
        cpe:/a:redhat:satellite_maintenance:6.16::el9
        cpe:/a:redhat:satellite_utils:6.16::el9
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream EUS (v. 10.0)     cpe:/o:redhat:enterprise_linux_eus:10.0
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream (v. 10)     cpe:/o:redhat:enterprise_linux:10.2
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream (v. 8)     cpe:/a:redhat:enterprise_linux:8::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream EUS (v.9.4)     cpe:/a:redhat:rhel_eus:9.4::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream EUS (v.9.6)     cpe:/a:redhat:rhel_eus:9.6::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream (v. 9)     cpe:/a:redhat:enterprise_linux:9::appstream
    Create a notification for this product.
    Red Hat Red Hat CodeReady Linux Builder EUS (v.9.6)     cpe:/a:redhat:rhel_eus:9.6::crb
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)     cpe:/a:redhat:enterprise_linux:9::crb
    Create a notification for this product.
    Red Hat DevWorkspace Operator 0.4     cpe:/a:redhat:devworkspace:0.40::el9
    Create a notification for this product.
    Red Hat Logging Subsystem for Red Hat OpenShift 6.4     cpe:/a:redhat:logging:6.4::el9
    Create a notification for this product.
    Red Hat Multicluster Global Hub 1.3.4     cpe:/a:redhat:multicluster_globalhub:1.3::el9
    Create a notification for this product.
    Red Hat Multicluster Global Hub 1.4.5     cpe:/a:redhat:multicluster_globalhub:1.4::el9
    Create a notification for this product.
    Red Hat Multicluster Global Hub 1.5.4     cpe:/a:redhat:multicluster_globalhub:1.5::el9
    Create a notification for this product.
    Red Hat Multicluster Global Hub 1.6.2     cpe:/a:redhat:multicluster_globalhub:1.6::el9
    Create a notification for this product.
    Red Hat Network Observability (NETOBSERV) 1.11.2     cpe:/a:redhat:network_observ_optr:1.11::el9
    Create a notification for this product.
    Red Hat OpenShift API for Data Protection 1.4     cpe:/a:redhat:openshift_api_data_protection:1.4::el9
    Create a notification for this product.
    Red Hat OpenShift API for Data Protection 1.5     cpe:/a:redhat:openshift_api_data_protection:1.5::el9
    Create a notification for this product.
    Red Hat OpenShift Compliance Operator 1     cpe:/a:redhat:openshift_compliance_operator:1::el9
    Create a notification for this product.
    Red Hat Red Hat Advanced Cluster Management for Kubernetes 2.13     cpe:/a:redhat:acm:2.13::el9
    Create a notification for this product.
    Red Hat Red Hat Advanced Cluster Management for Kubernetes 2.14     cpe:/a:redhat:acm:2.14::el9
    Create a notification for this product.
    Red Hat Red Hat Advanced Cluster Management for Kubernetes 2.15     cpe:/a:redhat:acm:2.15::el9
    Create a notification for this product.
    Red Hat Red Hat Advanced Cluster Management for Kubernetes 2.16     cpe:/a:redhat:acm:2.16::el9
    Create a notification for this product.
    Red Hat Red Hat Advanced Cluster Security for Kubernetes 4.10     cpe:/a:redhat:advanced_cluster_security:4.10::el8
    Create a notification for this product.
    Red Hat Red Hat Advanced Cluster Security for Kubernetes 4.8     cpe:/a:redhat:advanced_cluster_security:4.8::el8
    Create a notification for this product.
    Red Hat Red Hat Advanced Cluster Security for Kubernetes 4.9     cpe:/a:redhat:advanced_cluster_security:4.9::el8
    Create a notification for this product.
    Red Hat Red Hat Container Native Virtualization 4.18     cpe:/a:redhat:container_native_virtualization:4.18::el9
    Create a notification for this product.
    Red Hat Red Hat Container Native Virtualization 4.19     cpe:/a:redhat:container_native_virtualization:4.19::el9
    Create a notification for this product.
    Red Hat Red Hat Container Native Virtualization 4.20     cpe:/a:redhat:container_native_virtualization:4.20::el9
    Create a notification for this product.
    Red Hat Red Hat Container Native Virtualization 4.21     cpe:/a:redhat:container_native_virtualization:4.21::el9
    Create a notification for this product.
    Red Hat Red Hat Developer Hub 1.8     cpe:/a:redhat:rhdh:1.8::el9
    Create a notification for this product.
    Red Hat Red Hat Developer Hub 1.9     cpe:/a:redhat:rhdh:1.9::el9
    Create a notification for this product.
    Red Hat Red Hat Lightspeed (formerly Insights) for Runtimes 1     cpe:/a:redhat:lightspeed_for_runtimes:1.0::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift AI 2.25     cpe:/a:redhat:openshift_ai:2.25::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift AI 3.3     cpe:/a:redhat:openshift_ai:3.3::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Builds 1.6.5     cpe:/a:redhat:openshift_builds:1.6::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Builds 1.7.3     cpe:/a:redhat:openshift_builds:1.7::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.12     cpe:/a:redhat:openshift:4.12::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.13     cpe:/a:redhat:openshift:4.13::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.14     cpe:/a:redhat:openshift:4.14::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.15     cpe:/a:redhat:openshift:4.15::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.17     cpe:/a:redhat:openshift:4.17::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.20     cpe:/a:redhat:openshift:4.20::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.21     cpe:/a:redhat:openshift:4.21::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Dev Spaces 3.27     cpe:/a:redhat:openshift_devspaces:3.27::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift GitOps 1.18     cpe:/a:redhat:openshift_gitops:1.18::el8
    Create a notification for this product.
    Red Hat Red Hat OpenShift GitOps 1.19     cpe:/a:redhat:openshift_gitops:1.19::el8
    Create a notification for this product.
    Red Hat Red Hat OpenShift Pipelines 1.21     cpe:/a:redhat:openshift_pipelines:1.21::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Pipelines 1.2     cpe:/a:redhat:openshift_pipelines:1.20::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Service Mesh 2.6     cpe:/a:redhat:service_mesh:2.6::el8
    Create a notification for this product.
    Red Hat Red Hat OpenShift Service Mesh 3.0     cpe:/a:redhat:service_mesh:3.0::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Service Mesh 3.1     cpe:/a:redhat:service_mesh:3.1::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Service Mesh 3.2     cpe:/a:redhat:service_mesh:3.2::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Service Mesh 3.3     cpe:/a:redhat:service_mesh:3.3::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift distributed tracing 3.9.3     cpe:/a:redhat:openshift_distributed_tracing:3.9::el9
    Create a notification for this product.
    Red Hat Red Hat Openshift Data Foundation 4.16     cpe:/a:redhat:openshift_data_foundation:4.16::el9
    Create a notification for this product.
    Red Hat Red Hat Openshift Data Foundation 4.18     cpe:/a:redhat:openshift_data_foundation:4.18::el9
    Create a notification for this product.
    Red Hat Red Hat Openshift Data Foundation 4.19     cpe:/a:redhat:openshift_data_foundation:4.19::el9
    Create a notification for this product.
    Red Hat Red Hat Openshift Data Foundation 4.2     cpe:/a:redhat:openshift_data_foundation:4.20::el9
    Create a notification for this product.
    Red Hat Red Hat Quay 3.10     cpe:/a:redhat:quay:3.10::el8
    Create a notification for this product.
    Red Hat Red Hat Quay 3.12     cpe:/a:redhat:quay:3.12::el8
    Create a notification for this product.
    Red Hat Red Hat Quay 3.14     cpe:/a:redhat:quay:3.14::el8
    Create a notification for this product.
    Red Hat Red Hat Quay 3.15     cpe:/a:redhat:quay:3.15::el8
    Create a notification for this product.
    Red Hat Red Hat Quay 3.16     cpe:/a:redhat:quay:3.16::el9
    Create a notification for this product.
    Red Hat Red Hat Quay 3.17     cpe:/a:redhat:quay:3.17::el9
    Create a notification for this product.
    Red Hat Red Hat Quay 3.9     cpe:/a:redhat:quay:3.9::el8
    Create a notification for this product.
    Red Hat Red Hat Trusted Artifact Signer 1.3     cpe:/a:redhat:trusted_artifact_signer:1.3::el9
    Create a notification for this product.
    Red Hat Red Hat Web Terminal 1.13     cpe:/a:redhat:webterminal:1.13::el9
    Create a notification for this product.
    Red Hat Red Hat Web Terminal 1.14     cpe:/a:redhat:webterminal:1.14::el9
    Create a notification for this product.
    Red Hat Red Hat Web Terminal 1.15     cpe:/a:redhat:webterminal:1.15::el9
    Create a notification for this product.
    Red Hat multicluster engine for Kubernetes 2.10     cpe:/a:redhat:multicluster_engine:2.10::el9
    Create a notification for this product.
    Red Hat multicluster engine for Kubernetes 2.11     cpe:/a:redhat:multicluster_engine:2.11::el9
    Create a notification for this product.
    Red Hat multicluster engine for Kubernetes 2.6     cpe:/a:redhat:multicluster_engine:2.6::el8
    Create a notification for this product.
    Red Hat multicluster engine for Kubernetes 2.8     cpe:/a:redhat:multicluster_engine:2.8::el9
    Create a notification for this product.
    Red Hat multicluster engine for Kubernetes 2.9     cpe:/a:redhat:multicluster_engine:2.9::el9
    Create a notification for this product.
    Red Hat Assisted Installer for Red Hat OpenShift Container Platform 2     cpe:/a:redhat:assisted_installer:2
    Create a notification for this product.
    Red Hat cert-manager Operator for Red Hat OpenShift     cpe:/a:redhat:cert_manager:1
    Create a notification for this product.
    Red Hat Cryostat 4     cpe:/a:redhat:cryostat:4
    Create a notification for this product.
    Red Hat Deployment Validation Operator     cpe:/a:redhat:deployment_validator_operator
    Create a notification for this product.
    Red Hat Dynamic Accelerator Slicer Operator for Red Hat OpenShift     cpe:/a:redhat:dynamic_accelerator_slicer:1
    Create a notification for this product.
    Red Hat ExternalDNS Operator     cpe:/a:redhat:ext_dns_optr:1
    Create a notification for this product.
    Red Hat File Integrity Operator     cpe:/a:redhat:openshift_file_integrity_operator:1
    Create a notification for this product.
    Red Hat Gatekeeper 3     cpe:/a:redhat:gatekeeper:3
    Create a notification for this product.
    Red Hat Job Set Tech Preview     cpe:/a:redhat:job_set:0
    Create a notification for this product.
    Red Hat Kernel Module Management Operator for Red Hat Openshift     cpe:/a:redhat:kernel_module_management:2
    Create a notification for this product.
    Red Hat Kube Descheduler Operator     cpe:/a:redhat:kube_descheduler_operator:4
    Create a notification for this product.
    Red Hat Leader Worker Set     cpe:/a:redhat:leader_worker_set:1
    Create a notification for this product.
    Red Hat Logging Subsystem for Red Hat OpenShift     cpe:/a:redhat:logging:5
    Create a notification for this product.
    Red Hat Logical Volume Manager Storage     cpe:/a:redhat:lvms:4
    Create a notification for this product.
    Red Hat Migration Toolkit for Containers     cpe:/a:redhat:rhmt:1
    Create a notification for this product.
    Red Hat Migration Toolkit for Virtualization     cpe:/a:redhat:migration_toolkit_virtualization:2
    Create a notification for this product.
    Red Hat Multicluster Engine for Kubernetes     cpe:/a:redhat:multicluster_engine
    Create a notification for this product.
    Red Hat Multicluster Global Hub     cpe:/a:redhat:multicluster_globalhub
    Create a notification for this product.
    Red Hat OpenShift API for Data Protection     cpe:/a:redhat:openshift_api_data_protection:1
    Create a notification for this product.
    Red Hat OpenShift Developer Tools and Services     cpe:/a:redhat:ocp_tools
    Create a notification for this product.
    Red Hat OpenShift Lightspeed     cpe:/a:redhat:openshift_lightspeed
    Create a notification for this product.
    Red Hat OpenShift Pipelines     cpe:/a:redhat:openshift_pipelines:1
    Create a notification for this product.
    Red Hat OpenShift Run Once Duration Override Operator     cpe:/a:redhat:run_once_duration_override_operator:1
    Create a notification for this product.
    Red Hat OpenShift Secondary Scheduler Operator     cpe:/a:redhat:openshift_secondary_scheduler:1
    Create a notification for this product.
    Red Hat OpenShift Serverless     cpe:/a:redhat:serverless:1
    Create a notification for this product.
    Red Hat OpenShift Service Mesh 2     cpe:/a:redhat:service_mesh:2
    Create a notification for this product.
    Red Hat Red Hat Advanced Cluster Management for Kubernetes 2     cpe:/a:redhat:acm:2
    Create a notification for this product.
    Red Hat Red Hat AI Inference Server     cpe:/a:redhat:ai_inference_server:3
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2     cpe:/a:redhat:ansible_automation_platform:2
    Create a notification for this product.
    Red Hat Red Hat Build of Podman Desktop     cpe:/a:redhat:podman_desktop:1
    Create a notification for this product.
    Red Hat Red Hat Build of Podman Desktop - Tech Preview     cpe:/a:redhat:podman_desktop:0
    Create a notification for this product.
    Red Hat Red Hat Certification Program for Red Hat Enterprise Linux 9     cpe:/a:redhat:certifications:9
    Create a notification for this product.
    Red Hat Red Hat Connectivity Link 1     cpe:/a:redhat:connectivity_link:1
    Create a notification for this product.
    Red Hat Red Hat Edge Manager 1     cpe:/a:redhat:edge_manager:1
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 10     cpe:/o:redhat:enterprise_linux:10
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 7     cpe:/o:redhat:enterprise_linux:7
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8     cpe:/o:redhat:enterprise_linux:8
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9     cpe:/o:redhat:enterprise_linux:9
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AI (RHEL AI) 3     cpe:/a:redhat:enterprise_linux_ai:3
    Create a notification for this product.
    Red Hat Red Hat OpenShift AI (RHOAI)     cpe:/a:redhat:openshift_ai
    Create a notification for this product.
    Red Hat Red Hat OpenShift Cluster Manager CLI     cpe:/a:redhat:openshift_cluster_manager_cli:1
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4     cpe:/a:redhat:openshift:4
    Create a notification for this product.
    Red Hat Red Hat Openshift Data Foundation 4     cpe:/a:redhat:openshift_data_foundation:4
    Create a notification for this product.
    Red Hat Red Hat OpenShift GitOps     cpe:/a:redhat:openshift_gitops:1
    Create a notification for this product.
    Red Hat Red Hat OpenShift Virtualization 4     cpe:/a:redhat:container_native_virtualization:4
    Create a notification for this product.
    Red Hat Red Hat OpenStack Platform 16.2     cpe:/a:redhat:openstack:16.2
    Create a notification for this product.
    Red Hat Red Hat Quay 3     cpe:/a:redhat:quay:3
    Create a notification for this product.
    Red Hat Red Hat Satellite 6     cpe:/a:redhat:satellite:6
    Create a notification for this product.
    Red Hat Red Hat Trusted Artifact Signer     cpe:/a:redhat:trusted_artifact_signer:1
    Create a notification for this product.
    Red Hat Security Profiles Operator     cpe:/a:redhat:openshift_security_profiles_operator:1
    Create a notification for this product.
    Red Hat Self Node Remediation Operator     cpe:/a:redhat:workload_availability_snr:0
    Create a notification for this product.
    Red Hat Storage-Based Remediation     cpe:/a:redhat:workload_availability_sbr:0
    Create a notification for this product.
    Red Hat Zero Trust Workload Identity Manager - Tech Preview     cpe:/a:redhat:zero_trust_workload_identity_manager:0
    Create a notification for this product.
    Red Hat Builds for Red Hat OpenShift     cpe:/a:redhat:openshift_builds:1
    Create a notification for this product.
    Red Hat Confidential Compute Attestation     cpe:/a:redhat:confidential_compute_attestation:1
    Create a notification for this product.
    Red Hat Custom Metric Autoscaler operator for Red Hat Openshift     cpe:/a:redhat:openshift_custom_metrics_autoscaler:2
    Create a notification for this product.
    Red Hat External Secrets Operator for Red Hat OpenShift     cpe:/a:redhat:external_secrets_operator:1
    Create a notification for this product.
    Red Hat Machine Deletion Remediation Operator     cpe:/a:redhat:workload_availability_mdr:0
    Create a notification for this product.
    Red Hat Migration Toolkit for Applications 8     cpe:/a:redhat:migration_toolkit_applications:8
    Create a notification for this product.
    Red Hat OpenShift Service Mesh 3     cpe:/a:redhat:service_mesh:3
    Create a notification for this product.
    Red Hat Power monitoring for Red Hat OpenShift     cpe:/a:redhat:openshift_power_monitoring
    Create a notification for this product.
    Red Hat Red Hat 3scale API Management Platform 2     cpe:/a:redhat:red_hat_3scale_amp:2
    Create a notification for this product.
    Red Hat Red Hat Build of Kueue     cpe:/a:redhat:kueue_operator:1
    Create a notification for this product.
    Red Hat Red Hat OpenShift Dev Workspaces Operator     cpe:/a:redhat:devworkspace
    Create a notification for this product.
    Red Hat Red Hat OpenShift for Windows Containers     cpe:/a:redhat:windows_machine_config
    Create a notification for this product.
    Red Hat Red Hat OpenStack Platform 18.0     cpe:/a:redhat:openstack:18.0
    Create a notification for this product.
    Red Hat Red Hat Service Interconnect 1     cpe:/a:redhat:service_interconnect:1
    Create a notification for this product.
    Red Hat Red Hat Trusted Profile Analyzer     cpe:/a:redhat:trusted_profile_analyzer:2
    Create a notification for this product.
    Red Hat Service Telemetry Framework 1.5     cpe:/a:redhat:stf:1.5
    Create a notification for this product.
    Red Hat Zero Trust Workload Identity Manager     cpe:/a:redhat:zero_trust_workload_identity_manager:1
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-33186",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-24T18:08:38.989284Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-24T18:09:13.422Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:/a:redhat:openshift:4.16::el8",
                  "cpe:/a:redhat:openshift:4.16::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift Container Platform 4.16",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift:4.18::el8",
                  "cpe:/a:redhat:openshift:4.18::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift Container Platform 4.18",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:satellite:6.16::el8",
                  "cpe:/a:redhat:satellite_capsule:6.16::el8",
                  "cpe:/a:redhat:satellite_maintenance:6.16::el8",
                  "cpe:/a:redhat:satellite_utils:6.16::el8"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Satellite 6.16 for RHEL 8",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:cryostat:4::el9"
                ],
                "defaultStatus": "affected",
                "product": "Cryostat 4 on RHEL 9",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openstack:17.1",
                  "cpe:/a:redhat:openstack:17.1::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenStack Platform 17.1",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift:4.19::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift Container Platform 4.19",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:satellite:6.16::el9",
                  "cpe:/a:redhat:satellite_capsule:6.16::el9",
                  "cpe:/a:redhat:satellite_maintenance:6.16::el9",
                  "cpe:/a:redhat:satellite_utils:6.16::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Satellite 6.16 for RHEL 9",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux_eus:10.0"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:10.2"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream (v. 10)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:enterprise_linux:8::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream (v. 8)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_eus:9.4::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream EUS (v.9.4)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_eus:9.6::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream EUS (v.9.6)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:enterprise_linux:9::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream (v. 9)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_eus:9.6::crb"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat CodeReady Linux Builder EUS (v.9.6)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:enterprise_linux:9::crb"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:devworkspace:0.40::el9"
                ],
                "defaultStatus": "affected",
                "product": "DevWorkspace Operator 0.4",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:logging:6.4::el9"
                ],
                "defaultStatus": "affected",
                "product": "Logging Subsystem for Red Hat OpenShift 6.4",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:multicluster_globalhub:1.3::el9"
                ],
                "defaultStatus": "affected",
                "product": "Multicluster Global Hub 1.3.4",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:multicluster_globalhub:1.4::el9"
                ],
                "defaultStatus": "affected",
                "product": "Multicluster Global Hub 1.4.5",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:multicluster_globalhub:1.5::el9"
                ],
                "defaultStatus": "affected",
                "product": "Multicluster Global Hub 1.5.4",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:multicluster_globalhub:1.6::el9"
                ],
                "defaultStatus": "affected",
                "product": "Multicluster Global Hub 1.6.2",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:network_observ_optr:1.11::el9"
                ],
                "defaultStatus": "affected",
                "product": "Network Observability (NETOBSERV) 1.11.2",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift_api_data_protection:1.4::el9"
                ],
                "defaultStatus": "affected",
                "product": "OpenShift API for Data Protection 1.4",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift_api_data_protection:1.5::el9"
                ],
                "defaultStatus": "affected",
                "product": "OpenShift API for Data Protection 1.5",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift_compliance_operator:1::el9"
                ],
                "defaultStatus": "affected",
                "product": "OpenShift Compliance Operator 1",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:acm:2.13::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Advanced Cluster Management for Kubernetes 2.13",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:acm:2.14::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Advanced Cluster Management for Kubernetes 2.14",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:acm:2.15::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Advanced Cluster Management for Kubernetes 2.15",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:acm:2.16::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Advanced Cluster Management for Kubernetes 2.16",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:advanced_cluster_security:4.10::el8"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Advanced Cluster Security for Kubernetes 4.10",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:advanced_cluster_security:4.8::el8"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Advanced Cluster Security for Kubernetes 4.8",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:advanced_cluster_security:4.9::el8"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Advanced Cluster Security for Kubernetes 4.9",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:container_native_virtualization:4.18::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Container Native Virtualization 4.18",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:container_native_virtualization:4.19::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Container Native Virtualization 4.19",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:container_native_virtualization:4.20::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Container Native Virtualization 4.20",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:container_native_virtualization:4.21::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Container Native Virtualization 4.21",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhdh:1.8::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Developer Hub 1.8",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhdh:1.9::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Developer Hub 1.9",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:lightspeed_for_runtimes:1.0::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Lightspeed (formerly Insights) for Runtimes 1",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift_ai:2.25::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift AI 2.25",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift_ai:3.3::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift AI 3.3",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift_builds:1.6::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift Builds 1.6.5",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift_builds:1.7::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift Builds 1.7.3",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift:4.12::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift Container Platform 4.12",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift:4.13::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift Container Platform 4.13",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift:4.14::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift Container Platform 4.14",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift:4.15::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift Container Platform 4.15",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift:4.17::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift Container Platform 4.17",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift:4.20::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift Container Platform 4.20",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift:4.21::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift Container Platform 4.21",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift_devspaces:3.27::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift Dev Spaces 3.27",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift_gitops:1.18::el8"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift GitOps 1.18",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift_gitops:1.19::el8"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift GitOps 1.19",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift_pipelines:1.21::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift Pipelines 1.21",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift_pipelines:1.20::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift Pipelines 1.2",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:service_mesh:2.6::el8"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift Service Mesh 2.6",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:service_mesh:3.0::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift Service Mesh 3.0",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:service_mesh:3.1::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift Service Mesh 3.1",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:service_mesh:3.2::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift Service Mesh 3.2",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:service_mesh:3.3::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift Service Mesh 3.3",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift_distributed_tracing:3.9::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift distributed tracing 3.9.3",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift_data_foundation:4.16::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Openshift Data Foundation 4.16",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift_data_foundation:4.18::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Openshift Data Foundation 4.18",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift_data_foundation:4.19::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Openshift Data Foundation 4.19",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift_data_foundation:4.20::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Openshift Data Foundation 4.2",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:quay:3.10::el8"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Quay 3.10",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:quay:3.12::el8"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Quay 3.12",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:quay:3.14::el8"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Quay 3.14",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:quay:3.15::el8"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Quay 3.15",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:quay:3.16::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Quay 3.16",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:quay:3.17::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Quay 3.17",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:quay:3.9::el8"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Quay 3.9",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:trusted_artifact_signer:1.3::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Trusted Artifact Signer 1.3",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:webterminal:1.13::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Web Terminal 1.13",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:webterminal:1.14::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Web Terminal 1.14",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:webterminal:1.15::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Web Terminal 1.15",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:multicluster_engine:2.10::el9"
                ],
                "defaultStatus": "affected",
                "product": "multicluster engine for Kubernetes 2.10",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:multicluster_engine:2.11::el9"
                ],
                "defaultStatus": "affected",
                "product": "multicluster engine for Kubernetes 2.11",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:multicluster_engine:2.6::el8"
                ],
                "defaultStatus": "affected",
                "product": "multicluster engine for Kubernetes 2.6",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:multicluster_engine:2.8::el9"
                ],
                "defaultStatus": "affected",
                "product": "multicluster engine for Kubernetes 2.8",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:multicluster_engine:2.9::el9"
                ],
                "defaultStatus": "affected",
                "product": "multicluster engine for Kubernetes 2.9",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:assisted_installer:2"
                ],
                "defaultStatus": "affected",
                "product": "Assisted Installer for Red Hat OpenShift Container Platform 2",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:cert_manager:1"
                ],
                "defaultStatus": "affected",
                "product": "cert-manager Operator for Red Hat OpenShift",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:cryostat:4"
                ],
                "defaultStatus": "affected",
                "product": "Cryostat 4",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:deployment_validator_operator"
                ],
                "defaultStatus": "affected",
                "product": "Deployment Validation Operator",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:dynamic_accelerator_slicer:1"
                ],
                "defaultStatus": "affected",
                "product": "Dynamic Accelerator Slicer Operator for Red Hat OpenShift",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:ext_dns_optr:1"
                ],
                "defaultStatus": "affected",
                "product": "ExternalDNS Operator",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift_file_integrity_operator:1"
                ],
                "defaultStatus": "affected",
                "product": "File Integrity Operator",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:gatekeeper:3"
                ],
                "defaultStatus": "affected",
                "product": "Gatekeeper 3",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:job_set:0"
                ],
                "defaultStatus": "affected",
                "product": "Job Set Tech Preview",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:kernel_module_management:2"
                ],
                "defaultStatus": "affected",
                "product": "Kernel Module Management Operator for Red Hat Openshift",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:kube_descheduler_operator:4"
                ],
                "defaultStatus": "affected",
                "product": "Kube Descheduler Operator",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:leader_worker_set:1"
                ],
                "defaultStatus": "affected",
                "product": "Leader Worker Set",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:logging:5"
                ],
                "defaultStatus": "affected",
                "product": "Logging Subsystem for Red Hat OpenShift",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:lvms:4"
                ],
                "defaultStatus": "affected",
                "product": "Logical Volume Manager Storage",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhmt:1"
                ],
                "defaultStatus": "affected",
                "product": "Migration Toolkit for Containers",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:migration_toolkit_virtualization:2"
                ],
                "defaultStatus": "affected",
                "product": "Migration Toolkit for Virtualization",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:multicluster_engine"
                ],
                "defaultStatus": "affected",
                "product": "Multicluster Engine for Kubernetes",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:multicluster_globalhub"
                ],
                "defaultStatus": "affected",
                "product": "Multicluster Global Hub",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift_api_data_protection:1"
                ],
                "defaultStatus": "affected",
                "product": "OpenShift API for Data Protection",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:ocp_tools"
                ],
                "defaultStatus": "affected",
                "product": "OpenShift Developer Tools and Services",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift_lightspeed"
                ],
                "defaultStatus": "affected",
                "product": "OpenShift Lightspeed",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift_pipelines:1"
                ],
                "defaultStatus": "affected",
                "product": "OpenShift Pipelines",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:run_once_duration_override_operator:1"
                ],
                "defaultStatus": "affected",
                "product": "OpenShift Run Once Duration Override Operator",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift_secondary_scheduler:1"
                ],
                "defaultStatus": "affected",
                "product": "OpenShift Secondary Scheduler Operator",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:serverless:1"
                ],
                "defaultStatus": "affected",
                "product": "OpenShift Serverless",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:service_mesh:2"
                ],
                "defaultStatus": "affected",
                "product": "OpenShift Service Mesh 2",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:acm:2"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Advanced Cluster Management for Kubernetes 2",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:ai_inference_server:3"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat AI Inference Server",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:ansible_automation_platform:2"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Ansible Automation Platform 2",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:podman_desktop:1"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Build of Podman Desktop",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:podman_desktop:0"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Build of Podman Desktop - Tech Preview",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:certifications:9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Certification Program for Red Hat Enterprise Linux 9",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:connectivity_link:1"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Connectivity Link 1",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:edge_manager:1"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Edge Manager 1",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:10"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux 10",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:7"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux 7",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:8"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux 8",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux 9",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:enterprise_linux_ai:3"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AI (RHEL AI) 3",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift_ai"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift AI (RHOAI)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift_cluster_manager_cli:1"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift Cluster Manager CLI",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift:4"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift Container Platform 4",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift_data_foundation:4"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Openshift Data Foundation 4",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift_gitops:1"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift GitOps",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:container_native_virtualization:4"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift Virtualization 4",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openstack:16.2"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenStack Platform 16.2",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:quay:3"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Quay 3",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:satellite:6"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Satellite 6",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:trusted_artifact_signer:1"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Trusted Artifact Signer",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift_security_profiles_operator:1"
                ],
                "defaultStatus": "affected",
                "product": "Security Profiles Operator",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:workload_availability_snr:0"
                ],
                "defaultStatus": "affected",
                "product": "Self Node Remediation Operator",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:workload_availability_sbr:0"
                ],
                "defaultStatus": "affected",
                "product": "Storage-Based Remediation",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:zero_trust_workload_identity_manager:0"
                ],
                "defaultStatus": "affected",
                "product": "Zero Trust Workload Identity Manager - Tech Preview",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift_builds:1"
                ],
                "defaultStatus": "unaffected",
                "product": "Builds for Red Hat OpenShift",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:confidential_compute_attestation:1"
                ],
                "defaultStatus": "unaffected",
                "product": "Confidential Compute Attestation",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift_custom_metrics_autoscaler:2"
                ],
                "defaultStatus": "unaffected",
                "product": "Custom Metric Autoscaler operator for Red Hat Openshift",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:external_secrets_operator:1"
                ],
                "defaultStatus": "unaffected",
                "product": "External Secrets Operator for Red Hat OpenShift",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:workload_availability_mdr:0"
                ],
                "defaultStatus": "unaffected",
                "product": "Machine Deletion Remediation Operator",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:migration_toolkit_applications:8"
                ],
                "defaultStatus": "unaffected",
                "product": "Migration Toolkit for Applications 8",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:service_mesh:3"
                ],
                "defaultStatus": "unaffected",
                "product": "OpenShift Service Mesh 3",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift_power_monitoring"
                ],
                "defaultStatus": "unaffected",
                "product": "Power monitoring for Red Hat OpenShift",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:red_hat_3scale_amp:2"
                ],
                "defaultStatus": "unaffected",
                "product": "Red Hat 3scale API Management Platform 2",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:kueue_operator:1"
                ],
                "defaultStatus": "unaffected",
                "product": "Red Hat Build of Kueue",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:devworkspace"
                ],
                "defaultStatus": "unaffected",
                "product": "Red Hat OpenShift Dev Workspaces Operator",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:windows_machine_config"
                ],
                "defaultStatus": "unaffected",
                "product": "Red Hat OpenShift for Windows Containers",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openstack:18.0"
                ],
                "defaultStatus": "unaffected",
                "product": "Red Hat OpenStack Platform 18.0",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:service_interconnect:1"
                ],
                "defaultStatus": "unaffected",
                "product": "Red Hat Service Interconnect 1",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:trusted_profile_analyzer:2"
                ],
                "defaultStatus": "unaffected",
                "product": "Red Hat Trusted Profile Analyzer",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:stf:1.5"
                ],
                "defaultStatus": "unaffected",
                "product": "Service Telemetry Framework 1.5",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:zero_trust_workload_identity_manager:1"
                ],
                "defaultStatus": "unaffected",
                "product": "Zero Trust Workload Identity Manager",
                "vendor": "Red Hat"
              }
            ],
            "datePublic": "2026-03-20T22:23:32.147Z",
            "descriptions": [
              {
                "lang": "en",
                "value": "A flaw was found in gRPC-Go, the Go language implementation of gRPC. This vulnerability, an authorization bypass, is caused by improper input validation of the HTTP/2 `:path` pseudo-header. A remote attacker can exploit this by sending raw HTTP/2 frames with a malformed `:path` that omits the mandatory leading slash. This allows the attacker to bypass defined security policies, potentially leading to unauthorized access to services or information disclosure."
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "namespace": "https://access.redhat.com/security/updates/classification/",
                    "value": "Important"
                  },
                  "type": "Red Hat severity rating"
                }
              },
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 9.1,
                  "baseSeverity": "CRITICAL",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
                  "version": "3.1"
                },
                "format": "CVSS"
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-551",
                    "description": "Incorrect Behavior Order: Authorization Before Parsing and Canonicalization",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-02T12:04:40.957Z",
              "orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
              "shortName": "redhat-SADP"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2026-33186"
              },
              {
                "name": "RHBZ#2449833",
                "tags": [
                  "issue-tracking",
                  "x_refsource_REDHAT"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2449833"
              },
              {
                "tags": [
                  "x_sadp-csaf-vex"
                ],
                "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-33186.json"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:29079"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:26997"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:27076"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:17789"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:28047"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:20436"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:18068"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:20322"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:26999"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:19719"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:27856"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:22937"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:19135"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:22450"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:10107"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:19721"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:19720"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:27712"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:10705"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:10706"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:23228"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:19353"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:22714"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:19207"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:9872"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:34364"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:22423"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:22347"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:21769"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:23345"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:6428"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:29854"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:26568"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:8433"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:22645"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:25127"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:13548"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:8151"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:11408"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:11803"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:13829"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:7110"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:11070"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:7128"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:13791"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:27893"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:27901"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:27957"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:27892"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:6174"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:6802"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:22485"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:24977"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:10698"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:19712"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:10155"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:10158"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:21696"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:21697"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:12283"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:21691"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:21692"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:28893"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:25009"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:15092"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:23234"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:28964"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:23235"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:14775"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:25045"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:29082"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:20088"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:20089"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:10105"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:17598"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:17599"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:21657"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:25182"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:21658"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:27001"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:17448"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:25183"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:12119"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:12118"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:8449"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:23246"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:20041"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:20042"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:27004"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:23247"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:25201"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:10093"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:10094"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:21703"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:27063"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:17468"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:24535"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:21704"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:25195"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:25194"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:6564"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:24759"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:17474"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:21709"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:24506"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:20034"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:20035"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:25187"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:7245"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:23241"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:17475"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:21710"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:22800"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:10175"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:20946"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:20943"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:26519"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:24484"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:21932"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:21931"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:8483"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:9440"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:8484"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:9448"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:8490"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:9453"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:8491"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:8493"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:9388"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:9385"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:26416"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:26420"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:26413"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:12279"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:26412"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:12277"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:11916"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:11856"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:21017"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:24853"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:19375"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:22465"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:11996"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:10131"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:10125"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:10130"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:10126"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:10172"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:10153"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:8338"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:22959"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:22961"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:24536"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:19099"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:12116"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:12337"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:19108"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:17459"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:17123"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:22689"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:18585"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:19109"
              }
            ],
            "solutions": [
              {
                "lang": "en",
                "value": "RHSA-2026:29079: Red Hat OpenShift Container Platform 4.16"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:26997: Red Hat OpenShift Container Platform 4.18"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:27076: Red Hat Satellite 6.16 for RHEL 8, Red Hat Satellite 6.16 for RHEL 9"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:17789: Cryostat 4 on RHEL 9"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:28047: Red Hat OpenStack Platform 17.1"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:20436: Red Hat OpenShift Container Platform 4.16"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:18068: Red Hat OpenShift Container Platform 4.18"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:20322: Red Hat OpenShift Container Platform 4.19"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:26999: Red Hat OpenShift Container Platform 4.19"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:19719: Red Hat Enterprise Linux AppStream EUS (v. 10.0)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:27856: Red Hat Enterprise Linux AppStream EUS (v. 10.0)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:22937: Red Hat Enterprise Linux AppStream (v. 10)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:19135: Red Hat Enterprise Linux AppStream (v. 10)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:22450: Red Hat Enterprise Linux AppStream (v. 10)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:10107: Red Hat Enterprise Linux AppStream (v. 8)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:19721: Red Hat Enterprise Linux AppStream EUS (v.9.4)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:19720: Red Hat Enterprise Linux AppStream EUS (v.9.6)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:27712: Red Hat Enterprise Linux AppStream EUS (v.9.6)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:10705: Red Hat CodeReady Linux Builder EUS (v.9.6), Red Hat Enterprise Linux AppStream EUS (v.9.6)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:10706: Red Hat Enterprise Linux AppStream (v. 9), Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:23228: Red Hat Enterprise Linux AppStream (v. 9)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:19353: Red Hat Enterprise Linux AppStream (v. 9)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:22714: Red Hat Enterprise Linux AppStream (v. 9)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:19207: Red Hat Enterprise Linux AppStream (v. 9), Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:9872: DevWorkspace Operator 0.4"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:34364: Logging Subsystem for Red Hat OpenShift 6.4"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:22423: Multicluster Global Hub 1.3.4"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:22347: Multicluster Global Hub 1.4.5"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:21769: Multicluster Global Hub 1.5.4"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:23345: Multicluster Global Hub 1.6.2"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:6428: Network Observability (NETOBSERV) 1.11.2"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:29854: OpenShift API for Data Protection 1.4"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:26568: OpenShift API for Data Protection 1.5"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:8433: OpenShift Compliance Operator 1"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:22645: Red Hat Advanced Cluster Management for Kubernetes 2.13"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:25127: Red Hat Advanced Cluster Management for Kubernetes 2.14"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:13548: Red Hat Advanced Cluster Management for Kubernetes 2.15"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:8151: Red Hat Advanced Cluster Management for Kubernetes 2.15"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:11408: Red Hat Advanced Cluster Management for Kubernetes 2.15"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:11803: Red Hat Advanced Cluster Management for Kubernetes 2.16"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:13829: Red Hat Advanced Cluster Security for Kubernetes 4.10"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:7110: Red Hat Advanced Cluster Security for Kubernetes 4.8"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:11070: Red Hat Advanced Cluster Security for Kubernetes 4.8"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:7128: Red Hat Advanced Cluster Security for Kubernetes 4.9"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:13791: Red Hat Advanced Cluster Security for Kubernetes 4.9"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:27893: Red Hat Container Native Virtualization 4.18"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:27901: Red Hat Container Native Virtualization 4.19"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:27957: Red Hat Container Native Virtualization 4.20"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:27892: Red Hat Container Native Virtualization 4.21"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:6174: Red Hat Developer Hub 1.8"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:6802: Red Hat Developer Hub 1.9"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:22485: Red Hat Lightspeed (formerly Insights) for Runtimes 1"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:24977: Red Hat OpenShift AI 2.25"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:10698: Red Hat OpenShift AI 2.25"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:19712: Red Hat OpenShift AI 3.3"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:10155: Red Hat OpenShift Builds 1.6.5"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:10158: Red Hat OpenShift Builds 1.7.3"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:21696: Red Hat OpenShift Container Platform 4.12"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:21697: Red Hat OpenShift Container Platform 4.12"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:12283: Red Hat OpenShift Container Platform 4.12"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:21691: Red Hat OpenShift Container Platform 4.13"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:21692: Red Hat OpenShift Container Platform 4.13"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:28893: Red Hat OpenShift Container Platform 4.14"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:25009: Red Hat OpenShift Container Platform 4.14"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:15092: Red Hat OpenShift Container Platform 4.14"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:23234: Red Hat OpenShift Container Platform 4.15"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:28964: Red Hat OpenShift Container Platform 4.15"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:23235: Red Hat OpenShift Container Platform 4.15"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:14775: Red Hat OpenShift Container Platform 4.15"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:25045: Red Hat OpenShift Container Platform 4.16"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:29082: Red Hat OpenShift Container Platform 4.16"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:20088: Red Hat OpenShift Container Platform 4.16"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:20089: Red Hat OpenShift Container Platform 4.16"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:10105: Red Hat OpenShift Container Platform 4.16"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:17598: Red Hat OpenShift Container Platform 4.17"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:17599: Red Hat OpenShift Container Platform 4.17"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:21657: Red Hat OpenShift Container Platform 4.18"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:25182: Red Hat OpenShift Container Platform 4.18"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:21658: Red Hat OpenShift Container Platform 4.18"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:27001: Red Hat OpenShift Container Platform 4.18"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:17448: Red Hat OpenShift Container Platform 4.18"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:25183: Red Hat OpenShift Container Platform 4.18"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:12119: Red Hat OpenShift Container Platform 4.18"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:12118: Red Hat OpenShift Container Platform 4.18"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:8449: Red Hat OpenShift Container Platform 4.18"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:23246: Red Hat OpenShift Container Platform 4.19"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:20041: Red Hat OpenShift Container Platform 4.19"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:20042: Red Hat OpenShift Container Platform 4.19"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:27004: Red Hat OpenShift Container Platform 4.19"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:23247: Red Hat OpenShift Container Platform 4.19"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:25201: Red Hat OpenShift Container Platform 4.19"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:10093: Red Hat OpenShift Container Platform 4.19"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:10094: Red Hat OpenShift Container Platform 4.19"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:21703: Red Hat OpenShift Container Platform 4.20"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:27063: Red Hat OpenShift Container Platform 4.20"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:17468: Red Hat OpenShift Container Platform 4.20"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:24535: Red Hat OpenShift Container Platform 4.20"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:21704: Red Hat OpenShift Container Platform 4.20"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:25195: Red Hat OpenShift Container Platform 4.20"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:25194: Red Hat OpenShift Container Platform 4.20"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:6564: Red Hat OpenShift Container Platform 4.20"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:24759: Red Hat OpenShift Container Platform 4.20"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:17474: Red Hat OpenShift Container Platform 4.21"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:21709: Red Hat OpenShift Container Platform 4.21"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:24506: Red Hat OpenShift Container Platform 4.21"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:20034: Red Hat OpenShift Container Platform 4.21"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:20035: Red Hat OpenShift Container Platform 4.21"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:25187: Red Hat OpenShift Container Platform 4.21"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:7245: Red Hat OpenShift Container Platform 4.21"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:23241: Red Hat OpenShift Container Platform 4.21"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:17475: Red Hat OpenShift Container Platform 4.21"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:21710: Red Hat OpenShift Container Platform 4.21"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:22800: Red Hat OpenShift Container Platform 4.21"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:10175: Red Hat OpenShift Dev Spaces 3.27"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:20946: Red Hat OpenShift GitOps 1.18"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:20943: Red Hat OpenShift GitOps 1.19"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:26519: Red Hat OpenShift Pipelines 1.21"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:24484: Red Hat OpenShift Pipelines 1.21"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:21932: Red Hat OpenShift Pipelines 1.2"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:21931: Red Hat OpenShift Pipelines 1.2"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:8483: Red Hat OpenShift Service Mesh 2.6"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:9440: Red Hat OpenShift Service Mesh 3.0"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:8484: Red Hat OpenShift Service Mesh 3.0"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:9448: Red Hat OpenShift Service Mesh 3.1"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:8490: Red Hat OpenShift Service Mesh 3.1"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:9453: Red Hat OpenShift Service Mesh 3.2"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:8491: Red Hat OpenShift Service Mesh 3.2"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:8493: Red Hat OpenShift Service Mesh 3.3"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:9388: Red Hat OpenShift distributed tracing 3.9.3"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:9385: Red Hat OpenShift distributed tracing 3.9.3"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:26416: Red Hat Openshift Data Foundation 4.16"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:26420: Red Hat Openshift Data Foundation 4.18"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:26413: Red Hat Openshift Data Foundation 4.19"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:12279: Red Hat Openshift Data Foundation 4.19"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:26412: Red Hat Openshift Data Foundation 4.2"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:12277: Red Hat Openshift Data Foundation 4.2"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:11916: Red Hat Quay 3.10"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:11856: Red Hat Quay 3.12"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:21017: Red Hat Quay 3.14"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:24853: Red Hat Quay 3.15"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:19375: Red Hat Quay 3.16"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:22465: Red Hat Quay 3.17"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:11996: Red Hat Quay 3.9"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:10131: Red Hat Trusted Artifact Signer 1.3"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:10125: Red Hat Trusted Artifact Signer 1.3"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:10130: Red Hat Trusted Artifact Signer 1.3"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:10126: Red Hat Trusted Artifact Signer 1.3"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:10172: Red Hat Trusted Artifact Signer 1.3"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:10153: Red Hat Trusted Artifact Signer 1.3"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:8338: Red Hat Web Terminal 1.13"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:22959: Red Hat Web Terminal 1.14"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:22961: Red Hat Web Terminal 1.15"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:24536: multicluster engine for Kubernetes 2.10"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:19099: multicluster engine for Kubernetes 2.10"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:12116: multicluster engine for Kubernetes 2.10"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:12337: multicluster engine for Kubernetes 2.11"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:19108: multicluster engine for Kubernetes 2.11"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:17459: multicluster engine for Kubernetes 2.6"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:17123: multicluster engine for Kubernetes 2.8"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:22689: multicluster engine for Kubernetes 2.8"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:18585: multicluster engine for Kubernetes 2.9"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:19109: multicluster engine for Kubernetes 2.9"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2026-03-20T23:02:27.802Z",
                "value": "Reported to Red Hat."
              },
              {
                "lang": "en",
                "time": "2026-03-20T22:23:32.147Z",
                "value": "Made public."
              }
            ],
            "title": "google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation",
            "workarounds": [
              {
                "lang": "en",
                "value": "To mitigate this issue, implement infrastructure-level normalization to ensure all incoming HTTP/2 `:path` headers are properly formatted with a leading slash before reaching the gRPC-Go server. This can be achieved by configuring a reverse proxy or API gateway to validate and normalize the `:path` header. Ensure that any such intermediary is properly configured and restarted to apply the changes, which may temporarily impact service availability."
              }
            ],
            "x_adpType": "supplier",
            "x_generator": {
              "engine": "sadp-cli 1.0.0"
            }
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "grpc-go",
              "vendor": "grpc",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 1.79.3"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "gRPC-Go is the Go language implementation of gRPC. Versions prior to 1.79.3 have an authorization bypass resulting from improper input validation of the HTTP/2 `:path` pseudo-header. The gRPC-Go server was too lenient in its routing logic, accepting requests where the `:path` omitted the mandatory leading slash (e.g., `Service/Method` instead of `/Service/Method`). While the server successfully routed these requests to the correct handler, authorization interceptors (including the official `grpc/authz` package) evaluated the raw, non-canonical path string. Consequently, \"deny\" rules defined using canonical paths (starting with `/`) failed to match the incoming request, allowing it to bypass the policy if a fallback \"allow\" rule was present. This affects gRPC-Go servers that use path-based authorization interceptors, such as the official RBAC implementation in `google.golang.org/grpc/authz` or custom interceptors relying on `info.FullMethod` or `grpc.Method(ctx)`; AND that have a security policy contains specific \"deny\" rules for canonical paths but allows other requests by default (a fallback \"allow\" rule). The vulnerability is exploitable by an attacker who can send raw HTTP/2 frames with malformed `:path` headers directly to the gRPC server. The fix in version 1.79.3 ensures that any request with a `:path` that does not start with a leading slash is immediately rejected with a `codes.Unimplemented` error, preventing it from reaching authorization interceptors or handlers with a non-canonical path string. While upgrading is the most secure and recommended path, users can mitigate the vulnerability using one of the following methods: Use a validating interceptor (recommended mitigation); infrastructure-level normalization; and/or policy hardening."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 9.1,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-285",
                  "description": "CWE-285: Improper Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-20T22:23:32.147Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/grpc/grpc-go/security/advisories/GHSA-p77j-4mvh-x3m3",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/grpc/grpc-go/security/advisories/GHSA-p77j-4mvh-x3m3"
            }
          ],
          "source": {
            "advisory": "GHSA-p77j-4mvh-x3m3",
            "discovery": "UNKNOWN"
          },
          "title": "gRPC-Go has an authorization bypass via missing leading slash in :path"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-33186",
        "datePublished": "2026-03-20T22:23:32.147Z",
        "dateReserved": "2026-03-17T22:16:36.720Z",
        "dateUpdated": "2026-07-02T12:04:40.957Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-11407 (GCVE-0-2024-11407)

    Vulnerability from cvelistv5 – Published: 2024-11-26 16:59 – Updated: 2024-11-26 21:04
    VLAI
    Title
    Denial of Service through Data corruption in gRPC-C++
    Summary
    There exists a denial of service through Data corruption in gRPC-C++ - gRPC-C++ servers with transmit zero copy enabled through the channel arg GRPC_ARG_TCP_TX_ZEROCOPY_ENABLED can experience data corruption issues. The data sent by the application may be corrupted before transmission over the network thus leading the receiver to receive an incorrect set of bytes causing RPC requests to fail. We recommend upgrading past commit e9046b2bbebc0cb7f5dc42008f807f6c7e98e791
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    grpc gRPC-C++ Affected: 1.60.0 , ≤ 1.66.1 (semver)
    Create a notification for this product.
    Date Public
    2024-09-11 22:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-11407",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-26T21:04:48.999010Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-26T21:04:58.031Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://github.com/grpc/grpc",
              "defaultStatus": "unaffected",
              "packageName": "grpc",
              "product": "gRPC-C++",
              "programFiles": [
                "src/core/lib/event_engine/posix_engine/posix_endpoint.cc"
              ],
              "repo": "https://github.com/grpc/grpc",
              "vendor": "grpc",
              "versions": [
                {
                  "lessThanOrEqual": "1.66.1",
                  "status": "affected",
                  "version": "1.60.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "datePublic": "2024-09-11T22:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "There exists a denial of service through Data corruption in gRPC-C++ -\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003egRPC-C++ servers with transmit zero copy enabled through the channel arg GRPC_ARG_TCP_TX_ZEROCOPY_ENABLED can experience data corruption issues. The data sent by the application may be corrupted before transmission over the network thus leading the receiver to receive an incorrect set of bytes causing RPC requests to fail. We recommend upgrading past commit\u0026nbsp;e9046b2bbebc0cb7f5dc42008f807f6c7e98e791\u003c/span\u003e\u003cbr\u003e"
                }
              ],
              "value": "There exists a denial of service through Data corruption in gRPC-C++ -\u00a0gRPC-C++ servers with transmit zero copy enabled through the channel arg GRPC_ARG_TCP_TX_ZEROCOPY_ENABLED can experience data corruption issues. The data sent by the application may be corrupted before transmission over the network thus leading the receiver to receive an incorrect set of bytes causing RPC requests to fail. We recommend upgrading past commit\u00a0e9046b2bbebc0cb7f5dc42008f807f6c7e98e791"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-263",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-263 Force Use of Corrupted Files"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NO",
                "Recovery": "AUTOMATIC",
                "Safety": "NEGLIGIBLE",
                "attackComplexity": "HIGH",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 6.9,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "LOW",
                "providerUrgency": "GREEN",
                "subAvailabilityImpact": "HIGH",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "PASSIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/S:N/AU:N/R:A/RE:L/U:Green",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "LOW"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-682",
                  "description": "CWE-682 Incorrect Calculation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-11-26T16:59:49.718Z",
            "orgId": "14ed7db2-1595-443d-9d34-6215bf890778",
            "shortName": "Google"
          },
          "references": [
            {
              "url": "https://github.com/grpc/grpc/commit/e9046b2bbebc0cb7f5dc42008f807f6c7e98e791"
            }
          ],
          "source": {
            "discovery": "INTERNAL"
          },
          "title": "Denial of Service through Data corruption in gRPC-C++",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778",
        "assignerShortName": "Google",
        "cveId": "CVE-2024-11407",
        "datePublished": "2024-11-26T16:59:49.718Z",
        "dateReserved": "2024-11-19T12:52:20.982Z",
        "dateUpdated": "2024-11-26T21:04:58.031Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-7246 (GCVE-0-2024-7246)

    Vulnerability from cvelistv5 – Published: 2024-08-06 10:14 – Updated: 2024-08-06 13:17
    VLAI
    Title
    HPACK table poisoning in gRPC C++, Python & Ruby
    Summary
    It's possible for a gRPC client communicating with a HTTP/2 proxy to poison the HPACK table between the proxy and the backend such that other clients see failed requests. It's also possible to use this vulnerability to leak other clients HTTP header keys, but not values. This occurs because the error status for a misencoded header is not cleared between header reads, resulting in subsequent (incrementally indexed) added headers in the first request being poisoned until cleared from the HPACK table. Please update to a fixed version of gRPC as soon as possible. This bug has been fixed in 1.58.3, 1.59.5, 1.60.2, 1.61.3, 1.62.3, 1.63.2, 1.64.3, 1.65.4.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-440 - Expected Behavior Violation
    Assigner
    References
    Impacted products
    Vendor Product Version
    Google gRPC Affected: 1.53.0 (custom)
    Affected: 1.53.1 (custom)
    Affected: 1.53.2 (custom)
    Affected: 1.54.0 (custom)
    Affected: 1.54.1 (custom)
    Affected: 1.54.3 (custom)
    Affected: 1.55.0 (custom)
    Affected: 1.55.1 (custom)
    Affected: 1.55.3 (custom)
    Affected: 1.55.4 (custom)
    Affected: 1.56.0 (custom)
    Affected: 1.56.1 (custom)
    Affected: 1.56.2 (custom)
    Affected: 1.56.3 (custom)
    Affected: 1.56.4 (custom)
    Affected: 1.57.0 (custom)
    Affected: 1.57.1 (custom)
    Affected: 1.58.0 (custom)
    Affected: 1.58.1 (custom)
    Affected: 1.58.2 (custom)
    Affected: 1.59.0 (custom)
    Affected: 1.59.1 (custom)
    Affected: 1.59.2 (custom)
    Affected: 1.59.3 (custom)
    Affected: 1.59.4 (custom)
    Affected: 1.60.0 (custom)
    Affected: 1.60.1 (custom)
    Affected: 1.61.0 (custom)
    Affected: 1.61.1 (custom)
    Affected: 1.62.0 (custom)
    Affected: 1.61.2 (custom)
    Affected: 1.62.1 (custom)
    Affected: 1.62.2 (custom)
    Affected: 1.63.0 (custom)
    Affected: 1.63.1 (custom)
    Affected: 1.64.0 (custom)
    Affected: 1.64.1 (custom)
    Affected: 1.64.2 (custom)
    Affected: 1.65.0 (custom)
    Affected: 1.65.1 (custom)
    Affected: 1.65.2 (custom)
    Affected: 1.65.3 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-7246",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-06T13:17:43.627852Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-06T13:17:59.082Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "gRPC",
              "repo": "https://github.com/grpc",
              "vendor": "Google",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.53.0",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "1.53.1",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "1.53.2",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "1.54.0",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "1.54.1",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "1.54.3",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "1.55.0",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "1.55.1",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "1.55.3",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "1.55.4",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "1.56.0",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "1.56.1",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "1.56.2",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "1.56.3",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "1.56.4",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "1.57.0",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "1.57.1",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "1.58.0",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "1.58.1",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "1.58.2",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "1.59.0",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "1.59.1",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "1.59.2",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "1.59.3",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "1.59.4",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "1.60.0",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "1.60.1",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "1.61.0",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "1.61.1",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "1.62.0",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "1.61.2",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "1.62.1",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "1.62.2",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "1.63.0",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "1.63.1",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "1.64.0",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "1.64.1",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "1.64.2",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "1.65.0",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "1.65.1",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "1.65.2",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "1.65.3",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eIt\u0027s possible for a gRPC client communicating with a HTTP/2 proxy to poison the HPACK table between the proxy and the backend such that other clients see failed requests. It\u0027s also possible to use this vulnerability to leak other clients HTTP header keys, but not values.\u003c/p\u003e\u003cp\u003eThis occurs because the error status for a misencoded header is not cleared between header reads, resulting in subsequent (incrementally indexed) added headers in the first request being poisoned until cleared from the HPACK table.\u003c/p\u003ePlease update to a fixed version of gRPC as soon as possible. This bug has been fixed in 1.58.3, 1.59.5, 1.60.2, 1.61.3, 1.62.3, 1.63.2, 1.64.3, 1.65.4.\u003cbr\u003e"
                }
              ],
              "value": "It\u0027s possible for a gRPC client communicating with a HTTP/2 proxy to poison the HPACK table between the proxy and the backend such that other clients see failed requests. It\u0027s also possible to use this vulnerability to leak other clients HTTP header keys, but not values.\n\nThis occurs because the error status for a misencoded header is not cleared between header reads, resulting in subsequent (incrementally indexed) added headers in the first request being poisoned until cleared from the HPACK table.\n\nPlease update to a fixed version of gRPC as soon as possible. This bug has been fixed in 1.58.3, 1.59.5, 1.60.2, 1.61.3, 1.62.3, 1.63.2, 1.64.3, 1.65.4."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-220",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-220 Client-Server Protocol Manipulation"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "HIGH",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "LOW",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-440",
                  "description": "CWE-440: Expected Behavior Violation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-08-06T10:14:28.492Z",
            "orgId": "14ed7db2-1595-443d-9d34-6215bf890778",
            "shortName": "Google"
          },
          "references": [
            {
              "url": "https://github.com/grpc/grpc/issues/36245"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "HPACK table poisoning in gRPC C++, Python \u0026 Ruby",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778",
        "assignerShortName": "Google",
        "cveId": "CVE-2024-7246",
        "datePublished": "2024-08-06T10:14:28.492Z",
        "dateReserved": "2024-07-29T20:41:21.403Z",
        "dateUpdated": "2024-08-06T13:17:59.082Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-37168 (GCVE-0-2024-37168)

    Vulnerability from cvelistv5 – Published: 2024-06-10 21:32 – Updated: 2024-08-02 03:50
    VLAI
    Title
    @grpc/grpc-js can allocate memory for incoming messages well above configured limits
    Summary
    @grpc/grps-js implements the core functionality of gRPC purely in JavaScript, without a C++ addon. Prior to versions 1.10.9, 1.9.15, and 1.8.22, there are two separate code paths in which memory can be allocated per message in excess of the `grpc.max_receive_message_length` channel option: If an incoming message has a size on the wire greater than the configured limit, the entire message is buffered before it is discarded; and/or if an incoming message has a size within the limit on the wire but decompresses to a size greater than the limit, the entire message is decompressed into memory, and on the server is not discarded. This has been patched in versions 1.10.9, 1.9.15, and 1.8.22.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-789 - Memory Allocation with Excessive Size Value
    Assigner
    Impacted products
    Vendor Product Version
    grpc grpc-node Affected: >= 1.10.0, < 1.10.9
    Affected: >= 1.9.0, < 1.9.15
    Affected: < 1.8.22
    Create a notification for this product.
    grpc grpc Affected: 1.10.0 , < 1.10.9 (custom)
    Affected: 1.9.0 , < 1.9.15 (custom)
    Affected: 0 , < 1.8.22 (custom)
        cpe:2.3:a:grpc:grpc:1.10.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:grpc:grpc:1.10.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "grpc",
                "vendor": "grpc",
                "versions": [
                  {
                    "lessThan": "1.10.9",
                    "status": "affected",
                    "version": "1.10.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "1.9.15",
                    "status": "affected",
                    "version": "1.9.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "1.8.22",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-37168",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-06-11T14:03:13.988919Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-11T14:05:45.075Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T03:50:55.550Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "https://github.com/grpc/grpc-node/security/advisories/GHSA-7v5v-9h63-cj86",
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/grpc/grpc-node/security/advisories/GHSA-7v5v-9h63-cj86"
              },
              {
                "name": "https://github.com/grpc/grpc-node/commit/08b0422dae56467ecae1007e899efe66a8c4a650",
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/grpc/grpc-node/commit/08b0422dae56467ecae1007e899efe66a8c4a650"
              },
              {
                "name": "https://github.com/grpc/grpc-node/commit/674f4e351a619fd4532f84ae6dff96b8ee4e1ed3",
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/grpc/grpc-node/commit/674f4e351a619fd4532f84ae6dff96b8ee4e1ed3"
              },
              {
                "name": "https://github.com/grpc/grpc-node/commit/a8a020339c7eab1347a343a512ad17a4aea4bfdb",
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/grpc/grpc-node/commit/a8a020339c7eab1347a343a512ad17a4aea4bfdb"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "grpc-node",
              "vendor": "grpc",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003e= 1.10.0, \u003c 1.10.9"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 1.9.0, \u003c 1.9.15"
                },
                {
                  "status": "affected",
                  "version": "\u003c 1.8.22"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "@grpc/grps-js implements the core functionality of gRPC purely in JavaScript, without a C++ addon. Prior to versions 1.10.9, 1.9.15, and 1.8.22, there are two separate code paths in which memory can be allocated per message in excess of the `grpc.max_receive_message_length` channel option: If an incoming message has a size on the wire greater than the configured limit, the entire message is buffered before it is discarded; and/or if an incoming message has a size within the limit on the wire but decompresses to a size greater than the limit, the entire message is decompressed into memory, and on the server is not discarded. This has been patched in versions 1.10.9, 1.9.15, and 1.8.22.\n"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-789",
                  "description": "CWE-789: Memory Allocation with Excessive Size Value",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-06-10T21:32:06.403Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/grpc/grpc-node/security/advisories/GHSA-7v5v-9h63-cj86",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/grpc/grpc-node/security/advisories/GHSA-7v5v-9h63-cj86"
            },
            {
              "name": "https://github.com/grpc/grpc-node/commit/08b0422dae56467ecae1007e899efe66a8c4a650",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/grpc/grpc-node/commit/08b0422dae56467ecae1007e899efe66a8c4a650"
            },
            {
              "name": "https://github.com/grpc/grpc-node/commit/674f4e351a619fd4532f84ae6dff96b8ee4e1ed3",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/grpc/grpc-node/commit/674f4e351a619fd4532f84ae6dff96b8ee4e1ed3"
            },
            {
              "name": "https://github.com/grpc/grpc-node/commit/a8a020339c7eab1347a343a512ad17a4aea4bfdb",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/grpc/grpc-node/commit/a8a020339c7eab1347a343a512ad17a4aea4bfdb"
            }
          ],
          "source": {
            "advisory": "GHSA-7v5v-9h63-cj86",
            "discovery": "UNKNOWN"
          },
          "title": "@grpc/grpc-js can allocate memory for incoming messages well above configured limits"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2024-37168",
        "datePublished": "2024-06-10T21:32:06.403Z",
        "dateReserved": "2024-06-03T17:29:38.330Z",
        "dateUpdated": "2024-08-02T03:50:55.550Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-44487 (GCVE-0-2023-44487)

    Vulnerability from cvelistv5 – Published: 2023-10-10 00:00 – Updated: 2026-05-12 10:52
    VLAI CISA KEVIntel
    Summary
    The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
    SSVC
    Exploitation: active Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-400 - Uncontrolled Resource Consumption
    Assigner
    References
    URL Tags
    https://github.com/dotnet/core/blob/e4613450ea0da…
    https://blog.cloudflare.com/technical-breakdown-h…
    https://aws.amazon.com/security/security-bulletin…
    https://cloud.google.com/blog/products/identity-s…
    https://www.nginx.com/blog/http-2-rapid-reset-att…
    https://cloud.google.com/blog/products/identity-s…
    https://news.ycombinator.com/item?id=37831062
    https://blog.cloudflare.com/zero-day-rapid-reset-…
    https://www.phoronix.com/news/HTTP2-Rapid-Reset-Attack
    https://github.com/envoyproxy/envoy/pull/30055
    https://github.com/haproxy/haproxy/issues/2312
    https://github.com/eclipse/jetty.project/issues/10679
    https://forums.swift.org/t/swift-nio-http2-securi…
    https://github.com/nghttp2/nghttp2/pull/1961
    https://github.com/netty/netty/commit/58f75f665aa…
    https://github.com/alibaba/tengine/issues/1872
    https://github.com/apache/tomcat/tree/main/java/o…
    https://news.ycombinator.com/item?id=37830987
    https://news.ycombinator.com/item?id=37830998
    https://github.com/caddyserver/caddy/issues/5877
    https://www.bleepingcomputer.com/news/security/ne…
    https://github.com/bcdannyboy/CVE-2023-44487
    https://github.com/grpc/grpc-go/pull/6703
    https://github.com/icing/mod_h2/blob/0a864782af0a…
    https://github.com/nghttp2/nghttp2/releases/tag/v1.57.0
    https://mailman.nginx.org/pipermail/nginx-devel/2…
    https://my.f5.com/manage/s/article/K000137106
    https://msrc.microsoft.com/blog/2023/10/microsoft…
    https://bugzilla.proxmox.com/show_bug.cgi?id=4988
    https://cgit.freebsd.org/ports/commit/?id=c64c329…
    http://www.openwall.com/lists/oss-security/2023/10/10/7 mailing-list
    http://www.openwall.com/lists/oss-security/2023/10/10/6 mailing-list
    https://seanmonstar.com/post/730794151136935936/h…
    https://github.com/microsoft/CBL-Mariner/pull/6381
    https://groups.google.com/g/golang-announce/c/iNN…
    https://github.com/facebook/proxygen/pull/466
    https://gist.github.com/adulau/7c2bfb8e9cdbe4b35a…
    https://github.com/micrictor/http2-rst-stream
    https://edg.io/lp/blog/resets-leaks-ddos-and-the-…
    https://openssf.org/blog/2023/10/10/http-2-rapid-…
    https://github.com/h2o/h2o/security/advisories/GH…
    https://github.com/h2o/h2o/pull/3291
    https://github.com/nodejs/node/pull/50121
    https://github.com/dotnet/announcements/issues/277
    https://github.com/golang/go/issues/63417
    https://github.com/advisories/GHSA-vx74-f528-fxqg
    https://github.com/apache/trafficserver/pull/10564
    https://msrc.microsoft.com/update-guide/vulnerabi…
    https://tomcat.apache.org/security-10.html#Fixed_…
    https://lists.apache.org/thread/5py8h42mxfsn8l1wy…
    https://www.openwall.com/lists/oss-security/2023/…
    https://www.haproxy.com/blog/haproxy-is-not-affec…
    https://github.com/opensearch-project/data-preppe…
    https://github.com/kubernetes/kubernetes/pull/121120
    https://github.com/oqtane/oqtane.framework/discus…
    https://github.com/advisories/GHSA-xpw8-rcwv-8f8p
    https://netty.io/news/2023/10/10/4-1-100-Final.html
    https://www.cisa.gov/news-events/alerts/2023/10/1…
    https://www.theregister.com/2023/10/10/http2_rapi…
    https://blog.qualys.com/vulnerabilities-threat-re…
    https://news.ycombinator.com/item?id=37837043
    https://github.com/kazu-yamamoto/http2/issues/93
    https://martinthomson.github.io/h2-stream-limits/…
    https://github.com/kazu-yamamoto/http2/commit/f61…
    https://github.com/apache/httpd/blob/afcdbeebbff4…
    https://www.debian.org/security/2023/dsa-5522 vendor-advisory
    https://www.debian.org/security/2023/dsa-5521 vendor-advisory
    https://access.redhat.com/security/cve/cve-2023-44487
    https://github.com/ninenines/cowboy/issues/1615
    https://github.com/varnishcache/varnish-cache/iss…
    https://github.com/tempesta-tech/tempesta/issues/1986
    https://blog.vespa.ai/cve-2023-44487/
    https://github.com/etcd-io/etcd/issues/16740
    https://www.darkreading.com/cloud/internet-wide-z…
    https://istio.io/latest/news/security/istio-secur…
    https://github.com/junkurihara/rust-rpxy/issues/97
    https://bugzilla.suse.com/show_bug.cgi?id=1216123
    https://bugzilla.redhat.com/show_bug.cgi?id=2242803
    https://ubuntu.com/security/CVE-2023-44487
    https://community.traefik.io/t/is-traefik-vulnera…
    https://github.com/advisories/GHSA-qppj-fm5r-hxr3
    https://github.com/apache/httpd-site/pull/10
    https://github.com/projectcontour/contour/pull/5826
    https://github.com/linkerd/website/pull/1695/comm…
    https://github.com/line/armeria/pull/5232
    https://blog.litespeedtech.com/2023/10/11/rapid-r…
    https://security.paloaltonetworks.com/CVE-2023-44487
    https://github.com/akka/akka-http/issues/4323
    https://github.com/openresty/openresty/issues/930
    https://github.com/apache/apisix/issues/10320
    https://github.com/Azure/AKS/issues/3947
    https://github.com/Kong/kong/discussions/11741
    https://github.com/arkrwn/PoC/tree/main/CVE-2023-44487
    https://www.netlify.com/blog/netlify-successfully…
    https://github.com/caddyserver/caddy/releases/tag…
    https://lists.debian.org/debian-lts-announce/2023… mailing-list
    http://www.openwall.com/lists/oss-security/2023/10/13/4 mailing-list
    http://www.openwall.com/lists/oss-security/2023/10/13/9 mailing-list
    https://arstechnica.com/security/2023/10/how-ddos…
    https://lists.w3.org/Archives/Public/ietf-http-wg…
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisory
    https://linkerd.io/2023/10/12/linkerd-cve-2023-44487/
    https://lists.debian.org/debian-lts-announce/2023… mailing-list
    https://security.netapp.com/advisory/ntap-2023101…
    https://lists.debian.org/debian-lts-announce/2023… mailing-list
    http://www.openwall.com/lists/oss-security/2023/10/18/4 mailing-list
    http://www.openwall.com/lists/oss-security/2023/10/18/8 mailing-list
    http://www.openwall.com/lists/oss-security/2023/10/19/6 mailing-list
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisory
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisory
    http://www.openwall.com/lists/oss-security/2023/10/20/8 mailing-list
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisory
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisory
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisory
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisory
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisory
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisory
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisory
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisory
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisory
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisory
    https://lists.debian.org/debian-lts-announce/2023… mailing-list
    https://www.debian.org/security/2023/dsa-5540 vendor-advisory
    https://lists.debian.org/debian-lts-announce/2023… mailing-list
    https://discuss.hashicorp.com/t/hcsec-2023-32-vau…
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisory
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisory
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisory
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisory
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisory
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisory
    https://lists.debian.org/debian-lts-announce/2023… mailing-list
    https://www.debian.org/security/2023/dsa-5549 vendor-advisory
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisory
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisory
    https://www.debian.org/security/2023/dsa-5558 vendor-advisory
    https://lists.debian.org/debian-lts-announce/2023… mailing-list
    https://security.gentoo.org/glsa/202311-09 vendor-advisory
    https://www.debian.org/security/2023/dsa-5570 vendor-advisory
    https://security.netapp.com/advisory/ntap-2024042…
    https://security.netapp.com/advisory/ntap-2024062…
    https://security.netapp.com/advisory/ntap-2024062…
    https://github.com/grpc/grpc/releases/tag/v1.59.2
    https://sec.cloudapps.cisco.com/security/center/c…
    https://www.cisa.gov/known-exploited-vulnerabilit… government-resource
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_transferred
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_transferred
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_transferred
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_transferred
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_transferred
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_transferred
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_transferred
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_transferred
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_transferred
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_transferred
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_transferred
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_transferred
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_transferred
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_transferred
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_transferred
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_transferred
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_transferred
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_transferred
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_transferred
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_transferred
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_transferred
    https://www.vicarius.io/vsociety/posts/rapid-rese…
    http://www.openwall.com/lists/oss-security/2025/08/13/6
    https://cert-portal.siemens.com/productcert/html/…
    https://cert-portal.siemens.com/productcert/html/…
    https://cert-portal.siemens.com/productcert/html/…
    https://cert-portal.siemens.com/productcert/html/…
    https://cert-portal.siemens.com/productcert/html/…
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:ietf:http:2.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "http",
                "vendor": "ietf",
                "versions": [
                  {
                    "status": "affected",
                    "version": "2.0"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.5,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-44487",
                    "options": [
                      {
                        "Exploitation": "active"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-23T20:34:21.334116Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              },
              {
                "other": {
                  "content": {
                    "dateAdded": "2023-10-10",
                    "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-44487"
                  },
                  "type": "kev"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-400",
                    "description": "CWE-400 Uncontrolled Resource Consumption",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-21T23:05:35.187Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "government-resource"
                ],
                "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-44487"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2023-10-10T00:00:00.000Z",
                "value": "CVE-2023-44487 added to CISA KEV"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-04T21:08:27.383Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/dotnet/core/blob/e4613450ea0da7fd2fc6b61dfb2c1c1dec1ce9ec/release-notes/6.0/6.0.23/6.0.23.md?plain=1#L73"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://aws.amazon.com/security/security-bulletins/AWS-2023-011/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://cloud.google.com/blog/products/identity-security/how-it-works-the-novel-http2-rapid-reset-ddos-attack"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://cloud.google.com/blog/products/identity-security/google-cloud-mitigated-largest-ddos-attack-peaking-above-398-million-rps/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://news.ycombinator.com/item?id=37831062"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://blog.cloudflare.com/zero-day-rapid-reset-http2-record-breaking-ddos-attack/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.phoronix.com/news/HTTP2-Rapid-Reset-Attack"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/envoyproxy/envoy/pull/30055"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/haproxy/haproxy/issues/2312"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/eclipse/jetty.project/issues/10679"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://forums.swift.org/t/swift-nio-http2-security-update-cve-2023-44487-http-2-dos/67764"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/nghttp2/nghttp2/pull/1961"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/netty/netty/commit/58f75f665aa81a8cbcf6ffa74820042a285c5e61"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/alibaba/tengine/issues/1872"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/apache/tomcat/tree/main/java/org/apache/coyote/http2"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://news.ycombinator.com/item?id=37830987"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://news.ycombinator.com/item?id=37830998"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/caddyserver/caddy/issues/5877"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.bleepingcomputer.com/news/security/new-http-2-rapid-reset-zero-day-attack-breaks-ddos-records/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/bcdannyboy/CVE-2023-44487"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/grpc/grpc-go/pull/6703"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/icing/mod_h2/blob/0a864782af0a942aa2ad4ed960a6b32cd35bcf0a/mod_http2/README.md?plain=1#L239-L244"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/nghttp2/nghttp2/releases/tag/v1.57.0"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://mailman.nginx.org/pipermail/nginx-devel/2023-October/S36Q5HBXR7CAIMPLLPRSSSYR4PCMWILK.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://my.f5.com/manage/s/article/K000137106"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://msrc.microsoft.com/blog/2023/10/microsoft-response-to-distributed-denial-of-service-ddos-attacks-against-http/2/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://bugzilla.proxmox.com/show_bug.cgi?id=4988"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://cgit.freebsd.org/ports/commit/?id=c64c329c2c1752f46b73e3e6ce9f4329be6629f9"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://seanmonstar.com/post/730794151136935936/hyper-http2-rapid-reset-unaffected"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/microsoft/CBL-Mariner/pull/6381"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/facebook/proxygen/pull/466"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://gist.github.com/adulau/7c2bfb8e9cdbe4b35a5e131c66a0c088"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/micrictor/http2-rst-stream"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://edg.io/lp/blog/resets-leaks-ddos-and-the-tale-of-a-hidden-cve"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://openssf.org/blog/2023/10/10/http-2-rapid-reset-vulnerability-highlights-need-for-rapid-response/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/h2o/h2o/security/advisories/GHSA-2m7v-gc89-fjqf"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/h2o/h2o/pull/3291"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/nodejs/node/pull/50121"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/dotnet/announcements/issues/277"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/golang/go/issues/63417"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/advisories/GHSA-vx74-f528-fxqg"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/apache/trafficserver/pull/10564"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-44487"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.14"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87q"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.openwall.com/lists/oss-security/2023/10/10/6"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/opensearch-project/data-prepper/issues/3474"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/kubernetes/kubernetes/pull/121120"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/oqtane/oqtane.framework/discussions/3367"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/advisories/GHSA-xpw8-rcwv-8f8p"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://netty.io/news/2023/10/10/4-1-100-Final.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.theregister.com/2023/10/10/http2_rapid_reset_zeroday/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://blog.qualys.com/vulnerabilities-threat-research/2023/10/10/cve-2023-44487-http-2-rapid-reset-attack"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://news.ycombinator.com/item?id=37837043"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/kazu-yamamoto/http2/issues/93"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://martinthomson.github.io/h2-stream-limits/draft-thomson-httpbis-h2-stream-limits.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/kazu-yamamoto/http2/commit/f61d41a502bd0f60eb24e1ce14edc7b6df6722a1"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/apache/httpd/blob/afcdbeebbff4b0c50ea26cdd16e178c0d1f24152/modules/http2/h2_mplx.c#L1101-L1113"
              },
              {
                "name": "DSA-5522",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2023/dsa-5522"
              },
              {
                "name": "DSA-5521",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2023/dsa-5521"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/security/cve/cve-2023-44487"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/ninenines/cowboy/issues/1615"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/varnishcache/varnish-cache/issues/3996"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/tempesta-tech/tempesta/issues/1986"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://blog.vespa.ai/cve-2023-44487/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/etcd-io/etcd/issues/16740"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.darkreading.com/cloud/internet-wide-zero-day-bug-fuels-largest-ever-ddos-event"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://istio.io/latest/news/security/istio-security-2023-004/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/junkurihara/rust-rpxy/issues/97"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://bugzilla.suse.com/show_bug.cgi?id=1216123"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242803"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://ubuntu.com/security/CVE-2023-44487"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://community.traefik.io/t/is-traefik-vulnerable-to-cve-2023-44487/20125"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/advisories/GHSA-qppj-fm5r-hxr3"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/apache/httpd-site/pull/10"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/projectcontour/contour/pull/5826"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/linkerd/website/pull/1695/commits/4b9c6836471bc8270ab48aae6fd2181bc73fd632"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/line/armeria/pull/5232"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://blog.litespeedtech.com/2023/10/11/rapid-reset-http-2-vulnerablilty/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.paloaltonetworks.com/CVE-2023-44487"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/akka/akka-http/issues/4323"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/openresty/openresty/issues/930"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/apache/apisix/issues/10320"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/Azure/AKS/issues/3947"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/Kong/kong/discussions/11741"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/arkrwn/PoC/tree/main/CVE-2023-44487"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.netlify.com/blog/netlify-successfully-mitigates-cve-2023-44487/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/caddyserver/caddy/releases/tag/v2.7.5"
              },
              {
                "name": "[debian-lts-announce] 20231013 [SECURITY] [DLA 3617-1] tomcat9 security update",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html"
              },
              {
                "name": "[oss-security] 20231013 Re: CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2023/10/13/4"
              },
              {
                "name": "[oss-security] 20231013 Re: CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2023/10/13/9"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://arstechnica.com/security/2023/10/how-ddosers-used-the-http-2-protocol-to-deliver-attacks-of-unprecedented-size/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.w3.org/Archives/Public/ietf-http-wg/2023OctDec/0025.html"
              },
              {
                "name": "FEDORA-2023-ed2642fd58",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://linkerd.io/2023/10/12/linkerd-cve-2023-44487/"
              },
              {
                "name": "[debian-lts-announce] 20231016 [SECURITY] [DLA 3621-1] nghttp2 security update",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00023.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20231016-0001/"
              },
              {
                "name": "[debian-lts-announce] 20231016 [SECURITY] [DLA 3617-2] tomcat9 regression update",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00024.html"
              },
              {
                "name": "[oss-security] 20231018 Vulnerability in Jenkins",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2023/10/18/4"
              },
              {
                "name": "[oss-security] 20231018 Re: CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2023/10/18/8"
              },
              {
                "name": "[oss-security] 20231019 CVE-2023-45802: Apache HTTP Server: HTTP/2 stream memory not reclaimed right away on RST",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2023/10/19/6"
              },
              {
                "name": "FEDORA-2023-54fadada12",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3/"
              },
              {
                "name": "FEDORA-2023-5ff7bf1dd8",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ/"
              },
              {
                "name": "[oss-security] 20231020 Re: CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2023/10/20/8"
              },
              {
                "name": "FEDORA-2023-17efd3f2cd",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH/"
              },
              {
                "name": "FEDORA-2023-d5030c983c",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5/"
              },
              {
                "name": "FEDORA-2023-0259c3f26f",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ/"
              },
              {
                "name": "FEDORA-2023-2a9214af5f",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4/"
              },
              {
                "name": "FEDORA-2023-e9c04d81c1",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y/"
              },
              {
                "name": "FEDORA-2023-f66fc0f62a",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG/"
              },
              {
                "name": "FEDORA-2023-4d2fd884ea",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU/"
              },
              {
                "name": "FEDORA-2023-b2c50535cb",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL/"
              },
              {
                "name": "FEDORA-2023-fe53e13b5b",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/"
              },
              {
                "name": "FEDORA-2023-4bf641255e",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/"
              },
              {
                "name": "[debian-lts-announce] 20231030 [SECURITY] [DLA 3641-1] jetty9 security update",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00045.html"
              },
              {
                "name": "DSA-5540",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2023/dsa-5540"
              },
              {
                "name": "[debian-lts-announce] 20231031 [SECURITY] [DLA 3638-1] h2o security update",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00047.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://discuss.hashicorp.com/t/hcsec-2023-32-vault-consul-and-boundary-affected-by-http-2-rapid-reset-denial-of-service-vulnerability-cve-2023-44487/59715"
              },
              {
                "name": "FEDORA-2023-1caffb88af",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU/"
              },
              {
                "name": "FEDORA-2023-3f70b8d406",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK/"
              },
              {
                "name": "FEDORA-2023-7b52921cae",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A/"
              },
              {
                "name": "FEDORA-2023-7934802344",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT/"
              },
              {
                "name": "FEDORA-2023-dbe64661af",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ/"
              },
              {
                "name": "FEDORA-2023-822aab0a5a",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/"
              },
              {
                "name": "[debian-lts-announce] 20231105 [SECURITY] [DLA 3645-1] trafficserver security update",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00001.html"
              },
              {
                "name": "DSA-5549",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2023/dsa-5549"
              },
              {
                "name": "FEDORA-2023-c0c6a91330",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2MBEPPC36UBVOZZNAXFHKLFGSLCMN5LI/"
              },
              {
                "name": "FEDORA-2023-492b7be466",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WE2I52RHNNU42PX6NZ2RBUHSFFJ2LVZX/"
              },
              {
                "name": "DSA-5558",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2023/dsa-5558"
              },
              {
                "name": "[debian-lts-announce] 20231119 [SECURITY] [DLA 3656-1] netty security update",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00012.html"
              },
              {
                "name": "GLSA-202311-09",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/202311-09"
              },
              {
                "name": "DSA-5570",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2023/dsa-5570"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20240426-0007/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20240621-0007/"
              },
              {
                "url": "https://www.vicarius.io/vsociety/posts/rapid-reset-cve-2023-44487-dos-in-http2-understanding-the-root-cause"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2025/08/13/6"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "defaultStatus": "unknown",
                "product": "RUGGEDCOM APE1808",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SIMATIC S7-1500 CPU 1518-4 PN/DP MFP",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "V3.1.5",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SIMATIC S7-1500 CPU 1518-4 PN/DP MFP",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "V3.1.5",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "V3.1.5",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "V3.1.5",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SINEC NMS",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V3.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SIPLUS S7-1500 CPU 1518-4 PN/DP MFP",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "V3.1.5",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-12T10:52:23.784Z",
              "orgId": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e",
              "shortName": "siemens-SADP"
            },
            "references": [
              {
                "url": "https://cert-portal.siemens.com/productcert/html/ssa-832273.html"
              },
              {
                "url": "https://cert-portal.siemens.com/productcert/html/ssa-341067.html"
              },
              {
                "url": "https://cert-portal.siemens.com/productcert/html/ssa-784301.html"
              },
              {
                "url": "https://cert-portal.siemens.com/productcert/html/ssa-915275.html"
              },
              {
                "url": "https://cert-portal.siemens.com/productcert/html/ssa-082556.html"
              }
            ],
            "x_adpType": "supplier"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-06-07T20:05:34.376Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://github.com/dotnet/core/blob/e4613450ea0da7fd2fc6b61dfb2c1c1dec1ce9ec/release-notes/6.0/6.0.23/6.0.23.md?plain=1#L73"
            },
            {
              "url": "https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack/"
            },
            {
              "url": "https://aws.amazon.com/security/security-bulletins/AWS-2023-011/"
            },
            {
              "url": "https://cloud.google.com/blog/products/identity-security/how-it-works-the-novel-http2-rapid-reset-ddos-attack"
            },
            {
              "url": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/"
            },
            {
              "url": "https://cloud.google.com/blog/products/identity-security/google-cloud-mitigated-largest-ddos-attack-peaking-above-398-million-rps/"
            },
            {
              "url": "https://news.ycombinator.com/item?id=37831062"
            },
            {
              "url": "https://blog.cloudflare.com/zero-day-rapid-reset-http2-record-breaking-ddos-attack/"
            },
            {
              "url": "https://www.phoronix.com/news/HTTP2-Rapid-Reset-Attack"
            },
            {
              "url": "https://github.com/envoyproxy/envoy/pull/30055"
            },
            {
              "url": "https://github.com/haproxy/haproxy/issues/2312"
            },
            {
              "url": "https://github.com/eclipse/jetty.project/issues/10679"
            },
            {
              "url": "https://forums.swift.org/t/swift-nio-http2-security-update-cve-2023-44487-http-2-dos/67764"
            },
            {
              "url": "https://github.com/nghttp2/nghttp2/pull/1961"
            },
            {
              "url": "https://github.com/netty/netty/commit/58f75f665aa81a8cbcf6ffa74820042a285c5e61"
            },
            {
              "url": "https://github.com/alibaba/tengine/issues/1872"
            },
            {
              "url": "https://github.com/apache/tomcat/tree/main/java/org/apache/coyote/http2"
            },
            {
              "url": "https://news.ycombinator.com/item?id=37830987"
            },
            {
              "url": "https://news.ycombinator.com/item?id=37830998"
            },
            {
              "url": "https://github.com/caddyserver/caddy/issues/5877"
            },
            {
              "url": "https://www.bleepingcomputer.com/news/security/new-http-2-rapid-reset-zero-day-attack-breaks-ddos-records/"
            },
            {
              "url": "https://github.com/bcdannyboy/CVE-2023-44487"
            },
            {
              "url": "https://github.com/grpc/grpc-go/pull/6703"
            },
            {
              "url": "https://github.com/icing/mod_h2/blob/0a864782af0a942aa2ad4ed960a6b32cd35bcf0a/mod_http2/README.md?plain=1#L239-L244"
            },
            {
              "url": "https://github.com/nghttp2/nghttp2/releases/tag/v1.57.0"
            },
            {
              "url": "https://mailman.nginx.org/pipermail/nginx-devel/2023-October/S36Q5HBXR7CAIMPLLPRSSSYR4PCMWILK.html"
            },
            {
              "url": "https://my.f5.com/manage/s/article/K000137106"
            },
            {
              "url": "https://msrc.microsoft.com/blog/2023/10/microsoft-response-to-distributed-denial-of-service-ddos-attacks-against-http/2/"
            },
            {
              "url": "https://bugzilla.proxmox.com/show_bug.cgi?id=4988"
            },
            {
              "url": "https://cgit.freebsd.org/ports/commit/?id=c64c329c2c1752f46b73e3e6ce9f4329be6629f9"
            },
            {
              "name": "[oss-security] 20231010 Re: CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations",
              "tags": [
                "mailing-list"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2023/10/10/7"
            },
            {
              "name": "[oss-security] 20231010 CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations",
              "tags": [
                "mailing-list"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2023/10/10/6"
            },
            {
              "url": "https://seanmonstar.com/post/730794151136935936/hyper-http2-rapid-reset-unaffected"
            },
            {
              "url": "https://github.com/microsoft/CBL-Mariner/pull/6381"
            },
            {
              "url": "https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo"
            },
            {
              "url": "https://github.com/facebook/proxygen/pull/466"
            },
            {
              "url": "https://gist.github.com/adulau/7c2bfb8e9cdbe4b35a5e131c66a0c088"
            },
            {
              "url": "https://github.com/micrictor/http2-rst-stream"
            },
            {
              "url": "https://edg.io/lp/blog/resets-leaks-ddos-and-the-tale-of-a-hidden-cve"
            },
            {
              "url": "https://openssf.org/blog/2023/10/10/http-2-rapid-reset-vulnerability-highlights-need-for-rapid-response/"
            },
            {
              "url": "https://github.com/h2o/h2o/security/advisories/GHSA-2m7v-gc89-fjqf"
            },
            {
              "url": "https://github.com/h2o/h2o/pull/3291"
            },
            {
              "url": "https://github.com/nodejs/node/pull/50121"
            },
            {
              "url": "https://github.com/dotnet/announcements/issues/277"
            },
            {
              "url": "https://github.com/golang/go/issues/63417"
            },
            {
              "url": "https://github.com/advisories/GHSA-vx74-f528-fxqg"
            },
            {
              "url": "https://github.com/apache/trafficserver/pull/10564"
            },
            {
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-44487"
            },
            {
              "url": "https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.14"
            },
            {
              "url": "https://lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87q"
            },
            {
              "url": "https://www.openwall.com/lists/oss-security/2023/10/10/6"
            },
            {
              "url": "https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487"
            },
            {
              "url": "https://github.com/opensearch-project/data-prepper/issues/3474"
            },
            {
              "url": "https://github.com/kubernetes/kubernetes/pull/121120"
            },
            {
              "url": "https://github.com/oqtane/oqtane.framework/discussions/3367"
            },
            {
              "url": "https://github.com/advisories/GHSA-xpw8-rcwv-8f8p"
            },
            {
              "url": "https://netty.io/news/2023/10/10/4-1-100-Final.html"
            },
            {
              "url": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487"
            },
            {
              "url": "https://www.theregister.com/2023/10/10/http2_rapid_reset_zeroday/"
            },
            {
              "url": "https://blog.qualys.com/vulnerabilities-threat-research/2023/10/10/cve-2023-44487-http-2-rapid-reset-attack"
            },
            {
              "url": "https://news.ycombinator.com/item?id=37837043"
            },
            {
              "url": "https://github.com/kazu-yamamoto/http2/issues/93"
            },
            {
              "url": "https://martinthomson.github.io/h2-stream-limits/draft-thomson-httpbis-h2-stream-limits.html"
            },
            {
              "url": "https://github.com/kazu-yamamoto/http2/commit/f61d41a502bd0f60eb24e1ce14edc7b6df6722a1"
            },
            {
              "url": "https://github.com/apache/httpd/blob/afcdbeebbff4b0c50ea26cdd16e178c0d1f24152/modules/http2/h2_mplx.c#L1101-L1113"
            },
            {
              "name": "DSA-5522",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.debian.org/security/2023/dsa-5522"
            },
            {
              "name": "DSA-5521",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.debian.org/security/2023/dsa-5521"
            },
            {
              "url": "https://access.redhat.com/security/cve/cve-2023-44487"
            },
            {
              "url": "https://github.com/ninenines/cowboy/issues/1615"
            },
            {
              "url": "https://github.com/varnishcache/varnish-cache/issues/3996"
            },
            {
              "url": "https://github.com/tempesta-tech/tempesta/issues/1986"
            },
            {
              "url": "https://blog.vespa.ai/cve-2023-44487/"
            },
            {
              "url": "https://github.com/etcd-io/etcd/issues/16740"
            },
            {
              "url": "https://www.darkreading.com/cloud/internet-wide-zero-day-bug-fuels-largest-ever-ddos-event"
            },
            {
              "url": "https://istio.io/latest/news/security/istio-security-2023-004/"
            },
            {
              "url": "https://github.com/junkurihara/rust-rpxy/issues/97"
            },
            {
              "url": "https://bugzilla.suse.com/show_bug.cgi?id=1216123"
            },
            {
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242803"
            },
            {
              "url": "https://ubuntu.com/security/CVE-2023-44487"
            },
            {
              "url": "https://community.traefik.io/t/is-traefik-vulnerable-to-cve-2023-44487/20125"
            },
            {
              "url": "https://github.com/advisories/GHSA-qppj-fm5r-hxr3"
            },
            {
              "url": "https://github.com/apache/httpd-site/pull/10"
            },
            {
              "url": "https://github.com/projectcontour/contour/pull/5826"
            },
            {
              "url": "https://github.com/linkerd/website/pull/1695/commits/4b9c6836471bc8270ab48aae6fd2181bc73fd632"
            },
            {
              "url": "https://github.com/line/armeria/pull/5232"
            },
            {
              "url": "https://blog.litespeedtech.com/2023/10/11/rapid-reset-http-2-vulnerablilty/"
            },
            {
              "url": "https://security.paloaltonetworks.com/CVE-2023-44487"
            },
            {
              "url": "https://github.com/akka/akka-http/issues/4323"
            },
            {
              "url": "https://github.com/openresty/openresty/issues/930"
            },
            {
              "url": "https://github.com/apache/apisix/issues/10320"
            },
            {
              "url": "https://github.com/Azure/AKS/issues/3947"
            },
            {
              "url": "https://github.com/Kong/kong/discussions/11741"
            },
            {
              "url": "https://github.com/arkrwn/PoC/tree/main/CVE-2023-44487"
            },
            {
              "url": "https://www.netlify.com/blog/netlify-successfully-mitigates-cve-2023-44487/"
            },
            {
              "url": "https://github.com/caddyserver/caddy/releases/tag/v2.7.5"
            },
            {
              "name": "[debian-lts-announce] 20231013 [SECURITY] [DLA 3617-1] tomcat9 security update",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html"
            },
            {
              "name": "[oss-security] 20231013 Re: CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations",
              "tags": [
                "mailing-list"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2023/10/13/4"
            },
            {
              "name": "[oss-security] 20231013 Re: CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations",
              "tags": [
                "mailing-list"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2023/10/13/9"
            },
            {
              "url": "https://arstechnica.com/security/2023/10/how-ddosers-used-the-http-2-protocol-to-deliver-attacks-of-unprecedented-size/"
            },
            {
              "url": "https://lists.w3.org/Archives/Public/ietf-http-wg/2023OctDec/0025.html"
            },
            {
              "name": "FEDORA-2023-ed2642fd58",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY/"
            },
            {
              "url": "https://linkerd.io/2023/10/12/linkerd-cve-2023-44487/"
            },
            {
              "name": "[debian-lts-announce] 20231016 [SECURITY] [DLA 3621-1] nghttp2 security update",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00023.html"
            },
            {
              "url": "https://security.netapp.com/advisory/ntap-20231016-0001/"
            },
            {
              "name": "[debian-lts-announce] 20231016 [SECURITY] [DLA 3617-2] tomcat9 regression update",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00024.html"
            },
            {
              "name": "[oss-security] 20231018 Vulnerability in Jenkins",
              "tags": [
                "mailing-list"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2023/10/18/4"
            },
            {
              "name": "[oss-security] 20231018 Re: CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations",
              "tags": [
                "mailing-list"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2023/10/18/8"
            },
            {
              "name": "[oss-security] 20231019 CVE-2023-45802: Apache HTTP Server: HTTP/2 stream memory not reclaimed right away on RST",
              "tags": [
                "mailing-list"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2023/10/19/6"
            },
            {
              "name": "FEDORA-2023-54fadada12",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3/"
            },
            {
              "name": "FEDORA-2023-5ff7bf1dd8",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ/"
            },
            {
              "name": "[oss-security] 20231020 Re: CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations",
              "tags": [
                "mailing-list"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2023/10/20/8"
            },
            {
              "name": "FEDORA-2023-17efd3f2cd",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH/"
            },
            {
              "name": "FEDORA-2023-d5030c983c",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5/"
            },
            {
              "name": "FEDORA-2023-0259c3f26f",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ/"
            },
            {
              "name": "FEDORA-2023-2a9214af5f",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4/"
            },
            {
              "name": "FEDORA-2023-e9c04d81c1",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y/"
            },
            {
              "name": "FEDORA-2023-f66fc0f62a",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG/"
            },
            {
              "name": "FEDORA-2023-4d2fd884ea",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU/"
            },
            {
              "name": "FEDORA-2023-b2c50535cb",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL/"
            },
            {
              "name": "FEDORA-2023-fe53e13b5b",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/"
            },
            {
              "name": "FEDORA-2023-4bf641255e",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/"
            },
            {
              "name": "[debian-lts-announce] 20231030 [SECURITY] [DLA 3641-1] jetty9 security update",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00045.html"
            },
            {
              "name": "DSA-5540",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.debian.org/security/2023/dsa-5540"
            },
            {
              "name": "[debian-lts-announce] 20231031 [SECURITY] [DLA 3638-1] h2o security update",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00047.html"
            },
            {
              "url": "https://discuss.hashicorp.com/t/hcsec-2023-32-vault-consul-and-boundary-affected-by-http-2-rapid-reset-denial-of-service-vulnerability-cve-2023-44487/59715"
            },
            {
              "name": "FEDORA-2023-1caffb88af",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU/"
            },
            {
              "name": "FEDORA-2023-3f70b8d406",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK/"
            },
            {
              "name": "FEDORA-2023-7b52921cae",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A/"
            },
            {
              "name": "FEDORA-2023-7934802344",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT/"
            },
            {
              "name": "FEDORA-2023-dbe64661af",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ/"
            },
            {
              "name": "FEDORA-2023-822aab0a5a",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/"
            },
            {
              "name": "[debian-lts-announce] 20231105 [SECURITY] [DLA 3645-1] trafficserver security update",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00001.html"
            },
            {
              "name": "DSA-5549",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.debian.org/security/2023/dsa-5549"
            },
            {
              "name": "FEDORA-2023-c0c6a91330",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2MBEPPC36UBVOZZNAXFHKLFGSLCMN5LI/"
            },
            {
              "name": "FEDORA-2023-492b7be466",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WE2I52RHNNU42PX6NZ2RBUHSFFJ2LVZX/"
            },
            {
              "name": "DSA-5558",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.debian.org/security/2023/dsa-5558"
            },
            {
              "name": "[debian-lts-announce] 20231119 [SECURITY] [DLA 3656-1] netty security update",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00012.html"
            },
            {
              "name": "GLSA-202311-09",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://security.gentoo.org/glsa/202311-09"
            },
            {
              "name": "DSA-5570",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.debian.org/security/2023/dsa-5570"
            },
            {
              "url": "https://security.netapp.com/advisory/ntap-20240426-0007/"
            },
            {
              "url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
            },
            {
              "url": "https://security.netapp.com/advisory/ntap-20240621-0007/"
            },
            {
              "url": "https://github.com/grpc/grpc/releases/tag/v1.59.2"
            },
            {
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-http2-reset-d8Kf32vZ"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2023-44487",
        "datePublished": "2023-10-10T00:00:00.000Z",
        "dateReserved": "2023-09-29T00:00:00.000Z",
        "dateUpdated": "2026-05-12T10:52:23.784Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-4785 (GCVE-0-2023-4785)

    Vulnerability from cvelistv5 – Published: 2023-09-13 16:31 – Updated: 2026-01-12 15:34
    VLAI
    Title
    Denial of Service in gRPC Core
    Summary
    Lack of error handling in the TCP server in Google's gRPC starting version 1.23 on posix-compatible platforms (ex. Linux) allows an attacker to cause a denial of service by initiating a significant number of connections with the server. Note that gRPC C++ Python, and Ruby are affected, but gRPC Java, and Go are NOT affected.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Google gRPC Unaffected: 0 , < 1.23 (custom)
    Unaffected: 1.57
    Affected: 1.56.0 , ≤ 1.56.1 (custom)
    Affected: 1.55.0 , ≤ 1.55.2 (custom)
    Affected: 1.54.0 , ≤ 1.54.2 (custom)
    Affected: 1.53.0 , ≤ 1.53.1 (custom)
    Create a notification for this product.
    grpc grpc Affected: 0 , < 1.23 (custom)
    Affected: 1.57
    Affected: 1.56.0 , ≤ 1.56.1 (custom)
    Affected: 1.55.0 , ≤ 155.2 (custom)
    Affected: 1.54.0 , ≤ 1.54.2 (custom)
    Affected: 1.53.0 , ≤ 1.53.1 (custom)
        cpe:2.3:a:grpc:grpc:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T07:38:00.495Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/grpc/grpc/pull/33656"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/grpc/grpc/pull/33667"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/grpc/grpc/pull/33669"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/grpc/grpc/pull/33670"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/grpc/grpc/pull/33672"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:grpc:grpc:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "grpc",
                "vendor": "grpc",
                "versions": [
                  {
                    "lessThan": "1.23",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  },
                  {
                    "status": "affected",
                    "version": "1.57"
                  },
                  {
                    "lessThanOrEqual": "1.56.1",
                    "status": "affected",
                    "version": "1.56.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThanOrEqual": "155.2",
                    "status": "affected",
                    "version": "1.55.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThanOrEqual": "1.54.2",
                    "status": "affected",
                    "version": "1.54.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThanOrEqual": "1.53.1",
                    "status": "affected",
                    "version": "1.53.0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-4785",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-25T18:02:01.004344Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-25T18:05:52.337Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Posix-compatible platforms"
              ],
              "product": "gRPC",
              "repo": "https://github.com/grpc/grpc",
              "vendor": "Google",
              "versions": [
                {
                  "lessThan": "1.23",
                  "status": "unaffected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "1.57"
                },
                {
                  "changes": [
                    {
                      "at": "1.56.2",
                      "status": "unaffected"
                    }
                  ],
                  "lessThanOrEqual": "1.56.1",
                  "status": "affected",
                  "version": "1.56.0",
                  "versionType": "custom"
                },
                {
                  "changes": [
                    {
                      "at": "1.55.3",
                      "status": "unaffected"
                    }
                  ],
                  "lessThanOrEqual": "1.55.2",
                  "status": "affected",
                  "version": "1.55.0",
                  "versionType": "custom"
                },
                {
                  "changes": [
                    {
                      "at": "1.54.3",
                      "status": "unaffected"
                    }
                  ],
                  "lessThanOrEqual": "1.54.2",
                  "status": "affected",
                  "version": "1.54.0",
                  "versionType": "custom"
                },
                {
                  "changes": [
                    {
                      "at": "1.53.2",
                      "status": "unaffected"
                    }
                  ],
                  "lessThanOrEqual": "1.53.1",
                  "status": "affected",
                  "version": "1.53.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Lack of error handling in the TCP server in Google\u0027s gRPC starting version 1.23 on posix-compatible platforms (ex. Linux) allows an attacker to cause a denial of service by initiating a significant number of connections with the server. Note that gRPC C++ Python, and Ruby are affected, but gRPC Java, and Go are NOT affected.\u0026nbsp;"
                }
              ],
              "value": "Lack of error handling in the TCP server in Google\u0027s gRPC starting version 1.23 on posix-compatible platforms (ex. Linux) allows an attacker to cause a denial of service by initiating a significant number of connections with the server. Note that gRPC C++ Python, and Ruby are affected, but gRPC Java, and Go are NOT affected."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-125",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-125 Flooding"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-248",
                  "description": "CWE-248",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-01-12T15:34:12.725Z",
            "orgId": "14ed7db2-1595-443d-9d34-6215bf890778",
            "shortName": "Google"
          },
          "references": [
            {
              "url": "https://github.com/grpc/grpc/pull/33656"
            },
            {
              "url": "https://github.com/grpc/grpc/pull/33667"
            },
            {
              "url": "https://github.com/grpc/grpc/pull/33669"
            },
            {
              "url": "https://github.com/grpc/grpc/pull/33670"
            },
            {
              "url": "https://github.com/grpc/grpc/pull/33672"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Denial of Service in gRPC Core",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778",
        "assignerShortName": "Google",
        "cveId": "CVE-2023-4785",
        "datePublished": "2023-09-13T16:31:55.664Z",
        "dateReserved": "2023-09-06T04:50:57.530Z",
        "dateUpdated": "2026-01-12T15:34:12.725Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-33953 (GCVE-0-2023-33953)

    Vulnerability from cvelistv5 – Published: 2023-08-09 12:54 – Updated: 2024-09-27 18:40
    VLAI
    Title
    Denial-of-Service in gRPC
    Summary
    gRPC contains a vulnerability that allows hpack table accounting errors could lead to unwanted disconnects between clients and servers in exceptional cases/ Three vectors were found that allow the following DOS attacks: - Unbounded memory buffering in the HPACK parser - Unbounded CPU consumption in the HPACK parser The unbounded CPU consumption is down to a copy that occurred per-input-block in the parser, and because that could be unbounded due to the memory copy bug we end up with an O(n^2) parsing loop, with n selected by the client. The unbounded memory buffering bugs: - The header size limit check was behind the string reading code, so we needed to first buffer up to a 4 gigabyte string before rejecting it as longer than 8 or 16kb. - HPACK varints have an encoding quirk whereby an infinite number of 0’s can be added at the start of an integer. gRPC’s hpack parser needed to read all of them before concluding a parse. - gRPC’s metadata overflow check was performed per frame, so that the following sequence of frames could cause infinite buffering: HEADERS: containing a: 1 CONTINUATION: containing a: 2 CONTINUATION: containing a: 3 etc…
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-834 - Excessive Iteration
    • CWE-789 - Memory Allocation with Excessive Size Value
    Assigner
    Impacted products
    Vendor Product Version
    Google gRPC Affected: 0 , < 1.56.1 (custom)
    Create a notification for this product.
    grpc grpc Affected: 0 , < 1.53.2 (custom)
    Affected: 1.54 , < 154.3 (custom)
    Affected: 1.55 , < 1.55.2 (custom)
    Affected: 1.56 , < 1.56.2 (custom)
        cpe:2.3:a:grpc:grpc:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T15:54:14.192Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://cloud.google.com/support/bulletins#gcp-2023-022"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:grpc:grpc:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "grpc",
                "vendor": "grpc",
                "versions": [
                  {
                    "lessThan": "1.53.2",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "154.3",
                    "status": "affected",
                    "version": "1.54",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "1.55.2",
                    "status": "affected",
                    "version": "1.55",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "1.56.2",
                    "status": "affected",
                    "version": "1.56",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-33953",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-27T17:54:21.539206Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-27T18:40:52.297Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "gRPC",
              "vendor": "Google",
              "versions": [
                {
                  "lessThan": "1.56.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "gRPC contains a vulnerability that allows hpack table accounting errors could lead to unwanted disconnects between clients and servers in exceptional cases/\u0026nbsp;Three vectors were found that allow the following DOS attacks:\u003cbr\u003e\u003cbr\u003e- Unbounded memory buffering in the HPACK parser\u003cbr\u003e- Unbounded CPU consumption in the HPACK parser\u003cbr\u003e\u003cbr\u003eThe unbounded CPU consumption is down to a copy that occurred per-input-block in the parser, and because that could be unbounded due to the memory copy bug we end up with an O(n^2) parsing loop, with n selected by the client.\u003cbr\u003e\u003cbr\u003eThe unbounded memory buffering bugs:\u003cbr\u003e\u003cbr\u003e- The header size limit check was behind the string reading code, so we needed to first buffer up to a 4 gigabyte string before rejecting it as longer than 8 or 16kb.\u003cbr\u003e- HPACK varints have an encoding quirk whereby an infinite number of 0\u2019s can be added at the start of an integer. gRPC\u2019s hpack parser needed to read all of them before concluding a parse.\u003cbr\u003e- gRPC\u2019s metadata overflow check was performed per frame, so that the following sequence of frames could cause infinite buffering: HEADERS: containing a: 1 CONTINUATION: containing a: 2 CONTINUATION: containing a: 3 etc\u2026"
                }
              ],
              "value": "gRPC contains a vulnerability that allows hpack table accounting errors could lead to unwanted disconnects between clients and servers in exceptional cases/\u00a0Three vectors were found that allow the following DOS attacks:\n\n- Unbounded memory buffering in the HPACK parser\n- Unbounded CPU consumption in the HPACK parser\n\nThe unbounded CPU consumption is down to a copy that occurred per-input-block in the parser, and because that could be unbounded due to the memory copy bug we end up with an O(n^2) parsing loop, with n selected by the client.\n\nThe unbounded memory buffering bugs:\n\n- The header size limit check was behind the string reading code, so we needed to first buffer up to a 4 gigabyte string before rejecting it as longer than 8 or 16kb.\n- HPACK varints have an encoding quirk whereby an infinite number of 0\u2019s can be added at the start of an integer. gRPC\u2019s hpack parser needed to read all of them before concluding a parse.\n- gRPC\u2019s metadata overflow check was performed per frame, so that the following sequence of frames could cause infinite buffering: HEADERS: containing a: 1 CONTINUATION: containing a: 2 CONTINUATION: containing a: 3 etc\u2026"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-220",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-220 Client-Server Protocol Manipulation"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-834",
                  "description": "CWE-834 Excessive Iteration",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-789",
                  "description": "CWE-789 Memory Allocation with Excessive Size Value",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-08-09T12:54:47.415Z",
            "orgId": "14ed7db2-1595-443d-9d34-6215bf890778",
            "shortName": "Google"
          },
          "references": [
            {
              "url": "https://cloud.google.com/support/bulletins#gcp-2023-022"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Denial-of-Service in gRPC",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778",
        "assignerShortName": "Google",
        "cveId": "CVE-2023-33953",
        "datePublished": "2023-08-09T12:54:47.415Z",
        "dateReserved": "2023-05-24T12:08:31.409Z",
        "dateUpdated": "2024-09-27T18:40:52.297Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-32731 (GCVE-0-2023-32731)

    Vulnerability from cvelistv5 – Published: 2023-06-09 10:54 – Updated: 2024-09-26 19:12
    VLAI
    Title
    Information leak in gRPC
    Summary
    When gRPC HTTP2 stack raised a header size exceeded error, it skipped parsing the rest of the HPACK frame. This caused any HPACK table mutations to also be skipped, resulting in a desynchronization of HPACK tables between sender and receiver. If leveraged, say, between a proxy and a backend, this could lead to requests from the proxy being interpreted as containing headers from different proxy clients - leading to an information leak that can be used for privilege escalation or data exfiltration. We recommend upgrading beyond the commit contained in  https://github.com/grpc/grpc/pull/33005 https://github.com/grpc/grpc/pull/33005
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-440 - Expected Behavior Violation
    Assigner
    Impacted products
    Vendor Product Version
    Google gRPC Affected: 1.53 , ≤ 1.54 (custom)
    Create a notification for this product.
    grpc grpc Affected: 1.53 , ≤ 1.54 (custom)
        cpe:2.3:a:grpc:grpc:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T15:25:37.017Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/grpc/grpc/pull/32309"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/grpc/grpc/pull/33005"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:grpc:grpc:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "grpc",
                "vendor": "grpc",
                "versions": [
                  {
                    "lessThanOrEqual": "1.54",
                    "status": "affected",
                    "version": "1.53",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-32731",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-26T19:07:16.164767Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-26T19:12:06.245Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "gRPC",
              "repo": "https://github.com/grpc",
              "vendor": "Google",
              "versions": [
                {
                  "lessThanOrEqual": "1.54",
                  "status": "affected",
                  "version": "1.53",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "When gRPC HTTP2 stack raised a header size exceeded error, it skipped parsing the rest of the HPACK frame. This caused any HPACK table mutations to also be skipped, resulting in a desynchronization of HPACK tables between sender and receiver. If leveraged, say, between a proxy and a backend, this could lead to requests from the proxy being interpreted as containing headers from different proxy clients - leading to an information leak that can be used for privilege escalation or data exfiltration. We recommend upgrading beyond the commit contained in\u0026nbsp;\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://github.com/grpc/grpc/pull/33005\"\u003ehttps://github.com/grpc/grpc/pull/33005\u003c/a\u003e\u003cbr\u003e"
                }
              ],
              "value": "When gRPC HTTP2 stack raised a header size exceeded error, it skipped parsing the rest of the HPACK frame. This caused any HPACK table mutations to also be skipped, resulting in a desynchronization of HPACK tables between sender and receiver. If leveraged, say, between a proxy and a backend, this could lead to requests from the proxy being interpreted as containing headers from different proxy clients - leading to an information leak that can be used for privilege escalation or data exfiltration. We recommend upgrading beyond the commit contained in\u00a0 https://github.com/grpc/grpc/pull/33005 https://github.com/grpc/grpc/pull/33005 \n"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-220",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-220 Client-Server Protocol Manipulation"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.4,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-440",
                  "description": "CWE-440: Expected Behavior Violation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-06-13T15:26:24.636Z",
            "orgId": "14ed7db2-1595-443d-9d34-6215bf890778",
            "shortName": "Google"
          },
          "references": [
            {
              "url": "https://github.com/grpc/grpc/pull/32309"
            },
            {
              "url": "https://github.com/grpc/grpc/pull/33005"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Fixes available in these releases:\u003cbr\u003e- 1.52.2: \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://github.com/grpc/grpc/releases/tag/v1.52.2\"\u003ehttps://github.com/grpc/grpc/releases/tag/v1.52.2\u003c/a\u003e\u003cbr\u003e- 1.53.1: \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://github.com/grpc/grpc/releases/tag/v1.53.1\"\u003ehttps://github.com/grpc/grpc/releases/tag/v1.53.1\u003c/a\u003e\u003cbr\u003e- 1.54.2: \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://github.com/grpc/grpc/releases/tag/v1.54.2\"\u003ehttps://github.com/grpc/grpc/releases/tag/v1.54.2\u003c/a\u003e\u003cbr\u003e- 1.55.0: \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://github.com/grpc/grpc/releases/tag/v1.55.0\"\u003ehttps://github.com/grpc/grpc/releases/tag/v1.55.0\u003c/a\u003e\u003cbr\u003e\u003cbr\u003e"
                }
              ],
              "value": "Fixes available in these releases:\n- 1.52.2:  https://github.com/grpc/grpc/releases/tag/v1.52.2 https://github.com/grpc/grpc/releases/tag/v1.52.2 \n- 1.53.1:  https://github.com/grpc/grpc/releases/tag/v1.53.1 https://github.com/grpc/grpc/releases/tag/v1.53.1 \n- 1.54.2:  https://github.com/grpc/grpc/releases/tag/v1.54.2 https://github.com/grpc/grpc/releases/tag/v1.54.2 \n- 1.55.0:  https://github.com/grpc/grpc/releases/tag/v1.55.0 https://github.com/grpc/grpc/releases/tag/v1.55.0 \n\n"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Information leak in gRPC",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778",
        "assignerShortName": "Google",
        "cveId": "CVE-2023-32731",
        "datePublished": "2023-06-09T10:54:08.472Z",
        "dateReserved": "2023-05-12T08:58:54.033Z",
        "dateUpdated": "2024-09-26T19:12:06.245Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-32732 (GCVE-0-2023-32732)

    Vulnerability from cvelistv5 – Published: 2023-06-09 10:48 – Updated: 2025-02-13 16:55
    VLAI
    Title
    Denial-of-Service in gRPC
    Summary
    gRPC contains a vulnerability whereby a client can cause a termination of connection between a HTTP2 proxy and a gRPC server: a base64 encoding error for `-bin` suffixed headers will result in a disconnection by the gRPC server, but is typically allowed by HTTP2 proxies. We recommend upgrading beyond the commit in  https://github.com/grpc/grpc/pull/32309 https://www.google.com/url
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-440 - Expected Behavior Violation
    Assigner
    Impacted products
    Vendor Product Version
    Google gRPC Affected: 1.53 , < 1.54 (custom)
    Create a notification for this product.
    grpc grpc Affected: 1.53 , < 1.54 (custom)
        cpe:2.3:a:grpc:grpc:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T15:25:36.637Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/grpc/grpc/pull/32309"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/37IDNVY5AWVH7JDMM2SDTL24ZPPZJNSY/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VWE44J5FG7THHL7XVEVTNIGEYBNKJBLL/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:grpc:grpc:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "grpc",
                "vendor": "grpc",
                "versions": [
                  {
                    "lessThan": "1.54",
                    "status": "affected",
                    "version": "1.53",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-32732",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-26T18:59:27.982940Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-26T19:03:12.183Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "gRPC",
              "vendor": "Google",
              "versions": [
                {
                  "lessThan": "1.54",
                  "status": "affected",
                  "version": "1.53",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "gRPC contains a vulnerability whereby a client can cause a termination of connection between a HTTP2 proxy and a gRPC server: a base64 encoding error for `-bin` suffixed headers will result in a disconnection by the gRPC server, but is typically allowed by HTTP2 proxies. We recommend upgrading beyond the commit in\u0026nbsp;\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.google.com/url?sa=D\u0026amp;q=https%3A%2F%2Fgithub.com%2Fgrpc%2Fgrpc%2Fpull%2F32309\"\u003ehttps://github.com/grpc/grpc/pull/32309\u003c/a\u003e\u003cbr\u003e"
                }
              ],
              "value": "gRPC contains a vulnerability whereby a client can cause a termination of connection between a HTTP2 proxy and a gRPC server: a base64 encoding error for `-bin` suffixed headers will result in a disconnection by the gRPC server, but is typically allowed by HTTP2 proxies. We recommend upgrading beyond the commit in\u00a0 https://github.com/grpc/grpc/pull/32309 https://www.google.com/url"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-220",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-220 Client-Server Protocol Manipulation"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-440",
                  "description": "CWE-440: Expected Behavior Violation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-07-23T02:06:09.201Z",
            "orgId": "14ed7db2-1595-443d-9d34-6215bf890778",
            "shortName": "Google"
          },
          "references": [
            {
              "url": "https://github.com/grpc/grpc/pull/32309"
            },
            {
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/37IDNVY5AWVH7JDMM2SDTL24ZPPZJNSY/"
            },
            {
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VWE44J5FG7THHL7XVEVTNIGEYBNKJBLL/"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Fixes available in these releases:\u003cbr\u003e- 1.52.2: \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://github.com/grpc/grpc/releases/tag/v1.52.2\"\u003ehttps://github.com/grpc/grpc/releases/tag/v1.52.2\u003c/a\u003e\u003cbr\u003e- 1.53.1: \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://github.com/grpc/grpc/releases/tag/v1.53.1\"\u003ehttps://github.com/grpc/grpc/releases/tag/v1.53.1\u003c/a\u003e\u003cbr\u003e- 1.54.2: \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://github.com/grpc/grpc/releases/tag/v1.54.2\"\u003ehttps://github.com/grpc/grpc/releases/tag/v1.54.2\u003c/a\u003e\u003cbr\u003e- 1.55.0: \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://github.com/grpc/grpc/releases/tag/v1.55.0\"\u003ehttps://github.com/grpc/grpc/releases/tag/v1.55.0\u003c/a\u003e\u003cbr\u003e\u003cbr\u003e"
                }
              ],
              "value": "Fixes available in these releases:\n- 1.52.2:  https://github.com/grpc/grpc/releases/tag/v1.52.2 https://github.com/grpc/grpc/releases/tag/v1.52.2 \n- 1.53.1:  https://github.com/grpc/grpc/releases/tag/v1.53.1 https://github.com/grpc/grpc/releases/tag/v1.53.1 \n- 1.54.2:  https://github.com/grpc/grpc/releases/tag/v1.54.2 https://github.com/grpc/grpc/releases/tag/v1.54.2 \n- 1.55.0:  https://github.com/grpc/grpc/releases/tag/v1.55.0 https://github.com/grpc/grpc/releases/tag/v1.55.0"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Denial-of-Service in gRPC",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778",
        "assignerShortName": "Google",
        "cveId": "CVE-2023-32732",
        "datePublished": "2023-06-09T10:48:15.075Z",
        "dateReserved": "2023-05-12T08:58:54.033Z",
        "dateUpdated": "2025-02-13T16:55:01.392Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-1428 (GCVE-0-2023-1428)

    Vulnerability from cvelistv5 – Published: 2023-06-09 10:46 – Updated: 2024-09-26 18:58
    VLAI
    Title
    Denial-of-Service in gRPC
    Summary
    There exists an vulnerability causing an abort() to be called in gRPC.  The following headers cause gRPC's C++ implementation to abort() when called via http2: te: x (x != trailers) :scheme: x (x != http, https) grpclb_client_stats: x (x == anything) On top of sending one of those headers, a later header must be sent that gets the total header size past 8KB. We recommend upgrading past git commit 2485fa94bd8a723e5c977d55a3ce10b301b437f8 or v1.53 and above.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Google gRPC Affected: 1.51 , < 1.53 (custom)
    Create a notification for this product.
    grpc grpc Affected: 1.51.0 , < 1.53.0 (custom)
        cpe:2.3:a:grpc:grpc:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2023-02-28 23:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T05:49:11.535Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/grpc/grpc/commit/2485fa94bd8a723e5c977d55a3ce10b301b437f8"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:grpc:grpc:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "grpc",
                "vendor": "grpc",
                "versions": [
                  {
                    "lessThan": "1.53.0",
                    "status": "affected",
                    "version": "1.51.0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-1428",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-26T18:57:29.444880Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-26T18:58:56.654Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "gRPC",
              "repo": "https://github.com/grpc/grpc",
              "vendor": "Google",
              "versions": [
                {
                  "lessThan": "1.53",
                  "status": "affected",
                  "version": "1.51",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2023-02-28T23:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "There exists an vulnerability causing an abort() to be called in gRPC.\u0026nbsp;\u003cbr\u003e\u003cp\u003eThe following headers cause gRPC\u0027s C++ implementation to abort() when called via http2:\u003c/p\u003e\u003cp\u003e\u003ccode\u003ete: x (x != trailers)\u003c/code\u003e\u003c/p\u003e\u003cp\u003e\u003ccode\u003e:scheme: x (x != http, https)\u003c/code\u003e\u003c/p\u003e\u003cp\u003e\u003ccode\u003egrpclb_client_stats: x (x == anything)\u003c/code\u003e\u003c/p\u003eOn top of sending one of those headers, a later header must be sent that gets the total header size past 8KB. We recommend upgrading past git commit\u0026nbsp;2485fa94bd8a723e5c977d55a3ce10b301b437f8 or v1.53 and above.\u003cbr\u003e\u003cbr\u003e"
                }
              ],
              "value": "There exists an vulnerability causing an abort() to be called in gRPC.\u00a0\nThe following headers cause gRPC\u0027s C++ implementation to abort() when called via http2:\n\nte: x (x != trailers)\n\n:scheme: x (x != http, https)\n\ngrpclb_client_stats: x (x == anything)\n\nOn top of sending one of those headers, a later header must be sent that gets the total header size past 8KB. We recommend upgrading past git commit\u00a02485fa94bd8a723e5c977d55a3ce10b301b437f8 or v1.53 and above.\n\n"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-153",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-153 Input Data Manipulation"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-617",
                  "description": "CWE-617 Reachable Assertion",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-06-09T10:46:54.244Z",
            "orgId": "14ed7db2-1595-443d-9d34-6215bf890778",
            "shortName": "Google"
          },
          "references": [
            {
              "url": "https://github.com/grpc/grpc/commit/2485fa94bd8a723e5c977d55a3ce10b301b437f8"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Fixes available in these releases:\u003cbr\u003e- 1.52.2: \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://github.com/grpc/grpc/releases/tag/v1.52.2\"\u003ehttps://github.com/grpc/grpc/releases/tag/v1.52.2\u003c/a\u003e\u003cbr\u003e- 1.53.1: \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://github.com/grpc/grpc/releases/tag/v1.53.1\"\u003ehttps://github.com/grpc/grpc/releases/tag/v1.53.1\u003c/a\u003e\u003cbr\u003e- 1.54.2: \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://github.com/grpc/grpc/releases/tag/v1.54.2\"\u003ehttps://github.com/grpc/grpc/releases/tag/v1.54.2\u003c/a\u003e\u003cbr\u003e- 1.55.0: \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://github.com/grpc/grpc/releases/tag/v1.55.0\"\u003ehttps://github.com/grpc/grpc/releases/tag/v1.55.0\u003c/a\u003e\u003cbr\u003e\u003cbr\u003e"
                }
              ],
              "value": "Fixes available in these releases:\n- 1.52.2:  https://github.com/grpc/grpc/releases/tag/v1.52.2 https://github.com/grpc/grpc/releases/tag/v1.52.2 \n- 1.53.1:  https://github.com/grpc/grpc/releases/tag/v1.53.1 https://github.com/grpc/grpc/releases/tag/v1.53.1 \n- 1.54.2:  https://github.com/grpc/grpc/releases/tag/v1.54.2 https://github.com/grpc/grpc/releases/tag/v1.54.2 \n- 1.55.0:  https://github.com/grpc/grpc/releases/tag/v1.55.0 https://github.com/grpc/grpc/releases/tag/v1.55.0 \n\n"
            }
          ],
          "source": {
            "discovery": "INTERNAL"
          },
          "title": "Denial-of-Service in gRPC",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778",
        "assignerShortName": "Google",
        "cveId": "CVE-2023-1428",
        "datePublished": "2023-06-09T10:46:54.244Z",
        "dateReserved": "2023-03-16T10:47:22.037Z",
        "dateUpdated": "2024-09-26T18:58:56.654Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    VAR-201908-0264

    Vulnerability from variot - Updated: 2024-07-23 22:07

    Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service. The attacker opens a number of streams and sends an invalid request over each stream that should solicit a stream of RST_STREAM frames from the peer. Depending on how the peer queues the RST_STREAM frames, this can consume excess memory, CPU, or both. Multiple HTTP/2 implementations are vulnerable to a variety of denial-of-service (DoS) attacks. HTTP/2 is the second version of the hypertext transfer protocol, which is mainly used to ensure the communication between the client and the server. A resource management error vulnerability exists in HTTP/2. An attacker could exploit this vulnerability to cause a denial of service. it exists that Twisted incorrectly validated or sanitized certain URIs or HTTP methods. A remote attacker could use this issue to inject invalid characters and possibly perform header injection attacks. (CVE-2019-12387). Description:

    Both the openshift and atomic-enterprise-service-catalog packages have been rebuilt with updates versions of golang. Solution:

    For OpenShift Container Platform 4.1 see the following documentation, which will be updated shortly for release 4.1.14, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:

    https://docs.openshift.com/container-platform/4.1/release_notes/ocp-4-1-rel ease-notes.html

    Details on how to access this content are available at https://docs.openshift.com/container-platform/4.1/updating/updating-cluster - -cli.html. Description:

    Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

    ====================================================================
    Red Hat Security Advisory

    Synopsis: Important: rh-nodejs8-nodejs security update Advisory ID: RHSA-2019:2955-01 Product: Red Hat Software Collections Advisory URL: https://access.redhat.com/errata/RHSA-2019:2955 Issue date: 2019-10-02 CVE Names: CVE-2019-9511 CVE-2019-9512 CVE-2019-9513 CVE-2019-9514 CVE-2019-9515 CVE-2019-9516 CVE-2019-9517 CVE-2019-9518 ==================================================================== 1. Summary:

    An update for rh-nodejs8-nodejs is now available for Red Hat Software Collections.

    Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

    1. Relevant releases/architectures:

    Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - aarch64, noarch, ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5) - noarch, ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6) - noarch, ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7) - noarch, ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64

    1. Description:

    Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language.

    The following packages have been upgraded to a later upstream version: rh-nodejs8-nodejs (8.16.1).

    Security Fix(es):

    • HTTP/2: large amount of data requests leads to denial of service (CVE-2019-9511)

    • HTTP/2: flood using PING frames results in unbounded memory growth (CVE-2019-9512)

    • HTTP/2: flood using PRIORITY frames results in excessive resource consumption (CVE-2019-9513)

    • HTTP/2: flood using HEADERS frames results in unbounded memory growth (CVE-2019-9514)

    • HTTP/2: flood using SETTINGS frames results in unbounded memory growth (CVE-2019-9515)

    • HTTP/2: 0-length headers lead to denial of service (CVE-2019-9516)

    • HTTP/2: request for large response leads to denial of service (CVE-2019-9517)

    • HTTP/2: flood using empty frames results in excessive resource consumption (CVE-2019-9518)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

    1. Solution:

    For details on how to apply this update, which includes the changes described in this advisory, refer to:

    https://access.redhat.com/articles/11258

    1. Bugs fixed (https://bugzilla.redhat.com/):

    1735645 - CVE-2019-9512 HTTP/2: flood using PING frames results in unbounded memory growth 1735741 - CVE-2019-9513 HTTP/2: flood using PRIORITY frames results in excessive resource consumption 1735744 - CVE-2019-9514 HTTP/2: flood using HEADERS frames results in unbounded memory growth 1735745 - CVE-2019-9515 HTTP/2: flood using SETTINGS frames results in unbounded memory growth 1735749 - CVE-2019-9518 HTTP/2: flood using empty frames results in excessive resource consumption 1741860 - CVE-2019-9511 HTTP/2: large amount of data requests leads to denial of service 1741864 - CVE-2019-9516 HTTP/2: 0-length headers lead to denial of service 1741868 - CVE-2019-9517 HTTP/2: request for large response leads to denial of service

    1. Package List:

    Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):

    Source: rh-nodejs8-3.0-5.el7.src.rpm rh-nodejs8-nodejs-8.16.1-2.el7.src.rpm

    aarch64: rh-nodejs8-3.0-5.el7.aarch64.rpm rh-nodejs8-nodejs-8.16.1-2.el7.aarch64.rpm rh-nodejs8-nodejs-debuginfo-8.16.1-2.el7.aarch64.rpm rh-nodejs8-nodejs-devel-8.16.1-2.el7.aarch64.rpm rh-nodejs8-npm-6.4.1-8.16.1.2.el7.aarch64.rpm rh-nodejs8-runtime-3.0-5.el7.aarch64.rpm rh-nodejs8-scldevel-3.0-5.el7.aarch64.rpm

    noarch: rh-nodejs8-nodejs-docs-8.16.1-2.el7.noarch.rpm

    ppc64le: rh-nodejs8-3.0-5.el7.ppc64le.rpm rh-nodejs8-nodejs-8.16.1-2.el7.ppc64le.rpm rh-nodejs8-nodejs-debuginfo-8.16.1-2.el7.ppc64le.rpm rh-nodejs8-nodejs-devel-8.16.1-2.el7.ppc64le.rpm rh-nodejs8-npm-6.4.1-8.16.1.2.el7.ppc64le.rpm rh-nodejs8-runtime-3.0-5.el7.ppc64le.rpm rh-nodejs8-scldevel-3.0-5.el7.ppc64le.rpm

    s390x: rh-nodejs8-3.0-5.el7.s390x.rpm rh-nodejs8-nodejs-8.16.1-2.el7.s390x.rpm rh-nodejs8-nodejs-debuginfo-8.16.1-2.el7.s390x.rpm rh-nodejs8-nodejs-devel-8.16.1-2.el7.s390x.rpm rh-nodejs8-npm-6.4.1-8.16.1.2.el7.s390x.rpm rh-nodejs8-runtime-3.0-5.el7.s390x.rpm rh-nodejs8-scldevel-3.0-5.el7.s390x.rpm

    Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):

    Source: rh-nodejs8-3.0-5.el7.src.rpm rh-nodejs8-nodejs-8.16.1-2.el7.src.rpm

    aarch64: rh-nodejs8-3.0-5.el7.aarch64.rpm rh-nodejs8-nodejs-8.16.1-2.el7.aarch64.rpm rh-nodejs8-nodejs-debuginfo-8.16.1-2.el7.aarch64.rpm rh-nodejs8-nodejs-devel-8.16.1-2.el7.aarch64.rpm rh-nodejs8-npm-6.4.1-8.16.1.2.el7.aarch64.rpm rh-nodejs8-runtime-3.0-5.el7.aarch64.rpm rh-nodejs8-scldevel-3.0-5.el7.aarch64.rpm

    noarch: rh-nodejs8-nodejs-docs-8.16.1-2.el7.noarch.rpm

    ppc64le: rh-nodejs8-3.0-5.el7.ppc64le.rpm rh-nodejs8-nodejs-8.16.1-2.el7.ppc64le.rpm rh-nodejs8-nodejs-debuginfo-8.16.1-2.el7.ppc64le.rpm rh-nodejs8-nodejs-devel-8.16.1-2.el7.ppc64le.rpm rh-nodejs8-npm-6.4.1-8.16.1.2.el7.ppc64le.rpm rh-nodejs8-runtime-3.0-5.el7.ppc64le.rpm rh-nodejs8-scldevel-3.0-5.el7.ppc64le.rpm

    s390x: rh-nodejs8-3.0-5.el7.s390x.rpm rh-nodejs8-nodejs-8.16.1-2.el7.s390x.rpm rh-nodejs8-nodejs-debuginfo-8.16.1-2.el7.s390x.rpm rh-nodejs8-nodejs-devel-8.16.1-2.el7.s390x.rpm rh-nodejs8-npm-6.4.1-8.16.1.2.el7.s390x.rpm rh-nodejs8-runtime-3.0-5.el7.s390x.rpm rh-nodejs8-scldevel-3.0-5.el7.s390x.rpm

    x86_64: rh-nodejs8-3.0-5.el7.x86_64.rpm rh-nodejs8-nodejs-8.16.1-2.el7.x86_64.rpm rh-nodejs8-nodejs-debuginfo-8.16.1-2.el7.x86_64.rpm rh-nodejs8-nodejs-devel-8.16.1-2.el7.x86_64.rpm rh-nodejs8-npm-6.4.1-8.16.1.2.el7.x86_64.rpm rh-nodejs8-runtime-3.0-5.el7.x86_64.rpm rh-nodejs8-scldevel-3.0-5.el7.x86_64.rpm

    Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5):

    Source: rh-nodejs8-3.0-5.el7.src.rpm rh-nodejs8-nodejs-8.16.1-2.el7.src.rpm

    noarch: rh-nodejs8-nodejs-docs-8.16.1-2.el7.noarch.rpm

    ppc64le: rh-nodejs8-3.0-5.el7.ppc64le.rpm rh-nodejs8-nodejs-8.16.1-2.el7.ppc64le.rpm rh-nodejs8-nodejs-debuginfo-8.16.1-2.el7.ppc64le.rpm rh-nodejs8-nodejs-devel-8.16.1-2.el7.ppc64le.rpm rh-nodejs8-npm-6.4.1-8.16.1.2.el7.ppc64le.rpm rh-nodejs8-runtime-3.0-5.el7.ppc64le.rpm rh-nodejs8-scldevel-3.0-5.el7.ppc64le.rpm

    s390x: rh-nodejs8-3.0-5.el7.s390x.rpm rh-nodejs8-nodejs-8.16.1-2.el7.s390x.rpm rh-nodejs8-nodejs-debuginfo-8.16.1-2.el7.s390x.rpm rh-nodejs8-nodejs-devel-8.16.1-2.el7.s390x.rpm rh-nodejs8-npm-6.4.1-8.16.1.2.el7.s390x.rpm rh-nodejs8-runtime-3.0-5.el7.s390x.rpm rh-nodejs8-scldevel-3.0-5.el7.s390x.rpm

    x86_64: rh-nodejs8-3.0-5.el7.x86_64.rpm rh-nodejs8-nodejs-8.16.1-2.el7.x86_64.rpm rh-nodejs8-nodejs-debuginfo-8.16.1-2.el7.x86_64.rpm rh-nodejs8-nodejs-devel-8.16.1-2.el7.x86_64.rpm rh-nodejs8-npm-6.4.1-8.16.1.2.el7.x86_64.rpm rh-nodejs8-runtime-3.0-5.el7.x86_64.rpm rh-nodejs8-scldevel-3.0-5.el7.x86_64.rpm

    Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6):

    Source: rh-nodejs8-3.0-5.el7.src.rpm rh-nodejs8-nodejs-8.16.1-2.el7.src.rpm

    noarch: rh-nodejs8-nodejs-docs-8.16.1-2.el7.noarch.rpm

    ppc64le: rh-nodejs8-3.0-5.el7.ppc64le.rpm rh-nodejs8-nodejs-8.16.1-2.el7.ppc64le.rpm rh-nodejs8-nodejs-debuginfo-8.16.1-2.el7.ppc64le.rpm rh-nodejs8-nodejs-devel-8.16.1-2.el7.ppc64le.rpm rh-nodejs8-npm-6.4.1-8.16.1.2.el7.ppc64le.rpm rh-nodejs8-runtime-3.0-5.el7.ppc64le.rpm rh-nodejs8-scldevel-3.0-5.el7.ppc64le.rpm

    s390x: rh-nodejs8-3.0-5.el7.s390x.rpm rh-nodejs8-nodejs-8.16.1-2.el7.s390x.rpm rh-nodejs8-nodejs-debuginfo-8.16.1-2.el7.s390x.rpm rh-nodejs8-nodejs-devel-8.16.1-2.el7.s390x.rpm rh-nodejs8-npm-6.4.1-8.16.1.2.el7.s390x.rpm rh-nodejs8-runtime-3.0-5.el7.s390x.rpm rh-nodejs8-scldevel-3.0-5.el7.s390x.rpm

    x86_64: rh-nodejs8-3.0-5.el7.x86_64.rpm rh-nodejs8-nodejs-8.16.1-2.el7.x86_64.rpm rh-nodejs8-nodejs-debuginfo-8.16.1-2.el7.x86_64.rpm rh-nodejs8-nodejs-devel-8.16.1-2.el7.x86_64.rpm rh-nodejs8-npm-6.4.1-8.16.1.2.el7.x86_64.rpm rh-nodejs8-runtime-3.0-5.el7.x86_64.rpm rh-nodejs8-scldevel-3.0-5.el7.x86_64.rpm

    Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7):

    Source: rh-nodejs8-3.0-5.el7.src.rpm rh-nodejs8-nodejs-8.16.1-2.el7.src.rpm

    noarch: rh-nodejs8-nodejs-docs-8.16.1-2.el7.noarch.rpm

    ppc64le: rh-nodejs8-3.0-5.el7.ppc64le.rpm rh-nodejs8-nodejs-8.16.1-2.el7.ppc64le.rpm rh-nodejs8-nodejs-debuginfo-8.16.1-2.el7.ppc64le.rpm rh-nodejs8-nodejs-devel-8.16.1-2.el7.ppc64le.rpm rh-nodejs8-npm-6.4.1-8.16.1.2.el7.ppc64le.rpm rh-nodejs8-runtime-3.0-5.el7.ppc64le.rpm rh-nodejs8-scldevel-3.0-5.el7.ppc64le.rpm

    s390x: rh-nodejs8-3.0-5.el7.s390x.rpm rh-nodejs8-nodejs-8.16.1-2.el7.s390x.rpm rh-nodejs8-nodejs-debuginfo-8.16.1-2.el7.s390x.rpm rh-nodejs8-nodejs-devel-8.16.1-2.el7.s390x.rpm rh-nodejs8-npm-6.4.1-8.16.1.2.el7.s390x.rpm rh-nodejs8-runtime-3.0-5.el7.s390x.rpm rh-nodejs8-scldevel-3.0-5.el7.s390x.rpm

    x86_64: rh-nodejs8-3.0-5.el7.x86_64.rpm rh-nodejs8-nodejs-8.16.1-2.el7.x86_64.rpm rh-nodejs8-nodejs-debuginfo-8.16.1-2.el7.x86_64.rpm rh-nodejs8-nodejs-devel-8.16.1-2.el7.x86_64.rpm rh-nodejs8-npm-6.4.1-8.16.1.2.el7.x86_64.rpm rh-nodejs8-runtime-3.0-5.el7.x86_64.rpm rh-nodejs8-scldevel-3.0-5.el7.x86_64.rpm

    Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):

    Source: rh-nodejs8-3.0-5.el7.src.rpm rh-nodejs8-nodejs-8.16.1-2.el7.src.rpm

    noarch: rh-nodejs8-nodejs-docs-8.16.1-2.el7.noarch.rpm

    x86_64: rh-nodejs8-3.0-5.el7.x86_64.rpm rh-nodejs8-nodejs-8.16.1-2.el7.x86_64.rpm rh-nodejs8-nodejs-debuginfo-8.16.1-2.el7.x86_64.rpm rh-nodejs8-nodejs-devel-8.16.1-2.el7.x86_64.rpm rh-nodejs8-npm-6.4.1-8.16.1.2.el7.x86_64.rpm rh-nodejs8-runtime-3.0-5.el7.x86_64.rpm rh-nodejs8-scldevel-3.0-5.el7.x86_64.rpm

    These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

    1. References:

    https://access.redhat.com/security/cve/CVE-2019-9511 https://access.redhat.com/security/cve/CVE-2019-9512 https://access.redhat.com/security/cve/CVE-2019-9513 https://access.redhat.com/security/cve/CVE-2019-9514 https://access.redhat.com/security/cve/CVE-2019-9515 https://access.redhat.com/security/cve/CVE-2019-9516 https://access.redhat.com/security/cve/CVE-2019-9517 https://access.redhat.com/security/cve/CVE-2019-9518 https://access.redhat.com/security/updates/classification/#important

    1. Contact:

    The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

    Copyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

    iQIVAwUBXZSz+NzjgjWX9erEAQhrnQ//YWmbjNrYsOnrqBPWZDBil0Basr6JUpEe YoTqouv9A7gkpSoYLoCRE0E3tsTxHlQwJR91vlr/dPEtHbsF52YEGrumAQCK4H6b nEhOj2pH9UG+FcPUBkyHzNQXcWYLZ9vaxVCW4gUpxm0QggyigAOdIImlZkTGgcrI mWReipMFC8hBARJU/vQ0bCCj6LfOYnx4h2pu6Jzy+vkeVJDoCNAxGT5FwfaMZTUy T0y8dpzWSq/vg2Xd3JaYnoh70a8k62kEMH3VmCBNNU3aiMiXBeBMlS1i/q00IOJ+ fy/1STMJGt1tj6xfYNsZY5E+CPVm0ZvVlKfRi8DpxPWXI48a712XZ/XONYb2jDnt pmkNM62ZdjZahQwXyC+y8havivg7LcEzxV0G2yfkNIqM33Zplz0h4BOCmLuT4I84 BMylBIrODsw70uWbc1DcPsF8vhmxryGfNNQ9FCk+jH52lRi3YnWkhRBThY+rpAqZ qmfTb4m2kD0s45q85Xv87N9F2tZJjhfYQ0U2LyHkbQov0CFkNu4YcElKMclBvvvc lzostLzxOJYt/l3qgXp+RlQNnlQG/jsFrEmmhskjzFJ8a9fhtBWNFxMcQ+SDBrUK HSNNzBwQhHam6OPCqpyWYvFT/bRbHucyMI6pGZmpc+MQ5cMAjP1A0incXot30UDD wV7rh6lCkE8=S8e1 -----END PGP SIGNATURE-----

    -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . Description:

    Red Hat Single Sign-On 7.3 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. JIRA issues fixed (https://issues.jboss.org/):

    KEYCLOAK-11792 - keycloak-spring-boot-2-adapter is missing from Red Hat maven and incremental client adapter zip

    1. Description:

    Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. See the Red Hat JBoss Enterprise Application Platform 7.2.5 Release Notes for information about the most significant bug fixes and enhancements included in this release. Solution:

    Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications. JIRA issues fixed (https://issues.jboss.org/):

    JBEAP-17075 - (7.2.z) Upgrade yasson from 1.0.2.redhat-00001 to 1.0.5 JBEAP-17220 - (7.2.x) HHH-13504 Upgrade ByteBuddy to 1.9.11 JBEAP-17365 - GSS Upgrade RESTEasy from 3.6.1.SP6 to 3.6.1.SP7 JBEAP-17476 - GSS Upgrade Generic JMS RA 2.0.2.Final JBEAP-17478 - GSS Upgrade JBoss Remoting from 5.0.14.SP1 to 5.0.16.Final JBEAP-17483 - GSS Upgrade Apache CXF from 3.2.9 to 3.2.10 JBEAP-17495 - (7.2.z) Upgrade PicketLink from 2.5.5.SP12-redhat-00007 to 2.5.5.SP12-redhat-00009 JBEAP-17496 - (7.2.z) Upgrade PicketLink bindings from 2.5.5.SP12-redhat-00007 to 2.5.5.SP12-redhat-00009 JBEAP-17513 - GSS Upgrade Hibernate ORM from 5.3.11.SP1 to 5.3.13 JBEAP-17521 - (7.2.z) Upgrade picketbox from 5.0.3.Final-redhat-00004 to 5.0.3.Final-redhat-00005 JBEAP-17523 - GSS Upgrade wildfly-core from 6.0.16 to 6.0.17 JBEAP-17547 - GSS Upgrade Elytron-Tool from 1.4.3 to 1.4.4.Final JBEAP-17548 - GSS Upgrade Elytron from 1.6.4.Final-redhat-00001 to 1.6.5.Final-redhat-00001 JBEAP-17560 - GSS Upgrade HAL from 3.0.16 to 3.0.17 JBEAP-17579 - GSS Upgrade JBoss MSC from 1.4.8 to 1.4.11 JBEAP-17582 - GSS Upgrade JSF based on Mojarra 2.3.5.SP3-redhat-00002 to 2.3.5.SP3-redhat-00003 JBEAP-17604 - Tracker bug for the EAP 7.2.5 release for RHEL-7 JBEAP-17631 - GSS Upgrade Undertow from 2.0.25.SP1 to 2.0.26.SP3 JBEAP-17647 - GSS Upgrade IronJacamar from 1.4.17.Final to 1.4.18.Final JBEAP-17665 - GSS Upgrade XNIO from 3.7.3.Final-redhat-00001 to 3.7.6.Final JBEAP-17722 - GSS Upgrade wildfly-http-client from 1.0.15.Final-redhat-00001 to 1.0.17.Final JBEAP-17874 - (7.2.z) Upgrade to wildfly-openssl 1.0.8 JBEAP-17880 - (7.2.z) Upgrade XNIO from 3.7.6.Final-redhat-00001 to 3.7.6.SP1

    1. 8) - aarch64, noarch, ppc64le, s390x, x86_64

    Bug Fix(es):

    • avc: podman run --security-opt label=type:svirt_qemu_net_t (BZ#1764318)

    • backport json-file logging support to 1.4.2 (BZ#1770176)

    • Selinux won't allow SCTP inter pod communication (BZ#1774382)

    • Description:

    AMQ Broker is a high-performance messaging implementation based on ActiveMQ Artemis. It uses an asynchronous journal for fast message persistence, and supports multiple languages, protocols, and platforms. For further information, refer to the release notes linked to in the References section.

    The References section of this erratum contains a download link (you must log in to download the update)

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201908-0264",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "leap",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "opensuse",
            "version": "15.1"
          },
          {
            "model": "big-ip local traffic manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.0.0"
          },
          {
            "model": "linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "debian",
            "version": "10.0"
          },
          {
            "model": "web gateway",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "mcafee",
            "version": "7.7.2.0"
          },
          {
            "model": "big-ip local traffic manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.0"
          },
          {
            "model": "web gateway",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "mcafee",
            "version": "7.7.2.24"
          },
          {
            "model": "vs960hd",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "synology",
            "version": null
          },
          {
            "model": "node.js",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "nodejs",
            "version": "8.16.1"
          },
          {
            "model": "node.js",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "nodejs",
            "version": "10.12.0"
          },
          {
            "model": "openshift service mesh",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": "1.0"
          },
          {
            "model": "software collections",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": "1.0"
          },
          {
            "model": "big-ip local traffic manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.0"
          },
          {
            "model": "node.js",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "nodejs",
            "version": "8.9.0"
          },
          {
            "model": "fedora",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "fedoraproject",
            "version": "29"
          },
          {
            "model": "graalvm",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "19.2.0"
          },
          {
            "model": "big-ip local traffic manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.1"
          },
          {
            "model": "node.js",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "nodejs",
            "version": "10.0.0"
          },
          {
            "model": "jboss enterprise application platform",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": "7.2.0"
          },
          {
            "model": "web gateway",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "mcafee",
            "version": "8.2.0"
          },
          {
            "model": "developer tools",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": "1.0"
          },
          {
            "model": "big-ip local traffic manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.3.2"
          },
          {
            "model": "jboss enterprise application platform",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": "7.3.0"
          },
          {
            "model": "traffic server",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "apache",
            "version": "6.2.3"
          },
          {
            "model": "node.js",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "nodejs",
            "version": "12.0.0"
          },
          {
            "model": "big-ip local traffic manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.2.1"
          },
          {
            "model": "openshift container platform",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": "4.1"
          },
          {
            "model": "big-ip local traffic manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.0.1.1"
          },
          {
            "model": "node.js",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "nodejs",
            "version": "8.0.0"
          },
          {
            "model": "traffic server",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "apache",
            "version": "8.0.0"
          },
          {
            "model": "node.js",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "nodejs",
            "version": "10.13.0"
          },
          {
            "model": "diskstation manager",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "synology",
            "version": "6.2"
          },
          {
            "model": "openshift container platform",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": "3.9"
          },
          {
            "model": "node.js",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "nodejs",
            "version": "12.8.1"
          },
          {
            "model": "swiftnio",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "apple",
            "version": "1.4.0"
          },
          {
            "model": "traffic server",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "apache",
            "version": "7.0.0"
          },
          {
            "model": "quay",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": "3.0.0"
          },
          {
            "model": "linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "debian",
            "version": "9.0"
          },
          {
            "model": "jboss core services",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": "1.0"
          },
          {
            "model": "traffic server",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "apache",
            "version": "7.1.6"
          },
          {
            "model": "enterprise linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": "8.0"
          },
          {
            "model": "openshift container platform",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": "3.11"
          },
          {
            "model": "web gateway",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "mcafee",
            "version": "8.1.0"
          },
          {
            "model": "openstack",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": "14"
          },
          {
            "model": "big-ip local traffic manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.5.1"
          },
          {
            "model": "node.js",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "nodejs",
            "version": "10.16.3"
          },
          {
            "model": "leap",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "opensuse",
            "version": "15.0"
          },
          {
            "model": "ubuntu linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "canonical",
            "version": "16.04"
          },
          {
            "model": "traffic server",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "apache",
            "version": "8.0.3"
          },
          {
            "model": "fedora",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "fedoraproject",
            "version": "30"
          },
          {
            "model": "openshift container platform",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": "3.10"
          },
          {
            "model": "single sign-on",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": "7.3"
          },
          {
            "model": "enterprise linux eus",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": "8.1"
          },
          {
            "model": "web gateway",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "mcafee",
            "version": "7.8.2.13"
          },
          {
            "model": "big-ip local traffic manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.0.1.1"
          },
          {
            "model": "ubuntu linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "canonical",
            "version": "18.04"
          },
          {
            "model": "skynas",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "synology",
            "version": null
          },
          {
            "model": "cloud insights",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "model": "swiftnio",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "apple",
            "version": "1.0.0"
          },
          {
            "model": "web gateway",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "mcafee",
            "version": "7.8.2.0"
          },
          {
            "model": "node.js",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "nodejs",
            "version": "8.8.1"
          },
          {
            "model": "big-ip local traffic manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.5.1"
          },
          {
            "model": "openshift container platform",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": "4.2"
          },
          {
            "model": "ubuntu linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "canonical",
            "version": "19.04"
          },
          {
            "model": "big-ip local traffic manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.0.0"
          },
          {
            "model": "big-ip local traffic manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.0"
          },
          {
            "model": "trident",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "model": "traffic server",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "apache",
            "version": "6.0.0"
          },
          {
            "model": "enterprise linux server",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": "7.0"
          },
          {
            "model": "enterprise linux workstation",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": "7.0"
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "akamai",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "amazon",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "apache traffic server",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "apple",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "cloudflare",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "envoy",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "facebook",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "go programming language",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "litespeed",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "microsoft",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "netty",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "node js",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "synology",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "twisted",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "ubuntu",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "grpc",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "nghttp2",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "nginx",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#605641"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-9514"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:a:apple:swiftnio:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "1.4.0",
                        "versionStartIncluding": "1.0.0",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionStartIncluding": "10.12",
                        "vulnerable": false
                      },
                      {
                        "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionStartIncluding": "14.04",
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "8.0.3",
                    "versionStartIncluding": "8.0.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "7.1.6",
                    "versionStartIncluding": "7.0.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "6.2.3",
                    "versionStartIncluding": "6.0.0",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:synology:skynas:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:synology:diskstation_manager:6.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:synology:vs960hd_firmware:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:synology:vs960hd:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:redhat:software_collections:1.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:redhat:openshift_container_platform:3.9:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:redhat:openshift_container_platform:3.10:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:redhat:jboss_core_services:1.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.2.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:redhat:single_sign-on:7.3:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:redhat:developer_tools:1.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:redhat:openshift_container_platform:4.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:redhat:openshift_container_platform:4.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:redhat:quay:3.0.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_eus:8.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:redhat:openshift_service_mesh:1.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:redhat:openstack:14:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.3.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:oracle:graalvm:19.2.0:*:*:*:enterprise:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:mcafee:web_gateway:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "7.7.2.24",
                    "versionStartIncluding": "7.7.2.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:mcafee:web_gateway:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "7.8.2.13",
                    "versionStartIncluding": "7.8.2.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:mcafee:web_gateway:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "8.2.0",
                    "versionStartIncluding": "8.1.0",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:netapp:cloud_insights:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:netapp:trident:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "14.1.2.1",
                    "versionStartIncluding": "14.1.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "14.0.1.1",
                    "versionStartIncluding": "14.0.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "13.1.3.2",
                    "versionStartIncluding": "13.1.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "15.0.1.1",
                    "versionStartIncluding": "15.0.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "12.1.5.1",
                    "versionStartIncluding": "12.1.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "11.6.5.1",
                    "versionStartIncluding": "11.6.1",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "8.8.1",
                    "versionStartIncluding": "8.0.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "10.12.0",
                    "versionStartIncluding": "10.0.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "12.8.1",
                    "versionStartIncluding": "12.0.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "10.16.3",
                    "versionStartIncluding": "10.13.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "8.16.1",
                    "versionStartIncluding": "8.9.0",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2019-9514"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Red Hat",
        "sources": [
          {
            "db": "PACKETSTORM",
            "id": "154638"
          },
          {
            "db": "PACKETSTORM",
            "id": "154444"
          },
          {
            "db": "PACKETSTORM",
            "id": "155037"
          },
          {
            "db": "PACKETSTORM",
            "id": "154396"
          },
          {
            "db": "PACKETSTORM",
            "id": "154712"
          },
          {
            "db": "PACKETSTORM",
            "id": "155520"
          },
          {
            "db": "PACKETSTORM",
            "id": "155484"
          },
          {
            "db": "PACKETSTORM",
            "id": "155704"
          },
          {
            "db": "PACKETSTORM",
            "id": "156852"
          },
          {
            "db": "PACKETSTORM",
            "id": "155396"
          }
        ],
        "trust": 1.0
      },
      "cve": "CVE-2019-9514",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.8,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "HIGH",
                "trust": 1.0,
                "userInteractionRequired": false,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.8,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "VHN-160949",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:C",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULMON",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.8,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "CVE-2019-9514",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "HIGH",
                "trust": 0.1,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "NVD",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 3.9,
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "cret@cert.org",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 3.9,
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2019-9514",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "cret@cert.org",
                "id": "CVE-2019-9514",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201908-931",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "VULHUB",
                "id": "VHN-160949",
                "trust": 0.1,
                "value": "HIGH"
              },
              {
                "author": "VULMON",
                "id": "CVE-2019-9514",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-160949"
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-9514"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201908-931"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-9514"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-9514"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service. The attacker opens a number of streams and sends an invalid request over each stream that should solicit a stream of RST_STREAM frames from the peer. Depending on how the peer queues the RST_STREAM frames, this can consume excess memory, CPU, or both. Multiple HTTP/2 implementations are vulnerable to a variety of denial-of-service (DoS) attacks. HTTP/2 is the second version of the hypertext transfer protocol, which is mainly used to ensure the communication between the client and the server. A resource management error vulnerability exists in HTTP/2. An attacker could exploit this vulnerability to cause a denial of service. it exists that Twisted incorrectly validated or sanitized certain\nURIs or HTTP methods. A remote attacker could use this issue to inject\ninvalid characters and possibly perform header injection attacks. \n(CVE-2019-12387). Description:\n\nBoth the openshift and atomic-enterprise-service-catalog packages have been\nrebuilt with updates versions of golang. Solution:\n\nFor OpenShift Container Platform 4.1 see the following documentation, which\nwill be updated shortly for release 4.1.14, for important instructions on\nhow to upgrade your cluster and fully apply this asynchronous errata\nupdate:\n\nhttps://docs.openshift.com/container-platform/4.1/release_notes/ocp-4-1-rel\nease-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.1/updating/updating-cluster\n- -cli.html. Description:\n\nGo Toolset provides the Go programming language tools and libraries. Go is\nalternatively known as golang. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n====================================================================                   \nRed Hat Security Advisory\n\nSynopsis:          Important: rh-nodejs8-nodejs security update\nAdvisory ID:       RHSA-2019:2955-01\nProduct:           Red Hat Software Collections\nAdvisory URL:      https://access.redhat.com/errata/RHSA-2019:2955\nIssue date:        2019-10-02\nCVE Names:         CVE-2019-9511 CVE-2019-9512 CVE-2019-9513\n                   CVE-2019-9514 CVE-2019-9515 CVE-2019-9516\n                   CVE-2019-9517 CVE-2019-9518\n====================================================================\n1. Summary:\n\nAn update for rh-nodejs8-nodejs is now available for Red Hat Software\nCollections. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - aarch64, noarch, ppc64le, s390x, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5) - noarch, ppc64le, s390x, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6) - noarch, ppc64le, s390x, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7) - noarch, ppc64le, s390x, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64\n\n3. Description:\n\nNode.js is a software development platform for building fast and scalable\nnetwork applications in the JavaScript programming language. \n\nThe following packages have been upgraded to a later upstream version:\nrh-nodejs8-nodejs (8.16.1). \n\nSecurity Fix(es):\n\n* HTTP/2: large amount of data requests leads to denial of service\n(CVE-2019-9511)\n\n* HTTP/2: flood using PING frames results in unbounded memory growth\n(CVE-2019-9512)\n\n* HTTP/2: flood using PRIORITY frames results in excessive resource\nconsumption (CVE-2019-9513)\n\n* HTTP/2: flood using HEADERS frames results in unbounded memory growth\n(CVE-2019-9514)\n\n* HTTP/2: flood using SETTINGS frames results in unbounded memory growth\n(CVE-2019-9515)\n\n* HTTP/2: 0-length headers lead to denial of service (CVE-2019-9516)\n\n* HTTP/2: request for large response leads to denial of service\n(CVE-2019-9517)\n\n* HTTP/2: flood using empty frames results in excessive resource\nconsumption (CVE-2019-9518)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1735645 - CVE-2019-9512 HTTP/2: flood using PING frames results in unbounded memory growth\n1735741 - CVE-2019-9513 HTTP/2: flood using PRIORITY frames results in excessive resource consumption\n1735744 - CVE-2019-9514 HTTP/2: flood using HEADERS frames results in unbounded memory growth\n1735745 - CVE-2019-9515 HTTP/2: flood using SETTINGS frames results in unbounded memory growth\n1735749 - CVE-2019-9518 HTTP/2: flood using empty frames results in excessive resource consumption\n1741860 - CVE-2019-9511 HTTP/2: large amount of data requests leads to denial of service\n1741864 - CVE-2019-9516 HTTP/2: 0-length headers lead to denial of service\n1741868 - CVE-2019-9517 HTTP/2: request for large response leads to denial of service\n\n6. Package List:\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-nodejs8-3.0-5.el7.src.rpm\nrh-nodejs8-nodejs-8.16.1-2.el7.src.rpm\n\naarch64:\nrh-nodejs8-3.0-5.el7.aarch64.rpm\nrh-nodejs8-nodejs-8.16.1-2.el7.aarch64.rpm\nrh-nodejs8-nodejs-debuginfo-8.16.1-2.el7.aarch64.rpm\nrh-nodejs8-nodejs-devel-8.16.1-2.el7.aarch64.rpm\nrh-nodejs8-npm-6.4.1-8.16.1.2.el7.aarch64.rpm\nrh-nodejs8-runtime-3.0-5.el7.aarch64.rpm\nrh-nodejs8-scldevel-3.0-5.el7.aarch64.rpm\n\nnoarch:\nrh-nodejs8-nodejs-docs-8.16.1-2.el7.noarch.rpm\n\nppc64le:\nrh-nodejs8-3.0-5.el7.ppc64le.rpm\nrh-nodejs8-nodejs-8.16.1-2.el7.ppc64le.rpm\nrh-nodejs8-nodejs-debuginfo-8.16.1-2.el7.ppc64le.rpm\nrh-nodejs8-nodejs-devel-8.16.1-2.el7.ppc64le.rpm\nrh-nodejs8-npm-6.4.1-8.16.1.2.el7.ppc64le.rpm\nrh-nodejs8-runtime-3.0-5.el7.ppc64le.rpm\nrh-nodejs8-scldevel-3.0-5.el7.ppc64le.rpm\n\ns390x:\nrh-nodejs8-3.0-5.el7.s390x.rpm\nrh-nodejs8-nodejs-8.16.1-2.el7.s390x.rpm\nrh-nodejs8-nodejs-debuginfo-8.16.1-2.el7.s390x.rpm\nrh-nodejs8-nodejs-devel-8.16.1-2.el7.s390x.rpm\nrh-nodejs8-npm-6.4.1-8.16.1.2.el7.s390x.rpm\nrh-nodejs8-runtime-3.0-5.el7.s390x.rpm\nrh-nodejs8-scldevel-3.0-5.el7.s390x.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-nodejs8-3.0-5.el7.src.rpm\nrh-nodejs8-nodejs-8.16.1-2.el7.src.rpm\n\naarch64:\nrh-nodejs8-3.0-5.el7.aarch64.rpm\nrh-nodejs8-nodejs-8.16.1-2.el7.aarch64.rpm\nrh-nodejs8-nodejs-debuginfo-8.16.1-2.el7.aarch64.rpm\nrh-nodejs8-nodejs-devel-8.16.1-2.el7.aarch64.rpm\nrh-nodejs8-npm-6.4.1-8.16.1.2.el7.aarch64.rpm\nrh-nodejs8-runtime-3.0-5.el7.aarch64.rpm\nrh-nodejs8-scldevel-3.0-5.el7.aarch64.rpm\n\nnoarch:\nrh-nodejs8-nodejs-docs-8.16.1-2.el7.noarch.rpm\n\nppc64le:\nrh-nodejs8-3.0-5.el7.ppc64le.rpm\nrh-nodejs8-nodejs-8.16.1-2.el7.ppc64le.rpm\nrh-nodejs8-nodejs-debuginfo-8.16.1-2.el7.ppc64le.rpm\nrh-nodejs8-nodejs-devel-8.16.1-2.el7.ppc64le.rpm\nrh-nodejs8-npm-6.4.1-8.16.1.2.el7.ppc64le.rpm\nrh-nodejs8-runtime-3.0-5.el7.ppc64le.rpm\nrh-nodejs8-scldevel-3.0-5.el7.ppc64le.rpm\n\ns390x:\nrh-nodejs8-3.0-5.el7.s390x.rpm\nrh-nodejs8-nodejs-8.16.1-2.el7.s390x.rpm\nrh-nodejs8-nodejs-debuginfo-8.16.1-2.el7.s390x.rpm\nrh-nodejs8-nodejs-devel-8.16.1-2.el7.s390x.rpm\nrh-nodejs8-npm-6.4.1-8.16.1.2.el7.s390x.rpm\nrh-nodejs8-runtime-3.0-5.el7.s390x.rpm\nrh-nodejs8-scldevel-3.0-5.el7.s390x.rpm\n\nx86_64:\nrh-nodejs8-3.0-5.el7.x86_64.rpm\nrh-nodejs8-nodejs-8.16.1-2.el7.x86_64.rpm\nrh-nodejs8-nodejs-debuginfo-8.16.1-2.el7.x86_64.rpm\nrh-nodejs8-nodejs-devel-8.16.1-2.el7.x86_64.rpm\nrh-nodejs8-npm-6.4.1-8.16.1.2.el7.x86_64.rpm\nrh-nodejs8-runtime-3.0-5.el7.x86_64.rpm\nrh-nodejs8-scldevel-3.0-5.el7.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5):\n\nSource:\nrh-nodejs8-3.0-5.el7.src.rpm\nrh-nodejs8-nodejs-8.16.1-2.el7.src.rpm\n\nnoarch:\nrh-nodejs8-nodejs-docs-8.16.1-2.el7.noarch.rpm\n\nppc64le:\nrh-nodejs8-3.0-5.el7.ppc64le.rpm\nrh-nodejs8-nodejs-8.16.1-2.el7.ppc64le.rpm\nrh-nodejs8-nodejs-debuginfo-8.16.1-2.el7.ppc64le.rpm\nrh-nodejs8-nodejs-devel-8.16.1-2.el7.ppc64le.rpm\nrh-nodejs8-npm-6.4.1-8.16.1.2.el7.ppc64le.rpm\nrh-nodejs8-runtime-3.0-5.el7.ppc64le.rpm\nrh-nodejs8-scldevel-3.0-5.el7.ppc64le.rpm\n\ns390x:\nrh-nodejs8-3.0-5.el7.s390x.rpm\nrh-nodejs8-nodejs-8.16.1-2.el7.s390x.rpm\nrh-nodejs8-nodejs-debuginfo-8.16.1-2.el7.s390x.rpm\nrh-nodejs8-nodejs-devel-8.16.1-2.el7.s390x.rpm\nrh-nodejs8-npm-6.4.1-8.16.1.2.el7.s390x.rpm\nrh-nodejs8-runtime-3.0-5.el7.s390x.rpm\nrh-nodejs8-scldevel-3.0-5.el7.s390x.rpm\n\nx86_64:\nrh-nodejs8-3.0-5.el7.x86_64.rpm\nrh-nodejs8-nodejs-8.16.1-2.el7.x86_64.rpm\nrh-nodejs8-nodejs-debuginfo-8.16.1-2.el7.x86_64.rpm\nrh-nodejs8-nodejs-devel-8.16.1-2.el7.x86_64.rpm\nrh-nodejs8-npm-6.4.1-8.16.1.2.el7.x86_64.rpm\nrh-nodejs8-runtime-3.0-5.el7.x86_64.rpm\nrh-nodejs8-scldevel-3.0-5.el7.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6):\n\nSource:\nrh-nodejs8-3.0-5.el7.src.rpm\nrh-nodejs8-nodejs-8.16.1-2.el7.src.rpm\n\nnoarch:\nrh-nodejs8-nodejs-docs-8.16.1-2.el7.noarch.rpm\n\nppc64le:\nrh-nodejs8-3.0-5.el7.ppc64le.rpm\nrh-nodejs8-nodejs-8.16.1-2.el7.ppc64le.rpm\nrh-nodejs8-nodejs-debuginfo-8.16.1-2.el7.ppc64le.rpm\nrh-nodejs8-nodejs-devel-8.16.1-2.el7.ppc64le.rpm\nrh-nodejs8-npm-6.4.1-8.16.1.2.el7.ppc64le.rpm\nrh-nodejs8-runtime-3.0-5.el7.ppc64le.rpm\nrh-nodejs8-scldevel-3.0-5.el7.ppc64le.rpm\n\ns390x:\nrh-nodejs8-3.0-5.el7.s390x.rpm\nrh-nodejs8-nodejs-8.16.1-2.el7.s390x.rpm\nrh-nodejs8-nodejs-debuginfo-8.16.1-2.el7.s390x.rpm\nrh-nodejs8-nodejs-devel-8.16.1-2.el7.s390x.rpm\nrh-nodejs8-npm-6.4.1-8.16.1.2.el7.s390x.rpm\nrh-nodejs8-runtime-3.0-5.el7.s390x.rpm\nrh-nodejs8-scldevel-3.0-5.el7.s390x.rpm\n\nx86_64:\nrh-nodejs8-3.0-5.el7.x86_64.rpm\nrh-nodejs8-nodejs-8.16.1-2.el7.x86_64.rpm\nrh-nodejs8-nodejs-debuginfo-8.16.1-2.el7.x86_64.rpm\nrh-nodejs8-nodejs-devel-8.16.1-2.el7.x86_64.rpm\nrh-nodejs8-npm-6.4.1-8.16.1.2.el7.x86_64.rpm\nrh-nodejs8-runtime-3.0-5.el7.x86_64.rpm\nrh-nodejs8-scldevel-3.0-5.el7.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7):\n\nSource:\nrh-nodejs8-3.0-5.el7.src.rpm\nrh-nodejs8-nodejs-8.16.1-2.el7.src.rpm\n\nnoarch:\nrh-nodejs8-nodejs-docs-8.16.1-2.el7.noarch.rpm\n\nppc64le:\nrh-nodejs8-3.0-5.el7.ppc64le.rpm\nrh-nodejs8-nodejs-8.16.1-2.el7.ppc64le.rpm\nrh-nodejs8-nodejs-debuginfo-8.16.1-2.el7.ppc64le.rpm\nrh-nodejs8-nodejs-devel-8.16.1-2.el7.ppc64le.rpm\nrh-nodejs8-npm-6.4.1-8.16.1.2.el7.ppc64le.rpm\nrh-nodejs8-runtime-3.0-5.el7.ppc64le.rpm\nrh-nodejs8-scldevel-3.0-5.el7.ppc64le.rpm\n\ns390x:\nrh-nodejs8-3.0-5.el7.s390x.rpm\nrh-nodejs8-nodejs-8.16.1-2.el7.s390x.rpm\nrh-nodejs8-nodejs-debuginfo-8.16.1-2.el7.s390x.rpm\nrh-nodejs8-nodejs-devel-8.16.1-2.el7.s390x.rpm\nrh-nodejs8-npm-6.4.1-8.16.1.2.el7.s390x.rpm\nrh-nodejs8-runtime-3.0-5.el7.s390x.rpm\nrh-nodejs8-scldevel-3.0-5.el7.s390x.rpm\n\nx86_64:\nrh-nodejs8-3.0-5.el7.x86_64.rpm\nrh-nodejs8-nodejs-8.16.1-2.el7.x86_64.rpm\nrh-nodejs8-nodejs-debuginfo-8.16.1-2.el7.x86_64.rpm\nrh-nodejs8-nodejs-devel-8.16.1-2.el7.x86_64.rpm\nrh-nodejs8-npm-6.4.1-8.16.1.2.el7.x86_64.rpm\nrh-nodejs8-runtime-3.0-5.el7.x86_64.rpm\nrh-nodejs8-scldevel-3.0-5.el7.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-nodejs8-3.0-5.el7.src.rpm\nrh-nodejs8-nodejs-8.16.1-2.el7.src.rpm\n\nnoarch:\nrh-nodejs8-nodejs-docs-8.16.1-2.el7.noarch.rpm\n\nx86_64:\nrh-nodejs8-3.0-5.el7.x86_64.rpm\nrh-nodejs8-nodejs-8.16.1-2.el7.x86_64.rpm\nrh-nodejs8-nodejs-debuginfo-8.16.1-2.el7.x86_64.rpm\nrh-nodejs8-nodejs-devel-8.16.1-2.el7.x86_64.rpm\nrh-nodejs8-npm-6.4.1-8.16.1.2.el7.x86_64.rpm\nrh-nodejs8-runtime-3.0-5.el7.x86_64.rpm\nrh-nodejs8-scldevel-3.0-5.el7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2019-9511\nhttps://access.redhat.com/security/cve/CVE-2019-9512\nhttps://access.redhat.com/security/cve/CVE-2019-9513\nhttps://access.redhat.com/security/cve/CVE-2019-9514\nhttps://access.redhat.com/security/cve/CVE-2019-9515\nhttps://access.redhat.com/security/cve/CVE-2019-9516\nhttps://access.redhat.com/security/cve/CVE-2019-9517\nhttps://access.redhat.com/security/cve/CVE-2019-9518\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2019 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBXZSz+NzjgjWX9erEAQhrnQ//YWmbjNrYsOnrqBPWZDBil0Basr6JUpEe\nYoTqouv9A7gkpSoYLoCRE0E3tsTxHlQwJR91vlr/dPEtHbsF52YEGrumAQCK4H6b\nnEhOj2pH9UG+FcPUBkyHzNQXcWYLZ9vaxVCW4gUpxm0QggyigAOdIImlZkTGgcrI\nmWReipMFC8hBARJU/vQ0bCCj6LfOYnx4h2pu6Jzy+vkeVJDoCNAxGT5FwfaMZTUy\nT0y8dpzWSq/vg2Xd3JaYnoh70a8k62kEMH3VmCBNNU3aiMiXBeBMlS1i/q00IOJ+\nfy/1STMJGt1tj6xfYNsZY5E+CPVm0ZvVlKfRi8DpxPWXI48a712XZ/XONYb2jDnt\npmkNM62ZdjZahQwXyC+y8havivg7LcEzxV0G2yfkNIqM33Zplz0h4BOCmLuT4I84\nBMylBIrODsw70uWbc1DcPsF8vhmxryGfNNQ9FCk+jH52lRi3YnWkhRBThY+rpAqZ\nqmfTb4m2kD0s45q85Xv87N9F2tZJjhfYQ0U2LyHkbQov0CFkNu4YcElKMclBvvvc\nlzostLzxOJYt/l3qgXp+RlQNnlQG/jsFrEmmhskjzFJ8a9fhtBWNFxMcQ+SDBrUK\nHSNNzBwQhHam6OPCqpyWYvFT/bRbHucyMI6pGZmpc+MQ5cMAjP1A0incXot30UDD\nwV7rh6lCkE8=S8e1\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. Description:\n\nRed Hat Single Sign-On 7.3 is a standalone server, based on the Keycloak\nproject, that provides authentication and standards-based single sign-on\ncapabilities for web and mobile applications. JIRA issues fixed (https://issues.jboss.org/):\n\nKEYCLOAK-11792 - keycloak-spring-boot-2-adapter is missing from Red Hat maven and incremental client adapter zip\n\n6. Description:\n\nRed Hat JBoss Enterprise Application Platform 7 is a platform for Java\napplications based on the WildFly application runtime. See the Red Hat JBoss Enterprise\nApplication Platform 7.2.5 Release Notes for information about the most\nsignificant bug fixes and enhancements included in this release. Solution:\n\nBefore applying this update, back up your existing Red Hat JBoss Enterprise\nApplication Platform installation and deployed applications. JIRA issues fixed (https://issues.jboss.org/):\n\nJBEAP-17075 - (7.2.z) Upgrade yasson from 1.0.2.redhat-00001 to 1.0.5\nJBEAP-17220 - (7.2.x) HHH-13504 Upgrade ByteBuddy to 1.9.11\nJBEAP-17365 - [GSS](7.2.z) Upgrade RESTEasy from 3.6.1.SP6 to 3.6.1.SP7\nJBEAP-17476 - [GSS](7.2.z) Upgrade Generic JMS RA 2.0.2.Final\nJBEAP-17478 - [GSS](7.2.z) Upgrade JBoss Remoting from 5.0.14.SP1 to 5.0.16.Final\nJBEAP-17483 - [GSS](7.2.z) Upgrade Apache CXF from 3.2.9 to 3.2.10\nJBEAP-17495 - (7.2.z) Upgrade PicketLink from 2.5.5.SP12-redhat-00007 to 2.5.5.SP12-redhat-00009\nJBEAP-17496 - (7.2.z) Upgrade PicketLink bindings from 2.5.5.SP12-redhat-00007 to 2.5.5.SP12-redhat-00009\nJBEAP-17513 - [GSS](7.2.z) Upgrade Hibernate ORM from 5.3.11.SP1 to 5.3.13\nJBEAP-17521 - (7.2.z) Upgrade picketbox from 5.0.3.Final-redhat-00004 to 5.0.3.Final-redhat-00005\nJBEAP-17523 - [GSS](7.2.z) Upgrade wildfly-core from 6.0.16 to 6.0.17\nJBEAP-17547 - [GSS](7.2.z) Upgrade Elytron-Tool from 1.4.3 to 1.4.4.Final\nJBEAP-17548 - [GSS](7.2.z) Upgrade Elytron from 1.6.4.Final-redhat-00001 to 1.6.5.Final-redhat-00001\nJBEAP-17560 - [GSS](7.2.z) Upgrade HAL from 3.0.16 to 3.0.17\nJBEAP-17579 - [GSS](7.2.z) Upgrade JBoss MSC from 1.4.8 to 1.4.11\nJBEAP-17582 - [GSS](7.2.z) Upgrade JSF based on Mojarra 2.3.5.SP3-redhat-00002 to 2.3.5.SP3-redhat-00003\nJBEAP-17604 - Tracker bug for the EAP 7.2.5 release for RHEL-7\nJBEAP-17631 - [GSS](7.2.z) Upgrade Undertow from 2.0.25.SP1 to 2.0.26.SP3\nJBEAP-17647 - [GSS](7.2.z) Upgrade IronJacamar from 1.4.17.Final to 1.4.18.Final\nJBEAP-17665 - [GSS](7.2.z) Upgrade XNIO from 3.7.3.Final-redhat-00001 to 3.7.6.Final\nJBEAP-17722 - [GSS](7.2.z) Upgrade wildfly-http-client from 1.0.15.Final-redhat-00001 to 1.0.17.Final\nJBEAP-17874 - (7.2.z) Upgrade to wildfly-openssl 1.0.8\nJBEAP-17880 - (7.2.z) Upgrade XNIO from 3.7.6.Final-redhat-00001 to 3.7.6.SP1\n\n7. 8) - aarch64, noarch, ppc64le, s390x, x86_64\n\n3. \n\nBug Fix(es):\n\n* avc: podman run --security-opt label=type:svirt_qemu_net_t (BZ#1764318)\n\n* backport json-file logging support to 1.4.2 (BZ#1770176)\n\n* Selinux won\u0027t allow SCTP inter pod communication (BZ#1774382)\n\n4. Description:\n\nAMQ Broker is a high-performance messaging implementation based on ActiveMQ\nArtemis. It uses an asynchronous journal for fast message persistence, and\nsupports multiple languages, protocols, and platforms. For further information, refer to the release notes linked to\nin the References section. \n\nThe References section of this erratum contains a download link (you must\nlog in to download the update)",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2019-9514"
          },
          {
            "db": "CERT/CC",
            "id": "VU#605641"
          },
          {
            "db": "VULHUB",
            "id": "VHN-160949"
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-9514"
          },
          {
            "db": "PACKETSTORM",
            "id": "154638"
          },
          {
            "db": "PACKETSTORM",
            "id": "154444"
          },
          {
            "db": "PACKETSTORM",
            "id": "155037"
          },
          {
            "db": "PACKETSTORM",
            "id": "154396"
          },
          {
            "db": "PACKETSTORM",
            "id": "154712"
          },
          {
            "db": "PACKETSTORM",
            "id": "155520"
          },
          {
            "db": "PACKETSTORM",
            "id": "155484"
          },
          {
            "db": "PACKETSTORM",
            "id": "155704"
          },
          {
            "db": "PACKETSTORM",
            "id": "156852"
          },
          {
            "db": "PACKETSTORM",
            "id": "155396"
          }
        ],
        "trust": 2.7
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2019-9514",
            "trust": 2.8
          },
          {
            "db": "CERT/CC",
            "id": "VU#605641",
            "trust": 2.6
          },
          {
            "db": "MCAFEE",
            "id": "SB10296",
            "trust": 1.8
          },
          {
            "db": "OPENWALL",
            "id": "OSS-SECURITY/2019/08/20/1",
            "trust": 1.8
          },
          {
            "db": "OPENWALL",
            "id": "OSS-SECURITY/2023/10/18/8",
            "trust": 1.0
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201908-931",
            "trust": 0.7
          },
          {
            "db": "PACKETSTORM",
            "id": "158651",
            "trust": 0.7
          },
          {
            "db": "PACKETSTORM",
            "id": "155520",
            "trust": 0.7
          },
          {
            "db": "PACKETSTORM",
            "id": "155484",
            "trust": 0.7
          },
          {
            "db": "PACKETSTORM",
            "id": "156852",
            "trust": 0.7
          },
          {
            "db": "PACKETSTORM",
            "id": "155396",
            "trust": 0.7
          },
          {
            "db": "PACKETSTORM",
            "id": "157214",
            "trust": 0.6
          },
          {
            "db": "PACKETSTORM",
            "id": "157741",
            "trust": 0.6
          },
          {
            "db": "PACKETSTORM",
            "id": "155705",
            "trust": 0.6
          },
          {
            "db": "PACKETSTORM",
            "id": "156209",
            "trust": 0.6
          },
          {
            "db": "PACKETSTORM",
            "id": "156941",
            "trust": 0.6
          },
          {
            "db": "PACKETSTORM",
            "id": "158095",
            "trust": 0.6
          },
          {
            "db": "PACKETSTORM",
            "id": "156628",
            "trust": 0.6
          },
          {
            "db": "PACKETSTORM",
            "id": "155352",
            "trust": 0.6
          },
          {
            "db": "PACKETSTORM",
            "id": "154135",
            "trust": 0.6
          },
          {
            "db": "PACKETSTORM",
            "id": "155728",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2019.4238",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2019.4737",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2019.4332",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.4324",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.1544",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.1030",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.2619",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2019.4533",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.0643",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.1766",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2019.3152",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.1076",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.0994",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2019.3114",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2019.3597.2",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.0007",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2019.4645",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2019.4596",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2019.4586",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.0100",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2019.4788",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.2071",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2019.4697",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2019.4484",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.1335",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.1427",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2019.4368",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2019.4665",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.0832",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2019.3597.3",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022072128",
            "trust": 0.6
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-19-346-01",
            "trust": 0.6
          },
          {
            "db": "NSFOCUS",
            "id": "43921",
            "trust": 0.6
          },
          {
            "db": "PACKETSTORM",
            "id": "158650",
            "trust": 0.1
          },
          {
            "db": "VULHUB",
            "id": "VHN-160949",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-9514",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "154638",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "154444",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "155037",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "154396",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "154712",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "155704",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#605641"
          },
          {
            "db": "VULHUB",
            "id": "VHN-160949"
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-9514"
          },
          {
            "db": "PACKETSTORM",
            "id": "154638"
          },
          {
            "db": "PACKETSTORM",
            "id": "154444"
          },
          {
            "db": "PACKETSTORM",
            "id": "155037"
          },
          {
            "db": "PACKETSTORM",
            "id": "154396"
          },
          {
            "db": "PACKETSTORM",
            "id": "154712"
          },
          {
            "db": "PACKETSTORM",
            "id": "155520"
          },
          {
            "db": "PACKETSTORM",
            "id": "155484"
          },
          {
            "db": "PACKETSTORM",
            "id": "155704"
          },
          {
            "db": "PACKETSTORM",
            "id": "156852"
          },
          {
            "db": "PACKETSTORM",
            "id": "155396"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201908-931"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-9514"
          }
        ]
      },
      "id": "VAR-201908-0264",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-160949"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2024-07-23T22:07:30.228000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "HTTP/2 Remedial measures to achieve security vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=96615"
          },
          {
            "title": "Red Hat: Important: container-tools:1.0 security update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20194273 - security advisory"
          },
          {
            "title": "Red Hat: Important: go-toolset-1.11 and go-toolset-1.11-golang security update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20192682 - security advisory"
          },
          {
            "title": "Red Hat: Important: OpenShift Container Platform 3.11 HTTP/2 security update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20193906 - security advisory"
          },
          {
            "title": "Red Hat: Important: Red Hat OpenShift Container Platform 4.1 openshift RPM security update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20192661 - security advisory"
          },
          {
            "title": "Red Hat: Important: OpenShift Container Platform 4.2 security update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20193245 - security advisory"
          },
          {
            "title": "Red Hat: Important: go-toolset:rhel8 security and bug fix update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20192726 - security advisory"
          },
          {
            "title": "Red Hat: Important: OpenShift Container Platform 4.1 security update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20193265 - security advisory"
          },
          {
            "title": "Red Hat: Important: containernetworking-plugins security update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20200406 - security advisory"
          },
          {
            "title": "Red Hat: Important: OpenShift Container Platform 4.1.20 golang security update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20193131 - security advisory"
          },
          {
            "title": "Red Hat: Important: OpenShift Container Platform 3.9 security update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20192769 - security advisory"
          },
          {
            "title": "Debian CVElist Bug Report Logs: golang-1.13: CVE-2019-14809",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=4f1284fb5317a7db524840483ee9db6f"
          },
          {
            "title": "Red Hat: Important: OpenShift Container Platform 3.10 security update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20192690 - security advisory"
          },
          {
            "title": "Red Hat: Important: OpenShift Container Platform 4.1.18 gRPC security update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20192861 - security advisory"
          },
          {
            "title": "Red Hat: Important: container-tools:rhel8 security and bug fix update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20194269 - security advisory"
          },
          {
            "title": "Red Hat: CVE-2019-9514",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2019-9514"
          },
          {
            "title": "Red Hat: Important: Red Hat OpenShift Enterprise 4.1.15 gRPC security update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20192766 - security advisory"
          },
          {
            "title": "Red Hat: Important: Red Hat Quay v3.1.1 security update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20192966 - security advisory"
          },
          {
            "title": "Red Hat: Important: Red Hat Single Sign-On 7.3.5 security update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20194045 - security advisory"
          },
          {
            "title": "Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.2.5 security update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20194021 - security advisory"
          },
          {
            "title": "Red Hat: Important: OpenShift Container Platform 4.1.14 security and bug fix update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20192594 - security advisory"
          },
          {
            "title": "Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.2.5 on RHEL 6 security update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20194018 - security advisory"
          },
          {
            "title": "Debian CVElist Bug Report Logs: CVE-2019-9512 CVE-2019-9514 CVE-2019-9515",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=7cb587dafb04d397dd392a7f09dec1d9"
          },
          {
            "title": "Debian CVElist Bug Report Logs: CVE-2019-9512 CVE-2019-9514 CVE-2019-9515",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=84ba5eefbc1d57b08d1c61852a12e026"
          },
          {
            "title": "Amazon Linux AMI: ALAS-2019-1270",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2019-1270"
          },
          {
            "title": "Debian Security Advisories: DSA-4503-1 golang-1.11 -- security update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=99481074beb7ec3119ad722cad3dd9cc"
          },
          {
            "title": "Debian Security Advisories: DSA-4508-1 h2o -- security update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=728a827d177258876055a9107f821dfe"
          },
          {
            "title": "Red Hat: Important: Red Hat Single Sign-On 7.3.5 security update on RHEL 7",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20194041 - security advisory"
          },
          {
            "title": "Arch Linux Issues: ",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=cve-2019-9514"
          },
          {
            "title": "Red Hat: Important: Red Hat Single Sign-On 7.3.5 security update on RHEL 8",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20194042 - security advisory"
          },
          {
            "title": "Red Hat: Important: Red Hat Single Sign-On 7.3.5 security update on RHEL 6",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20194040 - security advisory"
          },
          {
            "title": "Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.2.5 on RHEL 7 security update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20194019 - security advisory"
          },
          {
            "title": "Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.2.5 on RHEL 8 security update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20194020 - security advisory"
          },
          {
            "title": "Red Hat: Important: nodejs:10 security update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20192925 - security advisory"
          },
          {
            "title": "Red Hat: Important: rh-nodejs8-nodejs security update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20192955 - security advisory"
          },
          {
            "title": "Debian Security Advisories: DSA-4520-1 trafficserver -- security update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=3b21ecf9ab12cf6e0b56a2ef2ccf56b8"
          },
          {
            "title": "Red Hat: Important: Red Hat JBoss Fuse/A-MQ 6.3 R14 security and bug fix update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20194352 - security advisory"
          },
          {
            "title": "Red Hat: Important: EAP Continuous Delivery Technical Preview Release 18 security update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20202565 - security advisory"
          },
          {
            "title": "Apple: SwiftNIO HTTP/2 1.5.0",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=39f63f0751cdcda5bff86ad147e8e1d5"
          },
          {
            "title": "Arch Linux Advisories: [ASA-201908-15] go: multiple issues",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=asa-201908-15"
          },
          {
            "title": "Red Hat: Important: rh-nodejs10-nodejs security update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20192939 - security advisory"
          },
          {
            "title": "Ubuntu Security Notice: twisted vulnerabilities",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-4308-1"
          },
          {
            "title": "Arch Linux Advisories: [ASA-201908-16] go-pie: multiple issues",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=asa-201908-16"
          },
          {
            "title": "Red Hat: Important: Red Hat Data Grid 7.3.3 security update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20200727 - security advisory"
          },
          {
            "title": "Debian Security Advisories: DSA-4669-1 nodejs -- security update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=0919b27d8bf334fac6a8fbea7195b6b0"
          },
          {
            "title": "Red Hat: Important: Red Hat AMQ Broker 7.4.3 release and security update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20201445 - security advisory"
          },
          {
            "title": "Red Hat: Important: Red Hat AMQ Broker 7.6 release and security update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20200922 - security advisory"
          },
          {
            "title": "Amazon Linux 2: ALAS2-2019-1272",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=alas2-2019-1272"
          },
          {
            "title": "Red Hat: Important: Red Hat Fuse 7.6.0 security update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20200983 - security advisory"
          },
          {
            "title": "IBM: Security Bulletin: IBM Cloud Transformation Advisor is affected by vulnerabilities in WebSphere Application Server Liberty (CVE-2019-9515, CVE-2019-9518, CVE-2019-9517, CVE-2019-9512, CVE-2019-9514, CVE-2019-9513)",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=cbf2ee0b22e92590472860fdb3718cab"
          },
          {
            "title": "Red Hat: Important: Red Hat Process Automation Manager 7.8.0 Security Update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20203197 - security advisory"
          },
          {
            "title": "Red Hat: Important: Red Hat Fuse 7.5.0 security update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20193892 - security advisory"
          },
          {
            "title": "Red Hat: Important: Red Hat Decision Manager 7.8.0 Security Update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20203196 - security advisory"
          },
          {
            "title": "IBM: IBM Security Bulletin: Version 8.15.0 of Node.js included in IBM Cloud Event Management 2.3.0 has several security vulnerabilities.",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=3b9c6b5fbfb51d956856e88dff5a7acd"
          },
          {
            "title": "IBM: IBM Security Bulletin: Multiple vulnerabilities affect IBM\u00ae SDK for Node.js\u2122 in IBM Cloud",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=89d19e42a01e098dd5f88e0433d2bb5d"
          },
          {
            "title": "IBM: IBM Security Bulletin: Node.js vulnerabilities affect IBM Spectrum Control (formerly Tivoli Storage Productivity Center) (CVE-2019-9511, CVE-2019-9512, CVE-2019-9513, CVE-2019-9514, CVE-2019-9515, CVE-2019-9516, CVE-2019-9517, CVE-2019-9518)",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=5ad9418973cac91ba73c01ad16b1f5a4"
          },
          {
            "title": "IBM: IBM Security Bulletin: Multiple vulnerabilities in Node.js affect IBM i",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=247686da02fe524817c1939b0f6b6a5c"
          },
          {
            "title": "IBM: Security Bulletin: IBM Cloud Transformation Advisor is affected by a Node.js vulnerabilities",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=8f76cfb8f0c5ea84a0bc28705788f854"
          },
          {
            "title": "IBM: IBM Security Bulletin: Multiple vulnerabilities in Node.js affect IBM Cloud App Management",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=1ce0280dd79176d32c26f34906d1d4de"
          },
          {
            "title": "IBM: IBM Security Bulletin: Multiple vulnerabilities in Node.js affect IBM Cloud App Management",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=b76ff63209def4a949aa18bdf6b518b8"
          },
          {
            "title": "Red Hat: Important: Red Hat build of Thorntail 2.5.1 security and bug fix update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20202067 - security advisory"
          },
          {
            "title": "Fortinet Security Advisories: HTTP/2 Multiple DoS Attacks (VU#605641)",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=fortinet_security_advisories\u0026qid=fg-ir-19-225"
          },
          {
            "title": "metarget",
            "trust": 0.1,
            "url": "https://github.com/brant-ruan/metarget "
          },
          {
            "title": "Symantec Threat Intelligence Blog",
            "trust": 0.1,
            "url": "https://www.symantec.com/blogs/threat-intelligence/microsoft-patch-tuesday-august-2019"
          },
          {
            "title": "BleepingComputer",
            "trust": 0.1,
            "url": "https://www.bleepingcomputer.com/news/security/severe-flaws-in-kubernetes-expose-all-servers-to-dos-attacks/"
          },
          {
            "title": "Threatpost",
            "trust": 0.1,
            "url": "https://threatpost.com/http-bugs/147405/"
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2019-9514"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201908-931"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-770",
            "trust": 1.1
          },
          {
            "problemtype": "CWE-400",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-160949"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-9514"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.0,
            "url": "https://www.debian.org/security/2019/dsa-4503"
          },
          {
            "trust": 2.6,
            "url": "https://github.com/netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md"
          },
          {
            "trust": 2.6,
            "url": "https://www.synology.com/security/advisory/synology_sa_19_33"
          },
          {
            "trust": 2.5,
            "url": "https://access.redhat.com/errata/rhsa-2019:4019"
          },
          {
            "trust": 2.5,
            "url": "https://access.redhat.com/errata/rhsa-2019:4045"
          },
          {
            "trust": 2.5,
            "url": "https://access.redhat.com/errata/rhsa-2019:4269"
          },
          {
            "trust": 2.5,
            "url": "https://access.redhat.com/errata/rhsa-2019:4273"
          },
          {
            "trust": 2.4,
            "url": "https://access.redhat.com/errata/rhsa-2019:3892"
          },
          {
            "trust": 2.4,
            "url": "https://access.redhat.com/errata/rhsa-2019:4018"
          },
          {
            "trust": 2.4,
            "url": "https://access.redhat.com/errata/rhsa-2019:4020"
          },
          {
            "trust": 2.4,
            "url": "https://access.redhat.com/errata/rhsa-2019:4021"
          },
          {
            "trust": 2.4,
            "url": "https://access.redhat.com/errata/rhsa-2019:4040"
          },
          {
            "trust": 2.4,
            "url": "https://access.redhat.com/errata/rhsa-2019:4041"
          },
          {
            "trust": 2.4,
            "url": "https://access.redhat.com/errata/rhsa-2019:4042"
          },
          {
            "trust": 2.4,
            "url": "https://access.redhat.com/errata/rhsa-2019:4352"
          },
          {
            "trust": 1.9,
            "url": "https://access.redhat.com/errata/rhsa-2019:2661"
          },
          {
            "trust": 1.9,
            "url": "https://access.redhat.com/errata/rhsa-2019:2682"
          },
          {
            "trust": 1.9,
            "url": "https://access.redhat.com/errata/rhsa-2019:2861"
          },
          {
            "trust": 1.9,
            "url": "https://access.redhat.com/errata/rhsa-2019:2955"
          },
          {
            "trust": 1.9,
            "url": "https://access.redhat.com/errata/rhsa-2019:3265"
          },
          {
            "trust": 1.9,
            "url": "https://access.redhat.com/errata/rhsa-2019:3906"
          },
          {
            "trust": 1.9,
            "url": "https://usn.ubuntu.com/4308-1/"
          },
          {
            "trust": 1.8,
            "url": "https://seclists.org/bugtraq/2019/aug/24"
          },
          {
            "trust": 1.8,
            "url": "https://seclists.org/bugtraq/2019/aug/31"
          },
          {
            "trust": 1.8,
            "url": "https://seclists.org/bugtraq/2019/aug/43"
          },
          {
            "trust": 1.8,
            "url": "https://seclists.org/bugtraq/2019/sep/18"
          },
          {
            "trust": 1.8,
            "url": "https://kb.cert.org/vuls/id/605641/"
          },
          {
            "trust": 1.8,
            "url": "https://security.netapp.com/advisory/ntap-20190823-0001/"
          },
          {
            "trust": 1.8,
            "url": "https://security.netapp.com/advisory/ntap-20190823-0004/"
          },
          {
            "trust": 1.8,
            "url": "https://security.netapp.com/advisory/ntap-20190823-0005/"
          },
          {
            "trust": 1.8,
            "url": "https://support.f5.com/csp/article/k01988340"
          },
          {
            "trust": 1.8,
            "url": "https://www.debian.org/security/2019/dsa-4508"
          },
          {
            "trust": 1.8,
            "url": "https://www.debian.org/security/2019/dsa-4520"
          },
          {
            "trust": 1.8,
            "url": "https://www.debian.org/security/2020/dsa-4669"
          },
          {
            "trust": 1.8,
            "url": "http://seclists.org/fulldisclosure/2019/aug/16"
          },
          {
            "trust": 1.8,
            "url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00011.html"
          },
          {
            "trust": 1.8,
            "url": "http://www.openwall.com/lists/oss-security/2019/08/20/1"
          },
          {
            "trust": 1.8,
            "url": "https://access.redhat.com/errata/rhsa-2019:2594"
          },
          {
            "trust": 1.8,
            "url": "https://access.redhat.com/errata/rhsa-2019:2690"
          },
          {
            "trust": 1.8,
            "url": "https://access.redhat.com/errata/rhsa-2019:2726"
          },
          {
            "trust": 1.8,
            "url": "https://access.redhat.com/errata/rhsa-2019:2766"
          },
          {
            "trust": 1.8,
            "url": "https://access.redhat.com/errata/rhsa-2019:2769"
          },
          {
            "trust": 1.8,
            "url": "https://access.redhat.com/errata/rhsa-2019:2796"
          },
          {
            "trust": 1.8,
            "url": "https://access.redhat.com/errata/rhsa-2019:2925"
          },
          {
            "trust": 1.8,
            "url": "https://access.redhat.com/errata/rhsa-2019:2939"
          },
          {
            "trust": 1.8,
            "url": "https://access.redhat.com/errata/rhsa-2019:2966"
          },
          {
            "trust": 1.8,
            "url": "https://access.redhat.com/errata/rhsa-2019:3131"
          },
          {
            "trust": 1.8,
            "url": "https://access.redhat.com/errata/rhsa-2019:3245"
          },
          {
            "trust": 1.8,
            "url": "https://access.redhat.com/errata/rhsa-2020:0406"
          },
          {
            "trust": 1.8,
            "url": "https://access.redhat.com/errata/rhsa-2020:0727"
          },
          {
            "trust": 1.8,
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00076.html"
          },
          {
            "trust": 1.8,
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00002.html"
          },
          {
            "trust": 1.8,
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00011.html"
          },
          {
            "trust": 1.8,
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00021.html"
          },
          {
            "trust": 1.8,
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00032.html"
          },
          {
            "trust": 1.8,
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00031.html"
          },
          {
            "trust": 1.8,
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00038.html"
          },
          {
            "trust": 1.7,
            "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10296"
          },
          {
            "trust": 1.6,
            "url": "https://blogs.akamai.com/sitr/2019/08/http2-vulnerabilities.html"
          },
          {
            "trust": 1.6,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9514"
          },
          {
            "trust": 1.0,
            "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
          },
          {
            "trust": 1.0,
            "url": "https://access.redhat.com/security/cve/cve-2019-9514"
          },
          {
            "trust": 1.0,
            "url": "https://bugzilla.redhat.com/):"
          },
          {
            "trust": 1.0,
            "url": "https://access.redhat.com/security/updates/classification/#important"
          },
          {
            "trust": 1.0,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9512"
          },
          {
            "trust": 1.0,
            "url": "https://access.redhat.com/security/team/contact/"
          },
          {
            "trust": 1.0,
            "url": "https://access.redhat.com/security/cve/cve-2019-9512"
          },
          {
            "trust": 1.0,
            "url": "http://www.openwall.com/lists/oss-security/2023/10/18/8"
          },
          {
            "trust": 1.0,
            "url": "https://lists.apache.org/thread.html/392108390cef48af647a2e47b7fd5380e050e35ae8d1aa2030254c04%40%3cusers.trafficserver.apache.org%3e"
          },
          {
            "trust": 1.0,
            "url": "https://lists.apache.org/thread.html/ad3d01e767199c1aed8033bb6b3f5bf98c011c7c536f07a5d34b3c19%40%3cannounce.trafficserver.apache.org%3e"
          },
          {
            "trust": 1.0,
            "url": "https://lists.apache.org/thread.html/bde52309316ae798186d783a5e29f4ad1527f61c9219a289d0eee0a7%40%3cdev.trafficserver.apache.org%3e"
          },
          {
            "trust": 1.0,
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4bbp27pzgsy6op6d26e5fw4gzkbfhnu7/"
          },
          {
            "trust": 1.0,
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4zqghe3wtylyayjeidjvf2figqtaypmc/"
          },
          {
            "trust": 1.0,
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/cmnfx5mnyrwwimo4btkyqcgudmho3axp/"
          },
          {
            "trust": 1.0,
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/lyo6e3h34c346d2e443glxk7ok6kiyiq/"
          },
          {
            "trust": 1.0,
            "url": "https://support.f5.com/csp/article/k01988340?utm_source=f5support\u0026amp%3butm_medium=rss"
          },
          {
            "trust": 0.8,
            "url": "https://vuls.cert.org/confluence/pages/viewpage.action?pageid=56393752"
          },
          {
            "trust": 0.8,
            "url": "https://tools.ietf.org/html/rfc7540"
          },
          {
            "trust": 0.8,
            "url": "https://tools.ietf.org/html/rfc7541"
          },
          {
            "trust": 0.8,
            "url": "https://blog.cloudflare.com/on-the-recent-http-2-dos-attacks/"
          },
          {
            "trust": 0.8,
            "url": "https://blog.litespeedtech.com/2019/08/15/litespeed-addresses-http-2-dos-advisories/"
          },
          {
            "trust": 0.8,
            "url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-9511https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-9512https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-9513https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-9514https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-9518"
          },
          {
            "trust": 0.8,
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/lyo6e3h34c346d2e443glxk7ok6kiyiq/"
          },
          {
            "trust": 0.8,
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/cmnfx5mnyrwwimo4btkyqcgudmho3axp/"
          },
          {
            "trust": 0.8,
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4bbp27pzgsy6op6d26e5fw4gzkbfhnu7/"
          },
          {
            "trust": 0.8,
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4zqghe3wtylyayjeidjvf2figqtaypmc/"
          },
          {
            "trust": 0.8,
            "url": "https://lists.apache.org/thread.html/ad3d01e767199c1aed8033bb6b3f5bf98c011c7c536f07a5d34b3c19@%3cannounce.trafficserver.apache.org%3e"
          },
          {
            "trust": 0.8,
            "url": "https://lists.apache.org/thread.html/bde52309316ae798186d783a5e29f4ad1527f61c9219a289d0eee0a7@%3cdev.trafficserver.apache.org%3e"
          },
          {
            "trust": 0.8,
            "url": "https://lists.apache.org/thread.html/392108390cef48af647a2e47b7fd5380e050e35ae8d1aa2030254c04@%3cusers.trafficserver.apache.org%3e"
          },
          {
            "trust": 0.7,
            "url": "https://support.f5.com/csp/article/k01988340?utm_source=f5support\u0026utm_medium=rss"
          },
          {
            "trust": 0.7,
            "url": "https://access.redhat.com/security/team/key/"
          },
          {
            "trust": 0.6,
            "url": "http2-cves/"
          },
          {
            "trust": 0.6,
            "url": "https://www.cloudfoundry.org/blog/various-"
          },
          {
            "trust": 0.6,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9518"
          },
          {
            "trust": 0.6,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9517"
          },
          {
            "trust": 0.6,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9516"
          },
          {
            "trust": 0.6,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9515"
          },
          {
            "trust": 0.6,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9514"
          },
          {
            "trust": 0.6,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9513"
          },
          {
            "trust": 0.6,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9512"
          },
          {
            "trust": 0.6,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9511"
          },
          {
            "trust": 0.6,
            "url": "https://support.apple.com/en-au/ht210436"
          },
          {
            "trust": 0.6,
            "url": "https://support.f5.com/csp/article/k50233772"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/support/pages/node/1126605"
          },
          {
            "trust": 0.6,
            "url": "https://www.suse.com/support/update/announcement/2019/suse-su-201914246-1.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/support/pages/node/1104951"
          },
          {
            "trust": 0.6,
            "url": "https://access.redhat.com/errata/rhsa-2019:3905"
          },
          {
            "trust": 0.6,
            "url": "https://www.us-cert.gov/ics/advisories/icsa-19-346-01"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/support/pages/node/1109787"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/support/pages/node/1109781"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/support/pages/node/1108515"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/support/pages/node/1109775"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/support/pages/node/1165894"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/support/pages/node/1165906"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/support/pages/node/1135167"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/support/pages/node/1164346"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/support/pages/node/1164364"
          },
          {
            "trust": 0.6,
            "url": "https://www.suse.com/support/update/announcement/2020/suse-su-20200059-1.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-dependent-libraries-affect-ibm-db2-leading-to-denial-of-service-or-privilege-escalation/"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/support/pages/node/1128387"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/157214/red-hat-security-advisory-2020-1445-01.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2019.4368/"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2019.4788/"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2019.4586/"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.0994/"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-node-js-affect-ibm-spectrum-protect-plus-cve-2019-15606-cve-2019-15604-cve-2019-15605-cve-2019-9511-cve-2019-9516-cve-2019-9512-cve-2019-9517-cve-2019-951/"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2019.4332/"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.0643/"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2019.4484/"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-have-been-identified-in-db2-that-affect-the-ibm-performance-management-product/"
          },
          {
            "trust": 0.6,
            "url": "http2-implementation-vulnerablility/"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/blogs/psirt/security-bulletin-websphere-liberty-susceptible-to-"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/155728/red-hat-security-advisory-2019-4352-01.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.2619/"
          },
          {
            "trust": 0.6,
            "url": "https://portal.msrc.microsoft.com/zh-cn/security-guidance/advisory/cve-2019-9514"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2019.3114/"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-kubernetes-affect-ibm-infosphere-information-server/"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-websphere-application-server-liberty-affect-ibm-spectrum-protect-operations-center-and-client-management-service/"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.1335/"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/157741/red-hat-security-advisory-2020-2067-01.html"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/156209/red-hat-security-advisory-2020-0406-01.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2019.3597.3/"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/158095/red-hat-security-advisory-2020-2565-01.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2019.4737/"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.0832/"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/support/pages/node/1137466"
          },
          {
            "trust": 0.6,
            "url": "https://vigilance.fr/vulnerability/http-2-multiple-vulnerabilities-30040"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/155484/red-hat-security-advisory-2019-4019-01.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-netty-affect-ibm-operations-analytics-predictive-insights-cve-2019-9514-cve-2019-9512-cve-2019-9518-cve-2019-9515/"
          },
          {
            "trust": 0.6,
            "url": "http://www.nsfocus.net/vulndb/43921"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.1076/"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/156628/red-hat-security-advisory-2020-0727-01.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-dependent-libraries-affect-ibm-db2-leading-to-denial-of-service-or-privilege-escalation-3/"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.1544/"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.2071/"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/support/pages/node/1127397"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.1427/"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2019.4645/"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2019.3597.2/"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2019.4665/"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-watson-discovery-for-ibm-cloud-pak-for-data-affected-by-vulnerability-in-netty/"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-netty-affect-ibm-netcool-agile-service-manager/"
          },
          {
            "trust": 0.6,
            "url": "https://pivotal.io/security/cve-2019-9517"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2019.4697/"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-db2-warehouse-has-released-a-fix-in-response-to-multiple-vulnerabilities-found-in-ibm-db2/"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-transformation-advisor-is-affected-by-vulnerabilities-in-websphere-application-server-liberty-cve-2019-9515-cve-2019-9518-cve-2019-9517-cve-2019-9512-cve-2019-9514-c/"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2019.4596/"
          },
          {
            "trust": 0.6,
            "url": "https://support.apple.com/en-us/ht210436"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/155520/red-hat-security-advisory-2019-4045-01.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-in-ibm-websphere-application-server-affect-ibm-sterling-b2b-integrator/"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/support/pages/node/1128279"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/156852/red-hat-security-advisory-2020-0922-01.html"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/156941/red-hat-security-advisory-2020-0983-01.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.1766/"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/154135/debian-security-advisory-4503-1.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022072128"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2019.3152/"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-dependent-libraries-affect-ibm-db2-leading-to-denial-of-service-or-privilege-escalation-2/"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-infosphere-information-server-is-affected-by-multiple-vulnerabilities-in-websphere-application-server-liberty/"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/158651/red-hat-security-advisory-2020-3197-01.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.4324/"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2019.4533/"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/support/pages/node/1150960"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/155396/red-hat-security-advisory-2019-3906-01.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.0100/"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/155705/red-hat-security-advisory-2019-4273-01.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.0007/"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2019.4238/"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/155352/red-hat-security-advisory-2019-3892-01.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/support/pages/node/1165852"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.1030/"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/support/pages/node/1127853"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/support/pages/node/1168528"
          },
          {
            "trust": 0.5,
            "url": "https://access.redhat.com/security/cve/cve-2019-9515"
          },
          {
            "trust": 0.5,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9515"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/articles/11258"
          },
          {
            "trust": 0.3,
            "url": "https://docs.openshift.com/container-platform/4.1/release_notes/ocp-4-1-rel"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2019-9511"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9511"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9517"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2019-9517"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2019-9516"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2019-9518"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9516"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9518"
          },
          {
            "trust": 0.2,
            "url": "https://issues.jboss.org/):"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14843"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2019-14838"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2019-14843"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14838"
          },
          {
            "trust": 0.1,
            "url": "https://kc.mcafee.com/corporate/index?page=content\u0026amp;id=sb10296"
          },
          {
            "trust": 0.1,
            "url": "https://support.f5.com/csp/article/k01988340?utm_source=f5support\u0026amp;amp;utm_medium=rss"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/770.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          },
          {
            "trust": 0.1,
            "url": "https://www.kb.cert.org/vuls/id/605641"
          },
          {
            "trust": 0.1,
            "url": "https://docs.openshift.com/container-platform/4.1/updating/updating-cluster"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9513"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-9513"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/documentation/en-us/red_hat_single_sign-on/7.3/"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=core.service.rhsso\u0026downloadtype=securitypatches\u0026version=7.3"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-14837"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14837"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.2/html-single/installation_guide/"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.2/"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-16884"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-16884"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-0222"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/documentation/en-us/red_hat_amq/7.6/"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20444"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-10247"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=jboss.amq.broker\u0026version=7.6.0\u0026productchanged=yes"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-20445"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-20444"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-16869"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-0222"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-7238"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2020:0922"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-10241"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-7238"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-10247"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-16869"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-10241"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20445"
          },
          {
            "trust": 0.1,
            "url": "https://docs.openshift.com/container-platform/3.11/release_notes/ocp_3_11_r"
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#605641"
          },
          {
            "db": "VULHUB",
            "id": "VHN-160949"
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-9514"
          },
          {
            "db": "PACKETSTORM",
            "id": "154638"
          },
          {
            "db": "PACKETSTORM",
            "id": "154444"
          },
          {
            "db": "PACKETSTORM",
            "id": "155037"
          },
          {
            "db": "PACKETSTORM",
            "id": "154396"
          },
          {
            "db": "PACKETSTORM",
            "id": "154712"
          },
          {
            "db": "PACKETSTORM",
            "id": "155520"
          },
          {
            "db": "PACKETSTORM",
            "id": "155484"
          },
          {
            "db": "PACKETSTORM",
            "id": "155704"
          },
          {
            "db": "PACKETSTORM",
            "id": "156852"
          },
          {
            "db": "PACKETSTORM",
            "id": "155396"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201908-931"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-9514"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CERT/CC",
            "id": "VU#605641"
          },
          {
            "db": "VULHUB",
            "id": "VHN-160949"
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-9514"
          },
          {
            "db": "PACKETSTORM",
            "id": "154638"
          },
          {
            "db": "PACKETSTORM",
            "id": "154444"
          },
          {
            "db": "PACKETSTORM",
            "id": "155037"
          },
          {
            "db": "PACKETSTORM",
            "id": "154396"
          },
          {
            "db": "PACKETSTORM",
            "id": "154712"
          },
          {
            "db": "PACKETSTORM",
            "id": "155520"
          },
          {
            "db": "PACKETSTORM",
            "id": "155484"
          },
          {
            "db": "PACKETSTORM",
            "id": "155704"
          },
          {
            "db": "PACKETSTORM",
            "id": "156852"
          },
          {
            "db": "PACKETSTORM",
            "id": "155396"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201908-931"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-9514"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-08-13T00:00:00",
            "db": "CERT/CC",
            "id": "VU#605641"
          },
          {
            "date": "2019-08-13T00:00:00",
            "db": "VULHUB",
            "id": "VHN-160949"
          },
          {
            "date": "2019-08-13T00:00:00",
            "db": "VULMON",
            "id": "CVE-2019-9514"
          },
          {
            "date": "2019-09-27T13:02:22",
            "db": "PACKETSTORM",
            "id": "154638"
          },
          {
            "date": "2019-09-11T13:57:29",
            "db": "PACKETSTORM",
            "id": "154444"
          },
          {
            "date": "2019-10-31T14:23:11",
            "db": "PACKETSTORM",
            "id": "155037"
          },
          {
            "date": "2019-09-09T23:02:04",
            "db": "PACKETSTORM",
            "id": "154396"
          },
          {
            "date": "2019-10-02T15:03:59",
            "db": "PACKETSTORM",
            "id": "154712"
          },
          {
            "date": "2019-12-02T19:20:27",
            "db": "PACKETSTORM",
            "id": "155520"
          },
          {
            "date": "2019-11-27T15:43:14",
            "db": "PACKETSTORM",
            "id": "155484"
          },
          {
            "date": "2019-12-17T15:42:47",
            "db": "PACKETSTORM",
            "id": "155704"
          },
          {
            "date": "2020-03-23T15:57:42",
            "db": "PACKETSTORM",
            "id": "156852"
          },
          {
            "date": "2019-11-19T15:17:09",
            "db": "PACKETSTORM",
            "id": "155396"
          },
          {
            "date": "2019-08-13T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201908-931"
          },
          {
            "date": "2019-08-13T21:15:12.443000",
            "db": "NVD",
            "id": "CVE-2019-9514"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-11-19T00:00:00",
            "db": "CERT/CC",
            "id": "VU#605641"
          },
          {
            "date": "2020-10-22T00:00:00",
            "db": "VULHUB",
            "id": "VHN-160949"
          },
          {
            "date": "2020-12-09T00:00:00",
            "db": "VULMON",
            "id": "CVE-2019-9514"
          },
          {
            "date": "2022-07-22T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201908-931"
          },
          {
            "date": "2023-11-07T03:13:42.390000",
            "db": "NVD",
            "id": "CVE-2019-9514"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201908-931"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "HTTP/2 implementations do not robustly handle abnormal traffic and resource exhaustion",
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#605641"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "resource management error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201908-931"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201908-0265

    Vulnerability from variot - Updated: 2024-07-23 22:03

    Some HTTP/2 implementations are vulnerable to a settings flood, potentially leading to a denial of service. The attacker sends a stream of SETTINGS frames to the peer. Since the RFC requires that the peer reply with one acknowledgement per SETTINGS frame, an empty SETTINGS frame is almost equivalent in behavior to a ping. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both. Multiple HTTP/2 implementations are vulnerable to a variety of denial-of-service (DoS) attacks. HTTP/2 is the second version of the hypertext transfer protocol, which is mainly used to ensure the communication between the client and the server. A resource management error vulnerability exists in HTTP/2. An attacker could exploit this vulnerability to cause a denial of service. Description:

    Red Hat Decision Manager is an open source decision management platform that combines business rules management, complex event processing, Decision Model & Notation (DMN) execution, and Business Optimizer for solving planning problems. It automates business decisions and makes that logic available to the entire business. Bugs fixed (https://bugzilla.redhat.com/):

    1649870 - CVE-2019-14820 keycloak: adapter endpoints are exposed via arbitrary URLs 1690628 - CVE-2019-3875 keycloak: missing signatures validation on CRL used to verify client certificates 1728609 - CVE-2019-10201 keycloak: SAML broker does not check existence of signature on document allowing any user impersonation 1729261 - CVE-2019-10199 keycloak: CSRF check missing in My Resources functionality in the Account Console 1735645 - CVE-2019-9512 HTTP/2: flood using PING frames results in unbounded memory growth 1735744 - CVE-2019-9514 HTTP/2: flood using HEADERS frames results in unbounded memory growth 1735745 - CVE-2019-9515 HTTP/2: flood using SETTINGS frames results in unbounded memory growth 1738673 - CVE-2019-10219 hibernate-validator: safeHTML validator allows XSS 1741860 - CVE-2019-9511 HTTP/2: large amount of data requests leads to denial of service 1749487 - CVE-2019-14832 keycloak: cross-realm user access auth bypass 1751227 - CVE-2019-14838 wildfly-core: Incorrect privileges for 'Monitor', 'Auditor' and 'Deployer' user by default 1755831 - CVE-2019-16335 jackson-databind: Serialization gadgets in com.zaxxer.hikari.HikariDataSource 1755849 - CVE-2019-14540 jackson-databind: Serialization gadgets in com.zaxxer.hikari.HikariConfig 1758167 - CVE-2019-17267 jackson-databind: Serialization gadgets in classes of the ehcache package 1758171 - CVE-2019-14892 jackson-databind: Serialization gadgets in classes of the commons-configuration package 1758182 - CVE-2019-14893 jackson-databind: Serialization gadgets in classes of the xalan package 1758187 - CVE-2019-16942 jackson-databind: Serialization gadgets in org.apache.commons.dbcp.datasources. 1758191 - CVE-2019-16943 jackson-databind: Serialization gadgets in com.p6spy.engine.spy.P6DataSource 1764607 - CVE-2019-0210 thrift: Out-of-bounds read related to TJSONProtocol or TSimpleJSONProtocol 1764612 - CVE-2019-0205 thrift: Endless loop when feed with specific input data 1764658 - CVE-2019-12400 xml-security: Apache Santuario potentially loads XML parsing code from an untrusted source 1767483 - CVE-2019-10086 apache-commons-beanutils: does not suppresses the class property in PropertyUtilsBean by default 1772008 - CVE-2019-14887 wildfly: The 'enabled-protocols' value in legacy security is not respected if OpenSSL security provider is in use 1772464 - CVE-2019-14888 undertow: possible Denial Of Service (DOS) in Undertow HTTP server listening on HTTPS 1775293 - CVE-2019-17531 jackson-databind: Serialization gadgets in org.apache.log4j.receivers.db. 1793154 - CVE-2019-20330 jackson-databind: lacks certain net.sf.ehcache blocking 1796225 - CVE-2020-7238 netty: HTTP Request Smuggling due to Transfer-Encoding whitespace mishandling 1802444 - CVE-2020-1729 SmallRye: SecuritySupport class is incorrectly public and contains a static method to access the current threads context class loader 1815470 - CVE-2020-10673 jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution 1815495 - CVE-2020-10672 jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution 1816170 - CVE-2019-12406 cxf: does not restrict the number of message attachments 1816175 - CVE-2019-12419 cxf: OpenId Connect token service does not properly validate the clientId 1816330 - CVE-2020-8840 jackson-databind: Lacks certain xbean-reflect/JNDI blocking 1816332 - CVE-2020-9546 jackson-databind: Serialization gadgets in shaded-hikari-config 1816337 - CVE-2020-9547 jackson-databind: Serialization gadgets in ibatis-sqlmap 1816340 - CVE-2020-9548 jackson-databind: Serialization gadgets in anteros-core 1819208 - CVE-2020-10968 jackson-databind: Serialization gadgets in org.aoju.bus.proxy.provider.*.RmiProvider 1819212 - CVE-2020-10969 jackson-databind: Serialization gadgets in javax.swing.JEditorPane 1821304 - CVE-2020-11111 jackson-databind: Serialization gadgets in org.apache.activemq.jms.pool.XaPooledConnectionFactory 1821311 - CVE-2020-11112 jackson-databind: Serialization gadgets in org.apache.commons.proxy.provider.remoting.RmiProvider 1821315 - CVE-2020-11113 jackson-databind: Serialization gadgets in org.apache.openjpa.ee.WASRegistryManagedRuntime 1826798 - CVE-2020-11620 jackson-databind: Serialization gadgets in commons-jelly:commons-jelly 1826805 - CVE-2020-11619 jackson-databind: Serialization gadgets in org.springframework:spring-aop

    1. Description:

    Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. See the Red Hat JBoss Enterprise Application Platform 7.2.5 Release Notes for information about the most significant bug fixes and enhancements included in this release.

    The References section of this erratum contains a download link (you must log in to download the update).

    The JBoss server process must be restarted for the update to take effect. JIRA issues fixed (https://issues.jboss.org/):

    JBEAP-17075 - (7.2.z) Upgrade yasson from 1.0.2.redhat-00001 to 1.0.5 JBEAP-17220 - (7.2.x) HHH-13504 Upgrade ByteBuddy to 1.9.11 JBEAP-17365 - GSS Upgrade RESTEasy from 3.6.1.SP6 to 3.6.1.SP7 JBEAP-17476 - GSS Upgrade Generic JMS RA 2.0.2.Final JBEAP-17478 - GSS Upgrade JBoss Remoting from 5.0.14.SP1 to 5.0.16.Final JBEAP-17483 - GSS Upgrade Apache CXF from 3.2.9 to 3.2.10 JBEAP-17495 - (7.2.z) Upgrade PicketLink from 2.5.5.SP12-redhat-00007 to 2.5.5.SP12-redhat-00009 JBEAP-17496 - (7.2.z) Upgrade PicketLink bindings from 2.5.5.SP12-redhat-00007 to 2.5.5.SP12-redhat-00009 JBEAP-17513 - GSS Upgrade Hibernate ORM from 5.3.11.SP1 to 5.3.13 JBEAP-17521 - (7.2.z) Upgrade picketbox from 5.0.3.Final-redhat-00004 to 5.0.3.Final-redhat-00005 JBEAP-17523 - GSS Upgrade wildfly-core from 6.0.16 to 6.0.17 JBEAP-17547 - GSS Upgrade Elytron-Tool from 1.4.3 to 1.4.4.Final JBEAP-17548 - GSS Upgrade Elytron from 1.6.4.Final-redhat-00001 to 1.6.5.Final-redhat-00001 JBEAP-17560 - GSS Upgrade HAL from 3.0.16 to 3.0.17 JBEAP-17579 - GSS Upgrade JBoss MSC from 1.4.8 to 1.4.11 JBEAP-17582 - GSS Upgrade JSF based on Mojarra 2.3.5.SP3-redhat-00002 to 2.3.5.SP3-redhat-00003 JBEAP-17631 - GSS Upgrade Undertow from 2.0.25.SP1 to 2.0.26.SP3 JBEAP-17647 - GSS Upgrade IronJacamar from 1.4.17.Final to 1.4.18.Final JBEAP-17665 - GSS Upgrade XNIO from 3.7.3.Final-redhat-00001 to 3.7.6.Final JBEAP-17722 - GSS Upgrade wildfly-http-client from 1.0.15.Final-redhat-00001 to 1.0.17.Final JBEAP-17874 - (7.2.z) Upgrade to wildfly-openssl 1.0.8 JBEAP-17880 - (7.2.z) Upgrade XNIO from 3.7.6.Final-redhat-00001 to 3.7.6.SP1

    The fixes are too intrusive to backport to the version in the oldstable distribution (stretch). An upgrade to Debian stable (buster) is recommended instead.

    For the stable distribution (buster), these problems have been fixed in version 8.0.2+ds-1+deb10u1.

    We recommend that you upgrade your trafficserver packages.

    For the detailed security status of trafficserver please refer to its security tracker page at: https://security-tracker.debian.org/tracker/trafficserver

    Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/

    Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----

    iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl12uUMACgkQEMKTtsN8 TjbP/Q//UvaJG0Gts7+yZcOmkiaVinEtOzN445QNHGGQMKPfR4/hCuY6TrO0aWUM msNVTMwiEgLtXBqjNC2mT7f1UzQjZ76wb7wXAayaTsUsidMqsL9ZkVpzGSLrMBur wrhUpJRbDp/29qBdETP5bpjAp/Q7HMN1d9WbJa1ao2UpG1J2zpB8jQP0UjfVuM8W JwDlgj+Oj7M4CuQgN1A4vtK62f5k8X+d4bZZZSNUqkHKJuNFB1STDrDuZ+5aCPGo h0PYB/NX21T3W6AfGHIRwJda4IsSqRI/UnNIQygRs2QRiSzkGInCmb5KjsXKAiqF SnYLqKlxAcQ/8+zsEUqQKziBrZX6QsIiKFDYRV29KoK3AwDm7s5Q4KHzXGtNX5Mp a0GzAccDa1GpTxzSI8u5Jo60Ygf2ETkpwiyWSUivcFnzASyDCAwNLAwPAWpfARhO 2rE+LIi42dGnGfa2plKt7jvQDBj2hBvRHd8nMT8ugoJCTQCNnHC9X5/RNWPqIZmR XVHQSRTR8BCCnTdRuvXJB3oQyRQZORMqrsYoARm50+J/v2wJ/Q8Wo4kwWXpflDoH SAO10qjWU9Ja5giiQJh9ToJKPfx6sAma77XoaBz0HteCs3uCvyJK5cpmmoMcImyh 3po/YTjSdJRYZI9YjLWT1ZDP6TeueBkIqf07uuT9Kk92VWuyfhs=UFIM -----END PGP SIGNATURE----- . Description:

    Red Hat Single Sign-On 7.3 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. Solution:

    Before applying this update, make sure all previously released errata relevant to your system have been applied. JIRA issues fixed (https://issues.jboss.org/):

    KEYCLOAK-11816 - Tracker bug for the RH-SSO 7.3.5 release for RHEL7

    1. Each of these container images includes gRPC, which has been updated with the below fixes. Solution:

    For OpenShift Container Platform 4.1 see the following documentation, which will be updated shortly for release 4.1.z, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:

    https://docs.openshift.com/container-platform/4.1/release_notes/ocp-4-1-rel ease-notes.html

    1. Description:

    AMQ Broker is a high-performance messaging implementation based on ActiveMQ Artemis. It uses an asynchronous journal for fast message persistence, and supports multiple languages, protocols, and platforms. For further information, refer to the release notes linked to in the References section. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

    ===================================================================== Red Hat Security Advisory

    Synopsis: Important: nodejs:10 security update Advisory ID: RHSA-2019:2925-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2019:2925 Issue date: 2019-09-30 CVE Names: CVE-2019-9511 CVE-2019-9512 CVE-2019-9513 CVE-2019-9514 CVE-2019-9515 CVE-2019-9516 CVE-2019-9517 CVE-2019-9518 =====================================================================

    1. Summary:

    An update for the nodejs:10 module is now available for Red Hat Enterprise Linux 8.

    Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

    1. Relevant releases/architectures:

    Red Hat Enterprise Linux AppStream (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64

    1. Description:

    Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language.

    The following packages have been upgraded to a later upstream version: nodejs (10.16.3).

    Security Fix(es):

    • HTTP/2: large amount of data requests leads to denial of service (CVE-2019-9511)

    • HTTP/2: flood using PING frames results in unbounded memory growth (CVE-2019-9512)

    • HTTP/2: flood using PRIORITY frames results in excessive resource consumption (CVE-2019-9513)

    • HTTP/2: flood using HEADERS frames results in unbounded memory growth (CVE-2019-9514)

    • HTTP/2: flood using SETTINGS frames results in unbounded memory growth (CVE-2019-9515)

    • HTTP/2: 0-length headers lead to denial of service (CVE-2019-9516)

    • HTTP/2: request for large response leads to denial of service (CVE-2019-9517)

    • HTTP/2: flood using empty frames results in excessive resource consumption (CVE-2019-9518)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

    1. Solution:

    For details on how to apply this update, which includes the changes described in this advisory, refer to:

    https://access.redhat.com/articles/11258

    1. Bugs fixed (https://bugzilla.redhat.com/):

    1735645 - CVE-2019-9512 HTTP/2: flood using PING frames results in unbounded memory growth 1735741 - CVE-2019-9513 HTTP/2: flood using PRIORITY frames results in excessive resource consumption 1735744 - CVE-2019-9514 HTTP/2: flood using HEADERS frames results in unbounded memory growth 1735745 - CVE-2019-9515 HTTP/2: flood using SETTINGS frames results in unbounded memory growth 1735749 - CVE-2019-9518 HTTP/2: flood using empty frames results in excessive resource consumption 1741860 - CVE-2019-9511 HTTP/2: large amount of data requests leads to denial of service 1741864 - CVE-2019-9516 HTTP/2: 0-length headers lead to denial of service 1741868 - CVE-2019-9517 HTTP/2: request for large response leads to denial of service

    1. Package List:

    Red Hat Enterprise Linux AppStream (v. 8):

    Source: nodejs-10.16.3-2.module+el8.0.0+4214+49953fda.src.rpm nodejs-nodemon-1.18.3-1.module+el8+2632+6c5111ed.src.rpm nodejs-packaging-17-3.module+el8+2873+aa7dfd9a.src.rpm

    aarch64: nodejs-10.16.3-2.module+el8.0.0+4214+49953fda.aarch64.rpm nodejs-debuginfo-10.16.3-2.module+el8.0.0+4214+49953fda.aarch64.rpm nodejs-debugsource-10.16.3-2.module+el8.0.0+4214+49953fda.aarch64.rpm nodejs-devel-10.16.3-2.module+el8.0.0+4214+49953fda.aarch64.rpm npm-6.9.0-1.10.16.3.2.module+el8.0.0+4214+49953fda.aarch64.rpm

    noarch: nodejs-docs-10.16.3-2.module+el8.0.0+4214+49953fda.noarch.rpm nodejs-nodemon-1.18.3-1.module+el8+2632+6c5111ed.noarch.rpm nodejs-packaging-17-3.module+el8+2873+aa7dfd9a.noarch.rpm

    ppc64le: nodejs-10.16.3-2.module+el8.0.0+4214+49953fda.ppc64le.rpm nodejs-debuginfo-10.16.3-2.module+el8.0.0+4214+49953fda.ppc64le.rpm nodejs-debugsource-10.16.3-2.module+el8.0.0+4214+49953fda.ppc64le.rpm nodejs-devel-10.16.3-2.module+el8.0.0+4214+49953fda.ppc64le.rpm npm-6.9.0-1.10.16.3.2.module+el8.0.0+4214+49953fda.ppc64le.rpm

    s390x: nodejs-10.16.3-2.module+el8.0.0+4214+49953fda.s390x.rpm nodejs-debuginfo-10.16.3-2.module+el8.0.0+4214+49953fda.s390x.rpm nodejs-debugsource-10.16.3-2.module+el8.0.0+4214+49953fda.s390x.rpm nodejs-devel-10.16.3-2.module+el8.0.0+4214+49953fda.s390x.rpm npm-6.9.0-1.10.16.3.2.module+el8.0.0+4214+49953fda.s390x.rpm

    x86_64: nodejs-10.16.3-2.module+el8.0.0+4214+49953fda.x86_64.rpm nodejs-debuginfo-10.16.3-2.module+el8.0.0+4214+49953fda.x86_64.rpm nodejs-debugsource-10.16.3-2.module+el8.0.0+4214+49953fda.x86_64.rpm nodejs-devel-10.16.3-2.module+el8.0.0+4214+49953fda.x86_64.rpm nodejs-devel-debuginfo-10.16.3-2.module+el8.0.0+4214+49953fda.x86_64.rpm npm-6.9.0-1.10.16.3.2.module+el8.0.0+4214+49953fda.x86_64.rpm

    These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

    1. References:

    https://access.redhat.com/security/cve/CVE-2019-9511 https://access.redhat.com/security/cve/CVE-2019-9512 https://access.redhat.com/security/cve/CVE-2019-9513 https://access.redhat.com/security/cve/CVE-2019-9514 https://access.redhat.com/security/cve/CVE-2019-9515 https://access.redhat.com/security/cve/CVE-2019-9516 https://access.redhat.com/security/cve/CVE-2019-9517 https://access.redhat.com/security/cve/CVE-2019-9518 https://access.redhat.com/security/updates/classification/#important

    1. Contact:

    The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

    Copyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

    iQIVAwUBXZGtHtzjgjWX9erEAQiTyRAAor6sJh3gZ6PZ3xUQhSyFif5kUuLb9dOa gsUrFUW9QjnSD4OeWq0eOJ+W1VkY0WKU0p2KCt4f0R9Msi85EKRzjymM4iv8icMu COL40Wcyvpn2WsdzHrrCT0rM7jiry7YShv/KOlao2wUhkbzs5aHc9D8fBhUvkiCj bHQhrGY+63pnIe6LyCUJ9nEEGPCMaFdpzI+9hDvAevh2ooj6h0PISg/MOb5T7N2z d0RNhrmp5wJUJWbb2hrcnUrbu4CQjf5r44a4R1EdrAL8C+y2vgnVO+wb8RprnMrW 350YueLNrCSYgqeysfbcNG1ccP6iZ/YLCOIOwfb9138cDqelUooAdPKmAj6hY97O pRv1cfc4sBCu1MxhnUgRcY3idmD7qaSbY7lNize04z/HMNK5aq3Kgx5bN/q0OA+n FqWVVCckoFYIn6wWUv1CPlAskpjqns2DPoEd1AUeZH9Efg0JBgKGgQh64T6q20Ua Je5DSConOr149WxNARXWbVz7FhnI+wsDTQzWTk7XuXBfhvSHrfl9tqD444cNP1wm WAvONvS+nlxDOqk4Joo+ZOHA9Wjx/lxciQo6S8aYaQHnCBSUbXAvXjKy0VeoUUdz bD5zrdhbGiSxtR0WNKVP0KVb62P14HGGrceFQRIJPSiqkIrNBS7oeCLuOPpB1QSx J/w0T73QFqQ= =4d1d -----END PGP SIGNATURE-----

    -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201908-0265",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "leap",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "opensuse",
            "version": "15.1"
          },
          {
            "model": "big-ip local traffic manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.0.0"
          },
          {
            "model": "linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "debian",
            "version": "10.0"
          },
          {
            "model": "web gateway",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "mcafee",
            "version": "7.7.2.0"
          },
          {
            "model": "big-ip local traffic manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.0"
          },
          {
            "model": "web gateway",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "mcafee",
            "version": "7.7.2.24"
          },
          {
            "model": "vs960hd",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "synology",
            "version": null
          },
          {
            "model": "node.js",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "nodejs",
            "version": "8.16.1"
          },
          {
            "model": "node.js",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "nodejs",
            "version": "10.12.0"
          },
          {
            "model": "openshift service mesh",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": "1.0"
          },
          {
            "model": "software collections",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": "1.0"
          },
          {
            "model": "big-ip local traffic manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.0"
          },
          {
            "model": "node.js",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "nodejs",
            "version": "8.9.0"
          },
          {
            "model": "fedora",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "fedoraproject",
            "version": "29"
          },
          {
            "model": "graalvm",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "19.2.0"
          },
          {
            "model": "big-ip local traffic manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.1"
          },
          {
            "model": "node.js",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "nodejs",
            "version": "10.0.0"
          },
          {
            "model": "jboss enterprise application platform",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": "7.2.0"
          },
          {
            "model": "web gateway",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "mcafee",
            "version": "8.2.0"
          },
          {
            "model": "big-ip local traffic manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.3.2"
          },
          {
            "model": "jboss enterprise application platform",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": "7.3.0"
          },
          {
            "model": "node.js",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "nodejs",
            "version": "12.0.0"
          },
          {
            "model": "big-ip local traffic manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.2.1"
          },
          {
            "model": "openshift container platform",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": "4.1"
          },
          {
            "model": "big-ip local traffic manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.0.1.1"
          },
          {
            "model": "node.js",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "nodejs",
            "version": "8.0.0"
          },
          {
            "model": "traffic server",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "apache",
            "version": "8.0.0"
          },
          {
            "model": "node.js",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "nodejs",
            "version": "10.13.0"
          },
          {
            "model": "diskstation manager",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "synology",
            "version": "6.2"
          },
          {
            "model": "node.js",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "nodejs",
            "version": "12.8.1"
          },
          {
            "model": "swiftnio",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "apple",
            "version": "1.4.0"
          },
          {
            "model": "traffic server",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "apache",
            "version": "7.0.0"
          },
          {
            "model": "quay",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": "3.0.0"
          },
          {
            "model": "linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "debian",
            "version": "9.0"
          },
          {
            "model": "jboss core services",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": "1.0"
          },
          {
            "model": "traffic server",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "apache",
            "version": "7.1.6"
          },
          {
            "model": "enterprise linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": "8.0"
          },
          {
            "model": "web gateway",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "mcafee",
            "version": "8.1.0"
          },
          {
            "model": "node.js",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "nodejs",
            "version": "10.16.3"
          },
          {
            "model": "openstack",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": "14"
          },
          {
            "model": "big-ip local traffic manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "11.6.5.1"
          },
          {
            "model": "leap",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "opensuse",
            "version": "15.0"
          },
          {
            "model": "ubuntu linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "canonical",
            "version": "16.04"
          },
          {
            "model": "traffic server",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "apache",
            "version": "8.0.3"
          },
          {
            "model": "fedora",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "fedoraproject",
            "version": "30"
          },
          {
            "model": "single sign-on",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": "7.3"
          },
          {
            "model": "web gateway",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "mcafee",
            "version": "7.8.2.13"
          },
          {
            "model": "big-ip local traffic manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.0.1.1"
          },
          {
            "model": "ubuntu linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "canonical",
            "version": "18.04"
          },
          {
            "model": "skynas",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "synology",
            "version": null
          },
          {
            "model": "swiftnio",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "apple",
            "version": "1.0.0"
          },
          {
            "model": "web gateway",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "mcafee",
            "version": "7.8.2.0"
          },
          {
            "model": "node.js",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "nodejs",
            "version": "8.8.1"
          },
          {
            "model": "big-ip local traffic manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "12.1.5.1"
          },
          {
            "model": "big-ip local traffic manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.0.0"
          },
          {
            "model": "ubuntu linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "canonical",
            "version": "19.04"
          },
          {
            "model": "big-ip local traffic manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.0"
          },
          {
            "model": "traffic server",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "apache",
            "version": "6.0.0"
          },
          {
            "model": "traffic server",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "apache",
            "version": "6.2.3"
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "akamai",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "amazon",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "apache traffic server",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "apple",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "cloudflare",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "envoy",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "facebook",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "go programming language",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "litespeed",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "microsoft",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "netty",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "node js",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "synology",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "twisted",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "ubuntu",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "grpc",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "nghttp2",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "nginx",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#605641"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-9515"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:a:apple:swiftnio:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "1.4.0",
                        "versionStartIncluding": "1.0.0",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionStartIncluding": "10.12",
                        "vulnerable": false
                      },
                      {
                        "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionStartIncluding": "14.04",
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "8.0.3",
                    "versionStartIncluding": "8.0.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "7.1.6",
                    "versionStartIncluding": "7.0.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "6.2.3",
                    "versionStartIncluding": "6.0.0",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:synology:skynas:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:synology:diskstation_manager:6.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:synology:vs960hd_firmware:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:synology:vs960hd:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:redhat:software_collections:1.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:redhat:jboss_core_services:1.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.2.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:redhat:single_sign-on:7.3:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:redhat:openshift_container_platform:4.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:redhat:quay:3.0.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:redhat:openshift_service_mesh:1.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:redhat:openstack:14:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.3.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:oracle:graalvm:19.2.0:*:*:*:enterprise:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:mcafee:web_gateway:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "7.7.2.24",
                    "versionStartIncluding": "7.7.2.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:mcafee:web_gateway:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "7.8.2.13",
                    "versionStartIncluding": "7.8.2.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:mcafee:web_gateway:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "8.2.0",
                    "versionStartIncluding": "8.1.0",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "14.1.2.1",
                    "versionStartIncluding": "14.1.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "14.0.1.1",
                    "versionStartIncluding": "14.0.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "13.1.3.2",
                    "versionStartIncluding": "13.1.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "15.0.1.1",
                    "versionStartIncluding": "15.0.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "12.1.5.1",
                    "versionStartIncluding": "12.1.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "11.6.5.1",
                    "versionStartIncluding": "11.6.1",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "8.8.1",
                    "versionStartIncluding": "8.0.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "10.12.0",
                    "versionStartIncluding": "10.0.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "12.8.1",
                    "versionStartIncluding": "12.0.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "10.16.3",
                    "versionStartIncluding": "10.13.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "8.16.1",
                    "versionStartIncluding": "8.9.0",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2019-9515"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Red Hat",
        "sources": [
          {
            "db": "PACKETSTORM",
            "id": "158650"
          },
          {
            "db": "PACKETSTORM",
            "id": "157741"
          },
          {
            "db": "PACKETSTORM",
            "id": "155480"
          },
          {
            "db": "PACKETSTORM",
            "id": "157214"
          },
          {
            "db": "PACKETSTORM",
            "id": "155518"
          },
          {
            "db": "PACKETSTORM",
            "id": "154475"
          },
          {
            "db": "PACKETSTORM",
            "id": "156852"
          },
          {
            "db": "PACKETSTORM",
            "id": "154663"
          }
        ],
        "trust": 0.8
      },
      "cve": "CVE-2019-9515",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.8,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "HIGH",
                "trust": 1.0,
                "userInteractionRequired": false,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.8,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "VHN-160950",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "NVD",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 3.9,
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "cret@cert.org",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 3.9,
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2019-9515",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "cret@cert.org",
                "id": "CVE-2019-9515",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201908-932",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "VULHUB",
                "id": "VHN-160950",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-160950"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201908-932"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-9515"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-9515"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Some HTTP/2 implementations are vulnerable to a settings flood, potentially leading to a denial of service. The attacker sends a stream of SETTINGS frames to the peer. Since the RFC requires that the peer reply with one acknowledgement per SETTINGS frame, an empty SETTINGS frame is almost equivalent in behavior to a ping. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both. Multiple HTTP/2 implementations are vulnerable to a variety of denial-of-service (DoS) attacks. HTTP/2 is the second version of the hypertext transfer protocol, which is mainly used to ensure the communication between the client and the server. A resource management error vulnerability exists in HTTP/2. An attacker could exploit this vulnerability to cause a denial of service. Description:\n\nRed Hat Decision Manager is an open source decision management platform\nthat combines business rules management, complex event processing, Decision\nModel \u0026 Notation (DMN) execution, and Business Optimizer for solving\nplanning problems. It automates business decisions and makes that logic\navailable to the entire business. Bugs fixed (https://bugzilla.redhat.com/):\n\n1649870 - CVE-2019-14820 keycloak: adapter endpoints are exposed via arbitrary URLs\n1690628 - CVE-2019-3875 keycloak: missing signatures validation on CRL used to verify client certificates\n1728609 - CVE-2019-10201 keycloak: SAML broker does not check existence of signature on document allowing any user impersonation\n1729261 - CVE-2019-10199 keycloak: CSRF check missing in My Resources functionality in the Account Console\n1735645 - CVE-2019-9512 HTTP/2: flood using PING frames results in unbounded memory growth\n1735744 - CVE-2019-9514 HTTP/2: flood using HEADERS frames results in unbounded memory growth\n1735745 - CVE-2019-9515 HTTP/2: flood using SETTINGS frames results in unbounded memory growth\n1738673 - CVE-2019-10219 hibernate-validator: safeHTML validator allows XSS\n1741860 - CVE-2019-9511 HTTP/2: large amount of data requests leads to denial of service\n1749487 - CVE-2019-14832 keycloak: cross-realm user access auth bypass\n1751227 - CVE-2019-14838 wildfly-core: Incorrect privileges for \u0027Monitor\u0027, \u0027Auditor\u0027 and \u0027Deployer\u0027 user by default\n1755831 - CVE-2019-16335 jackson-databind: Serialization gadgets in com.zaxxer.hikari.HikariDataSource\n1755849 - CVE-2019-14540 jackson-databind: Serialization gadgets in com.zaxxer.hikari.HikariConfig\n1758167 - CVE-2019-17267 jackson-databind: Serialization gadgets in classes of the ehcache package\n1758171 - CVE-2019-14892 jackson-databind: Serialization gadgets in classes of the commons-configuration package\n1758182 - CVE-2019-14893 jackson-databind: Serialization gadgets in classes of the xalan package\n1758187 - CVE-2019-16942 jackson-databind: Serialization gadgets in org.apache.commons.dbcp.datasources.*\n1758191 - CVE-2019-16943 jackson-databind: Serialization gadgets in com.p6spy.engine.spy.P6DataSource\n1764607 - CVE-2019-0210 thrift: Out-of-bounds read related to TJSONProtocol or TSimpleJSONProtocol\n1764612 - CVE-2019-0205 thrift: Endless loop when feed with specific input data\n1764658 - CVE-2019-12400 xml-security: Apache Santuario potentially loads XML parsing code from an untrusted source\n1767483 - CVE-2019-10086 apache-commons-beanutils: does not suppresses the class property in PropertyUtilsBean by default\n1772008 - CVE-2019-14887 wildfly: The \u0027enabled-protocols\u0027 value in legacy security is not respected if OpenSSL security provider is in use\n1772464 - CVE-2019-14888 undertow: possible Denial Of Service (DOS) in Undertow HTTP server listening on HTTPS\n1775293 - CVE-2019-17531 jackson-databind: Serialization gadgets in org.apache.log4j.receivers.db.*\n1793154 - CVE-2019-20330 jackson-databind: lacks certain net.sf.ehcache blocking\n1796225 - CVE-2020-7238 netty: HTTP Request Smuggling due to Transfer-Encoding whitespace mishandling\n1802444 - CVE-2020-1729 SmallRye: SecuritySupport class is incorrectly public and contains a static method to access the current threads context class loader\n1815470 - CVE-2020-10673 jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution\n1815495 - CVE-2020-10672 jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution\n1816170 - CVE-2019-12406 cxf: does not restrict the number of message attachments\n1816175 - CVE-2019-12419 cxf: OpenId Connect token service does not properly validate the clientId\n1816330 - CVE-2020-8840 jackson-databind: Lacks certain xbean-reflect/JNDI blocking\n1816332 - CVE-2020-9546 jackson-databind: Serialization gadgets in shaded-hikari-config\n1816337 - CVE-2020-9547 jackson-databind: Serialization gadgets in ibatis-sqlmap\n1816340 - CVE-2020-9548 jackson-databind: Serialization gadgets in anteros-core\n1819208 - CVE-2020-10968 jackson-databind: Serialization gadgets in org.aoju.bus.proxy.provider.*.RmiProvider\n1819212 - CVE-2020-10969 jackson-databind: Serialization gadgets in javax.swing.JEditorPane\n1821304 - CVE-2020-11111 jackson-databind: Serialization gadgets in org.apache.activemq.jms.pool.XaPooledConnectionFactory\n1821311 - CVE-2020-11112 jackson-databind: Serialization gadgets in org.apache.commons.proxy.provider.remoting.RmiProvider\n1821315 - CVE-2020-11113 jackson-databind: Serialization gadgets in org.apache.openjpa.ee.WASRegistryManagedRuntime\n1826798 - CVE-2020-11620 jackson-databind: Serialization gadgets in commons-jelly:commons-jelly\n1826805 - CVE-2020-11619 jackson-databind: Serialization gadgets in org.springframework:spring-aop\n\n5. Description:\n\nRed Hat JBoss Enterprise Application Platform 7 is a platform for Java\napplications based on the WildFly application runtime. See the Red Hat JBoss Enterprise\nApplication Platform 7.2.5 Release Notes for information about the most\nsignificant bug fixes and enhancements included in this release. \n\nThe References section of this erratum contains a download link (you must\nlog in to download the update). \n\nThe JBoss server process must be restarted for the update to take effect. JIRA issues fixed (https://issues.jboss.org/):\n\nJBEAP-17075 - (7.2.z) Upgrade yasson from 1.0.2.redhat-00001 to 1.0.5\nJBEAP-17220 - (7.2.x) HHH-13504 Upgrade ByteBuddy to 1.9.11\nJBEAP-17365 - [GSS](7.2.z) Upgrade RESTEasy from 3.6.1.SP6 to 3.6.1.SP7\nJBEAP-17476 - [GSS](7.2.z) Upgrade Generic JMS RA 2.0.2.Final\nJBEAP-17478 - [GSS](7.2.z) Upgrade JBoss Remoting from 5.0.14.SP1 to 5.0.16.Final\nJBEAP-17483 - [GSS](7.2.z) Upgrade Apache CXF from 3.2.9 to 3.2.10\nJBEAP-17495 - (7.2.z) Upgrade PicketLink from 2.5.5.SP12-redhat-00007 to 2.5.5.SP12-redhat-00009\nJBEAP-17496 - (7.2.z) Upgrade PicketLink bindings from 2.5.5.SP12-redhat-00007 to 2.5.5.SP12-redhat-00009\nJBEAP-17513 - [GSS](7.2.z) Upgrade Hibernate ORM from 5.3.11.SP1 to 5.3.13\nJBEAP-17521 - (7.2.z) Upgrade picketbox from 5.0.3.Final-redhat-00004 to 5.0.3.Final-redhat-00005\nJBEAP-17523 - [GSS](7.2.z) Upgrade wildfly-core from 6.0.16 to 6.0.17\nJBEAP-17547 - [GSS](7.2.z) Upgrade Elytron-Tool from 1.4.3 to 1.4.4.Final\nJBEAP-17548 - [GSS](7.2.z) Upgrade Elytron from 1.6.4.Final-redhat-00001 to 1.6.5.Final-redhat-00001\nJBEAP-17560 - [GSS](7.2.z) Upgrade HAL from 3.0.16 to 3.0.17\nJBEAP-17579 - [GSS](7.2.z) Upgrade JBoss MSC from 1.4.8 to 1.4.11\nJBEAP-17582 - [GSS](7.2.z) Upgrade JSF based on Mojarra 2.3.5.SP3-redhat-00002 to 2.3.5.SP3-redhat-00003\nJBEAP-17631 - [GSS](7.2.z) Upgrade Undertow from 2.0.25.SP1 to 2.0.26.SP3\nJBEAP-17647 - [GSS](7.2.z) Upgrade IronJacamar from 1.4.17.Final to 1.4.18.Final\nJBEAP-17665 - [GSS](7.2.z) Upgrade XNIO from 3.7.3.Final-redhat-00001 to 3.7.6.Final\nJBEAP-17722 - [GSS](7.2.z) Upgrade wildfly-http-client from 1.0.15.Final-redhat-00001 to 1.0.17.Final\nJBEAP-17874 - (7.2.z) Upgrade to wildfly-openssl 1.0.8\nJBEAP-17880 - (7.2.z) Upgrade XNIO from 3.7.6.Final-redhat-00001 to 3.7.6.SP1\n\n6. \n\nThe fixes are too intrusive to backport to the version in the oldstable\ndistribution (stretch). An upgrade to Debian stable (buster) is\nrecommended instead. \n\nFor the stable distribution (buster), these problems have been fixed in\nversion 8.0.2+ds-1+deb10u1. \n\nWe recommend that you upgrade your trafficserver packages. \n\nFor the detailed security status of trafficserver please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/trafficserver\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl12uUMACgkQEMKTtsN8\nTjbP/Q//UvaJG0Gts7+yZcOmkiaVinEtOzN445QNHGGQMKPfR4/hCuY6TrO0aWUM\nmsNVTMwiEgLtXBqjNC2mT7f1UzQjZ76wb7wXAayaTsUsidMqsL9ZkVpzGSLrMBur\nwrhUpJRbDp/29qBdETP5bpjAp/Q7HMN1d9WbJa1ao2UpG1J2zpB8jQP0UjfVuM8W\nJwDlgj+Oj7M4CuQgN1A4vtK62f5k8X+d4bZZZSNUqkHKJuNFB1STDrDuZ+5aCPGo\nh0PYB/NX21T3W6AfGHIRwJda4IsSqRI/UnNIQygRs2QRiSzkGInCmb5KjsXKAiqF\nSnYLqKlxAcQ/8+zsEUqQKziBrZX6QsIiKFDYRV29KoK3AwDm7s5Q4KHzXGtNX5Mp\na0GzAccDa1GpTxzSI8u5Jo60Ygf2ETkpwiyWSUivcFnzASyDCAwNLAwPAWpfARhO\n2rE+LIi42dGnGfa2plKt7jvQDBj2hBvRHd8nMT8ugoJCTQCNnHC9X5/RNWPqIZmR\nXVHQSRTR8BCCnTdRuvXJB3oQyRQZORMqrsYoARm50+J/v2wJ/Q8Wo4kwWXpflDoH\nSAO10qjWU9Ja5giiQJh9ToJKPfx6sAma77XoaBz0HteCs3uCvyJK5cpmmoMcImyh\n3po/YTjSdJRYZI9YjLWT1ZDP6TeueBkIqf07uuT9Kk92VWuyfhs=UFIM\n-----END PGP SIGNATURE-----\n. Description:\n\nRed Hat Single Sign-On 7.3 is a standalone server, based on the Keycloak\nproject, that provides authentication and standards-based single sign-on\ncapabilities for web and mobile applications. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. JIRA issues fixed (https://issues.jboss.org/):\n\nKEYCLOAK-11816 - Tracker bug for the RH-SSO 7.3.5 release for RHEL7\n\n7. Each of these container images includes gRPC,\nwhich has been updated with the below fixes. Solution:\n\nFor OpenShift Container Platform 4.1 see the following documentation, which\nwill be updated shortly for release 4.1.z, for important instructions on\nhow to upgrade your cluster and fully apply this asynchronous errata\nupdate:\n\nhttps://docs.openshift.com/container-platform/4.1/release_notes/ocp-4-1-rel\nease-notes.html\n\n4. Description:\n\nAMQ Broker is a high-performance messaging implementation based on ActiveMQ\nArtemis. It uses an asynchronous journal for fast message persistence, and\nsupports multiple languages, protocols, and platforms. For further information, refer to the release notes linked to\nin the References section. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n                   Red Hat Security Advisory\n\nSynopsis:          Important: nodejs:10 security update\nAdvisory ID:       RHSA-2019:2925-01\nProduct:           Red Hat Enterprise Linux\nAdvisory URL:      https://access.redhat.com/errata/RHSA-2019:2925\nIssue date:        2019-09-30\nCVE Names:         CVE-2019-9511 CVE-2019-9512 CVE-2019-9513 \n                   CVE-2019-9514 CVE-2019-9515 CVE-2019-9516 \n                   CVE-2019-9517 CVE-2019-9518 \n=====================================================================\n\n1. Summary:\n\nAn update for the nodejs:10 module is now available for Red Hat Enterprise\nLinux 8. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux AppStream (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64\n\n3. Description:\n\nNode.js is a software development platform for building fast and scalable\nnetwork applications in the JavaScript programming language. \n\nThe following packages have been upgraded to a later upstream version:\nnodejs (10.16.3). \n\nSecurity Fix(es):\n\n* HTTP/2: large amount of data requests leads to denial of service\n(CVE-2019-9511)\n\n* HTTP/2: flood using PING frames results in unbounded memory growth\n(CVE-2019-9512)\n\n* HTTP/2: flood using PRIORITY frames results in excessive resource\nconsumption (CVE-2019-9513)\n\n* HTTP/2: flood using HEADERS frames results in unbounded memory growth\n(CVE-2019-9514)\n\n* HTTP/2: flood using SETTINGS frames results in unbounded memory growth\n(CVE-2019-9515)\n\n* HTTP/2: 0-length headers lead to denial of service (CVE-2019-9516)\n\n* HTTP/2: request for large response leads to denial of service\n(CVE-2019-9517)\n\n* HTTP/2: flood using empty frames results in excessive resource\nconsumption (CVE-2019-9518)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1735645 - CVE-2019-9512 HTTP/2: flood using PING frames results in unbounded memory growth\n1735741 - CVE-2019-9513 HTTP/2: flood using PRIORITY frames results in excessive resource consumption\n1735744 - CVE-2019-9514 HTTP/2: flood using HEADERS frames results in unbounded memory growth\n1735745 - CVE-2019-9515 HTTP/2: flood using SETTINGS frames results in unbounded memory growth\n1735749 - CVE-2019-9518 HTTP/2: flood using empty frames results in excessive resource consumption\n1741860 - CVE-2019-9511 HTTP/2: large amount of data requests leads to denial of service\n1741864 - CVE-2019-9516 HTTP/2: 0-length headers lead to denial of service\n1741868 - CVE-2019-9517 HTTP/2: request for large response leads to denial of service\n\n6. Package List:\n\nRed Hat Enterprise Linux AppStream (v. 8):\n\nSource:\nnodejs-10.16.3-2.module+el8.0.0+4214+49953fda.src.rpm\nnodejs-nodemon-1.18.3-1.module+el8+2632+6c5111ed.src.rpm\nnodejs-packaging-17-3.module+el8+2873+aa7dfd9a.src.rpm\n\naarch64:\nnodejs-10.16.3-2.module+el8.0.0+4214+49953fda.aarch64.rpm\nnodejs-debuginfo-10.16.3-2.module+el8.0.0+4214+49953fda.aarch64.rpm\nnodejs-debugsource-10.16.3-2.module+el8.0.0+4214+49953fda.aarch64.rpm\nnodejs-devel-10.16.3-2.module+el8.0.0+4214+49953fda.aarch64.rpm\nnpm-6.9.0-1.10.16.3.2.module+el8.0.0+4214+49953fda.aarch64.rpm\n\nnoarch:\nnodejs-docs-10.16.3-2.module+el8.0.0+4214+49953fda.noarch.rpm\nnodejs-nodemon-1.18.3-1.module+el8+2632+6c5111ed.noarch.rpm\nnodejs-packaging-17-3.module+el8+2873+aa7dfd9a.noarch.rpm\n\nppc64le:\nnodejs-10.16.3-2.module+el8.0.0+4214+49953fda.ppc64le.rpm\nnodejs-debuginfo-10.16.3-2.module+el8.0.0+4214+49953fda.ppc64le.rpm\nnodejs-debugsource-10.16.3-2.module+el8.0.0+4214+49953fda.ppc64le.rpm\nnodejs-devel-10.16.3-2.module+el8.0.0+4214+49953fda.ppc64le.rpm\nnpm-6.9.0-1.10.16.3.2.module+el8.0.0+4214+49953fda.ppc64le.rpm\n\ns390x:\nnodejs-10.16.3-2.module+el8.0.0+4214+49953fda.s390x.rpm\nnodejs-debuginfo-10.16.3-2.module+el8.0.0+4214+49953fda.s390x.rpm\nnodejs-debugsource-10.16.3-2.module+el8.0.0+4214+49953fda.s390x.rpm\nnodejs-devel-10.16.3-2.module+el8.0.0+4214+49953fda.s390x.rpm\nnpm-6.9.0-1.10.16.3.2.module+el8.0.0+4214+49953fda.s390x.rpm\n\nx86_64:\nnodejs-10.16.3-2.module+el8.0.0+4214+49953fda.x86_64.rpm\nnodejs-debuginfo-10.16.3-2.module+el8.0.0+4214+49953fda.x86_64.rpm\nnodejs-debugsource-10.16.3-2.module+el8.0.0+4214+49953fda.x86_64.rpm\nnodejs-devel-10.16.3-2.module+el8.0.0+4214+49953fda.x86_64.rpm\nnodejs-devel-debuginfo-10.16.3-2.module+el8.0.0+4214+49953fda.x86_64.rpm\nnpm-6.9.0-1.10.16.3.2.module+el8.0.0+4214+49953fda.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2019-9511\nhttps://access.redhat.com/security/cve/CVE-2019-9512\nhttps://access.redhat.com/security/cve/CVE-2019-9513\nhttps://access.redhat.com/security/cve/CVE-2019-9514\nhttps://access.redhat.com/security/cve/CVE-2019-9515\nhttps://access.redhat.com/security/cve/CVE-2019-9516\nhttps://access.redhat.com/security/cve/CVE-2019-9517\nhttps://access.redhat.com/security/cve/CVE-2019-9518\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2019 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBXZGtHtzjgjWX9erEAQiTyRAAor6sJh3gZ6PZ3xUQhSyFif5kUuLb9dOa\ngsUrFUW9QjnSD4OeWq0eOJ+W1VkY0WKU0p2KCt4f0R9Msi85EKRzjymM4iv8icMu\nCOL40Wcyvpn2WsdzHrrCT0rM7jiry7YShv/KOlao2wUhkbzs5aHc9D8fBhUvkiCj\nbHQhrGY+63pnIe6LyCUJ9nEEGPCMaFdpzI+9hDvAevh2ooj6h0PISg/MOb5T7N2z\nd0RNhrmp5wJUJWbb2hrcnUrbu4CQjf5r44a4R1EdrAL8C+y2vgnVO+wb8RprnMrW\n350YueLNrCSYgqeysfbcNG1ccP6iZ/YLCOIOwfb9138cDqelUooAdPKmAj6hY97O\npRv1cfc4sBCu1MxhnUgRcY3idmD7qaSbY7lNize04z/HMNK5aq3Kgx5bN/q0OA+n\nFqWVVCckoFYIn6wWUv1CPlAskpjqns2DPoEd1AUeZH9Efg0JBgKGgQh64T6q20Ua\nJe5DSConOr149WxNARXWbVz7FhnI+wsDTQzWTk7XuXBfhvSHrfl9tqD444cNP1wm\nWAvONvS+nlxDOqk4Joo+ZOHA9Wjx/lxciQo6S8aYaQHnCBSUbXAvXjKy0VeoUUdz\nbD5zrdhbGiSxtR0WNKVP0KVb62P14HGGrceFQRIJPSiqkIrNBS7oeCLuOPpB1QSx\nJ/w0T73QFqQ=\n=4d1d\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2019-9515"
          },
          {
            "db": "CERT/CC",
            "id": "VU#605641"
          },
          {
            "db": "VULHUB",
            "id": "VHN-160950"
          },
          {
            "db": "PACKETSTORM",
            "id": "158650"
          },
          {
            "db": "PACKETSTORM",
            "id": "157741"
          },
          {
            "db": "PACKETSTORM",
            "id": "155480"
          },
          {
            "db": "PACKETSTORM",
            "id": "154222"
          },
          {
            "db": "PACKETSTORM",
            "id": "154430"
          },
          {
            "db": "PACKETSTORM",
            "id": "157214"
          },
          {
            "db": "PACKETSTORM",
            "id": "155518"
          },
          {
            "db": "PACKETSTORM",
            "id": "154475"
          },
          {
            "db": "PACKETSTORM",
            "id": "156852"
          },
          {
            "db": "PACKETSTORM",
            "id": "154663"
          }
        ],
        "trust": 2.61
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2019-9515",
            "trust": 2.7
          },
          {
            "db": "CERT/CC",
            "id": "VU#605641",
            "trust": 2.5
          },
          {
            "db": "MCAFEE",
            "id": "SB10296",
            "trust": 1.7
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201908-932",
            "trust": 0.7
          },
          {
            "db": "PACKETSTORM",
            "id": "158651",
            "trust": 0.7
          },
          {
            "db": "PACKETSTORM",
            "id": "154222",
            "trust": 0.7
          },
          {
            "db": "PACKETSTORM",
            "id": "157214",
            "trust": 0.7
          },
          {
            "db": "PACKETSTORM",
            "id": "156852",
            "trust": 0.7
          },
          {
            "db": "PACKETSTORM",
            "id": "155484",
            "trust": 0.6
          },
          {
            "db": "PACKETSTORM",
            "id": "156830",
            "trust": 0.6
          },
          {
            "db": "PACKETSTORM",
            "id": "156941",
            "trust": 0.6
          },
          {
            "db": "PACKETSTORM",
            "id": "158095",
            "trust": 0.6
          },
          {
            "db": "PACKETSTORM",
            "id": "156628",
            "trust": 0.6
          },
          {
            "db": "PACKETSTORM",
            "id": "155352",
            "trust": 0.6
          },
          {
            "db": "PACKETSTORM",
            "id": "155520",
            "trust": 0.6
          },
          {
            "db": "PACKETSTORM",
            "id": "155728",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2019.4238",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2019.4737",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2019.4332",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.1030",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.2619",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2019.4533",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.0643",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.1766",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2019.3325",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.1076",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.0994",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2019.3114",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2019.3597.2",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.0007",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2019.4645",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2019.4596",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2019.3227",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2019.4586",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.0100",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2019.4788",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.2071",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2019.3299",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2019.4484",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.1335",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.1427",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2019.4665",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.0832",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2019.3597.3",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022072128",
            "trust": 0.6
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-19-346-01",
            "trust": 0.6
          },
          {
            "db": "PACKETSTORM",
            "id": "158650",
            "trust": 0.2
          },
          {
            "db": "VULHUB",
            "id": "VHN-160950",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "157741",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "155480",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "154430",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "155518",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "154475",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "154663",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#605641"
          },
          {
            "db": "VULHUB",
            "id": "VHN-160950"
          },
          {
            "db": "PACKETSTORM",
            "id": "158650"
          },
          {
            "db": "PACKETSTORM",
            "id": "157741"
          },
          {
            "db": "PACKETSTORM",
            "id": "155480"
          },
          {
            "db": "PACKETSTORM",
            "id": "154222"
          },
          {
            "db": "PACKETSTORM",
            "id": "154430"
          },
          {
            "db": "PACKETSTORM",
            "id": "157214"
          },
          {
            "db": "PACKETSTORM",
            "id": "155518"
          },
          {
            "db": "PACKETSTORM",
            "id": "154475"
          },
          {
            "db": "PACKETSTORM",
            "id": "156852"
          },
          {
            "db": "PACKETSTORM",
            "id": "154663"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201908-932"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-9515"
          }
        ]
      },
      "id": "VAR-201908-0265",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-160950"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2024-07-23T22:03:39.695000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "HTTP/2 Remedial measures to achieve security vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=96616"
          }
        ],
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201908-932"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-770",
            "trust": 1.1
          },
          {
            "problemtype": "CWE-400",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-160950"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-9515"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.5,
            "url": "https://github.com/netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md"
          },
          {
            "trust": 2.5,
            "url": "https://www.synology.com/security/advisory/synology_sa_19_33"
          },
          {
            "trust": 2.4,
            "url": "https://access.redhat.com/errata/rhsa-2019:4021"
          },
          {
            "trust": 2.4,
            "url": "https://access.redhat.com/errata/rhsa-2019:4041"
          },
          {
            "trust": 2.3,
            "url": "https://www.debian.org/security/2019/dsa-4508"
          },
          {
            "trust": 2.3,
            "url": "https://access.redhat.com/errata/rhsa-2019:3892"
          },
          {
            "trust": 2.3,
            "url": "https://access.redhat.com/errata/rhsa-2019:4018"
          },
          {
            "trust": 2.3,
            "url": "https://access.redhat.com/errata/rhsa-2019:4019"
          },
          {
            "trust": 2.3,
            "url": "https://access.redhat.com/errata/rhsa-2019:4020"
          },
          {
            "trust": 2.3,
            "url": "https://access.redhat.com/errata/rhsa-2019:4040"
          },
          {
            "trust": 2.3,
            "url": "https://access.redhat.com/errata/rhsa-2019:4042"
          },
          {
            "trust": 2.3,
            "url": "https://access.redhat.com/errata/rhsa-2019:4045"
          },
          {
            "trust": 2.3,
            "url": "https://access.redhat.com/errata/rhsa-2019:4352"
          },
          {
            "trust": 1.8,
            "url": "https://access.redhat.com/errata/rhsa-2019:2766"
          },
          {
            "trust": 1.8,
            "url": "https://access.redhat.com/errata/rhsa-2019:2925"
          },
          {
            "trust": 1.7,
            "url": "https://seclists.org/bugtraq/2019/aug/24"
          },
          {
            "trust": 1.7,
            "url": "https://seclists.org/bugtraq/2019/aug/43"
          },
          {
            "trust": 1.7,
            "url": "https://seclists.org/bugtraq/2019/sep/18"
          },
          {
            "trust": 1.7,
            "url": "https://kb.cert.org/vuls/id/605641/"
          },
          {
            "trust": 1.7,
            "url": "https://security.netapp.com/advisory/ntap-20190823-0005/"
          },
          {
            "trust": 1.7,
            "url": "https://support.f5.com/csp/article/k50233772"
          },
          {
            "trust": 1.7,
            "url": "https://www.debian.org/security/2019/dsa-4520"
          },
          {
            "trust": 1.7,
            "url": "http://seclists.org/fulldisclosure/2019/aug/16"
          },
          {
            "trust": 1.7,
            "url": "https://access.redhat.com/errata/rhsa-2019:2796"
          },
          {
            "trust": 1.7,
            "url": "https://access.redhat.com/errata/rhsa-2019:2861"
          },
          {
            "trust": 1.7,
            "url": "https://access.redhat.com/errata/rhsa-2019:2939"
          },
          {
            "trust": 1.7,
            "url": "https://access.redhat.com/errata/rhsa-2019:2955"
          },
          {
            "trust": 1.7,
            "url": "https://access.redhat.com/errata/rhsa-2020:0727"
          },
          {
            "trust": 1.7,
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00032.html"
          },
          {
            "trust": 1.7,
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00031.html"
          },
          {
            "trust": 1.7,
            "url": "https://usn.ubuntu.com/4308-1/"
          },
          {
            "trust": 1.6,
            "url": "https://blogs.akamai.com/sitr/2019/08/http2-vulnerabilities.html"
          },
          {
            "trust": 1.6,
            "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10296"
          },
          {
            "trust": 1.5,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9515"
          },
          {
            "trust": 1.0,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9514"
          },
          {
            "trust": 1.0,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9512"
          },
          {
            "trust": 1.0,
            "url": "https://lists.apache.org/thread.html/392108390cef48af647a2e47b7fd5380e050e35ae8d1aa2030254c04%40%3cusers.trafficserver.apache.org%3e"
          },
          {
            "trust": 1.0,
            "url": "https://lists.apache.org/thread.html/ad3d01e767199c1aed8033bb6b3f5bf98c011c7c536f07a5d34b3c19%40%3cannounce.trafficserver.apache.org%3e"
          },
          {
            "trust": 1.0,
            "url": "https://lists.apache.org/thread.html/bde52309316ae798186d783a5e29f4ad1527f61c9219a289d0eee0a7%40%3cdev.trafficserver.apache.org%3e"
          },
          {
            "trust": 1.0,
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4zqghe3wtylyayjeidjvf2figqtaypmc/"
          },
          {
            "trust": 1.0,
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/cmnfx5mnyrwwimo4btkyqcgudmho3axp/"
          },
          {
            "trust": 1.0,
            "url": "https://support.f5.com/csp/article/k50233772?utm_source=f5support\u0026amp%3butm_medium=rss"
          },
          {
            "trust": 0.8,
            "url": "https://vuls.cert.org/confluence/pages/viewpage.action?pageid=56393752"
          },
          {
            "trust": 0.8,
            "url": "https://tools.ietf.org/html/rfc7540"
          },
          {
            "trust": 0.8,
            "url": "https://tools.ietf.org/html/rfc7541"
          },
          {
            "trust": 0.8,
            "url": "https://blog.cloudflare.com/on-the-recent-http-2-dos-attacks/"
          },
          {
            "trust": 0.8,
            "url": "https://blog.litespeedtech.com/2019/08/15/litespeed-addresses-http-2-dos-advisories/"
          },
          {
            "trust": 0.8,
            "url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-9511https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-9512https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-9513https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-9514https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-9518"
          },
          {
            "trust": 0.8,
            "url": "https://access.redhat.com/security/cve/cve-2019-9512"
          },
          {
            "trust": 0.8,
            "url": "https://access.redhat.com/security/updates/classification/#important"
          },
          {
            "trust": 0.8,
            "url": "https://access.redhat.com/security/cve/cve-2019-9514"
          },
          {
            "trust": 0.8,
            "url": "https://access.redhat.com/security/cve/cve-2019-9515"
          },
          {
            "trust": 0.8,
            "url": "https://access.redhat.com/security/team/contact/"
          },
          {
            "trust": 0.8,
            "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
          },
          {
            "trust": 0.8,
            "url": "https://bugzilla.redhat.com/):"
          },
          {
            "trust": 0.7,
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/cmnfx5mnyrwwimo4btkyqcgudmho3axp/"
          },
          {
            "trust": 0.7,
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4zqghe3wtylyayjeidjvf2figqtaypmc/"
          },
          {
            "trust": 0.7,
            "url": "https://lists.apache.org/thread.html/ad3d01e767199c1aed8033bb6b3f5bf98c011c7c536f07a5d34b3c19@%3cannounce.trafficserver.apache.org%3e"
          },
          {
            "trust": 0.7,
            "url": "https://lists.apache.org/thread.html/bde52309316ae798186d783a5e29f4ad1527f61c9219a289d0eee0a7@%3cdev.trafficserver.apache.org%3e"
          },
          {
            "trust": 0.7,
            "url": "https://lists.apache.org/thread.html/392108390cef48af647a2e47b7fd5380e050e35ae8d1aa2030254c04@%3cusers.trafficserver.apache.org%3e"
          },
          {
            "trust": 0.6,
            "url": "https://support.f5.com/csp/article/k50233772?utm_source=f5support\u0026utm_medium=rss"
          },
          {
            "trust": 0.6,
            "url": "http2-cves/"
          },
          {
            "trust": 0.6,
            "url": "https://www.cloudfoundry.org/blog/various-"
          },
          {
            "trust": 0.6,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9518"
          },
          {
            "trust": 0.6,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9517"
          },
          {
            "trust": 0.6,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9516"
          },
          {
            "trust": 0.6,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9515"
          },
          {
            "trust": 0.6,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9514"
          },
          {
            "trust": 0.6,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9513"
          },
          {
            "trust": 0.6,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9512"
          },
          {
            "trust": 0.6,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9511"
          },
          {
            "trust": 0.6,
            "url": "https://www.suse.com/support/update/announcement/2019/suse-su-20192260-1.html"
          },
          {
            "trust": 0.6,
            "url": "https://support.apple.com/en-au/ht210436"
          },
          {
            "trust": 0.6,
            "url": "https://www.suse.com/support/update/announcement/2019/suse-su-20192254-1.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/support/pages/node/1126605"
          },
          {
            "trust": 0.6,
            "url": "https://www.suse.com/support/update/announcement/2019/suse-su-201914246-1.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/support/pages/node/1104951"
          },
          {
            "trust": 0.6,
            "url": "https://www.us-cert.gov/ics/advisories/icsa-19-346-01"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/support/pages/node/1109787"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/support/pages/node/1109781"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/support/pages/node/1108515"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/support/pages/node/1109775"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/support/pages/node/1165894"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/support/pages/node/1165906"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/support/pages/node/1135167"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/support/pages/node/1164346"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/support/pages/node/1164364"
          },
          {
            "trust": 0.6,
            "url": "https://www.suse.com/support/update/announcement/2020/suse-su-20200059-1.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-dependent-libraries-affect-ibm-db2-leading-to-denial-of-service-or-privilege-escalation/"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/support/pages/node/1128387"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/157214/red-hat-security-advisory-2020-1445-01.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2019.4788/"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2019.4586/"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.0994/"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-node-js-affect-ibm-spectrum-protect-plus-cve-2019-15606-cve-2019-15604-cve-2019-15605-cve-2019-9511-cve-2019-9516-cve-2019-9512-cve-2019-9517-cve-2019-951/"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2019.4332/"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.0643/"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2019.4484/"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-have-been-identified-in-db2-that-affect-the-ibm-performance-management-product/"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/support/pages/node/1143454"
          },
          {
            "trust": 0.6,
            "url": "http2-implementation-vulnerablility/"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/blogs/psirt/security-bulletin-websphere-liberty-susceptible-to-"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/155728/red-hat-security-advisory-2019-4352-01.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.2619/"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2019.3227/"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2019.3114/"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-kubernetes-affect-ibm-infosphere-information-server/"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2019.3299/"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-websphere-application-server-liberty-affect-ibm-spectrum-protect-operations-center-and-client-management-service/"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.1335/"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2019.3597.3/"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/158095/red-hat-security-advisory-2020-2565-01.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/support/pages/node/1071852"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2019.4737/"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/156830/ubuntu-security-notice-usn-4308-1.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.0832/"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/support/pages/node/1137466"
          },
          {
            "trust": 0.6,
            "url": "https://vigilance.fr/vulnerability/http-2-multiple-vulnerabilities-30040"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/155484/red-hat-security-advisory-2019-4019-01.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-netty-affect-ibm-operations-analytics-predictive-insights-cve-2019-9514-cve-2019-9512-cve-2019-9518-cve-2019-9515/"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.1076/"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2019.3325/"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/156628/red-hat-security-advisory-2020-0727-01.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-dependent-libraries-affect-ibm-db2-leading-to-denial-of-service-or-privilege-escalation-3/"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.2071/"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/support/pages/node/1127397"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.1427/"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2019.4645/"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2019.3597.2/"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2019.4665/"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-watson-discovery-for-ibm-cloud-pak-for-data-affected-by-vulnerability-in-netty/"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-netty-affect-ibm-netcool-agile-service-manager/"
          },
          {
            "trust": 0.6,
            "url": "https://pivotal.io/security/cve-2019-9517"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-db2-warehouse-has-released-a-fix-in-response-to-multiple-vulnerabilities-found-in-ibm-db2/"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-transformation-advisor-is-affected-by-vulnerabilities-in-websphere-application-server-liberty-cve-2019-9515-cve-2019-9518-cve-2019-9517-cve-2019-9512-cve-2019-9514-c/"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2019.4596/"
          },
          {
            "trust": 0.6,
            "url": "https://support.apple.com/en-us/ht210436"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/155520/red-hat-security-advisory-2019-4045-01.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-ibm-db2-and-ibm-java-runtime-affect-ibm-spectrum-protect-server/"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-in-ibm-websphere-application-server-affect-ibm-sterling-b2b-integrator/"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/156852/red-hat-security-advisory-2020-0922-01.html"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/156941/red-hat-security-advisory-2020-0983-01.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.1766/"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022072128"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-dependent-libraries-affect-ibm-db2-leading-to-denial-of-service-or-privilege-escalation-2/"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/154222/debian-security-advisory-4508-1.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-infosphere-information-server-is-affected-by-multiple-vulnerabilities-in-websphere-application-server-liberty/"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/158651/red-hat-security-advisory-2020-3197-01.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2019.4533/"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/support/pages/node/1150960"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.0100/"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/support/pages/node/1167160"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.0007/"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2019.4238/"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/155352/red-hat-security-advisory-2019-3892-01.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/support/pages/node/1165852"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.1030/"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/support/pages/node/1127853"
          },
          {
            "trust": 0.5,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9518"
          },
          {
            "trust": 0.5,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9511"
          },
          {
            "trust": 0.5,
            "url": "https://access.redhat.com/security/cve/cve-2019-9511"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2019-9518"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2020-7238"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20444"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2019-20445"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2019-20444"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2019-16869"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-7238"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-16869"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20445"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14838"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2019-14838"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9517"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2019-9517"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2019-9516"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9516"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2020-11112"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-12406"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2020-9547"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2020-11113"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2020-10968"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2020-9546"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2020-10672"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2019-12406"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20330"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2020-11619"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2020-10673"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2020-9548"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2020-8840"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2020-10969"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2020-11620"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2019-20330"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2020-11111"
          },
          {
            "trust": 0.2,
            "url": "https://issues.jboss.org/):"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14843"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2019-14843"
          },
          {
            "trust": 0.2,
            "url": "https://www.debian.org/security/faq"
          },
          {
            "trust": 0.2,
            "url": "https://www.debian.org/security/"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2019-0222"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-10247"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-0222"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-10241"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2019-10247"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2019-10241"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/articles/11258"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/team/key/"
          },
          {
            "trust": 0.1,
            "url": "https://kc.mcafee.com/corporate/index?page=content\u0026amp;id=sb10296"
          },
          {
            "trust": 0.1,
            "url": "https://support.f5.com/csp/article/k50233772?utm_source=f5support\u0026amp;amp;utm_medium=rss"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-14060"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-17573"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-1718"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-14060"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-13990"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-11620"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-17573"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-11612"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-14061"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-1718"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-13990"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2020:3196"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-14062"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=rhdm\u0026version=7.8.0"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-10672"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-11619"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-11111"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-12423"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-11112"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-11612"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-12423"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-10968"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/documentation/en-us/red_hat_decision_manager/7.8/html/release_notes_for_red_hat_decision_manager_7.8/index"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-10969"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-14061"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-11113"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-14062"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-10673"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-16335"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-3875"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-14832"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-16943"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-10201"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/documentation/en-us/red_hat_build_of_thorntail/2.5/html/release_notes_for_thorntail_2.5/"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2020:2067"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-3875"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-12400"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-0210"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-0205"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-12419"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-17531"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-16335"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-0210"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-10086"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-10219"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14832"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-17531"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-14540"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-17267"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-10199"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=catrhoar.thorntail\u0026version=2.5.1"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-16942"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14887"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14892"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-10201"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-1729"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-16943"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-12419"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-17267"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-0205"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-14893"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-10199"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-16942"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14893"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-14888"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-12400"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-14892"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-10219"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-10086"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-14887"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14540"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-14820"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14820"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14888"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.2/html-single/installation_guide/"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.2/"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=appplatform\u0026downloadtype=securitypatches\u0026version=7.2"
          },
          {
            "trust": 0.1,
            "url": "https://security-tracker.debian.org/tracker/h2o"
          },
          {
            "trust": 0.1,
            "url": "https://security-tracker.debian.org/tracker/trafficserver"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=jboss.amq.broker\u0026version=7.4.3"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2020:1445"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/documentation/en-us/red_hat_amq/7.4/"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/documentation/en-us/red_hat_single_sign-on/7.3/"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-14837"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14837"
          },
          {
            "trust": 0.1,
            "url": "https://docs.openshift.com/container-platform/4.1/release_notes/ocp-4-1-rel"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/documentation/en-us/red_hat_amq/7.6/"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=jboss.amq.broker\u0026version=7.6.0\u0026productchanged=yes"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2020:0922"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9513"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-9513"
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#605641"
          },
          {
            "db": "VULHUB",
            "id": "VHN-160950"
          },
          {
            "db": "PACKETSTORM",
            "id": "158650"
          },
          {
            "db": "PACKETSTORM",
            "id": "157741"
          },
          {
            "db": "PACKETSTORM",
            "id": "155480"
          },
          {
            "db": "PACKETSTORM",
            "id": "154222"
          },
          {
            "db": "PACKETSTORM",
            "id": "154430"
          },
          {
            "db": "PACKETSTORM",
            "id": "157214"
          },
          {
            "db": "PACKETSTORM",
            "id": "155518"
          },
          {
            "db": "PACKETSTORM",
            "id": "154475"
          },
          {
            "db": "PACKETSTORM",
            "id": "156852"
          },
          {
            "db": "PACKETSTORM",
            "id": "154663"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201908-932"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-9515"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CERT/CC",
            "id": "VU#605641"
          },
          {
            "db": "VULHUB",
            "id": "VHN-160950"
          },
          {
            "db": "PACKETSTORM",
            "id": "158650"
          },
          {
            "db": "PACKETSTORM",
            "id": "157741"
          },
          {
            "db": "PACKETSTORM",
            "id": "155480"
          },
          {
            "db": "PACKETSTORM",
            "id": "154222"
          },
          {
            "db": "PACKETSTORM",
            "id": "154430"
          },
          {
            "db": "PACKETSTORM",
            "id": "157214"
          },
          {
            "db": "PACKETSTORM",
            "id": "155518"
          },
          {
            "db": "PACKETSTORM",
            "id": "154475"
          },
          {
            "db": "PACKETSTORM",
            "id": "156852"
          },
          {
            "db": "PACKETSTORM",
            "id": "154663"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201908-932"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-9515"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-08-13T00:00:00",
            "db": "CERT/CC",
            "id": "VU#605641"
          },
          {
            "date": "2019-08-13T00:00:00",
            "db": "VULHUB",
            "id": "VHN-160950"
          },
          {
            "date": "2020-07-29T17:52:58",
            "db": "PACKETSTORM",
            "id": "158650"
          },
          {
            "date": "2020-05-18T16:42:53",
            "db": "PACKETSTORM",
            "id": "157741"
          },
          {
            "date": "2019-11-27T15:38:24",
            "db": "PACKETSTORM",
            "id": "155480"
          },
          {
            "date": "2019-08-26T16:13:10",
            "db": "PACKETSTORM",
            "id": "154222"
          },
          {
            "date": "2019-09-10T23:12:17",
            "db": "PACKETSTORM",
            "id": "154430"
          },
          {
            "date": "2020-04-14T15:39:41",
            "db": "PACKETSTORM",
            "id": "157214"
          },
          {
            "date": "2019-12-02T19:20:11",
            "db": "PACKETSTORM",
            "id": "155518"
          },
          {
            "date": "2019-09-12T20:40:57",
            "db": "PACKETSTORM",
            "id": "154475"
          },
          {
            "date": "2020-03-23T15:57:42",
            "db": "PACKETSTORM",
            "id": "156852"
          },
          {
            "date": "2019-09-30T13:33:33",
            "db": "PACKETSTORM",
            "id": "154663"
          },
          {
            "date": "2019-08-13T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201908-932"
          },
          {
            "date": "2019-08-13T21:15:12.520000",
            "db": "NVD",
            "id": "CVE-2019-9515"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-11-19T00:00:00",
            "db": "CERT/CC",
            "id": "VU#605641"
          },
          {
            "date": "2020-10-22T00:00:00",
            "db": "VULHUB",
            "id": "VHN-160950"
          },
          {
            "date": "2022-07-22T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201908-932"
          },
          {
            "date": "2023-11-07T03:13:42.650000",
            "db": "NVD",
            "id": "CVE-2019-9515"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201908-932"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "HTTP/2 implementations do not robustly handle abnormal traffic and resource exhaustion",
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#605641"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "resource management error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201908-932"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202310-0175

    Vulnerability from variot - Updated: 2024-07-23 21:36

    The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.

    Description:

    AMQ Broker is a high-performance messaging implementation based on ActiveMQ Artemis. It uses an asynchronous journal for fast message persistence, and supports multiple languages, protocols, and platforms. For further information, refer to the release notes linked to in the References section.

    Description:

    Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.

    Description:

    Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.

    Description:

    nghttp2 contains the Hypertext Transfer Protocol version 2 (HTTP/2) client, server, and proxy programs as well as a library implementing the HTTP/2 protocol in C.

    The following data is constructed from data provided by Red Hat's json file at:

    https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_5710.json

    Red Hat officially shut down their mailing list notifications October 10, 2023. Due to this, Packet Storm has recreated the below data as a reference point to raise awareness. It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

    • Packet Storm Staff

    ==================================================================== Red Hat Security Advisory

    Synopsis: Important: dotnet6.0 security update Advisory ID: RHSA-2023:5710-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2023:5710 Issue date: 2023-10-16 Revision: 01 CVE Names: CVE-2023-44487 ====================================================================

    Summary:

    An update for dotnet6.0 is now available for Red Hat Enterprise Linux 8.

    Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

    Description:

    .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.

    New versions of .NET that address a security vulnerability are now available. The updated versions are .NET 6.0 to SDK 6.0.123 and Runtime 6.0.23.

    Security Fix(es):

    • HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

    Solution:

    https://access.redhat.com/articles/11258

    CVEs:

    CVE-2023-44487

    References:

    https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/security/vulnerabilities/RHSB-2023-003

    . ========================================================================== Ubuntu Security Notice USN-6754-1 April 25, 2024

    nghttp2 vulnerabilities

    A security issue affects these releases of Ubuntu and its derivatives:

    • Ubuntu 23.10
    • Ubuntu 22.04 LTS
    • Ubuntu 20.04 LTS
    • Ubuntu 18.04 LTS (Available with Ubuntu Pro)
    • Ubuntu 16.04 LTS (Available with Ubuntu Pro)

    Summary:

    Several security issues were fixed in nghttp2.

    Software Description: - nghttp2: HTTP/2 C Library and tools

    Details:

    It was discovered that nghttp2 incorrectly handled the HTTP/2 implementation. A remote attacker could possibly use this issue to cause nghttp2 to consume resources, leading to a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2019-9511, CVE-2019-9513)

    It was discovered that nghttp2 incorrectly handled request cancellation. A remote attacker could possibly use this issue to cause nghttp2 to consume resources, leading to a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2023-44487)

    It was discovered that nghttp2 could be made to process an unlimited number of HTTP/2 CONTINUATION frames. A remote attacker could possibly use this issue to cause nghttp2 to consume resources, leading to a denial of service. (CVE-2024-28182)

    Update instructions:

    The problem can be corrected by updating your system to the following package versions:

    Ubuntu 23.10: libnghttp2-14 1.55.1-1ubuntu0.2 nghttp2 1.55.1-1ubuntu0.2 nghttp2-client 1.55.1-1ubuntu0.2 nghttp2-proxy 1.55.1-1ubuntu0.2 nghttp2-server 1.55.1-1ubuntu0.2

    Ubuntu 22.04 LTS: libnghttp2-14 1.43.0-1ubuntu0.2 nghttp2 1.43.0-1ubuntu0.2 nghttp2-client 1.43.0-1ubuntu0.2 nghttp2-proxy 1.43.0-1ubuntu0.2 nghttp2-server 1.43.0-1ubuntu0.2

    Ubuntu 20.04 LTS: libnghttp2-14 1.40.0-1ubuntu0.3 nghttp2 1.40.0-1ubuntu0.3 nghttp2-client 1.40.0-1ubuntu0.3 nghttp2-proxy 1.40.0-1ubuntu0.3 nghttp2-server 1.40.0-1ubuntu0.3

    Ubuntu 18.04 LTS (Available with Ubuntu Pro): libnghttp2-14 1.30.0-1ubuntu1+esm2 nghttp2 1.30.0-1ubuntu1+esm2 nghttp2-client 1.30.0-1ubuntu1+esm2 nghttp2-proxy 1.30.0-1ubuntu1+esm2 nghttp2-server 1.30.0-1ubuntu1+esm2

    Ubuntu 16.04 LTS (Available with Ubuntu Pro): libnghttp2-14 1.7.1-1ubuntu0.1~esm2 nghttp2 1.7.1-1ubuntu0.1~esm2 nghttp2-client 1.7.1-1ubuntu0.1~esm2 nghttp2-proxy 1.7.1-1ubuntu0.1~esm2 nghttp2-server 1.7.1-1ubuntu0.1~esm2

    In general, a standard system update will make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512


    Debian Security Advisory DSA-5558-1 security@debian.org https://www.debian.org/security/ Markus Koschany November 18, 2023 https://www.debian.org/security/faq


    Package : netty CVE ID : CVE-2023-34462 CVE-2023-44487 Debian Bug : 1038947 1054234

    Two security vulnerabilities have been discovered in Netty, a Java NIO client/server socket framework.

    CVE-2023-34462

    It might be possible for a remote peer to send a client hello packet during
    a TLS handshake which lead the server to buffer up to 16 MB of data per
    connection. This could lead to a OutOfMemoryError and so result in a denial
    of service. 
    This problem is also known as Rapid Reset Attack.
    

    For the oldstable distribution (bullseye), these problems have been fixed in version 1:4.1.48-4+deb11u2.

    For the stable distribution (bookworm), these problems have been fixed in version 1:4.1.48-7+deb12u1.

    We recommend that you upgrade your netty packages.

    For the detailed security status of netty please refer to its security tracker page at: https://security-tracker.debian.org/tracker/netty

    Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/

    Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----

    iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmVY5TZfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7 UeRHiBAAzFhW85Ho37J02wrSDVwhIMTsVjNO9lnA08Pswdohr9K1wxeCJ/hBAx97 UNIrjTxyOfCJWi1Kj5pITXEHBRu6w1fj/5y9yoMpAKEu+oGQroHbSf4CPmqP2Of0 eamkfbGx2Dh7Ug3qYxe+elcqRtU3gu8I8DYcWJnm2VpWq7/pbNJ+9iqtmMjhkPLH 1etLI/5HAkwpPimZSrHzcimn39gEVaIbZLc86ZBAoAPghc+iJR1JFHERmkEutWkB eAnL3kD1mr6F711eZvDfPaRfEUVorW67ZEpPX68MJExuYHNXd268EhQOhf/ZYv8g SUSBJuKw4w2OnL4fn8lhqnQgYHUVkcYBtfYii6E9bEVAIPoaT+4gvdSg9zkF6cza Da8SXkEY2ysaX+A24iVnCNMpCMSOUOxWsFFvkCcfi8A4HxGGqWzVOsBbDJKjktS1 g6FyeqWsGh9QG/CPYeMN7LB7lW1l2XzO6GQ9QR1rzU/whgUVxprkye5wx2BaQmom rrWVHBijH1cNWd1IbryAm+prduL1l/CNR0785ZPTjB3SsMFPCAtRHf9G976rqVs0 P3jGg+BdeDj+sd3EFHcHnNXQOaETgR07RWzngbjEkgmJYhB2B43hCQ2LwsNlHsmg O6otUI2k274IF9KHh0T1h1hopbUTU8VPy3dpcLloCzk7KiAv1RI= =4ExT -----END PGP SIGNATURE----- . This software, such as Apache HTTP Server, is common to multiple JBoss middleware products and packaged under Red Hat JBoss Core Services, to allow for faster distribution of updates and for a more consistent update experience

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202310-0175",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "node maintenance operator",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": null
          },
          {
            "model": "big-ip ssl orchestrator",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.1.4"
          },
          {
            "model": "jboss core services",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": null
          },
          {
            "model": "go",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "golang",
            "version": "1.21.0"
          },
          {
            "model": "istio",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "istio",
            "version": "1.19.1"
          },
          {
            "model": "big-ip advanced web application firewall",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.10"
          },
          {
            "model": "crosswork zero touch provisioning",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "6.0.0"
          },
          {
            "model": "big-ip policy enforcement manager",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "f5",
            "version": "17.1.0"
          },
          {
            "model": "integration camel for spring boot",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": null
          },
          {
            "model": "windows 10 1809",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "microsoft",
            "version": "10.0.17763.4974"
          },
          {
            "model": "big-ip global traffic manager",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.10"
          },
          {
            "model": "big-ip application security manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0"
          },
          {
            "model": "big-ip ddos hybrid defender",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.0"
          },
          {
            "model": "big-ip carrier-grade nat",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.1.4"
          },
          {
            "model": "advanced cluster security",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": "4.0"
          },
          {
            "model": "expressway",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "x14.3.3"
          },
          {
            "model": "ultra cloud core - policy control function",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "2024.01.0"
          },
          {
            "model": "traffic server",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "apache",
            "version": "9.0.0"
          },
          {
            "model": "big-ip policy enforcement manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.1.0"
          },
          {
            "model": "visual studio 2022",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "microsoft",
            "version": "17.6"
          },
          {
            "model": "big-ip domain name system",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0"
          },
          {
            "model": "linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "debian",
            "version": "11.0"
          },
          {
            "model": "big-ip application visibility and reporting",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.10"
          },
          {
            "model": "openshift container platform",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": "4.0"
          },
          {
            "model": "big-ip advanced firewall manager",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.5"
          },
          {
            "model": "big-ip advanced firewall manager",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.5"
          },
          {
            "model": "satellite",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": "6.0"
          },
          {
            "model": "big-ip policy enforcement manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0"
          },
          {
            "model": "crosswork data gateway",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "4.1.3"
          },
          {
            "model": "big-ip application security manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.0"
          },
          {
            "model": "nx-os",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "10.2\\(7\\)"
          },
          {
            "model": "nginx plus",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "r25"
          },
          {
            "model": "big-ip advanced web application firewall",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.5"
          },
          {
            "model": "big-ip websafe",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.10"
          },
          {
            "model": "service interconnect",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": "1.0"
          },
          {
            "model": "fog director",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "1.22"
          },
          {
            "model": "unified contact center domain manager",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "big-ip access policy manager",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.1.4"
          },
          {
            "model": "big-ip advanced web application firewall",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.5"
          },
          {
            "model": "asp.net core",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "microsoft",
            "version": "7.0.12"
          },
          {
            "model": "migration toolkit for applications",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": "6.0"
          },
          {
            "model": "big-ip carrier-grade nat",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.1.0"
          },
          {
            "model": "big-ip ddos hybrid defender",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "f5",
            "version": "17.1.0"
          },
          {
            "model": "crosswork data gateway",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "5.0"
          },
          {
            "model": "big-ip global traffic manager",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.5"
          },
          {
            "model": "go",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "golang",
            "version": "1.20.10"
          },
          {
            "model": "big-ip link controller",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.0"
          },
          {
            "model": "big-ip local traffic manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.0"
          },
          {
            "model": "big-ip webaccelerator",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.1.0"
          },
          {
            "model": ".net",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "microsoft",
            "version": "6.0.23"
          },
          {
            "model": "ultra cloud core - policy control function",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "2024.01.0"
          },
          {
            "model": "big-ip domain name system",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.0"
          },
          {
            "model": "enterprise chat and email",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "tomcat",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "apache",
            "version": "8.5.93"
          },
          {
            "model": "proxygen",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "facebook",
            "version": "2023.10.16.00"
          },
          {
            "model": "big-ip application acceleration manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.0"
          },
          {
            "model": "big-ip link controller",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.10"
          },
          {
            "model": "process automation",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": "7.0"
          },
          {
            "model": "big-ip local traffic manager",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.10"
          },
          {
            "model": "big-ip application acceleration manager",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "f5",
            "version": "17.1.0"
          },
          {
            "model": "build of optaplanner",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": "8.0"
          },
          {
            "model": "jenkins",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "jenkins",
            "version": "2.427"
          },
          {
            "model": "visual studio 2022",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "microsoft",
            "version": "17.7.5"
          },
          {
            "model": "telepresence video communication server",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "x14.3.3"
          },
          {
            "model": "big-ip analytics",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0"
          },
          {
            "model": "big-ip fraud protection service",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.10"
          },
          {
            "model": "big-ip ssl orchestrator",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "f5",
            "version": "17.1.0"
          },
          {
            "model": "big-ip global traffic manager",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.1.4"
          },
          {
            "model": "big-ip policy enforcement manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.0"
          },
          {
            "model": "big-ip webaccelerator",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0"
          },
          {
            "model": "big-ip application visibility and reporting",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.5"
          },
          {
            "model": "nginx plus",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "f5",
            "version": "r30"
          },
          {
            "model": "big-ip application visibility and reporting",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.5"
          },
          {
            "model": "node.js",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "nodejs",
            "version": "20.8.1"
          },
          {
            "model": "big-ip carrier-grade nat",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "f5",
            "version": "17.1.0"
          },
          {
            "model": "swiftnio http\\/2",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "apple",
            "version": "1.28.0"
          },
          {
            "model": "linkerd",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "linkerd",
            "version": "2.13.0"
          },
          {
            "model": "caddy",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "caddyserver",
            "version": "2.7.5"
          },
          {
            "model": "tomcat",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "apache",
            "version": "10.1.0"
          },
          {
            "model": "astra control center",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "model": "fence agents remediation operator",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": null
          },
          {
            "model": "cert-manager operator for red hat openshift",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": null
          },
          {
            "model": "big-ip ddos hybrid defender",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.0"
          },
          {
            "model": "advanced cluster management for kubernetes",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": "2.0"
          },
          {
            "model": "big-ip analytics",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.0"
          },
          {
            "model": "solr",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "apache",
            "version": "9.4.0"
          },
          {
            "model": "big-ip webaccelerator",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.0"
          },
          {
            "model": "big-ip local traffic manager",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.5"
          },
          {
            "model": "secure web appliance",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "15.1.0"
          },
          {
            "model": "big-ip local traffic manager",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.5"
          },
          {
            "model": "big-ip websafe",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.1.4"
          },
          {
            "model": "big-ip global traffic manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.1.0"
          },
          {
            "model": "3scale api management platform",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": "2.0"
          },
          {
            "model": "big-ip fraud protection service",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.5"
          },
          {
            "model": "http",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "ietf",
            "version": "2.0"
          },
          {
            "model": "openshift",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": null
          },
          {
            "model": "big-ip access policy manager",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "f5",
            "version": "17.1.0"
          },
          {
            "model": "certification for red hat enterprise linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": "8.0"
          },
          {
            "model": "big-ip analytics",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.1.4"
          },
          {
            "model": "big-ip advanced web application firewall",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0"
          },
          {
            "model": "big-ip application acceleration manager",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.10"
          },
          {
            "model": "migration toolkit for containers",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": null
          },
          {
            "model": ".net",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "microsoft",
            "version": "7.0.12"
          },
          {
            "model": "big-ip global traffic manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0"
          },
          {
            "model": "big-ip link controller",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.1.4"
          },
          {
            "model": "visual studio 2022",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "microsoft",
            "version": "17.2.20"
          },
          {
            "model": "big-ip local traffic manager",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.1.4"
          },
          {
            "model": "go",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "golang",
            "version": "1.21.3"
          },
          {
            "model": "windows 11 21h2",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "microsoft",
            "version": "10.0.22000.2538"
          },
          {
            "model": "jetty",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "eclipse",
            "version": "9.4.53"
          },
          {
            "model": "big-ip fraud protection service",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.1.4"
          },
          {
            "model": "big-ip webaccelerator",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.10"
          },
          {
            "model": "jenkins",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "jenkins",
            "version": "2.414.2"
          },
          {
            "model": "traffic server",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "apache",
            "version": "8.1.9"
          },
          {
            "model": "tomcat",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "apache",
            "version": "11.0.0"
          },
          {
            "model": "apisix",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "apache",
            "version": "3.6.1"
          },
          {
            "model": "certification for red hat enterprise linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": "9.0"
          },
          {
            "model": "big-ip websafe",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.1.0"
          },
          {
            "model": "jboss a-mq streams",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": null
          },
          {
            "model": "big-ip domain name system",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "f5",
            "version": "17.1.0"
          },
          {
            "model": "ios xr",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "7.11.2"
          },
          {
            "model": "ultra cloud core - session management function",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "2024.02.0"
          },
          {
            "model": "big-ip advanced web application firewall",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.0"
          },
          {
            "model": "varnish cache",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "varnish cache",
            "version": "2023-10-10"
          },
          {
            "model": "single sign-on",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": "7.0"
          },
          {
            "model": "big-ip ssl orchestrator",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.1.0"
          },
          {
            "model": "windows 10 1607",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "microsoft",
            "version": "10.0.14393.6351"
          },
          {
            "model": "linkerd",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "linkerd",
            "version": "2.14.1"
          },
          {
            "model": "envoy",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "envoyproxy",
            "version": "1.25.9"
          },
          {
            "model": "jboss data grid",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": "7.0.0"
          },
          {
            "model": "big-ip global traffic manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.0"
          },
          {
            "model": "linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "debian",
            "version": "12.0"
          },
          {
            "model": "big-ip policy enforcement manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.0"
          },
          {
            "model": "machine deletion remediation operator",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": null
          },
          {
            "model": "big-ip application acceleration manager",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.5"
          },
          {
            "model": "big-ip websafe",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0"
          },
          {
            "model": "visual studio 2022",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "microsoft",
            "version": "17.4"
          },
          {
            "model": "nginx plus",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "r29"
          },
          {
            "model": "big-ip application acceleration manager",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.5"
          },
          {
            "model": "grpc",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "grpc",
            "version": "1.56.3"
          },
          {
            "model": "big-ip application security manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.1.0"
          },
          {
            "model": "openresty",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "openresty",
            "version": "1.21.4.3"
          },
          {
            "model": "nginx",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "1.9.5"
          },
          {
            "model": "big-ip ssl orchestrator",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0"
          },
          {
            "model": "big-ip webaccelerator",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.5"
          },
          {
            "model": "nginx plus",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "f5",
            "version": "r29"
          },
          {
            "model": "fedora",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "fedoraproject",
            "version": "38"
          },
          {
            "model": "big-ip webaccelerator",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.5"
          },
          {
            "model": "windows 10 21h2",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "microsoft",
            "version": "10.0.19044.3570"
          },
          {
            "model": "big-ip application security manager",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.5"
          },
          {
            "model": "istio",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "istio",
            "version": "1.17.6"
          },
          {
            "model": "advanced cluster security",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": "3.0"
          },
          {
            "model": "big-ip application security manager",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.5"
          },
          {
            "model": "big-ip domain name system",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.1.0"
          },
          {
            "model": "big-ip carrier-grade nat",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.0"
          },
          {
            "model": "openstack platform",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": "17.1"
          },
          {
            "model": "windows server 2022",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "microsoft",
            "version": null
          },
          {
            "model": "big-ip analytics",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "f5",
            "version": "17.1.0"
          },
          {
            "model": "big-ip webaccelerator",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.0"
          },
          {
            "model": "big-ip advanced web application firewall",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "f5",
            "version": "17.1.0"
          },
          {
            "model": "big-ip websafe",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.0"
          },
          {
            "model": "cbl-mariner",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "microsoft",
            "version": "2023-10-11"
          },
          {
            "model": "big-ip advanced firewall manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.0"
          },
          {
            "model": "traefik",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "traefik",
            "version": "2.10.5"
          },
          {
            "model": "openshift data science",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": null
          },
          {
            "model": "big-ip global traffic manager",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "f5",
            "version": "17.1.0"
          },
          {
            "model": "big-ip ddos hybrid defender",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.5"
          },
          {
            "model": "big-ip link controller",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "f5",
            "version": "17.1.0"
          },
          {
            "model": "node healthcheck operator",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": null
          },
          {
            "model": "big-ip ddos hybrid defender",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.5"
          },
          {
            "model": "openshift gitops",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": null
          },
          {
            "model": "big-ip access policy manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.1.0"
          },
          {
            "model": "big-ip ssl orchestrator",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.0"
          },
          {
            "model": "data center network manager",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "openshift container platform assisted installer",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": null
          },
          {
            "model": "ultra cloud core - serving gateway function",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "2024.02.0"
          },
          {
            "model": "jetty",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "eclipse",
            "version": "12.0.2"
          },
          {
            "model": "opensearch data prepper",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "amazon",
            "version": "2.5.0"
          },
          {
            "model": "prime network registrar",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "11.2"
          },
          {
            "model": "nx-os",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "10.3\\(5\\)"
          },
          {
            "model": "linkerd",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "linkerd",
            "version": "2.13.1"
          },
          {
            "model": "big-ip next service proxy for kubernetes",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "1.5.0"
          },
          {
            "model": "openshift serverless",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": null
          },
          {
            "model": "big-ip policy enforcement manager",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.10"
          },
          {
            "model": "http2",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "golang",
            "version": "0.17.0"
          },
          {
            "model": "big-ip access policy manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0"
          },
          {
            "model": "istio",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "istio",
            "version": "1.18.0"
          },
          {
            "model": "big-ip analytics",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.1.0"
          },
          {
            "model": "oncommand insight",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "model": "big-ip advanced firewall manager",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.1.4"
          },
          {
            "model": "big-ip link controller",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0"
          },
          {
            "model": "big-ip local traffic manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0"
          },
          {
            "model": "jboss fuse",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": "6.0.0"
          },
          {
            "model": "linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "debian",
            "version": "10.0"
          },
          {
            "model": "node.js",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "nodejs",
            "version": "18.0.0"
          },
          {
            "model": "traefik",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "traefik",
            "version": "3.0.0"
          },
          {
            "model": "big-ip fraud protection service",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.1.0"
          },
          {
            "model": "big-ip advanced web application firewall",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.1.4"
          },
          {
            "model": "windows 10 22h2",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "microsoft",
            "version": "10.0.19045.3570"
          },
          {
            "model": "big-ip carrier-grade nat",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.10"
          },
          {
            "model": "http server",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "akka",
            "version": "10.5.3"
          },
          {
            "model": "big-ip global traffic manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.0"
          },
          {
            "model": "ansible automation platform",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": "2.0"
          },
          {
            "model": "envoy",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "envoyproxy",
            "version": "1.24.10"
          },
          {
            "model": "http2",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "kazu yamamoto",
            "version": "4.2.2"
          },
          {
            "model": "big-ip access policy manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.0"
          },
          {
            "model": "cryostat",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": "2.0"
          },
          {
            "model": "openshift distributed tracing",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": null
          },
          {
            "model": "unified contact center management portal",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "big-ip fraud protection service",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0"
          },
          {
            "model": "kong gateway",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "konghq",
            "version": "3.4.2"
          },
          {
            "model": "istio",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "istio",
            "version": "1.19.0"
          },
          {
            "model": "big-ip policy enforcement manager",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.5"
          },
          {
            "model": "big-ip policy enforcement manager",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.5"
          },
          {
            "model": "big-ip link controller",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.0"
          },
          {
            "model": "big-ip local traffic manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.0"
          },
          {
            "model": "tomcat",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "apache",
            "version": "8.5.0"
          },
          {
            "model": "support for spring boot",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": null
          },
          {
            "model": "big-ip application visibility and reporting",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.1.4"
          },
          {
            "model": "big-ip ssl orchestrator",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.5"
          },
          {
            "model": "jboss fuse",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": "7.0.0"
          },
          {
            "model": "big-ip ssl orchestrator",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.5"
          },
          {
            "model": "big-ip advanced web application firewall",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.1.0"
          },
          {
            "model": "windows server 2016",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "microsoft",
            "version": null
          },
          {
            "model": "big-ip access policy manager",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.10"
          },
          {
            "model": "big-ip websafe",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.0"
          },
          {
            "model": "grpc",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "grpc",
            "version": "1.58.0"
          },
          {
            "model": "build of quarkus",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": null
          },
          {
            "model": "logging subsystem for red hat openshift",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": null
          },
          {
            "model": "big-ip carrier-grade nat",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.5"
          },
          {
            "model": "jetty",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "eclipse",
            "version": "11.0.17"
          },
          {
            "model": "big-ip fraud protection service",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.0"
          },
          {
            "model": "big-ip carrier-grade nat",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.5"
          },
          {
            "model": "big-ip ssl orchestrator",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.0"
          },
          {
            "model": "cost management",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": null
          },
          {
            "model": "traffic server",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "apache",
            "version": "8.0.0"
          },
          {
            "model": "service telemetry framework",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": "1.5"
          },
          {
            "model": "big-ip advanced firewall manager",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "f5",
            "version": "17.1.0"
          },
          {
            "model": "big-ip application security manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.0"
          },
          {
            "model": "visual studio 2022",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "microsoft",
            "version": "17.6.8"
          },
          {
            "model": "secure malware analytics",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "2.19.2"
          },
          {
            "model": "quay",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": "3.0.0"
          },
          {
            "model": "linkerd",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "linkerd",
            "version": "2.14.0"
          },
          {
            "model": "big-ip application visibility and reporting",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.1.0"
          },
          {
            "model": "windows 11 22h2",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "microsoft",
            "version": "10.0.22621.2428"
          },
          {
            "model": "big-ip application security manager",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.10"
          },
          {
            "model": "decision manager",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": "7.0"
          },
          {
            "model": "grpc",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "grpc",
            "version": "1.59.2"
          },
          {
            "model": "nghttp2",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "nghttp2",
            "version": "1.57.0"
          },
          {
            "model": "openshift service mesh",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": "2.0"
          },
          {
            "model": "big-ip domain name system",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.0"
          },
          {
            "model": "grpc",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "grpc",
            "version": "1.58.3"
          },
          {
            "model": "openstack platform",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": "16.2"
          },
          {
            "model": "big-ip advanced firewall manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.1.0"
          },
          {
            "model": "big-ip access policy manager",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.5"
          },
          {
            "model": "prime cable provisioning",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "7.2.1"
          },
          {
            "model": "visual studio 2022",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "microsoft",
            "version": "17.0"
          },
          {
            "model": "big-ip application visibility and reporting",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0"
          },
          {
            "model": "tomcat",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "apache",
            "version": "9.0.0"
          },
          {
            "model": "openshift virtualization",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": "4"
          },
          {
            "model": "big-ip access policy manager",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.5"
          },
          {
            "model": "enterprise linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": "6.0"
          },
          {
            "model": "big-ip ddos hybrid defender",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.10"
          },
          {
            "model": "openshift secondary scheduler operator",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": null
          },
          {
            "model": "jboss enterprise application platform",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": "6.0.0"
          },
          {
            "model": "big-ip advanced firewall manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0"
          },
          {
            "model": "big-ip application visibility and reporting",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "f5",
            "version": "17.1.0"
          },
          {
            "model": "big-ip access policy manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.0"
          },
          {
            "model": "linkerd",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "linkerd",
            "version": "2.12.0"
          },
          {
            "model": "openshift api for data protection",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": null
          },
          {
            "model": "big-ip global traffic manager",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.5"
          },
          {
            "model": "node.js",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "nodejs",
            "version": "18.18.2"
          },
          {
            "model": "jboss a-mq",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": "7"
          },
          {
            "model": "fedora",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "fedoraproject",
            "version": "37"
          },
          {
            "model": "prime access registrar",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "9.3.3"
          },
          {
            "model": "unified contact center enterprise - live data server",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "12.6.2"
          },
          {
            "model": "networking",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "golang",
            "version": "0.17.0"
          },
          {
            "model": "armeria",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "linecorp",
            "version": "1.26.0"
          },
          {
            "model": "big-ip websafe",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "f5",
            "version": "17.1.0"
          },
          {
            "model": "big-ip analytics",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.10"
          },
          {
            "model": "big-ip application visibility and reporting",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.0"
          },
          {
            "model": "big-ip next",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "f5",
            "version": "20.0.1"
          },
          {
            "model": "ios xe",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "17.15.1"
          },
          {
            "model": "nx-os",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "10.3\\(1\\)"
          },
          {
            "model": "openstack platform",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": "16.1"
          },
          {
            "model": "grpc",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "grpc",
            "version": "1.57.0"
          },
          {
            "model": "big-ip application acceleration manager",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.1.4"
          },
          {
            "model": "openshift dev spaces",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": null
          },
          {
            "model": "jetty",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "eclipse",
            "version": "12.0.0"
          },
          {
            "model": "big-ip analytics",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.0"
          },
          {
            "model": "big-ip carrier-grade nat",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0"
          },
          {
            "model": "prime infrastructure",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "3.10.4"
          },
          {
            "model": "h2o",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "dena",
            "version": "2023-10-10"
          },
          {
            "model": "nginx ingress controller",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "3.0.0"
          },
          {
            "model": "openshift pipelines",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": null
          },
          {
            "model": "big-ip webaccelerator",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.1.4"
          },
          {
            "model": "big-ip local traffic manager",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "f5",
            "version": "17.1.0"
          },
          {
            "model": "jetty",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "eclipse",
            "version": "10.0.0"
          },
          {
            "model": "big-ip application security manager",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.1.4"
          },
          {
            "model": "big-ip fraud protection service",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.0"
          },
          {
            "model": "big-ip fraud protection service",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "f5",
            "version": "17.1.0"
          },
          {
            "model": "jboss enterprise application platform",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": "7.0.0"
          },
          {
            "model": "unified contact center enterprise",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "big-ip domain name system",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.10"
          },
          {
            "model": "istio",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "istio",
            "version": "1.18.3"
          },
          {
            "model": "big-ip websafe",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.5"
          },
          {
            "model": "secure dynamic attributes connector",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "2.2.0"
          },
          {
            "model": "big-ip websafe",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.5"
          },
          {
            "model": "ceph storage",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": "5.0"
          },
          {
            "model": "run once duration override operator",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": null
          },
          {
            "model": "big-ip link controller",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.1.0"
          },
          {
            "model": "big-ip local traffic manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.1.0"
          },
          {
            "model": "integration camel k",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": null
          },
          {
            "model": "visual studio 2022",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "microsoft",
            "version": "17.7"
          },
          {
            "model": "big-ip carrier-grade nat",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.0"
          },
          {
            "model": "big-ip ddos hybrid defender",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.1.4"
          },
          {
            "model": "big-ip analytics",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.5"
          },
          {
            "model": "envoy",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "envoyproxy",
            "version": "1.27.0"
          },
          {
            "model": "nginx ingress controller",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "2.4.2"
          },
          {
            "model": "big-ip application acceleration manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.1.0"
          },
          {
            "model": "integration service registry",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": null
          },
          {
            "model": "firepower threat defense",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "7.4.2"
          },
          {
            "model": "big-ip analytics",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.5"
          },
          {
            "model": "node.js",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "nodejs",
            "version": "20.0.0"
          },
          {
            "model": "tomcat",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "apache",
            "version": "9.0.80"
          },
          {
            "model": "iot field network director",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "4.11.0"
          },
          {
            "model": "big-ip link controller",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.5"
          },
          {
            "model": "asp.net core",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "microsoft",
            "version": "6.0.0"
          },
          {
            "model": "migration toolkit for virtualization",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": null
          },
          {
            "model": "big-ip link controller",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.5"
          },
          {
            "model": "big-ip ssl orchestrator",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.10"
          },
          {
            "model": "big-ip fraud protection service",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.5"
          },
          {
            "model": ".net",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "microsoft",
            "version": "6.0.0"
          },
          {
            "model": "jetty",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "eclipse",
            "version": "11.0.0"
          },
          {
            "model": "big-ip application acceleration manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0"
          },
          {
            "model": "unified attendant console advanced",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "big-ip advanced web application firewall",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.0"
          },
          {
            "model": "big-ip domain name system",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.5"
          },
          {
            "model": "web terminal",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": null
          },
          {
            "model": "big-ip domain name system",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.5"
          },
          {
            "model": "traffic server",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "apache",
            "version": "9.2.3"
          },
          {
            "model": "windows server 2019",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "microsoft",
            "version": null
          },
          {
            "model": "linkerd",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "linkerd",
            "version": "2.12.5"
          },
          {
            "model": "jetty",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "eclipse",
            "version": "10.0.17"
          },
          {
            "model": "network observability operator",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": null
          },
          {
            "model": "big-ip ddos hybrid defender",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.1.0"
          },
          {
            "model": "visual studio 2022",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "microsoft",
            "version": "17.4.12"
          },
          {
            "model": "azure kubernetes service",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "microsoft",
            "version": "2023-10-08"
          },
          {
            "model": "openshift sandboxed containers",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": null
          },
          {
            "model": "big-ip webaccelerator",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "f5",
            "version": "17.1.0"
          },
          {
            "model": "enterprise linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": "8.0"
          },
          {
            "model": "big-ip domain name system",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.1.4"
          },
          {
            "model": "tomcat",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "apache",
            "version": "10.1.13"
          },
          {
            "model": "big-ip application visibility and reporting",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.0"
          },
          {
            "model": "big-ip application acceleration manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "14.1.0"
          },
          {
            "model": "big-ip application security manager",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "f5",
            "version": "17.1.0"
          },
          {
            "model": "big-ip next service proxy for kubernetes",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "1.8.2"
          },
          {
            "model": "asp.net core",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "microsoft",
            "version": "7.0.0"
          },
          {
            "model": "big-ip ddos hybrid defender",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.0"
          },
          {
            "model": "nginx ingress controller",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "2.0.0"
          },
          {
            "model": "asp.net core",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "microsoft",
            "version": "6.0.23"
          },
          {
            "model": "openshift developer tools and services",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": null
          },
          {
            "model": "connected mobile experiences",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "11.1"
          },
          {
            "model": "nginx ingress controller",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "3.3.0"
          },
          {
            "model": ".net",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "microsoft",
            "version": "7.0.0"
          },
          {
            "model": "contour",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "projectcontour",
            "version": "2023-10-11"
          },
          {
            "model": "big-ip policy enforcement manager",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "16.1.4"
          },
          {
            "model": "big-ip advanced firewall manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "13.1.0"
          },
          {
            "model": "self node remediation operator",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": null
          },
          {
            "model": "enterprise linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": "9.0"
          },
          {
            "model": "nginx",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "1.25.2"
          },
          {
            "model": "big-ip advanced firewall manager",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "15.1.10"
          },
          {
            "model": "envoy",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "envoyproxy",
            "version": "1.26.4"
          },
          {
            "model": "netty",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "netty",
            "version": "4.1.100"
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2023-44487"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:ietf:http:2.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:nghttp2:nghttp2:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "1.57.0",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:netty:netty:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "4.1.100",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:envoyproxy:envoy:1.27.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:envoyproxy:envoy:1.26.4:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:envoyproxy:envoy:1.25.9:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:envoyproxy:envoy:1.24.10:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "12.0.2",
                    "versionStartIncluding": "12.0.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "11.0.17",
                    "versionStartIncluding": "11.0.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "10.0.17",
                    "versionStartIncluding": "10.0.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "9.4.53",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:caddyserver:caddy:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "2.7.5",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:golang:http2:*:*:*:*:*:go:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "0.17.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "1.21.3",
                    "versionStartIncluding": "1.21.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "1.20.10",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:golang:networking:*:*:*:*:*:go:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "0.17.0",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "13.1.5",
                    "versionStartIncluding": "13.1.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "13.1.5",
                    "versionStartIncluding": "13.1.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "13.1.5",
                    "versionStartIncluding": "13.1.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "13.1.5",
                    "versionStartIncluding": "13.1.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "13.1.5",
                    "versionStartIncluding": "13.1.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "13.1.5",
                    "versionStartIncluding": "13.1.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "13.1.5",
                    "versionStartIncluding": "13.1.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "13.1.5",
                    "versionStartIncluding": "13.1.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "13.1.5",
                    "versionStartIncluding": "13.1.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "13.1.5",
                    "versionStartIncluding": "13.1.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "13.1.5",
                    "versionStartIncluding": "13.1.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "13.1.5",
                    "versionStartIncluding": "13.1.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:f5:big-ip_application_visibility_and_reporting:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "13.1.5",
                    "versionStartIncluding": "13.1.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:f5:big-ip_carrier-grade_nat:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "13.1.5",
                    "versionStartIncluding": "13.1.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "13.1.5",
                    "versionStartIncluding": "13.1.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:f5:big-ip_ssl_orchestrator:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "13.1.5",
                    "versionStartIncluding": "13.1.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "13.1.5",
                    "versionStartIncluding": "13.1.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:f5:big-ip_websafe:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "13.1.5",
                    "versionStartIncluding": "13.1.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "14.1.5",
                    "versionStartIncluding": "14.1.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "14.1.5",
                    "versionStartIncluding": "14.1.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "14.1.5",
                    "versionStartIncluding": "14.1.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "14.1.5",
                    "versionStartIncluding": "14.1.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "14.1.5",
                    "versionStartIncluding": "14.1.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "14.1.5",
                    "versionStartIncluding": "14.1.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "14.1.5",
                    "versionStartIncluding": "14.1.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "14.1.5",
                    "versionStartIncluding": "14.1.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "14.1.5",
                    "versionStartIncluding": "14.1.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "14.1.5",
                    "versionStartIncluding": "14.1.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "14.1.5",
                    "versionStartIncluding": "14.1.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:f5:big-ip_access_policy_manager:17.1.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:17.1.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:17.1.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:f5:big-ip_analytics:17.1.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:17.1.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:f5:big-ip_application_security_manager:17.1.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:f5:big-ip_application_visibility_and_reporting:17.1.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:f5:big-ip_carrier-grade_nat:17.1.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:17.1.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:f5:big-ip_domain_name_system:17.1.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:f5:big-ip_fraud_protection_service:17.1.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:f5:big-ip_global_traffic_manager:17.1.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:f5:big-ip_link_controller:17.1.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:f5:big-ip_local_traffic_manager:17.1.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:17.1.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:f5:big-ip_ssl_orchestrator:17.1.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:f5:big-ip_webaccelerator:17.1.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:f5:big-ip_websafe:17.1.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "14.1.5",
                    "versionStartIncluding": "14.1.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:f5:big-ip_application_visibility_and_reporting:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "14.1.5",
                    "versionStartIncluding": "14.1.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:f5:big-ip_carrier-grade_nat:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "14.1.5",
                    "versionStartIncluding": "14.1.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "14.1.5",
                    "versionStartIncluding": "14.1.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:f5:big-ip_ssl_orchestrator:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "14.1.5",
                    "versionStartIncluding": "14.1.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "14.1.5",
                    "versionStartIncluding": "14.1.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:f5:big-ip_websafe:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "14.1.5",
                    "versionStartIncluding": "14.1.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "15.1.10",
                    "versionStartIncluding": "15.1.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "16.1.4",
                    "versionStartIncluding": "16.1.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "15.1.10",
                    "versionStartIncluding": "15.1.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "16.1.4",
                    "versionStartIncluding": "16.1.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "15.1.10",
                    "versionStartIncluding": "15.1.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "16.1.4",
                    "versionStartIncluding": "16.1.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "15.1.10",
                    "versionStartIncluding": "15.1.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "16.1.4",
                    "versionStartIncluding": "16.1.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "15.1.10",
                    "versionStartIncluding": "15.1.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "16.1.4",
                    "versionStartIncluding": "16.1.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "15.1.10",
                    "versionStartIncluding": "15.1.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "16.1.4",
                    "versionStartIncluding": "16.1.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:f5:big-ip_application_visibility_and_reporting:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "15.1.10",
                    "versionStartIncluding": "15.1.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:f5:big-ip_application_visibility_and_reporting:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "16.1.4",
                    "versionStartIncluding": "16.1.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:f5:big-ip_carrier-grade_nat:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "15.1.10",
                    "versionStartIncluding": "15.1.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:f5:big-ip_carrier-grade_nat:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "16.1.4",
                    "versionStartIncluding": "16.1.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "15.1.10",
                    "versionStartIncluding": "15.1.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "16.1.4",
                    "versionStartIncluding": "16.1.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "15.1.10",
                    "versionStartIncluding": "15.1.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "16.1.4",
                    "versionStartIncluding": "16.1.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "15.1.10",
                    "versionStartIncluding": "15.1.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "16.1.4",
                    "versionStartIncluding": "16.1.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "15.1.10",
                    "versionStartIncluding": "15.1.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "16.1.4",
                    "versionStartIncluding": "16.1.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "15.1.10",
                    "versionStartIncluding": "15.1.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "16.1.4",
                    "versionStartIncluding": "16.1.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "15.1.10",
                    "versionStartIncluding": "15.1.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "16.1.4",
                    "versionStartIncluding": "16.1.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "15.1.10",
                    "versionStartIncluding": "15.1.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "16.1.4",
                    "versionStartIncluding": "16.1.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:f5:big-ip_ssl_orchestrator:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "15.1.10",
                    "versionStartIncluding": "15.1.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:f5:big-ip_ssl_orchestrator:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "16.1.4",
                    "versionStartIncluding": "16.1.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "15.1.10",
                    "versionStartIncluding": "15.1.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "16.1.4",
                    "versionStartIncluding": "16.1.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:f5:big-ip_websafe:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "15.1.10",
                    "versionStartIncluding": "15.1.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:f5:big-ip_websafe:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "16.1.4",
                    "versionStartIncluding": "16.1.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:f5:nginx_plus:r30:-:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:f5:nginx_plus:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "r29",
                    "versionStartIncluding": "r25",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:f5:nginx_plus:r29:-:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:f5:big-ip_next:20.0.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:f5:big-ip_next_service_proxy_for_kubernetes:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "1.8.2",
                    "versionStartIncluding": "1.5.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "1.25.2",
                    "versionStartIncluding": "1.9.5",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:f5:nginx_ingress_controller:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "2.4.2",
                    "versionStartIncluding": "2.0.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:f5:nginx_ingress_controller:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "3.3.0",
                    "versionStartIncluding": "3.0.0",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:apache:tomcat:11.0.0:milestone1:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apache:tomcat:11.0.0:milestone2:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apache:tomcat:11.0.0:milestone4:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apache:tomcat:11.0.0:milestone3:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apache:tomcat:11.0.0:milestone5:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apache:tomcat:11.0.0:milestone7:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apache:tomcat:11.0.0:milestone8:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apache:tomcat:11.0.0:milestone9:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apache:tomcat:11.0.0:milestone10:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apache:tomcat:11.0.0:milestone6:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apache:tomcat:11.0.0:milestone11:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "9.0.80",
                    "versionStartIncluding": "9.0.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "8.5.93",
                    "versionStartIncluding": "8.5.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "10.1.13",
                    "versionStartIncluding": "10.1.0",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:swiftnio_http\\/2:*:*:*:*:*:swift:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "1.28.0",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:grpc:grpc:1.57.0:-:*:*:*:go:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:grpc:grpc:*:*:*:*:*:go:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "1.58.3",
                    "versionStartIncluding": "1.58.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:grpc:grpc:*:*:*:*:*:go:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "1.56.3",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:grpc:grpc:*:*:*:*:*:-:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "1.59.2",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "10.0.19045.3570",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "10.0.17763.4974",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "10.0.22000.2538",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "10.0.22621.2428",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
                    "cpe_name": [],
                    "versionEndExcluding": "10.0.14393.6351",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*",
                    "cpe_name": [],
                    "versionEndExcluding": "10.0.14393.6351",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "7.0.12",
                    "versionStartIncluding": "7.0.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "10.0.19044.3570",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "17.7.5",
                    "versionStartIncluding": "17.7",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "17.6.8",
                    "versionStartIncluding": "17.6",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "17.4.12",
                    "versionStartIncluding": "17.4",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "17.2.20",
                    "versionStartIncluding": "17.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:microsoft:asp.net_core:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "6.0.23",
                    "versionStartIncluding": "6.0.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:microsoft:asp.net_core:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "7.0.12",
                    "versionStartIncluding": "7.0.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "6.0.23",
                    "versionStartIncluding": "6.0.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:microsoft:azure_kubernetes_service:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "2023-10-08",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "18.18.2",
                    "versionStartIncluding": "18.0.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "20.8.1",
                    "versionStartIncluding": "20.0.0",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:microsoft:cbl-mariner:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "2023-10-11",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:dena:h2o:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "2023-10-10",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:facebook:proxygen:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "2023.10.16.00",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "9.2.3",
                    "versionStartIncluding": "9.0.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "8.1.9",
                    "versionStartIncluding": "8.0.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apache:apisix:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "3.6.1",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:amazon:opensearch_data_prepper:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "2.5.0",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:kazu-yamamoto:http2:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "4.2.2",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:istio:istio:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "1.19.1",
                    "versionStartIncluding": "1.19.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:istio:istio:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "1.18.3",
                    "versionStartIncluding": "1.18.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:istio:istio:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "1.17.6",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:varnish_cache_project:varnish_cache:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "2023-10-10",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:traefik:traefik:3.0.0:beta3:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:traefik:traefik:3.0.0:beta2:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:traefik:traefik:3.0.0:beta1:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:traefik:traefik:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "2.10.5",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:projectcontour:contour:*:*:*:*:*:kubernetes:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "2023-10-11",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:linkerd:linkerd:2.13.0:*:*:*:stable:kubernetes:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:linkerd:linkerd:2.13.1:*:*:*:stable:kubernetes:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:linkerd:linkerd:2.14.0:*:*:*:stable:kubernetes:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:linkerd:linkerd:2.14.1:*:*:*:stable:kubernetes:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:linkerd:linkerd:*:*:*:*:stable:kubernetes:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "2.12.5",
                    "versionStartIncluding": "2.12.0",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:linecorp:armeria:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "1.26.0",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.0.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:redhat:jboss_fuse:6.0.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:redhat:satellite:6.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.0.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:redhat:decision_manager:7.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:redhat:jboss_core_services:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:redhat:single_sign-on:7.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:redhat:jboss_fuse:7.0.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:redhat:process_automation:7.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:redhat:jboss_data_grid:7.0.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:redhat:quay:3.0.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:redhat:openshift_container_platform:4.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:redhat:openstack_platform:16.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:redhat:advanced_cluster_management_for_kubernetes:2.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:redhat:build_of_quarkus:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:redhat:integration_service_registry:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:redhat:integration_camel_k:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:redhat:openshift_service_mesh:2.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:redhat:jboss_a-mq:7:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:redhat:3scale_api_management_platform:2.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:redhat:ceph_storage:5.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:redhat:openstack_platform:16.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:redhat:ansible_automation_platform:2.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:redhat:integration_camel_for_spring_boot:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:redhat:migration_toolkit_for_applications:6.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:redhat:openshift_developer_tools_and_services:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:redhat:openshift_api_for_data_protection:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:redhat:openshift_serverless:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:redhat:build_of_optaplanner:8.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:redhat:openshift_data_science:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:redhat:advanced_cluster_security:4.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:redhat:advanced_cluster_security:3.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:redhat:cert-manager_operator_for_red_hat_openshift:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:redhat:openshift_dev_spaces:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:redhat:cost_management:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:redhat:migration_toolkit_for_virtualization:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:redhat:jboss_a-mq_streams:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:redhat:cryostat:2.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:redhat:network_observability_operator:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:redhat:node_healthcheck_operator:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:redhat:openshift_gitops:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:redhat:openshift_virtualization:4:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:redhat:logging_subsystem_for_red_hat_openshift:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:redhat:openshift_pipelines:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:redhat:openshift_sandboxed_containers:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:redhat:openshift_secondary_scheduler_operator:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:redhat:openshift_container_platform_assisted_installer:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:redhat:certification_for_red_hat_enterprise_linux:9.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:redhat:certification_for_red_hat_enterprise_linux:8.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:redhat:migration_toolkit_for_containers:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:redhat:openstack_platform:17.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:redhat:openshift:-:*:*:*:*:aws:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:redhat:run_once_duration_override_operator:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:redhat:service_interconnect:1.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:redhat:openshift_distributed_tracing:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:redhat:support_for_spring_boot:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:redhat:web_terminal:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:redhat:node_maintenance_operator:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:redhat:machine_deletion_remediation_operator:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:redhat:fence_agents_remediation_operator:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:redhat:self_node_remediation_operator:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:a:redhat:service_telemetry_framework:1.5:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:netapp:astra_control_center:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:akka:http_server:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "10.5.3",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:konghq:kong_gateway:*:*:*:*:enterprise:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "3.4.2",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:jenkins:jenkins:*:*:*:*:-:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "2.427",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "2.414.2",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:apache:solr:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "9.4.0",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:openresty:openresty:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "1.21.4.3",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:cisco:unified_contact_center_enterprise:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:cisco:prime_infrastructure:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "3.10.4",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:cisco:secure_malware_analytics:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "2.19.2",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:cisco:secure_dynamic_attributes_connector:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "2.2.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "7.4.2",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:fog_director:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "1.22",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:ios_xe:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "17.15.1",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:cisco:prime_network_registrar:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "11.2",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:cisco:prime_cable_provisioning:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "7.2.1",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:cisco:prime_access_registrar:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "9.3.3",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:cisco:data_center_network_manager:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:cisco:iot_field_network_director:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "4.11.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "7.11.2",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:cisco:crosswork_zero_touch_provisioning:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "6.0.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:cisco:crosswork_data_gateway:5.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:cisco:crosswork_data_gateway:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "4.1.3",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:cisco:expressway:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "x14.3.3",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:cisco:connected_mobile_experiences:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "11.1",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:cisco:telepresence_video_communication_server:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "x14.3.3",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:cisco:unified_contact_center_domain_manager:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:cisco:unified_contact_center_enterprise_-_live_data_server:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "12.6.2",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:cisco:unified_contact_center_management_portal:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:cisco:unified_attendant_console_advanced:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:cisco:enterprise_chat_and_email:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:cisco:ultra_cloud_core_-_session_management_function:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "2024.02.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:cisco:ultra_cloud_core_-_serving_gateway_function:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "2024.02.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:cisco:ultra_cloud_core_-_policy_control_function:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "2024.01.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:cisco:ultra_cloud_core_-_policy_control_function:2024.01.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:cisco:secure_web_appliance_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndExcluding": "15.1.0",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:cisco:secure_web_appliance:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndExcluding": "10.2\\(7\\)",
                        "vulnerable": true
                      },
                      {
                        "cpe23Uri": "cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndExcluding": "10.3\\(5\\)",
                        "versionStartIncluding": "10.3\\(1\\)",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:cisco:nexus_3016:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      },
                      {
                        "cpe23Uri": "cpe:2.3:h:cisco:nexus_3016q:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      },
                      {
                        "cpe23Uri": "cpe:2.3:h:cisco:nexus_3048:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      },
                      {
                        "cpe23Uri": "cpe:2.3:h:cisco:nexus_3064:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      },
                      {
                        "cpe23Uri": "cpe:2.3:h:cisco:nexus_3064-32t:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      },
                      {
                        "cpe23Uri": "cpe:2.3:h:cisco:nexus_3064-t:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      },
                      {
                        "cpe23Uri": "cpe:2.3:h:cisco:nexus_3064-x:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      },
                      {
                        "cpe23Uri": "cpe:2.3:h:cisco:nexus_3064t:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      },
                      {
                        "cpe23Uri": "cpe:2.3:h:cisco:nexus_3064x:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      },
                      {
                        "cpe23Uri": "cpe:2.3:h:cisco:nexus_3100:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      },
                      {
                        "cpe23Uri": "cpe:2.3:h:cisco:nexus_3100-v:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      },
                      {
                        "cpe23Uri": "cpe:2.3:h:cisco:nexus_3100-z:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      },
                      {
                        "cpe23Uri": "cpe:2.3:h:cisco:nexus_3100v:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      },
                      {
                        "cpe23Uri": "cpe:2.3:h:cisco:nexus_31108pc-v:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      },
                      {
                        "cpe23Uri": "cpe:2.3:h:cisco:nexus_31108pv-v:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      },
                      {
                        "cpe23Uri": "cpe:2.3:h:cisco:nexus_31108tc-v:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      },
                      {
                        "cpe23Uri": "cpe:2.3:h:cisco:nexus_31128pq:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      },
                      {
                        "cpe23Uri": "cpe:2.3:h:cisco:nexus_3132c-z:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      },
                      {
                        "cpe23Uri": "cpe:2.3:h:cisco:nexus_3132q:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      },
                      {
                        "cpe23Uri": "cpe:2.3:h:cisco:nexus_3132q-v:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      },
                      {
                        "cpe23Uri": "cpe:2.3:h:cisco:nexus_3132q-x:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      },
                      {
                        "cpe23Uri": "cpe:2.3:h:cisco:nexus_3132q-x\\/3132q-xl:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      },
                      {
                        "cpe23Uri": "cpe:2.3:h:cisco:nexus_3132q-xl:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      },
                      {
                        "cpe23Uri": "cpe:2.3:h:cisco:nexus_3164q:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      },
                      {
                        "cpe23Uri": "cpe:2.3:h:cisco:nexus_3172:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      },
                      {
                        "cpe23Uri": "cpe:2.3:h:cisco:nexus_3172pq:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      },
                      {
                        "cpe23Uri": "cpe:2.3:h:cisco:nexus_3172pq-xl:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      },
                      {
                        "cpe23Uri": "cpe:2.3:h:cisco:nexus_3172pq\\/pq-xl:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      },
                      {
                        "cpe23Uri": "cpe:2.3:h:cisco:nexus_3172tq:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      },
                      {
                        "cpe23Uri": "cpe:2.3:h:cisco:nexus_3172tq-32t:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      },
                      {
                        "cpe23Uri": "cpe:2.3:h:cisco:nexus_3172tq-xl:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      },
                      {
                        "cpe23Uri": "cpe:2.3:h:cisco:nexus_3200:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      },
                      {
                        "cpe23Uri": "cpe:2.3:h:cisco:nexus_3232:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      },
                      {
                        "cpe23Uri": "cpe:2.3:h:cisco:nexus_3232c:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      },
                      {
                        "cpe23Uri": "cpe:2.3:h:cisco:nexus_3232c_:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      },
                      {
                        "cpe23Uri": "cpe:2.3:h:cisco:nexus_3264c-e:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      },
                      {
                        "cpe23Uri": "cpe:2.3:h:cisco:nexus_3264q:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      },
                      {
                        "cpe23Uri": "cpe:2.3:h:cisco:nexus_3400:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      },
                      {
                        "cpe23Uri": "cpe:2.3:h:cisco:nexus_3408-s:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      },
                      {
                        "cpe23Uri": "cpe:2.3:h:cisco:nexus_34180yc:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      },
                      {
                        "cpe23Uri": "cpe:2.3:h:cisco:nexus_34200yc-sm:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      },
                      {
                        "cpe23Uri": "cpe:2.3:h:cisco:nexus_3432d-s:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      },
                      {
                        "cpe23Uri": "cpe:2.3:h:cisco:nexus_3464c:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      },
                      {
                        "cpe23Uri": "cpe:2.3:h:cisco:nexus_3500:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      },
                      {
                        "cpe23Uri": "cpe:2.3:h:cisco:nexus_3524:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      },
                      {
                        "cpe23Uri": "cpe:2.3:h:cisco:nexus_3524-x:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      },
                      {
                        "cpe23Uri": "cpe:2.3:h:cisco:nexus_3524-x\\/xl:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      },
                      {
                        "cpe23Uri": "cpe:2.3:h:cisco:nexus_3524-xl:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      },
                      {
                        "cpe23Uri": "cpe:2.3:h:cisco:nexus_3548:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      },
                      {
                        "cpe23Uri": "cpe:2.3:h:cisco:nexus_3548-x:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      },
                      {
                        "cpe23Uri": "cpe:2.3:h:cisco:nexus_3548-x\\/xl:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      },
                      {
                        "cpe23Uri": "cpe:2.3:h:cisco:nexus_3548-xl:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      },
                      {
                        "cpe23Uri": "cpe:2.3:h:cisco:nexus_3600:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      },
                      {
                        "cpe23Uri": "cpe:2.3:h:cisco:nexus_36180yc-r:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      },
                      {
                        "cpe23Uri": "cpe:2.3:h:cisco:nexus_3636c-r:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndExcluding": "10.2\\(7\\)",
                        "vulnerable": true
                      },
                      {
                        "cpe23Uri": "cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndExcluding": "10.3\\(5\\)",
                        "versionStartIncluding": "10.3\\(1\\)",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:cisco:nexus_9000v:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      },
                      {
                        "cpe23Uri": "cpe:2.3:h:cisco:nexus_9200:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      },
                      {
                        "cpe23Uri": "cpe:2.3:h:cisco:nexus_9200yc:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      },
                      {
                        "cpe23Uri": "cpe:2.3:h:cisco:nexus_92160yc-x:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      },
                      {
                        "cpe23Uri": "cpe:2.3:h:cisco:nexus_92160yc_switch:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      },
                      {
                        "cpe23Uri": "cpe:2.3:h:cisco:nexus_9221c:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      },
                      {
                        "cpe23Uri": "cpe:2.3:h:cisco:nexus_92300yc:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      },
                      {
                        "cpe23Uri": "cpe:2.3:h:cisco:nexus_92300yc_switch:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      },
                      {
                        "cpe23Uri": "cpe:2.3:h:cisco:nexus_92304qc:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      },
                      {
                        "cpe23Uri": "cpe:2.3:h:cisco:nexus_92304qc_switch:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      },
                      {
                        "cpe23Uri": "cpe:2.3:h:cisco:nexus_9232e:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      },
                      {
                        "cpe23Uri": "cpe:2.3:h:cisco:nexus_92348gc-x:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      },
                      {
                        "cpe23Uri": "cpe:2.3:h:cisco:nexus_9236c:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      },
                      {
                        "cpe23Uri": "cpe:2.3:h:cisco:nexus_9236c_switch:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      },
                      {
                        "cpe23Uri": "cpe:2.3:h:cisco:nexus_9272q:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      },
                      {
                        "cpe23Uri": "cpe:2.3:h:cisco:nexus_9272q_switch:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      },
                      {
                        "cpe23Uri": "cpe:2.3:h:cisco:nexus_9300:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      },
                      {
                        "cpe23Uri": "cpe:2.3:h:cisco:nexus_93108tc-ex:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      },
                      {
                        "cpe23Uri": "cpe:2.3:h:cisco:nexus_93108tc-ex-24:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      },
                      {
                        "cpe23Uri": "cpe:2.3:h:cisco:nexus_93108tc-ex_switch:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      },
                      {
                        "cpe23Uri": "cpe:2.3:h:cisco:nexus_93108tc-fx:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      },
                      {
                        "cpe23Uri": "cpe:2.3:h:cisco:nexus_93108tc-fx-24:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      },
                      {
                        "cpe23Uri": "cpe:2.3:h:cisco:nexus_93108tc-fx3h:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      },
                      {
                        "cpe23Uri": "cpe:2.3:h:cisco:nexus_93108tc-fx3p:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      },
                      {
                        "cpe23Uri": "cpe:2.3:h:cisco:nexus_93120tx:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      },
                      {
                        "cpe23Uri": "cpe:2.3:h:cisco:nexus_93120tx_switch:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      },
                      {
                        "cpe23Uri": "cpe:2.3:h:cisco:nexus_93128:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      },
                      {
                        "cpe23Uri": "cpe:2.3:h:cisco:nexus_93128tx:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      },
                      {
                        "cpe23Uri": "cpe:2.3:h:cisco:nexus_93128tx_switch:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      },
                      {
                        "cpe23Uri": "cpe:2.3:h:cisco:nexus_9316d-gx:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      },
                      {
                        "cpe23Uri": "cpe:2.3:h:cisco:nexus_93180lc-ex:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      },
                      {
                        "cpe23Uri": "cpe:2.3:h:cisco:nexus_93180lc-ex_switch:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      },
                      {
                        "cpe23Uri": "cpe:2.3:h:cisco:nexus_93180tc-ex:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      },
                      {
                        "cpe23Uri": "cpe:2.3:h:cisco:nexus_93180yc-ex:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      },
                      {
                        "cpe23Uri": "cpe:2.3:h:cisco:nexus_93180yc-ex-24:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      },
                      {
                        "cpe23Uri": "cpe:2.3:h:cisco:nexus_93180yc-ex_switch:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      },
                      {
                        "cpe23Uri": "cpe:2.3:h:cisco:nexus_93180yc-fx:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      },
                      {
                        "cpe23Uri": "cpe:2.3:h:cisco:nexus_93180yc-fx-24:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      },
                      {
                        "cpe23Uri": "cpe:2.3:h:cisco:nexus_93180yc-fx3:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      },
                      {
                        "cpe23Uri": "cpe:2.3:h:cisco:nexus_93180yc-fx3h:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      },
                      {
                        "cpe23Uri": "cpe:2.3:h:cisco:nexus_93180yc-fx3s:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      },
                      {
                        "cpe23Uri": "cpe:2.3:h:cisco:nexus_93216tc-fx2:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      },
                      {
                        "cpe23Uri": "cpe:2.3:h:cisco:nexus_93240tc-fx2:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      },
                      {
                        "cpe23Uri": "cpe:2.3:h:cisco:nexus_93240yc-fx2:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      },
                      {
                        "cpe23Uri": "cpe:2.3:h:cisco:nexus_9332c:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      },
                      {
                        "cpe23Uri": "cpe:2.3:h:cisco:nexus_9332d-gx2b:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      },
                      {
                        "cpe23Uri": "cpe:2.3:h:cisco:nexus_9332d-h2r:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      },
                      {
                        "cpe23Uri": "cpe:2.3:h:cisco:nexus_9332pq:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      },
                      {
                        "cpe23Uri": "cpe:2.3:h:cisco:nexus_9332pq_switch:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      },
                      {
                        "cpe23Uri": "cpe:2.3:h:cisco:nexus_93360yc-fx2:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      },
                      {
                        "cpe23Uri": "cpe:2.3:h:cisco:nexus_9336c-fx2:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      },
                      {
                        "cpe23Uri": "cpe:2.3:h:cisco:nexus_9336c-fx2-e:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      },
                      {
                        "cpe23Uri": "cpe:2.3:h:cisco:nexus_9336pq:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      },
                      {
                        "cpe23Uri": "cpe:2.3:h:cisco:nexus_9336pq_aci:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      },
                      {
                        "cpe23Uri": "cpe:2.3:h:cisco:nexus_9336pq_aci_spine:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      },
                      {
                        "cpe23Uri": "cpe:2.3:h:cisco:nexus_9336pq_aci_spine_switch:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      },
                      {
                        "cpe23Uri": "cpe:2.3:h:cisco:nexus_9348d-gx2a:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      },
                      {
                        "cpe23Uri": "cpe:2.3:h:cisco:nexus_9348gc-fx3:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      },
                      {
                        "cpe23Uri": "cpe:2.3:h:cisco:nexus_9348gc-fxp:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      },
                      {
                        "cpe23Uri": "cpe:2.3:h:cisco:nexus_93600cd-gx:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      },
                      {
                        "cpe23Uri": "cpe:2.3:h:cisco:nexus_9364c:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      },
                      {
                        "cpe23Uri": "cpe:2.3:h:cisco:nexus_9364c-gx:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      },
                      {
                        "cpe23Uri": "cpe:2.3:h:cisco:nexus_9364d-gx2a:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      },
                      {
                        "cpe23Uri": "cpe:2.3:h:cisco:nexus_9372px:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      },
                      {
                        "cpe23Uri": "cpe:2.3:h:cisco:nexus_9372px-e:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      },
                      {
                        "cpe23Uri": "cpe:2.3:h:cisco:nexus_9372px-e_switch:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      },
                      {
                        "cpe23Uri": "cpe:2.3:h:cisco:nexus_9372px_switch:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      },
                      {
                        "cpe23Uri": "cpe:2.3:h:cisco:nexus_9372tx:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      },
                      {
                        "cpe23Uri": "cpe:2.3:h:cisco:nexus_9372tx-e:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      },
                      {
                        "cpe23Uri": "cpe:2.3:h:cisco:nexus_9372tx-e_switch:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      },
                      {
                        "cpe23Uri": "cpe:2.3:h:cisco:nexus_9372tx_switch:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      },
                      {
                        "cpe23Uri": "cpe:2.3:h:cisco:nexus_9396px:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      },
                      {
                        "cpe23Uri": "cpe:2.3:h:cisco:nexus_9396px_switch:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      },
                      {
                        "cpe23Uri": "cpe:2.3:h:cisco:nexus_9396tx:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      },
                      {
                        "cpe23Uri": "cpe:2.3:h:cisco:nexus_9396tx_switch:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      },
                      {
                        "cpe23Uri": "cpe:2.3:h:cisco:nexus_9408:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      },
                      {
                        "cpe23Uri": "cpe:2.3:h:cisco:nexus_9432pq:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      },
                      {
                        "cpe23Uri": "cpe:2.3:h:cisco:nexus_9500:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      },
                      {
                        "cpe23Uri": "cpe:2.3:h:cisco:nexus_9500_16-slot:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      },
                      {
                        "cpe23Uri": "cpe:2.3:h:cisco:nexus_9500_4-slot:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      },
                      {
                        "cpe23Uri": "cpe:2.3:h:cisco:nexus_9500_8-slot:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      },
                      {
                        "cpe23Uri": "cpe:2.3:h:cisco:nexus_9500_supervisor_a:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      },
                      {
                        "cpe23Uri": "cpe:2.3:h:cisco:nexus_9500_supervisor_a\\+:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      },
                      {
                        "cpe23Uri": "cpe:2.3:h:cisco:nexus_9500_supervisor_b:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      },
                      {
                        "cpe23Uri": "cpe:2.3:h:cisco:nexus_9500_supervisor_b\\+:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      },
                      {
                        "cpe23Uri": "cpe:2.3:h:cisco:nexus_9500r:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      },
                      {
                        "cpe23Uri": "cpe:2.3:h:cisco:nexus_9504:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      },
                      {
                        "cpe23Uri": "cpe:2.3:h:cisco:nexus_9504_switch:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      },
                      {
                        "cpe23Uri": "cpe:2.3:h:cisco:nexus_9508:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      },
                      {
                        "cpe23Uri": "cpe:2.3:h:cisco:nexus_9508_switch:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      },
                      {
                        "cpe23Uri": "cpe:2.3:h:cisco:nexus_9516:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      },
                      {
                        "cpe23Uri": "cpe:2.3:h:cisco:nexus_9516_switch:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      },
                      {
                        "cpe23Uri": "cpe:2.3:h:cisco:nexus_9536pq:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      },
                      {
                        "cpe23Uri": "cpe:2.3:h:cisco:nexus_9636pq:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      },
                      {
                        "cpe23Uri": "cpe:2.3:h:cisco:nexus_9716d-gx:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      },
                      {
                        "cpe23Uri": "cpe:2.3:h:cisco:nexus_9736pq:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      },
                      {
                        "cpe23Uri": "cpe:2.3:h:cisco:nexus_9800:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      },
                      {
                        "cpe23Uri": "cpe:2.3:h:cisco:nexus_9804:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      },
                      {
                        "cpe23Uri": "cpe:2.3:h:cisco:nexus_9808:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2023-44487"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Red Hat",
        "sources": [
          {
            "db": "PACKETSTORM",
            "id": "175239"
          },
          {
            "db": "PACKETSTORM",
            "id": "175234"
          },
          {
            "db": "PACKETSTORM",
            "id": "175230"
          },
          {
            "db": "PACKETSTORM",
            "id": "175126"
          },
          {
            "db": "PACKETSTORM",
            "id": "175160"
          },
          {
            "db": "PACKETSTORM",
            "id": "175376"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2023-44487",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "NVD",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 3.9,
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2023-44487",
                "trust": 1.0,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2023-44487"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. \n\n\n\n\nDescription:\n\nAMQ Broker is a high-performance messaging implementation based on ActiveMQ Artemis. It uses an asynchronous journal for fast message persistence, and supports multiple languages, protocols, and platforms. For further information, refer to the release notes linked to in the References section. \n\n\n\n\nDescription:\n\nApache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. \n\n\n\n\nDescription:\n\nRed Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. \n\n\n\n\nDescription:\n\nnghttp2 contains the Hypertext Transfer Protocol version 2 (HTTP/2) client, server, and proxy programs as well as a library implementing the HTTP/2 protocol in C. \n\nThe following data is constructed from data provided by Red Hat\u0027s json file at:\n\nhttps://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_5710.json\n\nRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat\u0027s archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment. \n\n- Packet Storm Staff\n\n\n\n\n====================================================================\nRed Hat Security Advisory\n\nSynopsis:           Important: dotnet6.0 security update\nAdvisory ID:        RHSA-2023:5710-01\nProduct:            Red Hat Enterprise Linux\nAdvisory URL:       https://access.redhat.com/errata/RHSA-2023:5710\nIssue date:         2023-10-16\nRevision:           01\nCVE Names:          CVE-2023-44487\n====================================================================\n\nSummary: \n\nAn update for dotnet6.0 is now available for Red Hat Enterprise Linux 8. \n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. \n\n\n\n\nDescription:\n\n.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. \n\nNew versions of .NET that address a security vulnerability are now available. The updated versions are .NET 6.0 to SDK 6.0.123 and Runtime 6.0.23. \n\nSecurity Fix(es):\n\n* HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. \n\n\nSolution:\n\nhttps://access.redhat.com/articles/11258\n\n\n\nCVEs:\n\nCVE-2023-44487\n\nReferences:\n\nhttps://access.redhat.com/security/updates/classification/#important\nhttps://access.redhat.com/security/vulnerabilities/RHSB-2023-003\n\n. ==========================================================================\nUbuntu Security Notice USN-6754-1\nApril 25, 2024\n\nnghttp2 vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 23.10\n- Ubuntu 22.04 LTS\n- Ubuntu 20.04 LTS\n- Ubuntu 18.04 LTS (Available with Ubuntu Pro)\n- Ubuntu 16.04 LTS (Available with Ubuntu Pro)\n\nSummary:\n\nSeveral security issues were fixed in nghttp2. \n\nSoftware Description:\n- nghttp2: HTTP/2 C Library and tools\n\nDetails:\n\nIt was discovered that nghttp2 incorrectly handled the HTTP/2\nimplementation. A remote attacker could possibly use this issue to cause\nnghttp2 to consume resources, leading to a denial of service. This issue\nonly affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2019-9511,\nCVE-2019-9513)\n\nIt was discovered that nghttp2 incorrectly handled request cancellation. A\nremote attacker could possibly use this issue to cause nghttp2 to consume\nresources, leading to a denial of service. This issue only affected Ubuntu\n16.04 LTS and Ubuntu 18.04 LTS. (CVE-2023-44487)\n\nIt was discovered that nghttp2 could be made to process an unlimited number\nof HTTP/2 CONTINUATION frames. A remote attacker could possibly use this\nissue to cause nghttp2 to consume resources, leading to a denial of\nservice. (CVE-2024-28182)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 23.10:\n   libnghttp2-14                   1.55.1-1ubuntu0.2\n   nghttp2                         1.55.1-1ubuntu0.2\n   nghttp2-client                  1.55.1-1ubuntu0.2\n   nghttp2-proxy                   1.55.1-1ubuntu0.2\n   nghttp2-server                  1.55.1-1ubuntu0.2\n\nUbuntu 22.04 LTS:\n   libnghttp2-14                   1.43.0-1ubuntu0.2\n   nghttp2                         1.43.0-1ubuntu0.2\n   nghttp2-client                  1.43.0-1ubuntu0.2\n   nghttp2-proxy                   1.43.0-1ubuntu0.2\n   nghttp2-server                  1.43.0-1ubuntu0.2\n\nUbuntu 20.04 LTS:\n   libnghttp2-14                   1.40.0-1ubuntu0.3\n   nghttp2                         1.40.0-1ubuntu0.3\n   nghttp2-client                  1.40.0-1ubuntu0.3\n   nghttp2-proxy                   1.40.0-1ubuntu0.3\n   nghttp2-server                  1.40.0-1ubuntu0.3\n\nUbuntu 18.04 LTS (Available with Ubuntu Pro):\n   libnghttp2-14                   1.30.0-1ubuntu1+esm2\n   nghttp2                         1.30.0-1ubuntu1+esm2\n   nghttp2-client                  1.30.0-1ubuntu1+esm2\n   nghttp2-proxy                   1.30.0-1ubuntu1+esm2\n   nghttp2-server                  1.30.0-1ubuntu1+esm2\n\nUbuntu 16.04 LTS (Available with Ubuntu Pro):\n   libnghttp2-14                   1.7.1-1ubuntu0.1~esm2\n   nghttp2                         1.7.1-1ubuntu0.1~esm2\n   nghttp2-client                  1.7.1-1ubuntu0.1~esm2\n   nghttp2-proxy                   1.7.1-1ubuntu0.1~esm2\n   nghttp2-server                  1.7.1-1ubuntu0.1~esm2\n\nIn general, a standard system update will make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\n- -------------------------------------------------------------------------\nDebian Security Advisory DSA-5558-1                   security@debian.org\nhttps://www.debian.org/security/                          Markus Koschany\nNovember 18, 2023                     https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage        : netty\nCVE ID         : CVE-2023-34462 CVE-2023-44487\nDebian Bug     : 1038947 1054234\n\nTwo security vulnerabilities have been discovered in Netty, a Java NIO\nclient/server socket framework. \n\nCVE-2023-34462\n\n    It might be possible for a remote peer to send a client hello packet during\n    a TLS handshake which lead the server to buffer up to 16 MB of data per\n    connection. This could lead to a OutOfMemoryError and so result in a denial\n    of service. \n    This problem is also known as Rapid Reset Attack. \n\nFor the oldstable distribution (bullseye), these problems have been fixed\nin version 1:4.1.48-4+deb11u2. \n\nFor the stable distribution (bookworm), these problems have been fixed in\nversion 1:4.1.48-7+deb12u1. \n\nWe recommend that you upgrade your netty packages. \n\nFor the detailed security status of netty please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/netty\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmVY5TZfFIAAAAAALgAo\naXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD\nRjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7\nUeRHiBAAzFhW85Ho37J02wrSDVwhIMTsVjNO9lnA08Pswdohr9K1wxeCJ/hBAx97\nUNIrjTxyOfCJWi1Kj5pITXEHBRu6w1fj/5y9yoMpAKEu+oGQroHbSf4CPmqP2Of0\neamkfbGx2Dh7Ug3qYxe+elcqRtU3gu8I8DYcWJnm2VpWq7/pbNJ+9iqtmMjhkPLH\n1etLI/5HAkwpPimZSrHzcimn39gEVaIbZLc86ZBAoAPghc+iJR1JFHERmkEutWkB\neAnL3kD1mr6F711eZvDfPaRfEUVorW67ZEpPX68MJExuYHNXd268EhQOhf/ZYv8g\nSUSBJuKw4w2OnL4fn8lhqnQgYHUVkcYBtfYii6E9bEVAIPoaT+4gvdSg9zkF6cza\nDa8SXkEY2ysaX+A24iVnCNMpCMSOUOxWsFFvkCcfi8A4HxGGqWzVOsBbDJKjktS1\ng6FyeqWsGh9QG/CPYeMN7LB7lW1l2XzO6GQ9QR1rzU/whgUVxprkye5wx2BaQmom\nrrWVHBijH1cNWd1IbryAm+prduL1l/CNR0785ZPTjB3SsMFPCAtRHf9G976rqVs0\nP3jGg+BdeDj+sd3EFHcHnNXQOaETgR07RWzngbjEkgmJYhB2B43hCQ2LwsNlHsmg\nO6otUI2k274IF9KHh0T1h1hopbUTU8VPy3dpcLloCzk7KiAv1RI=\n=4ExT\n-----END PGP SIGNATURE-----\n. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products and packaged under Red Hat JBoss Core Services, to allow for faster distribution of updates and for a more consistent update experience",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2023-44487"
          },
          {
            "db": "PACKETSTORM",
            "id": "175239"
          },
          {
            "db": "PACKETSTORM",
            "id": "175234"
          },
          {
            "db": "PACKETSTORM",
            "id": "175230"
          },
          {
            "db": "PACKETSTORM",
            "id": "175126"
          },
          {
            "db": "PACKETSTORM",
            "id": "175160"
          },
          {
            "db": "PACKETSTORM",
            "id": "178284"
          },
          {
            "db": "PACKETSTORM",
            "id": "175875"
          },
          {
            "db": "PACKETSTORM",
            "id": "175807"
          },
          {
            "db": "PACKETSTORM",
            "id": "175376"
          }
        ],
        "trust": 1.71
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2023-44487",
            "trust": 1.9
          },
          {
            "db": "OPENWALL",
            "id": "OSS-SECURITY/2023/10/18/8",
            "trust": 1.0
          },
          {
            "db": "OPENWALL",
            "id": "OSS-SECURITY/2023/10/10/6",
            "trust": 1.0
          },
          {
            "db": "OPENWALL",
            "id": "OSS-SECURITY/2023/10/19/6",
            "trust": 1.0
          },
          {
            "db": "OPENWALL",
            "id": "OSS-SECURITY/2023/10/18/4",
            "trust": 1.0
          },
          {
            "db": "OPENWALL",
            "id": "OSS-SECURITY/2023/10/13/4",
            "trust": 1.0
          },
          {
            "db": "OPENWALL",
            "id": "OSS-SECURITY/2023/10/13/9",
            "trust": 1.0
          },
          {
            "db": "OPENWALL",
            "id": "OSS-SECURITY/2023/10/20/8",
            "trust": 1.0
          },
          {
            "db": "PACKETSTORM",
            "id": "175239",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "175234",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "175230",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "175126",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "175160",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "178284",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "175875",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "175807",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "175376",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "PACKETSTORM",
            "id": "175239"
          },
          {
            "db": "PACKETSTORM",
            "id": "175234"
          },
          {
            "db": "PACKETSTORM",
            "id": "175230"
          },
          {
            "db": "PACKETSTORM",
            "id": "175126"
          },
          {
            "db": "PACKETSTORM",
            "id": "175160"
          },
          {
            "db": "PACKETSTORM",
            "id": "178284"
          },
          {
            "db": "PACKETSTORM",
            "id": "175875"
          },
          {
            "db": "PACKETSTORM",
            "id": "175807"
          },
          {
            "db": "PACKETSTORM",
            "id": "175376"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-44487"
          }
        ]
      },
      "id": "VAR-202310-0175",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VARIoT devices database",
            "id": null
          }
        ],
        "trust": 0.465728264
      },
      "last_update_date": "2024-07-23T21:36:24.758000Z",
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-400",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2023-44487"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.0,
            "url": "http://www.openwall.com/lists/oss-security/2023/10/13/4"
          },
          {
            "trust": 1.0,
            "url": "http://www.openwall.com/lists/oss-security/2023/10/13/9"
          },
          {
            "trust": 1.0,
            "url": "http://www.openwall.com/lists/oss-security/2023/10/18/4"
          },
          {
            "trust": 1.0,
            "url": "http://www.openwall.com/lists/oss-security/2023/10/18/8"
          },
          {
            "trust": 1.0,
            "url": "http://www.openwall.com/lists/oss-security/2023/10/19/6"
          },
          {
            "trust": 1.0,
            "url": "http://www.openwall.com/lists/oss-security/2023/10/20/8"
          },
          {
            "trust": 1.0,
            "url": "https://access.redhat.com/security/cve/cve-2023-44487"
          },
          {
            "trust": 1.0,
            "url": "https://arstechnica.com/security/2023/10/how-ddosers-used-the-http-2-protocol-to-deliver-attacks-of-unprecedented-size/"
          },
          {
            "trust": 1.0,
            "url": "https://aws.amazon.com/security/security-bulletins/aws-2023-011/"
          },
          {
            "trust": 1.0,
            "url": "https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack/"
          },
          {
            "trust": 1.0,
            "url": "https://blog.cloudflare.com/zero-day-rapid-reset-http2-record-breaking-ddos-attack/"
          },
          {
            "trust": 1.0,
            "url": "https://blog.litespeedtech.com/2023/10/11/rapid-reset-http-2-vulnerablilty/"
          },
          {
            "trust": 1.0,
            "url": "https://blog.qualys.com/vulnerabilities-threat-research/2023/10/10/cve-2023-44487-http-2-rapid-reset-attack"
          },
          {
            "trust": 1.0,
            "url": "https://blog.vespa.ai/cve-2023-44487/"
          },
          {
            "trust": 1.0,
            "url": "https://bugzilla.proxmox.com/show_bug.cgi?id=4988"
          },
          {
            "trust": 1.0,
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242803"
          },
          {
            "trust": 1.0,
            "url": "https://bugzilla.suse.com/show_bug.cgi?id=1216123"
          },
          {
            "trust": 1.0,
            "url": "https://cgit.freebsd.org/ports/commit/?id=c64c329c2c1752f46b73e3e6ce9f4329be6629f9"
          },
          {
            "trust": 1.0,
            "url": "https://cloud.google.com/blog/products/identity-security/google-cloud-mitigated-largest-ddos-attack-peaking-above-398-million-rps/"
          },
          {
            "trust": 1.0,
            "url": "https://cloud.google.com/blog/products/identity-security/how-it-works-the-novel-http2-rapid-reset-ddos-attack"
          },
          {
            "trust": 1.0,
            "url": "https://community.traefik.io/t/is-traefik-vulnerable-to-cve-2023-44487/20125"
          },
          {
            "trust": 1.0,
            "url": "https://discuss.hashicorp.com/t/hcsec-2023-32-vault-consul-and-boundary-affected-by-http-2-rapid-reset-denial-of-service-vulnerability-cve-2023-44487/59715"
          },
          {
            "trust": 1.0,
            "url": "https://edg.io/lp/blog/resets-leaks-ddos-and-the-tale-of-a-hidden-cve"
          },
          {
            "trust": 1.0,
            "url": "https://forums.swift.org/t/swift-nio-http2-security-update-cve-2023-44487-http-2-dos/67764"
          },
          {
            "trust": 1.0,
            "url": "https://gist.github.com/adulau/7c2bfb8e9cdbe4b35a5e131c66a0c088"
          },
          {
            "trust": 1.0,
            "url": "https://github.com/azure/aks/issues/3947"
          },
          {
            "trust": 1.0,
            "url": "https://github.com/kong/kong/discussions/11741"
          },
          {
            "trust": 1.0,
            "url": "https://github.com/advisories/ghsa-qppj-fm5r-hxr3"
          },
          {
            "trust": 1.0,
            "url": "https://github.com/advisories/ghsa-vx74-f528-fxqg"
          },
          {
            "trust": 1.0,
            "url": "https://github.com/advisories/ghsa-xpw8-rcwv-8f8p"
          },
          {
            "trust": 1.0,
            "url": "https://github.com/akka/akka-http/issues/4323"
          },
          {
            "trust": 1.0,
            "url": "https://github.com/alibaba/tengine/issues/1872"
          },
          {
            "trust": 1.0,
            "url": "https://github.com/apache/apisix/issues/10320"
          },
          {
            "trust": 1.0,
            "url": "https://github.com/apache/httpd-site/pull/10"
          },
          {
            "trust": 1.0,
            "url": "https://github.com/apache/httpd/blob/afcdbeebbff4b0c50ea26cdd16e178c0d1f24152/modules/http2/h2_mplx.c#l1101-l1113"
          },
          {
            "trust": 1.0,
            "url": "https://github.com/apache/tomcat/tree/main/java/org/apache/coyote/http2"
          },
          {
            "trust": 1.0,
            "url": "https://github.com/apache/trafficserver/pull/10564"
          },
          {
            "trust": 1.0,
            "url": "https://github.com/arkrwn/poc/tree/main/cve-2023-44487"
          },
          {
            "trust": 1.0,
            "url": "https://github.com/bcdannyboy/cve-2023-44487"
          },
          {
            "trust": 1.0,
            "url": "https://github.com/caddyserver/caddy/issues/5877"
          },
          {
            "trust": 1.0,
            "url": "https://github.com/caddyserver/caddy/releases/tag/v2.7.5"
          },
          {
            "trust": 1.0,
            "url": "https://github.com/dotnet/announcements/issues/277"
          },
          {
            "trust": 1.0,
            "url": "https://github.com/dotnet/core/blob/e4613450ea0da7fd2fc6b61dfb2c1c1dec1ce9ec/release-notes/6.0/6.0.23/6.0.23.md?plain=1#l73"
          },
          {
            "trust": 1.0,
            "url": "https://github.com/eclipse/jetty.project/issues/10679"
          },
          {
            "trust": 1.0,
            "url": "https://github.com/envoyproxy/envoy/pull/30055"
          },
          {
            "trust": 1.0,
            "url": "https://github.com/etcd-io/etcd/issues/16740"
          },
          {
            "trust": 1.0,
            "url": "https://github.com/facebook/proxygen/pull/466"
          },
          {
            "trust": 1.0,
            "url": "https://github.com/golang/go/issues/63417"
          },
          {
            "trust": 1.0,
            "url": "https://github.com/grpc/grpc-go/pull/6703"
          },
          {
            "trust": 1.0,
            "url": "https://github.com/h2o/h2o/pull/3291"
          },
          {
            "trust": 1.0,
            "url": "https://github.com/h2o/h2o/security/advisories/ghsa-2m7v-gc89-fjqf"
          },
          {
            "trust": 1.0,
            "url": "https://github.com/haproxy/haproxy/issues/2312"
          },
          {
            "trust": 1.0,
            "url": "https://github.com/icing/mod_h2/blob/0a864782af0a942aa2ad4ed960a6b32cd35bcf0a/mod_http2/readme.md?plain=1#l239-l244"
          },
          {
            "trust": 1.0,
            "url": "https://github.com/junkurihara/rust-rpxy/issues/97"
          },
          {
            "trust": 1.0,
            "url": "https://github.com/kazu-yamamoto/http2/commit/f61d41a502bd0f60eb24e1ce14edc7b6df6722a1"
          },
          {
            "trust": 1.0,
            "url": "https://github.com/kazu-yamamoto/http2/issues/93"
          },
          {
            "trust": 1.0,
            "url": "https://github.com/kubernetes/kubernetes/pull/121120"
          },
          {
            "trust": 1.0,
            "url": "https://github.com/line/armeria/pull/5232"
          },
          {
            "trust": 1.0,
            "url": "https://github.com/linkerd/website/pull/1695/commits/4b9c6836471bc8270ab48aae6fd2181bc73fd632"
          },
          {
            "trust": 1.0,
            "url": "https://github.com/micrictor/http2-rst-stream"
          },
          {
            "trust": 1.0,
            "url": "https://github.com/microsoft/cbl-mariner/pull/6381"
          },
          {
            "trust": 1.0,
            "url": "https://github.com/netty/netty/commit/58f75f665aa81a8cbcf6ffa74820042a285c5e61"
          },
          {
            "trust": 1.0,
            "url": "https://github.com/nghttp2/nghttp2/pull/1961"
          },
          {
            "trust": 1.0,
            "url": "https://github.com/nghttp2/nghttp2/releases/tag/v1.57.0"
          },
          {
            "trust": 1.0,
            "url": "https://github.com/ninenines/cowboy/issues/1615"
          },
          {
            "trust": 1.0,
            "url": "https://github.com/nodejs/node/pull/50121"
          },
          {
            "trust": 1.0,
            "url": "https://github.com/openresty/openresty/issues/930"
          },
          {
            "trust": 1.0,
            "url": "https://github.com/opensearch-project/data-prepper/issues/3474"
          },
          {
            "trust": 1.0,
            "url": "https://github.com/oqtane/oqtane.framework/discussions/3367"
          },
          {
            "trust": 1.0,
            "url": "https://github.com/projectcontour/contour/pull/5826"
          },
          {
            "trust": 1.0,
            "url": "https://github.com/tempesta-tech/tempesta/issues/1986"
          },
          {
            "trust": 1.0,
            "url": "https://github.com/varnishcache/varnish-cache/issues/3996"
          },
          {
            "trust": 1.0,
            "url": "https://groups.google.com/g/golang-announce/c/innxdtcjzvo"
          },
          {
            "trust": 1.0,
            "url": "https://istio.io/latest/news/security/istio-security-2023-004/"
          },
          {
            "trust": 1.0,
            "url": "https://linkerd.io/2023/10/12/linkerd-cve-2023-44487/"
          },
          {
            "trust": 1.0,
            "url": "https://lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87q"
          },
          {
            "trust": 1.0,
            "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html"
          },
          {
            "trust": 1.0,
            "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00023.html"
          },
          {
            "trust": 1.0,
            "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00024.html"
          },
          {
            "trust": 1.0,
            "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00045.html"
          },
          {
            "trust": 1.0,
            "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00047.html"
          },
          {
            "trust": 1.0,
            "url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00001.html"
          },
          {
            "trust": 1.0,
            "url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00012.html"
          },
          {
            "trust": 1.0,
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2mbeppc36ubvozznaxfhklfgslcmn5li/"
          },
          {
            "trust": 1.0,
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3n4nj7fr4x4fpzugntqapstvb2hb2y4a/"
          },
          {
            "trust": 1.0,
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/bfqd3kuemfbhpapbglwqc34l4owl5haz/"
          },
          {
            "trust": 1.0,
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/clb4tw7kalb3eeqwnwcn7ouiwwvwwcg2/"
          },
          {
            "trust": 1.0,
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/e72t67updrxhidlo3oror25yamn4ggw5/"
          },
          {
            "trust": 1.0,
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/fna62q767cfafhbcdkynpbmzwb7twyvu/"
          },
          {
            "trust": 1.0,
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ht7t2r4mqklif4odv4bdlparwfpcj5cz/"
          },
          {
            "trust": 1.0,
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/jizsefc3ykcgaba2bzw6zjrmdzjmb7pj/"
          },
          {
            "trust": 1.0,
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/jmexy22bfg5q64hqcm5ck2q7kdkvv4ty/"
          },
          {
            "trust": 1.0,
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ksegd2iwknuo3dwy4kqguqm5bisrwhqe/"
          },
          {
            "trust": 1.0,
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/lkyhszqfdnr7rsa7lhvlliaqmvycugbg/"
          },
          {
            "trust": 1.0,
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/lnmzjcdhgljjlxo4oxwjmtvqrnwoc7ul/"
          },
          {
            "trust": 1.0,
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/vhuhtsxlxgxs7jykbxta3vinuphtngvu/"
          },
          {
            "trust": 1.0,
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/vsrdiv77hnkusm7sjc5bke5jshlhu2nk/"
          },
          {
            "trust": 1.0,
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/we2i52rhnnu42px6nz2rbuhsffj2lvzx/"
          },
          {
            "trust": 1.0,
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/wlprq5twuqqxywbjm7ecydail2yvkiuh/"
          },
          {
            "trust": 1.0,
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/x6qxn4orivf6xbw4wwfe7vnpvc74s45y/"
          },
          {
            "trust": 1.0,
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/xfoibb4yfichdm7ibop7pwxw3fx4hll2/"
          },
          {
            "trust": 1.0,
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/zb43remkrqr62njei7i5nq4fsxnlbkrt/"
          },
          {
            "trust": 1.0,
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/zkqsikiat5tj3wslu3rdbq35yx4gy4v3/"
          },
          {
            "trust": 1.0,
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/zlu6u2r2ic2k64ndpnmv55auao65maf4/"
          },
          {
            "trust": 1.0,
            "url": "https://lists.w3.org/archives/public/ietf-http-wg/2023octdec/0025.html"
          },
          {
            "trust": 1.0,
            "url": "https://mailman.nginx.org/pipermail/nginx-devel/2023-october/s36q5hbxr7caimpllprsssyr4pcmwilk.html"
          },
          {
            "trust": 1.0,
            "url": "https://martinthomson.github.io/h2-stream-limits/draft-thomson-httpbis-h2-stream-limits.html"
          },
          {
            "trust": 1.0,
            "url": "https://msrc.microsoft.com/blog/2023/10/microsoft-response-to-distributed-denial-of-service-ddos-attacks-against-http/2/"
          },
          {
            "trust": 1.0,
            "url": "https://msrc.microsoft.com/update-guide/vulnerability/cve-2023-44487"
          },
          {
            "trust": 1.0,
            "url": "https://my.f5.com/manage/s/article/k000137106"
          },
          {
            "trust": 1.0,
            "url": "https://netty.io/news/2023/10/10/4-1-100-final.html"
          },
          {
            "trust": 1.0,
            "url": "https://news.ycombinator.com/item?id=37830987"
          },
          {
            "trust": 1.0,
            "url": "https://news.ycombinator.com/item?id=37830998"
          },
          {
            "trust": 1.0,
            "url": "https://news.ycombinator.com/item?id=37831062"
          },
          {
            "trust": 1.0,
            "url": "https://news.ycombinator.com/item?id=37837043"
          },
          {
            "trust": 1.0,
            "url": "https://openssf.org/blog/2023/10/10/http-2-rapid-reset-vulnerability-highlights-need-for-rapid-response/"
          },
          {
            "trust": 1.0,
            "url": "https://seanmonstar.com/post/730794151136935936/hyper-http2-rapid-reset-unaffected"
          },
          {
            "trust": 1.0,
            "url": "https://security.gentoo.org/glsa/202311-09"
          },
          {
            "trust": 1.0,
            "url": "https://security.netapp.com/advisory/ntap-20231016-0001/"
          },
          {
            "trust": 1.0,
            "url": "https://security.netapp.com/advisory/ntap-20240426-0007/"
          },
          {
            "trust": 1.0,
            "url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
          },
          {
            "trust": 1.0,
            "url": "https://security.netapp.com/advisory/ntap-20240621-0007/"
          },
          {
            "trust": 1.0,
            "url": "https://security.paloaltonetworks.com/cve-2023-44487"
          },
          {
            "trust": 1.0,
            "url": "https://tomcat.apache.org/security-10.html#fixed_in_apache_tomcat_10.1.14"
          },
          {
            "trust": 1.0,
            "url": "https://ubuntu.com/security/cve-2023-44487"
          },
          {
            "trust": 1.0,
            "url": "https://www.bleepingcomputer.com/news/security/new-http-2-rapid-reset-zero-day-attack-breaks-ddos-records/"
          },
          {
            "trust": 1.0,
            "url": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487"
          },
          {
            "trust": 1.0,
            "url": "https://www.darkreading.com/cloud/internet-wide-zero-day-bug-fuels-largest-ever-ddos-event"
          },
          {
            "trust": 1.0,
            "url": "https://www.debian.org/security/2023/dsa-5521"
          },
          {
            "trust": 1.0,
            "url": "https://www.debian.org/security/2023/dsa-5522"
          },
          {
            "trust": 1.0,
            "url": "https://www.debian.org/security/2023/dsa-5540"
          },
          {
            "trust": 1.0,
            "url": "https://www.debian.org/security/2023/dsa-5549"
          },
          {
            "trust": 1.0,
            "url": "https://www.debian.org/security/2023/dsa-5558"
          },
          {
            "trust": 1.0,
            "url": "https://www.debian.org/security/2023/dsa-5570"
          },
          {
            "trust": 1.0,
            "url": "https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487"
          },
          {
            "trust": 1.0,
            "url": "https://www.netlify.com/blog/netlify-successfully-mitigates-cve-2023-44487/"
          },
          {
            "trust": 1.0,
            "url": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/"
          },
          {
            "trust": 1.0,
            "url": "https://www.openwall.com/lists/oss-security/2023/10/10/6"
          },
          {
            "trust": 1.0,
            "url": "https://www.phoronix.com/news/http2-rapid-reset-attack"
          },
          {
            "trust": 1.0,
            "url": "https://www.theregister.com/2023/10/10/http2_rapid_reset_zeroday/"
          },
          {
            "trust": 0.9,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2023-44487"
          },
          {
            "trust": 0.6,
            "url": "https://access.redhat.com/security/updates/classification/#important"
          },
          {
            "trust": 0.5,
            "url": "https://access.redhat.com/articles/11258"
          },
          {
            "trust": 0.5,
            "url": "https://access.redhat.com/security/vulnerabilities/rhsb-2023-003"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_5945.json"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=jboss.amq.broker\u0026version=7.10.4"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/documentation/en-us/red_hat_amq_broker/7.10"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2023:5945"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_5928.json"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2023:5928"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=securitypatches\u0026product=appplatform\u0026version=7.4"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_5922.json"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2023:5922"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2023:5766"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_5766.json"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_5710.json"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2023:5710"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/nghttp2/1.40.0-1ubuntu0.3"
          },
          {
            "trust": 0.1,
            "url": "https://ubuntu.com/security/notices/usn-6754-1"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/nghttp2/1.43.0-1ubuntu0.2"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/nghttp2/1.55.1-1ubuntu0.2"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9513"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9511"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2024-28182"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/nghttp2/1.40.0-1ubuntu0.2"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/nghttp2/1.55.1-1ubuntu0.1"
          },
          {
            "trust": 0.1,
            "url": "https://ubuntu.com/security/notices/usn-6505-1"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/nghttp2/1.52.0-1ubuntu0.1"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/nghttp2/1.43.0-1ubuntu0.1"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2023-34462"
          },
          {
            "trust": 0.1,
            "url": "https://www.debian.org/security/faq"
          },
          {
            "trust": 0.1,
            "url": "https://security-tracker.debian.org/tracker/netty"
          },
          {
            "trust": 0.1,
            "url": "https://www.debian.org/security/"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_6105.json"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2023:6105"
          }
        ],
        "sources": [
          {
            "db": "PACKETSTORM",
            "id": "175239"
          },
          {
            "db": "PACKETSTORM",
            "id": "175234"
          },
          {
            "db": "PACKETSTORM",
            "id": "175230"
          },
          {
            "db": "PACKETSTORM",
            "id": "175126"
          },
          {
            "db": "PACKETSTORM",
            "id": "175160"
          },
          {
            "db": "PACKETSTORM",
            "id": "178284"
          },
          {
            "db": "PACKETSTORM",
            "id": "175875"
          },
          {
            "db": "PACKETSTORM",
            "id": "175807"
          },
          {
            "db": "PACKETSTORM",
            "id": "175376"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-44487"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "PACKETSTORM",
            "id": "175239"
          },
          {
            "db": "PACKETSTORM",
            "id": "175234"
          },
          {
            "db": "PACKETSTORM",
            "id": "175230"
          },
          {
            "db": "PACKETSTORM",
            "id": "175126"
          },
          {
            "db": "PACKETSTORM",
            "id": "175160"
          },
          {
            "db": "PACKETSTORM",
            "id": "178284"
          },
          {
            "db": "PACKETSTORM",
            "id": "175875"
          },
          {
            "db": "PACKETSTORM",
            "id": "175807"
          },
          {
            "db": "PACKETSTORM",
            "id": "175376"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-44487"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2023-10-20T14:34:30",
            "db": "PACKETSTORM",
            "id": "175239"
          },
          {
            "date": "2023-10-20T14:33:16",
            "db": "PACKETSTORM",
            "id": "175234"
          },
          {
            "date": "2023-10-20T14:32:33",
            "db": "PACKETSTORM",
            "id": "175230"
          },
          {
            "date": "2023-10-17T15:39:55",
            "db": "PACKETSTORM",
            "id": "175126"
          },
          {
            "date": "2023-10-18T16:23:08",
            "db": "PACKETSTORM",
            "id": "175160"
          },
          {
            "date": "2024-04-26T15:13:40",
            "db": "PACKETSTORM",
            "id": "178284"
          },
          {
            "date": "2023-11-22T16:28:02",
            "db": "PACKETSTORM",
            "id": "175875"
          },
          {
            "date": "2023-11-20T16:25:51",
            "db": "PACKETSTORM",
            "id": "175807"
          },
          {
            "date": "2023-10-27T12:55:12",
            "db": "PACKETSTORM",
            "id": "175376"
          },
          {
            "date": "2023-10-10T14:15:10.883000",
            "db": "NVD",
            "id": "CVE-2023-44487"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2024-06-27T18:34:22.110000",
            "db": "NVD",
            "id": "CVE-2023-44487"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "PACKETSTORM",
            "id": "178284"
          },
          {
            "db": "PACKETSTORM",
            "id": "175875"
          }
        ],
        "trust": 0.2
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Red Hat Security Advisory 2023-5945-01",
        "sources": [
          {
            "db": "PACKETSTORM",
            "id": "175239"
          }
        ],
        "trust": 0.1
      }
    }

    VAR-201908-0422

    Vulnerability from variot - Updated: 2024-07-23 20:58

    Some HTTP/2 implementations are vulnerable to ping floods, potentially leading to a denial of service. The attacker sends continual pings to an HTTP/2 peer, causing the peer to build an internal queue of responses. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both. Multiple HTTP/2 implementations are vulnerable to a variety of denial-of-service (DoS) attacks. Apple SwiftNI , Apache Traffic Server , Debian GNU/Linux Used in HTTP/2 Contains a resource exhaustion vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. HTTP/2 is the second version of the hypertext transfer protocol, which is mainly used to ensure the communication between the client and the server. A resource management error vulnerability exists in HTTP/2. An attacker could exploit this vulnerability to cause a denial of service. Bugs fixed (https://bugzilla.redhat.com/):

    1649870 - CVE-2019-14820 keycloak: adapter endpoints are exposed via arbitrary URLs 1690628 - CVE-2019-3875 keycloak: missing signatures validation on CRL used to verify client certificates 1728609 - CVE-2019-10201 keycloak: SAML broker does not check existence of signature on document allowing any user impersonation 1729261 - CVE-2019-10199 keycloak: CSRF check missing in My Resources functionality in the Account Console 1735645 - CVE-2019-9512 HTTP/2: flood using PING frames results in unbounded memory growth 1735744 - CVE-2019-9514 HTTP/2: flood using HEADERS frames results in unbounded memory growth 1735745 - CVE-2019-9515 HTTP/2: flood using SETTINGS frames results in unbounded memory growth 1738673 - CVE-2019-10219 hibernate-validator: safeHTML validator allows XSS 1741860 - CVE-2019-9511 HTTP/2: large amount of data requests leads to denial of service 1749487 - CVE-2019-14832 keycloak: cross-realm user access auth bypass 1751227 - CVE-2019-14838 wildfly-core: Incorrect privileges for 'Monitor', 'Auditor' and 'Deployer' user by default 1755831 - CVE-2019-16335 jackson-databind: Serialization gadgets in com.zaxxer.hikari.HikariDataSource 1755849 - CVE-2019-14540 jackson-databind: Serialization gadgets in com.zaxxer.hikari.HikariConfig 1758167 - CVE-2019-17267 jackson-databind: Serialization gadgets in classes of the ehcache package 1758171 - CVE-2019-14892 jackson-databind: Serialization gadgets in classes of the commons-configuration package 1758182 - CVE-2019-14893 jackson-databind: Serialization gadgets in classes of the xalan package 1758187 - CVE-2019-16942 jackson-databind: Serialization gadgets in org.apache.commons.dbcp.datasources. 1758191 - CVE-2019-16943 jackson-databind: Serialization gadgets in com.p6spy.engine.spy.P6DataSource 1764607 - CVE-2019-0210 thrift: Out-of-bounds read related to TJSONProtocol or TSimpleJSONProtocol 1764612 - CVE-2019-0205 thrift: Endless loop when feed with specific input data 1764658 - CVE-2019-12400 xml-security: Apache Santuario potentially loads XML parsing code from an untrusted source 1767483 - CVE-2019-10086 apache-commons-beanutils: does not suppresses the class property in PropertyUtilsBean by default 1772008 - CVE-2019-14887 wildfly: The 'enabled-protocols' value in legacy security is not respected if OpenSSL security provider is in use 1772464 - CVE-2019-14888 undertow: possible Denial Of Service (DOS) in Undertow HTTP server listening on HTTPS 1775293 - CVE-2019-17531 jackson-databind: Serialization gadgets in org.apache.log4j.receivers.db. 1793154 - CVE-2019-20330 jackson-databind: lacks certain net.sf.ehcache blocking 1796225 - CVE-2020-7238 netty: HTTP Request Smuggling due to Transfer-Encoding whitespace mishandling 1802444 - CVE-2020-1729 SmallRye: SecuritySupport class is incorrectly public and contains a static method to access the current threads context class loader 1815470 - CVE-2020-10673 jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution 1815495 - CVE-2020-10672 jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution 1816170 - CVE-2019-12406 cxf: does not restrict the number of message attachments 1816175 - CVE-2019-12419 cxf: OpenId Connect token service does not properly validate the clientId 1816330 - CVE-2020-8840 jackson-databind: Lacks certain xbean-reflect/JNDI blocking 1816332 - CVE-2020-9546 jackson-databind: Serialization gadgets in shaded-hikari-config 1816337 - CVE-2020-9547 jackson-databind: Serialization gadgets in ibatis-sqlmap 1816340 - CVE-2020-9548 jackson-databind: Serialization gadgets in anteros-core 1819208 - CVE-2020-10968 jackson-databind: Serialization gadgets in org.aoju.bus.proxy.provider.*.RmiProvider 1819212 - CVE-2020-10969 jackson-databind: Serialization gadgets in javax.swing.JEditorPane 1821304 - CVE-2020-11111 jackson-databind: Serialization gadgets in org.apache.activemq.jms.pool.XaPooledConnectionFactory 1821311 - CVE-2020-11112 jackson-databind: Serialization gadgets in org.apache.commons.proxy.provider.remoting.RmiProvider 1821315 - CVE-2020-11113 jackson-databind: Serialization gadgets in org.apache.openjpa.ee.WASRegistryManagedRuntime 1826798 - CVE-2020-11620 jackson-databind: Serialization gadgets in commons-jelly:commons-jelly 1826805 - CVE-2020-11619 jackson-databind: Serialization gadgets in org.springframework:spring-aop

    1. Description:

    The Container Network Interface (CNI) project consists of a specification and libraries for writing plug-ins for configuring network interfaces in Linux containers, along with a number of supported plug-ins. CNI concerns itself only with network connectivity of containers and removing allocated resources when the container is deleted.

    The References section of this erratum contains a download link (you must log in to download the update).

    The JBoss server process must be restarted for the update to take effect. JIRA issues fixed (https://issues.jboss.org/):

    KEYCLOAK-11792 - keycloak-spring-boot-2-adapter is missing from Red Hat maven and incremental client adapter zip

    1. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

    ====================================================================
    Red Hat Security Advisory

    Synopsis: Important: Red Hat JBoss Enterprise Application Platform 7.2.5 on RHEL 7 security update Advisory ID: RHSA-2019:4019-01 Product: Red Hat JBoss Enterprise Application Platform Advisory URL: https://access.redhat.com/errata/RHSA-2019:4019 Issue date: 2019-11-26 CVE Names: CVE-2019-9511 CVE-2019-9512 CVE-2019-9514 CVE-2019-9515 CVE-2019-14838 CVE-2019-14843 ==================================================================== 1. Summary:

    An update is now available for Red Hat JBoss Enterprise Application Platform 7.2 for Red Hat Enterprise Linux 7.

    Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

    1. Relevant releases/architectures:

    Red Hat JBoss EAP 7.2 for RHEL 7 Server - noarch, x86_64

    1. Description:

    Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.

    This release of Red Hat JBoss Enterprise Application Platform 7.2.5 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.2.4, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.2.5 Release Notes for information about the most significant bug fixes and enhancements included in this release.

    Security Fix(es):

    • undertow: HTTP/2: large amount of data requests leads to denial of service (CVE-2019-9511)

    • undertow: HTTP/2: flood using PING frames results in unbounded memory growth (CVE-2019-9512)

    • undertow: HTTP/2: flood using HEADERS frames results in unbounded memory growth (CVE-2019-9514)

    • undertow: HTTP/2: flood using SETTINGS frames results in unbounded memory growth (CVE-2019-9515)

    • wildfly-core: Incorrect privileges for 'Monitor', 'Auditor' and 'Deployer' user by default (CVE-2019-14838)

    • wildfly: wildfly-security-manager: security manager authorization bypass (CVE-2019-14843)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

    1. Solution:

    Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.

    For details on how to apply this update, which includes the changes described in this advisory, refer to:

    https://access.redhat.com/articles/11258

    1. Bugs fixed (https://bugzilla.redhat.com/):

    1735645 - CVE-2019-9512 HTTP/2: flood using PING frames results in unbounded memory growth 1735744 - CVE-2019-9514 HTTP/2: flood using HEADERS frames results in unbounded memory growth 1735745 - CVE-2019-9515 HTTP/2: flood using SETTINGS frames results in unbounded memory growth 1741860 - CVE-2019-9511 HTTP/2: large amount of data requests leads to denial of service 1751227 - CVE-2019-14838 wildfly-core: Incorrect privileges for 'Monitor', 'Auditor' and 'Deployer' user by default 1752980 - CVE-2019-14843 wildfly-security-manager: security manager authorization bypass

    1. JIRA issues fixed (https://issues.jboss.org/):

    JBEAP-17075 - (7.2.z) Upgrade yasson from 1.0.2.redhat-00001 to 1.0.5 JBEAP-17220 - (7.2.x) HHH-13504 Upgrade ByteBuddy to 1.9.11 JBEAP-17365 - GSS Upgrade RESTEasy from 3.6.1.SP6 to 3.6.1.SP7 JBEAP-17476 - GSS Upgrade Generic JMS RA 2.0.2.Final JBEAP-17478 - GSS Upgrade JBoss Remoting from 5.0.14.SP1 to 5.0.16.Final JBEAP-17483 - GSS Upgrade Apache CXF from 3.2.9 to 3.2.10 JBEAP-17495 - (7.2.z) Upgrade PicketLink from 2.5.5.SP12-redhat-00007 to 2.5.5.SP12-redhat-00009 JBEAP-17496 - (7.2.z) Upgrade PicketLink bindings from 2.5.5.SP12-redhat-00007 to 2.5.5.SP12-redhat-00009 JBEAP-17513 - GSS Upgrade Hibernate ORM from 5.3.11.SP1 to 5.3.13 JBEAP-17521 - (7.2.z) Upgrade picketbox from 5.0.3.Final-redhat-00004 to 5.0.3.Final-redhat-00005 JBEAP-17523 - GSS Upgrade wildfly-core from 6.0.16 to 6.0.17 JBEAP-17547 - GSS Upgrade Elytron-Tool from 1.4.3 to 1.4.4.Final JBEAP-17548 - GSS Upgrade Elytron from 1.6.4.Final-redhat-00001 to 1.6.5.Final-redhat-00001 JBEAP-17560 - GSS Upgrade HAL from 3.0.16 to 3.0.17 JBEAP-17579 - GSS Upgrade JBoss MSC from 1.4.8 to 1.4.11 JBEAP-17582 - GSS Upgrade JSF based on Mojarra 2.3.5.SP3-redhat-00002 to 2.3.5.SP3-redhat-00003 JBEAP-17604 - Tracker bug for the EAP 7.2.5 release for RHEL-7 JBEAP-17631 - GSS Upgrade Undertow from 2.0.25.SP1 to 2.0.26.SP3 JBEAP-17647 - GSS Upgrade IronJacamar from 1.4.17.Final to 1.4.18.Final JBEAP-17665 - GSS Upgrade XNIO from 3.7.3.Final-redhat-00001 to 3.7.6.Final JBEAP-17722 - GSS Upgrade wildfly-http-client from 1.0.15.Final-redhat-00001 to 1.0.17.Final JBEAP-17874 - (7.2.z) Upgrade to wildfly-openssl 1.0.8 JBEAP-17880 - (7.2.z) Upgrade XNIO from 3.7.6.Final-redhat-00001 to 3.7.6.SP1

    1. Package List:

    Red Hat JBoss EAP 7.2 for RHEL 7 Server:

    Source: eap7-apache-cxf-3.2.10-1.redhat_00001.1.el7eap.src.rpm eap7-byte-buddy-1.9.11-1.redhat_00002.1.el7eap.src.rpm eap7-glassfish-jsf-2.3.5-5.SP3_redhat_00003.1.el7eap.src.rpm eap7-hal-console-3.0.17-2.Final_redhat_00001.1.el7eap.src.rpm eap7-hibernate-5.3.13-1.Final_redhat_00001.1.el7eap.src.rpm eap7-ironjacamar-1.4.18-1.Final_redhat_00001.1.el7eap.src.rpm eap7-jboss-genericjms-2.0.2-1.Final_redhat_00001.1.el7eap.src.rpm eap7-jboss-msc-1.4.11-1.Final_redhat_00001.1.el7eap.src.rpm eap7-jboss-remoting-5.0.16-2.Final_redhat_00001.1.el7eap.src.rpm eap7-jboss-server-migration-1.3.1-6.Final_redhat_00006.1.el7eap.src.rpm eap7-jboss-xnio-base-3.7.6-2.SP1_redhat_00001.1.el7eap.src.rpm eap7-picketbox-5.0.3-6.Final_redhat_00005.1.el7eap.src.rpm eap7-picketlink-bindings-2.5.5-20.SP12_redhat_00009.1.el7eap.src.rpm eap7-picketlink-federation-2.5.5-20.SP12_redhat_00009.1.el7eap.src.rpm eap7-resteasy-3.6.1-7.SP7_redhat_00001.1.el7eap.src.rpm eap7-undertow-2.0.26-2.SP3_redhat_00001.1.el7eap.src.rpm eap7-wildfly-7.2.5-4.GA_redhat_00002.1.el7eap.src.rpm eap7-wildfly-elytron-1.6.5-1.Final_redhat_00001.1.el7eap.src.rpm eap7-wildfly-elytron-tool-1.4.4-1.Final_redhat_00001.1.el7eap.src.rpm eap7-wildfly-http-client-1.0.17-1.Final_redhat_00001.1.el7eap.src.rpm eap7-wildfly-openssl-1.0.8-1.Final_redhat_00001.1.el7eap.src.rpm eap7-wildfly-openssl-linux-x86_64-1.0.8-5.Final_redhat_00001.1.el7eap.src.rpm eap7-yasson-1.0.5-1.redhat_00001.1.el7eap.src.rpm

    noarch: eap7-apache-cxf-3.2.10-1.redhat_00001.1.el7eap.noarch.rpm eap7-apache-cxf-rt-3.2.10-1.redhat_00001.1.el7eap.noarch.rpm eap7-apache-cxf-services-3.2.10-1.redhat_00001.1.el7eap.noarch.rpm eap7-apache-cxf-tools-3.2.10-1.redhat_00001.1.el7eap.noarch.rpm eap7-byte-buddy-1.9.11-1.redhat_00002.1.el7eap.noarch.rpm eap7-glassfish-jsf-2.3.5-5.SP3_redhat_00003.1.el7eap.noarch.rpm eap7-hal-console-3.0.17-2.Final_redhat_00001.1.el7eap.noarch.rpm eap7-hibernate-5.3.13-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-hibernate-core-5.3.13-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-hibernate-entitymanager-5.3.13-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-hibernate-envers-5.3.13-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-hibernate-java8-5.3.13-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-ironjacamar-1.4.18-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-ironjacamar-common-api-1.4.18-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-ironjacamar-common-impl-1.4.18-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-ironjacamar-common-spi-1.4.18-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-ironjacamar-core-api-1.4.18-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-ironjacamar-core-impl-1.4.18-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-ironjacamar-deployers-common-1.4.18-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-ironjacamar-jdbc-1.4.18-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-ironjacamar-validator-1.4.18-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-jboss-genericjms-2.0.2-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-jboss-msc-1.4.11-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-jboss-remoting-5.0.16-2.Final_redhat_00001.1.el7eap.noarch.rpm eap7-jboss-server-migration-1.3.1-6.Final_redhat_00006.1.el7eap.noarch.rpm eap7-jboss-server-migration-cli-1.3.1-6.Final_redhat_00006.1.el7eap.noarch.rpm eap7-jboss-server-migration-core-1.3.1-6.Final_redhat_00006.1.el7eap.noarch.rpm eap7-jboss-server-migration-eap6.4-1.3.1-6.Final_redhat_00006.1.el7eap.noarch.rpm eap7-jboss-server-migration-eap6.4-to-eap7.2-1.3.1-6.Final_redhat_00006.1.el7eap.noarch.rpm eap7-jboss-server-migration-eap7.0-1.3.1-6.Final_redhat_00006.1.el7eap.noarch.rpm eap7-jboss-server-migration-eap7.0-to-eap7.2-1.3.1-6.Final_redhat_00006.1.el7eap.noarch.rpm eap7-jboss-server-migration-eap7.1-1.3.1-6.Final_redhat_00006.1.el7eap.noarch.rpm eap7-jboss-server-migration-eap7.1-to-eap7.2-1.3.1-6.Final_redhat_00006.1.el7eap.noarch.rpm eap7-jboss-server-migration-eap7.2-1.3.1-6.Final_redhat_00006.1.el7eap.noarch.rpm eap7-jboss-server-migration-wildfly10.0-1.3.1-6.Final_redhat_00006.1.el7eap.noarch.rpm eap7-jboss-server-migration-wildfly10.0-to-eap7.2-1.3.1-6.Final_redhat_00006.1.el7eap.noarch.rpm eap7-jboss-server-migration-wildfly10.1-1.3.1-6.Final_redhat_00006.1.el7eap.noarch.rpm eap7-jboss-server-migration-wildfly10.1-to-eap7.2-1.3.1-6.Final_redhat_00006.1.el7eap.noarch.rpm eap7-jboss-server-migration-wildfly11.0-1.3.1-6.Final_redhat_00006.1.el7eap.noarch.rpm eap7-jboss-server-migration-wildfly11.0-to-eap7.2-1.3.1-6.Final_redhat_00006.1.el7eap.noarch.rpm eap7-jboss-server-migration-wildfly12.0-1.3.1-6.Final_redhat_00006.1.el7eap.noarch.rpm eap7-jboss-server-migration-wildfly12.0-to-eap7.2-1.3.1-6.Final_redhat_00006.1.el7eap.noarch.rpm eap7-jboss-server-migration-wildfly13.0-server-1.3.1-6.Final_redhat_00006.1.el7eap.noarch.rpm eap7-jboss-server-migration-wildfly14.0-server-1.3.1-6.Final_redhat_00006.1.el7eap.noarch.rpm eap7-jboss-server-migration-wildfly8.2-1.3.1-6.Final_redhat_00006.1.el7eap.noarch.rpm eap7-jboss-server-migration-wildfly8.2-to-eap7.2-1.3.1-6.Final_redhat_00006.1.el7eap.noarch.rpm eap7-jboss-server-migration-wildfly9.0-1.3.1-6.Final_redhat_00006.1.el7eap.noarch.rpm eap7-jboss-server-migration-wildfly9.0-to-eap7.2-1.3.1-6.Final_redhat_00006.1.el7eap.noarch.rpm eap7-jboss-xnio-base-3.7.6-2.SP1_redhat_00001.1.el7eap.noarch.rpm eap7-picketbox-5.0.3-6.Final_redhat_00005.1.el7eap.noarch.rpm eap7-picketbox-infinispan-5.0.3-6.Final_redhat_00005.1.el7eap.noarch.rpm eap7-picketlink-api-2.5.5-20.SP12_redhat_00009.1.el7eap.noarch.rpm eap7-picketlink-bindings-2.5.5-20.SP12_redhat_00009.1.el7eap.noarch.rpm eap7-picketlink-common-2.5.5-20.SP12_redhat_00009.1.el7eap.noarch.rpm eap7-picketlink-config-2.5.5-20.SP12_redhat_00009.1.el7eap.noarch.rpm eap7-picketlink-federation-2.5.5-20.SP12_redhat_00009.1.el7eap.noarch.rpm eap7-picketlink-idm-api-2.5.5-20.SP12_redhat_00009.1.el7eap.noarch.rpm eap7-picketlink-idm-impl-2.5.5-20.SP12_redhat_00009.1.el7eap.noarch.rpm eap7-picketlink-idm-simple-schema-2.5.5-20.SP12_redhat_00009.1.el7eap.noarch.rpm eap7-picketlink-impl-2.5.5-20.SP12_redhat_00009.1.el7eap.noarch.rpm eap7-picketlink-wildfly8-2.5.5-20.SP12_redhat_00009.1.el7eap.noarch.rpm eap7-resteasy-3.6.1-7.SP7_redhat_00001.1.el7eap.noarch.rpm eap7-resteasy-atom-provider-3.6.1-7.SP7_redhat_00001.1.el7eap.noarch.rpm eap7-resteasy-cdi-3.6.1-7.SP7_redhat_00001.1.el7eap.noarch.rpm eap7-resteasy-client-3.6.1-7.SP7_redhat_00001.1.el7eap.noarch.rpm eap7-resteasy-client-microprofile-3.6.1-7.SP7_redhat_00001.1.el7eap.noarch.rpm eap7-resteasy-crypto-3.6.1-7.SP7_redhat_00001.1.el7eap.noarch.rpm eap7-resteasy-jackson-provider-3.6.1-7.SP7_redhat_00001.1.el7eap.noarch.rpm eap7-resteasy-jackson2-provider-3.6.1-7.SP7_redhat_00001.1.el7eap.noarch.rpm eap7-resteasy-jaxb-provider-3.6.1-7.SP7_redhat_00001.1.el7eap.noarch.rpm eap7-resteasy-jaxrs-3.6.1-7.SP7_redhat_00001.1.el7eap.noarch.rpm eap7-resteasy-jettison-provider-3.6.1-7.SP7_redhat_00001.1.el7eap.noarch.rpm eap7-resteasy-jose-jwt-3.6.1-7.SP7_redhat_00001.1.el7eap.noarch.rpm eap7-resteasy-jsapi-3.6.1-7.SP7_redhat_00001.1.el7eap.noarch.rpm eap7-resteasy-json-binding-provider-3.6.1-7.SP7_redhat_00001.1.el7eap.noarch.rpm eap7-resteasy-json-p-provider-3.6.1-7.SP7_redhat_00001.1.el7eap.noarch.rpm eap7-resteasy-multipart-provider-3.6.1-7.SP7_redhat_00001.1.el7eap.noarch.rpm eap7-resteasy-rxjava2-3.6.1-7.SP7_redhat_00001.1.el7eap.noarch.rpm eap7-resteasy-spring-3.6.1-7.SP7_redhat_00001.1.el7eap.noarch.rpm eap7-resteasy-validator-provider-11-3.6.1-7.SP7_redhat_00001.1.el7eap.noarch.rpm eap7-resteasy-yaml-provider-3.6.1-7.SP7_redhat_00001.1.el7eap.noarch.rpm eap7-undertow-2.0.26-2.SP3_redhat_00001.1.el7eap.noarch.rpm eap7-wildfly-7.2.5-4.GA_redhat_00002.1.el7eap.noarch.rpm eap7-wildfly-elytron-1.6.5-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-wildfly-elytron-tool-1.4.4-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-wildfly-http-client-common-1.0.17-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-wildfly-http-ejb-client-1.0.17-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-wildfly-http-naming-client-1.0.17-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-wildfly-http-transaction-client-1.0.17-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-wildfly-java-jdk11-7.2.5-4.GA_redhat_00002.1.el7eap.noarch.rpm eap7-wildfly-java-jdk8-7.2.5-4.GA_redhat_00002.1.el7eap.noarch.rpm eap7-wildfly-javadocs-7.2.5-4.GA_redhat_00002.1.el7eap.noarch.rpm eap7-wildfly-modules-7.2.5-4.GA_redhat_00002.1.el7eap.noarch.rpm eap7-wildfly-openssl-1.0.8-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-wildfly-openssl-java-1.0.8-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-yasson-1.0.5-1.redhat_00001.1.el7eap.noarch.rpm

    x86_64: eap7-wildfly-openssl-linux-x86_64-1.0.8-5.Final_redhat_00001.1.el7eap.x86_64.rpm eap7-wildfly-openssl-linux-x86_64-debuginfo-1.0.8-5.Final_redhat_00001.1.el7eap.x86_64.rpm

    These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

    1. References:

    https://access.redhat.com/security/cve/CVE-2019-9511 https://access.redhat.com/security/cve/CVE-2019-9512 https://access.redhat.com/security/cve/CVE-2019-9514 https://access.redhat.com/security/cve/CVE-2019-9515 https://access.redhat.com/security/cve/CVE-2019-14838 https://access.redhat.com/security/cve/CVE-2019-14843 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.2/ https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.2/html-single/installation_guide/

    1. Contact:

    The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

    Copyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

    iQIVAwUBXd2Ev9zjgjWX9erEAQjW/BAAl1q46jFIklzXGQYqCBNoHo/OJpqbB21F sqHX3rOeRckVrjfzsYuJmGFFOjC9IXcLslr7Ps6x6SNxvbozmbDPv703SP1RNzWy +4IqMa8tqDyNNPxtcIMBGIwvmCRpC/FgvM4qlPQ9TdmXpITlIXq8n1m8Ye5EJAAk btHtkJeR81pob5xBS21CFoiNZOOWT17tyYlxpPRH69DPs9GSf6VUQGplVjWhIyXC nc+DUt5vRIor3RmIBqwiY3Cm2x1veKliZIU11uanyy/OpQ4fngCQPqQv2d/246xQ tevUzg52+/YTr2HB5p4YVEBWlmhtNLvlNmaYYPoz4hvKgZY3DBfAVLvMToS7aHZz tbOI+1ACdzzkXzaOmxTu5E/omvvgLOkRQ+WPS/AzHq1v7M8tFCZ9y3Q/VByxTCLy weXO5udaWf4jV8s8JAiT2Ugl93qxv06UJq+zB2yQ9HwNGCYGt1eWSZhGCbLp5AM+ lI3X+McTnbHik/xvvmOgyyRnvJUFBai+AtvAdUqN8uTf//vP0DSd4LL406MQ/bNF 3k2Rn52husN69bwsM8ZY3EpddtPOwPIVTD4zZy4+Bw25baVGKXQTQJMBMRVsduSb KKJgjKd93kXyZ3i//eu+VAMJhKc1QNVIU6HEcCpyx5qpZyJnomTb01VsmRkE/k+O 4I3dv+TPBuU=aKfk -----END PGP SIGNATURE-----

    -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . Description:

    AMQ Broker is a high-performance messaging implementation based on ActiveMQ Artemis. It uses an asynchronous journal for fast message persistence, and supports multiple languages, protocols, and platforms. For further information, refer to the release notes linked to in the References section. 8) - aarch64, noarch, ppc64le, s390x, x86_64

    1. Description:

    The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc.

    Bug Fix(es):

    • avc: podman run --security-opt label=type:svirt_qemu_net_t (BZ#1764318)

    • backport json-file logging support to 1.4.2 (BZ#1770176)

    • Selinux won't allow SCTP inter pod communication (BZ#1774382)

    • Summary:

    This is a security update for JBoss EAP Continuous Delivery 18.0. Description:

    Red Hat Single Sign-On 7.3 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. Solution:

    Before applying this update, make sure all previously released errata relevant to your system have been applied. JIRA issues fixed (https://issues.jboss.org/):

    KEYCLOAK-11816 - Tracker bug for the RH-SSO 7.3.5 release for RHEL7

    Installation instructions are available from the Fuse 7.6.0 product documentation page: https://access.redhat.com/documentation/en-us/red_hat_fuse/7.6/

    1. Bugs fixed (https://bugzilla.redhat.com/):

    1399546 - CVE-2015-9251 js-jquery: Cross-site scripting via cross-domain ajax requests 1432858 - CVE-2017-5929 logback: Serialization vulnerability in SocketServer and ServerSocketReceiver 1591854 - CVE-2017-16012 js-jquery: XSS in responses from cross-origin ajax requests 1618573 - CVE-2018-11771 apache-commons-compress: ZipArchiveInputStream.read() fails to identify correct EOF allowing for DoS via crafted zip 1643043 - CVE-2018-15756 springframework: DoS Attack via Range Requests 1693777 - CVE-2019-3888 undertow: leak credentials to log files UndertowLogger.REQUEST_LOGGER.undertowRequestFailed 1703469 - CVE-2019-10174 infinispan: invokeAccessibly method from ReflectionUtil class allows to invoke private methods 1709860 - CVE-2019-5427 c3p0: loading XML configuration leads to denial of service 1713068 - CVE-2019-10184 undertow: Information leak in requests for directories without trailing slashes 1725795 - CVE-2019-12814 jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server via crafted JSON message

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201908-0422",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "traffic server",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "apache",
            "version": "8.0.0"
          },
          {
            "model": "node.js",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "nodejs",
            "version": "12.8.1"
          },
          {
            "model": "swiftnio",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "apple",
            "version": "1.4.0"
          },
          {
            "model": "traffic server",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "apache",
            "version": "7.0.0"
          },
          {
            "model": "linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "debian",
            "version": "10.0"
          },
          {
            "model": "traffic server",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "apache",
            "version": "7.1.6"
          },
          {
            "model": "node.js",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "nodejs",
            "version": "10.16.3"
          },
          {
            "model": "node.js",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "nodejs",
            "version": "8.16.1"
          },
          {
            "model": "node.js",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "nodejs",
            "version": "10.12.0"
          },
          {
            "model": "node.js",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "nodejs",
            "version": "12.0.0"
          },
          {
            "model": "traffic server",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "apache",
            "version": "8.0.3"
          },
          {
            "model": "node.js",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "nodejs",
            "version": "8.9.0"
          },
          {
            "model": "node.js",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "nodejs",
            "version": "10.0.0"
          },
          {
            "model": "swiftnio",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "apple",
            "version": "1.0.0"
          },
          {
            "model": "node.js",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "nodejs",
            "version": "8.8.1"
          },
          {
            "model": "traffic server",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "apache",
            "version": "6.0.0"
          },
          {
            "model": "traffic server",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "apache",
            "version": "6.2.3"
          },
          {
            "model": "node.js",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "nodejs",
            "version": "10.13.0"
          },
          {
            "model": "node.js",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "nodejs",
            "version": "8.0.0"
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "akamai",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "amazon",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "apache traffic server",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "apple",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "cloudflare",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "envoy",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "facebook",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "go programming language",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "litespeed",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "microsoft",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "netty",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "node js",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "synology",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "twisted",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "ubuntu",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "grpc",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "nghttp2",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "nginx",
            "version": null
          },
          {
            "model": "traffic server",
            "scope": null,
            "trust": 0.8,
            "vendor": "apache",
            "version": null
          },
          {
            "model": "gnu/linux",
            "scope": null,
            "trust": 0.8,
            "vendor": "debian",
            "version": null
          },
          {
            "model": "swiftnio",
            "scope": null,
            "trust": 0.8,
            "vendor": "apple",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#605641"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-008112"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-9512"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:a:apple:swiftnio:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "1.4.0",
                        "versionStartIncluding": "1.0.0",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionStartIncluding": "10.12",
                        "vulnerable": false
                      },
                      {
                        "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionStartIncluding": "14.04",
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "8.0.3",
                    "versionStartIncluding": "8.0.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "7.1.6",
                    "versionStartIncluding": "7.0.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "6.2.3",
                    "versionStartIncluding": "6.0.0",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "8.8.1",
                    "versionStartIncluding": "8.0.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "10.12.0",
                    "versionStartIncluding": "10.0.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "12.8.1",
                    "versionStartIncluding": "12.0.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "10.16.3",
                    "versionStartIncluding": "10.13.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "8.16.1",
                    "versionStartIncluding": "8.9.0",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2019-9512"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Red Hat",
        "sources": [
          {
            "db": "PACKETSTORM",
            "id": "157741"
          },
          {
            "db": "PACKETSTORM",
            "id": "156209"
          },
          {
            "db": "PACKETSTORM",
            "id": "155480"
          },
          {
            "db": "PACKETSTORM",
            "id": "155520"
          },
          {
            "db": "PACKETSTORM",
            "id": "155484"
          },
          {
            "db": "PACKETSTORM",
            "id": "157214"
          },
          {
            "db": "PACKETSTORM",
            "id": "155704"
          },
          {
            "db": "PACKETSTORM",
            "id": "158095"
          },
          {
            "db": "PACKETSTORM",
            "id": "155518"
          },
          {
            "db": "PACKETSTORM",
            "id": "156941"
          }
        ],
        "trust": 1.0
      },
      "cve": "CVE-2019-9512",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.8,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "HIGH",
                "trust": 1.0,
                "userInteractionRequired": false,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "Complete",
                "baseScore": 7.8,
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "CVE-2019-9512",
                "impactScore": null,
                "integrityImpact": "None",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "High",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.8,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "VHN-160947",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "NVD",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 3.9,
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "cret@cert.org",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 3.9,
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 7.5,
                "baseSeverity": "High",
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "CVE-2019-9512",
                "impactScore": null,
                "integrityImpact": "None",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2019-9512",
                "trust": 1.8,
                "value": "HIGH"
              },
              {
                "author": "cret@cert.org",
                "id": "CVE-2019-9512",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201908-925",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "VULHUB",
                "id": "VHN-160947",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-160947"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-008112"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201908-925"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-9512"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-9512"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Some HTTP/2 implementations are vulnerable to ping floods, potentially leading to a denial of service. The attacker sends continual pings to an HTTP/2 peer, causing the peer to build an internal queue of responses. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both. Multiple HTTP/2 implementations are vulnerable to a variety of denial-of-service (DoS) attacks. Apple SwiftNI , Apache Traffic Server , Debian GNU/Linux Used in HTTP/2 Contains a resource exhaustion vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. HTTP/2 is the second version of the hypertext transfer protocol, which is mainly used to ensure the communication between the client and the server. A resource management error vulnerability exists in HTTP/2. An attacker could exploit this vulnerability to cause a denial of service. Bugs fixed (https://bugzilla.redhat.com/):\n\n1649870 - CVE-2019-14820 keycloak: adapter endpoints are exposed via arbitrary URLs\n1690628 - CVE-2019-3875 keycloak: missing signatures validation on CRL used to verify client certificates\n1728609 - CVE-2019-10201 keycloak: SAML broker does not check existence of signature on document allowing any user impersonation\n1729261 - CVE-2019-10199 keycloak: CSRF check missing in My Resources functionality in the Account Console\n1735645 - CVE-2019-9512 HTTP/2: flood using PING frames results in unbounded memory growth\n1735744 - CVE-2019-9514 HTTP/2: flood using HEADERS frames results in unbounded memory growth\n1735745 - CVE-2019-9515 HTTP/2: flood using SETTINGS frames results in unbounded memory growth\n1738673 - CVE-2019-10219 hibernate-validator: safeHTML validator allows XSS\n1741860 - CVE-2019-9511 HTTP/2: large amount of data requests leads to denial of service\n1749487 - CVE-2019-14832 keycloak: cross-realm user access auth bypass\n1751227 - CVE-2019-14838 wildfly-core: Incorrect privileges for \u0027Monitor\u0027, \u0027Auditor\u0027 and \u0027Deployer\u0027 user by default\n1755831 - CVE-2019-16335 jackson-databind: Serialization gadgets in com.zaxxer.hikari.HikariDataSource\n1755849 - CVE-2019-14540 jackson-databind: Serialization gadgets in com.zaxxer.hikari.HikariConfig\n1758167 - CVE-2019-17267 jackson-databind: Serialization gadgets in classes of the ehcache package\n1758171 - CVE-2019-14892 jackson-databind: Serialization gadgets in classes of the commons-configuration package\n1758182 - CVE-2019-14893 jackson-databind: Serialization gadgets in classes of the xalan package\n1758187 - CVE-2019-16942 jackson-databind: Serialization gadgets in org.apache.commons.dbcp.datasources.*\n1758191 - CVE-2019-16943 jackson-databind: Serialization gadgets in com.p6spy.engine.spy.P6DataSource\n1764607 - CVE-2019-0210 thrift: Out-of-bounds read related to TJSONProtocol or TSimpleJSONProtocol\n1764612 - CVE-2019-0205 thrift: Endless loop when feed with specific input data\n1764658 - CVE-2019-12400 xml-security: Apache Santuario potentially loads XML parsing code from an untrusted source\n1767483 - CVE-2019-10086 apache-commons-beanutils: does not suppresses the class property in PropertyUtilsBean by default\n1772008 - CVE-2019-14887 wildfly: The \u0027enabled-protocols\u0027 value in legacy security is not respected if OpenSSL security provider is in use\n1772464 - CVE-2019-14888 undertow: possible Denial Of Service (DOS) in Undertow HTTP server listening on HTTPS\n1775293 - CVE-2019-17531 jackson-databind: Serialization gadgets in org.apache.log4j.receivers.db.*\n1793154 - CVE-2019-20330 jackson-databind: lacks certain net.sf.ehcache blocking\n1796225 - CVE-2020-7238 netty: HTTP Request Smuggling due to Transfer-Encoding whitespace mishandling\n1802444 - CVE-2020-1729 SmallRye: SecuritySupport class is incorrectly public and contains a static method to access the current threads context class loader\n1815470 - CVE-2020-10673 jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution\n1815495 - CVE-2020-10672 jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution\n1816170 - CVE-2019-12406 cxf: does not restrict the number of message attachments\n1816175 - CVE-2019-12419 cxf: OpenId Connect token service does not properly validate the clientId\n1816330 - CVE-2020-8840 jackson-databind: Lacks certain xbean-reflect/JNDI blocking\n1816332 - CVE-2020-9546 jackson-databind: Serialization gadgets in shaded-hikari-config\n1816337 - CVE-2020-9547 jackson-databind: Serialization gadgets in ibatis-sqlmap\n1816340 - CVE-2020-9548 jackson-databind: Serialization gadgets in anteros-core\n1819208 - CVE-2020-10968 jackson-databind: Serialization gadgets in org.aoju.bus.proxy.provider.*.RmiProvider\n1819212 - CVE-2020-10969 jackson-databind: Serialization gadgets in javax.swing.JEditorPane\n1821304 - CVE-2020-11111 jackson-databind: Serialization gadgets in org.apache.activemq.jms.pool.XaPooledConnectionFactory\n1821311 - CVE-2020-11112 jackson-databind: Serialization gadgets in org.apache.commons.proxy.provider.remoting.RmiProvider\n1821315 - CVE-2020-11113 jackson-databind: Serialization gadgets in org.apache.openjpa.ee.WASRegistryManagedRuntime\n1826798 - CVE-2020-11620 jackson-databind: Serialization gadgets in commons-jelly:commons-jelly\n1826805 - CVE-2020-11619 jackson-databind: Serialization gadgets in org.springframework:spring-aop\n\n5. Description:\n\nThe Container Network Interface (CNI) project consists of a specification\nand libraries for writing plug-ins for configuring network interfaces in\nLinux containers, along with a number of supported plug-ins. CNI concerns\nitself only with network connectivity of containers and removing allocated\nresources when the container is deleted. \n\nThe References section of this erratum contains a download link (you must\nlog in to download the update). \n\nThe JBoss server process must be restarted for the update to take effect. JIRA issues fixed (https://issues.jboss.org/):\n\nKEYCLOAK-11792 - keycloak-spring-boot-2-adapter is missing from Red Hat maven and incremental client adapter zip\n\n6. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n====================================================================                   \nRed Hat Security Advisory\n\nSynopsis:          Important: Red Hat JBoss Enterprise Application Platform 7.2.5 on RHEL 7 security update\nAdvisory ID:       RHSA-2019:4019-01\nProduct:           Red Hat JBoss Enterprise Application Platform\nAdvisory URL:      https://access.redhat.com/errata/RHSA-2019:4019\nIssue date:        2019-11-26\nCVE Names:         CVE-2019-9511 CVE-2019-9512 CVE-2019-9514\n                   CVE-2019-9515 CVE-2019-14838 CVE-2019-14843\n====================================================================\n1. Summary:\n\nAn update is now available for Red Hat JBoss Enterprise Application\nPlatform 7.2 for Red Hat Enterprise Linux 7. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat JBoss EAP 7.2 for RHEL 7 Server - noarch, x86_64\n\n3. Description:\n\nRed Hat JBoss Enterprise Application Platform 7 is a platform for Java\napplications based on the WildFly application runtime. \n\nThis release of Red Hat JBoss Enterprise Application Platform 7.2.5 serves\nas a replacement for Red Hat JBoss Enterprise Application Platform 7.2.4,\nand includes bug fixes and enhancements. See the Red Hat JBoss Enterprise\nApplication Platform 7.2.5 Release Notes for information about the most\nsignificant bug fixes and enhancements included in this release. \n\nSecurity Fix(es):\n\n* undertow: HTTP/2: large amount of data requests leads to denial of\nservice (CVE-2019-9511)\n\n* undertow: HTTP/2: flood using PING frames results in unbounded memory\ngrowth (CVE-2019-9512)\n\n* undertow: HTTP/2: flood using HEADERS frames results in unbounded memory\ngrowth (CVE-2019-9514)\n\n* undertow: HTTP/2: flood using SETTINGS frames results in unbounded memory\ngrowth (CVE-2019-9515)\n\n* wildfly-core: Incorrect privileges for \u0027Monitor\u0027, \u0027Auditor\u0027 and\n\u0027Deployer\u0027 user by default (CVE-2019-14838)\n\n* wildfly: wildfly-security-manager: security manager authorization bypass\n(CVE-2019-14843)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n4. Solution:\n\nBefore applying this update, back up your existing Red Hat JBoss Enterprise\nApplication Platform installation and deployed applications. \n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1735645 - CVE-2019-9512 HTTP/2: flood using PING frames results in unbounded memory growth\n1735744 - CVE-2019-9514 HTTP/2: flood using HEADERS frames results in unbounded memory growth\n1735745 - CVE-2019-9515 HTTP/2: flood using SETTINGS frames results in unbounded memory growth\n1741860 - CVE-2019-9511 HTTP/2: large amount of data requests leads to denial of service\n1751227 - CVE-2019-14838 wildfly-core: Incorrect privileges for \u0027Monitor\u0027, \u0027Auditor\u0027 and \u0027Deployer\u0027 user by default\n1752980 - CVE-2019-14843 wildfly-security-manager: security manager authorization bypass\n\n6. JIRA issues fixed (https://issues.jboss.org/):\n\nJBEAP-17075 - (7.2.z) Upgrade yasson from 1.0.2.redhat-00001 to 1.0.5\nJBEAP-17220 - (7.2.x) HHH-13504 Upgrade ByteBuddy to 1.9.11\nJBEAP-17365 - [GSS](7.2.z) Upgrade RESTEasy from 3.6.1.SP6 to 3.6.1.SP7\nJBEAP-17476 - [GSS](7.2.z) Upgrade Generic JMS RA 2.0.2.Final\nJBEAP-17478 - [GSS](7.2.z) Upgrade JBoss Remoting from 5.0.14.SP1 to 5.0.16.Final\nJBEAP-17483 - [GSS](7.2.z) Upgrade Apache CXF from 3.2.9 to 3.2.10\nJBEAP-17495 - (7.2.z) Upgrade PicketLink from 2.5.5.SP12-redhat-00007 to 2.5.5.SP12-redhat-00009\nJBEAP-17496 - (7.2.z) Upgrade PicketLink bindings from 2.5.5.SP12-redhat-00007 to 2.5.5.SP12-redhat-00009\nJBEAP-17513 - [GSS](7.2.z) Upgrade Hibernate ORM from 5.3.11.SP1 to 5.3.13\nJBEAP-17521 - (7.2.z) Upgrade picketbox from 5.0.3.Final-redhat-00004 to 5.0.3.Final-redhat-00005\nJBEAP-17523 - [GSS](7.2.z) Upgrade wildfly-core from 6.0.16 to 6.0.17\nJBEAP-17547 - [GSS](7.2.z) Upgrade Elytron-Tool from 1.4.3 to 1.4.4.Final\nJBEAP-17548 - [GSS](7.2.z) Upgrade Elytron from 1.6.4.Final-redhat-00001 to 1.6.5.Final-redhat-00001\nJBEAP-17560 - [GSS](7.2.z) Upgrade HAL from 3.0.16 to 3.0.17\nJBEAP-17579 - [GSS](7.2.z) Upgrade JBoss MSC from 1.4.8 to 1.4.11\nJBEAP-17582 - [GSS](7.2.z) Upgrade JSF based on Mojarra 2.3.5.SP3-redhat-00002 to 2.3.5.SP3-redhat-00003\nJBEAP-17604 - Tracker bug for the EAP 7.2.5 release for RHEL-7\nJBEAP-17631 - [GSS](7.2.z) Upgrade Undertow from 2.0.25.SP1 to 2.0.26.SP3\nJBEAP-17647 - [GSS](7.2.z) Upgrade IronJacamar from 1.4.17.Final to 1.4.18.Final\nJBEAP-17665 - [GSS](7.2.z) Upgrade XNIO from 3.7.3.Final-redhat-00001 to 3.7.6.Final\nJBEAP-17722 - [GSS](7.2.z) Upgrade wildfly-http-client from 1.0.15.Final-redhat-00001 to 1.0.17.Final\nJBEAP-17874 - (7.2.z) Upgrade to wildfly-openssl 1.0.8\nJBEAP-17880 - (7.2.z) Upgrade XNIO from 3.7.6.Final-redhat-00001 to 3.7.6.SP1\n\n7. Package List:\n\nRed Hat JBoss EAP 7.2 for RHEL 7 Server:\n\nSource:\neap7-apache-cxf-3.2.10-1.redhat_00001.1.el7eap.src.rpm\neap7-byte-buddy-1.9.11-1.redhat_00002.1.el7eap.src.rpm\neap7-glassfish-jsf-2.3.5-5.SP3_redhat_00003.1.el7eap.src.rpm\neap7-hal-console-3.0.17-2.Final_redhat_00001.1.el7eap.src.rpm\neap7-hibernate-5.3.13-1.Final_redhat_00001.1.el7eap.src.rpm\neap7-ironjacamar-1.4.18-1.Final_redhat_00001.1.el7eap.src.rpm\neap7-jboss-genericjms-2.0.2-1.Final_redhat_00001.1.el7eap.src.rpm\neap7-jboss-msc-1.4.11-1.Final_redhat_00001.1.el7eap.src.rpm\neap7-jboss-remoting-5.0.16-2.Final_redhat_00001.1.el7eap.src.rpm\neap7-jboss-server-migration-1.3.1-6.Final_redhat_00006.1.el7eap.src.rpm\neap7-jboss-xnio-base-3.7.6-2.SP1_redhat_00001.1.el7eap.src.rpm\neap7-picketbox-5.0.3-6.Final_redhat_00005.1.el7eap.src.rpm\neap7-picketlink-bindings-2.5.5-20.SP12_redhat_00009.1.el7eap.src.rpm\neap7-picketlink-federation-2.5.5-20.SP12_redhat_00009.1.el7eap.src.rpm\neap7-resteasy-3.6.1-7.SP7_redhat_00001.1.el7eap.src.rpm\neap7-undertow-2.0.26-2.SP3_redhat_00001.1.el7eap.src.rpm\neap7-wildfly-7.2.5-4.GA_redhat_00002.1.el7eap.src.rpm\neap7-wildfly-elytron-1.6.5-1.Final_redhat_00001.1.el7eap.src.rpm\neap7-wildfly-elytron-tool-1.4.4-1.Final_redhat_00001.1.el7eap.src.rpm\neap7-wildfly-http-client-1.0.17-1.Final_redhat_00001.1.el7eap.src.rpm\neap7-wildfly-openssl-1.0.8-1.Final_redhat_00001.1.el7eap.src.rpm\neap7-wildfly-openssl-linux-x86_64-1.0.8-5.Final_redhat_00001.1.el7eap.src.rpm\neap7-yasson-1.0.5-1.redhat_00001.1.el7eap.src.rpm\n\nnoarch:\neap7-apache-cxf-3.2.10-1.redhat_00001.1.el7eap.noarch.rpm\neap7-apache-cxf-rt-3.2.10-1.redhat_00001.1.el7eap.noarch.rpm\neap7-apache-cxf-services-3.2.10-1.redhat_00001.1.el7eap.noarch.rpm\neap7-apache-cxf-tools-3.2.10-1.redhat_00001.1.el7eap.noarch.rpm\neap7-byte-buddy-1.9.11-1.redhat_00002.1.el7eap.noarch.rpm\neap7-glassfish-jsf-2.3.5-5.SP3_redhat_00003.1.el7eap.noarch.rpm\neap7-hal-console-3.0.17-2.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-hibernate-5.3.13-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-hibernate-core-5.3.13-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-hibernate-entitymanager-5.3.13-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-hibernate-envers-5.3.13-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-hibernate-java8-5.3.13-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-ironjacamar-1.4.18-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-ironjacamar-common-api-1.4.18-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-ironjacamar-common-impl-1.4.18-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-ironjacamar-common-spi-1.4.18-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-ironjacamar-core-api-1.4.18-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-ironjacamar-core-impl-1.4.18-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-ironjacamar-deployers-common-1.4.18-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-ironjacamar-jdbc-1.4.18-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-ironjacamar-validator-1.4.18-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-jboss-genericjms-2.0.2-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-jboss-msc-1.4.11-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-jboss-remoting-5.0.16-2.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-jboss-server-migration-1.3.1-6.Final_redhat_00006.1.el7eap.noarch.rpm\neap7-jboss-server-migration-cli-1.3.1-6.Final_redhat_00006.1.el7eap.noarch.rpm\neap7-jboss-server-migration-core-1.3.1-6.Final_redhat_00006.1.el7eap.noarch.rpm\neap7-jboss-server-migration-eap6.4-1.3.1-6.Final_redhat_00006.1.el7eap.noarch.rpm\neap7-jboss-server-migration-eap6.4-to-eap7.2-1.3.1-6.Final_redhat_00006.1.el7eap.noarch.rpm\neap7-jboss-server-migration-eap7.0-1.3.1-6.Final_redhat_00006.1.el7eap.noarch.rpm\neap7-jboss-server-migration-eap7.0-to-eap7.2-1.3.1-6.Final_redhat_00006.1.el7eap.noarch.rpm\neap7-jboss-server-migration-eap7.1-1.3.1-6.Final_redhat_00006.1.el7eap.noarch.rpm\neap7-jboss-server-migration-eap7.1-to-eap7.2-1.3.1-6.Final_redhat_00006.1.el7eap.noarch.rpm\neap7-jboss-server-migration-eap7.2-1.3.1-6.Final_redhat_00006.1.el7eap.noarch.rpm\neap7-jboss-server-migration-wildfly10.0-1.3.1-6.Final_redhat_00006.1.el7eap.noarch.rpm\neap7-jboss-server-migration-wildfly10.0-to-eap7.2-1.3.1-6.Final_redhat_00006.1.el7eap.noarch.rpm\neap7-jboss-server-migration-wildfly10.1-1.3.1-6.Final_redhat_00006.1.el7eap.noarch.rpm\neap7-jboss-server-migration-wildfly10.1-to-eap7.2-1.3.1-6.Final_redhat_00006.1.el7eap.noarch.rpm\neap7-jboss-server-migration-wildfly11.0-1.3.1-6.Final_redhat_00006.1.el7eap.noarch.rpm\neap7-jboss-server-migration-wildfly11.0-to-eap7.2-1.3.1-6.Final_redhat_00006.1.el7eap.noarch.rpm\neap7-jboss-server-migration-wildfly12.0-1.3.1-6.Final_redhat_00006.1.el7eap.noarch.rpm\neap7-jboss-server-migration-wildfly12.0-to-eap7.2-1.3.1-6.Final_redhat_00006.1.el7eap.noarch.rpm\neap7-jboss-server-migration-wildfly13.0-server-1.3.1-6.Final_redhat_00006.1.el7eap.noarch.rpm\neap7-jboss-server-migration-wildfly14.0-server-1.3.1-6.Final_redhat_00006.1.el7eap.noarch.rpm\neap7-jboss-server-migration-wildfly8.2-1.3.1-6.Final_redhat_00006.1.el7eap.noarch.rpm\neap7-jboss-server-migration-wildfly8.2-to-eap7.2-1.3.1-6.Final_redhat_00006.1.el7eap.noarch.rpm\neap7-jboss-server-migration-wildfly9.0-1.3.1-6.Final_redhat_00006.1.el7eap.noarch.rpm\neap7-jboss-server-migration-wildfly9.0-to-eap7.2-1.3.1-6.Final_redhat_00006.1.el7eap.noarch.rpm\neap7-jboss-xnio-base-3.7.6-2.SP1_redhat_00001.1.el7eap.noarch.rpm\neap7-picketbox-5.0.3-6.Final_redhat_00005.1.el7eap.noarch.rpm\neap7-picketbox-infinispan-5.0.3-6.Final_redhat_00005.1.el7eap.noarch.rpm\neap7-picketlink-api-2.5.5-20.SP12_redhat_00009.1.el7eap.noarch.rpm\neap7-picketlink-bindings-2.5.5-20.SP12_redhat_00009.1.el7eap.noarch.rpm\neap7-picketlink-common-2.5.5-20.SP12_redhat_00009.1.el7eap.noarch.rpm\neap7-picketlink-config-2.5.5-20.SP12_redhat_00009.1.el7eap.noarch.rpm\neap7-picketlink-federation-2.5.5-20.SP12_redhat_00009.1.el7eap.noarch.rpm\neap7-picketlink-idm-api-2.5.5-20.SP12_redhat_00009.1.el7eap.noarch.rpm\neap7-picketlink-idm-impl-2.5.5-20.SP12_redhat_00009.1.el7eap.noarch.rpm\neap7-picketlink-idm-simple-schema-2.5.5-20.SP12_redhat_00009.1.el7eap.noarch.rpm\neap7-picketlink-impl-2.5.5-20.SP12_redhat_00009.1.el7eap.noarch.rpm\neap7-picketlink-wildfly8-2.5.5-20.SP12_redhat_00009.1.el7eap.noarch.rpm\neap7-resteasy-3.6.1-7.SP7_redhat_00001.1.el7eap.noarch.rpm\neap7-resteasy-atom-provider-3.6.1-7.SP7_redhat_00001.1.el7eap.noarch.rpm\neap7-resteasy-cdi-3.6.1-7.SP7_redhat_00001.1.el7eap.noarch.rpm\neap7-resteasy-client-3.6.1-7.SP7_redhat_00001.1.el7eap.noarch.rpm\neap7-resteasy-client-microprofile-3.6.1-7.SP7_redhat_00001.1.el7eap.noarch.rpm\neap7-resteasy-crypto-3.6.1-7.SP7_redhat_00001.1.el7eap.noarch.rpm\neap7-resteasy-jackson-provider-3.6.1-7.SP7_redhat_00001.1.el7eap.noarch.rpm\neap7-resteasy-jackson2-provider-3.6.1-7.SP7_redhat_00001.1.el7eap.noarch.rpm\neap7-resteasy-jaxb-provider-3.6.1-7.SP7_redhat_00001.1.el7eap.noarch.rpm\neap7-resteasy-jaxrs-3.6.1-7.SP7_redhat_00001.1.el7eap.noarch.rpm\neap7-resteasy-jettison-provider-3.6.1-7.SP7_redhat_00001.1.el7eap.noarch.rpm\neap7-resteasy-jose-jwt-3.6.1-7.SP7_redhat_00001.1.el7eap.noarch.rpm\neap7-resteasy-jsapi-3.6.1-7.SP7_redhat_00001.1.el7eap.noarch.rpm\neap7-resteasy-json-binding-provider-3.6.1-7.SP7_redhat_00001.1.el7eap.noarch.rpm\neap7-resteasy-json-p-provider-3.6.1-7.SP7_redhat_00001.1.el7eap.noarch.rpm\neap7-resteasy-multipart-provider-3.6.1-7.SP7_redhat_00001.1.el7eap.noarch.rpm\neap7-resteasy-rxjava2-3.6.1-7.SP7_redhat_00001.1.el7eap.noarch.rpm\neap7-resteasy-spring-3.6.1-7.SP7_redhat_00001.1.el7eap.noarch.rpm\neap7-resteasy-validator-provider-11-3.6.1-7.SP7_redhat_00001.1.el7eap.noarch.rpm\neap7-resteasy-yaml-provider-3.6.1-7.SP7_redhat_00001.1.el7eap.noarch.rpm\neap7-undertow-2.0.26-2.SP3_redhat_00001.1.el7eap.noarch.rpm\neap7-wildfly-7.2.5-4.GA_redhat_00002.1.el7eap.noarch.rpm\neap7-wildfly-elytron-1.6.5-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-wildfly-elytron-tool-1.4.4-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-wildfly-http-client-common-1.0.17-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-wildfly-http-ejb-client-1.0.17-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-wildfly-http-naming-client-1.0.17-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-wildfly-http-transaction-client-1.0.17-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-wildfly-java-jdk11-7.2.5-4.GA_redhat_00002.1.el7eap.noarch.rpm\neap7-wildfly-java-jdk8-7.2.5-4.GA_redhat_00002.1.el7eap.noarch.rpm\neap7-wildfly-javadocs-7.2.5-4.GA_redhat_00002.1.el7eap.noarch.rpm\neap7-wildfly-modules-7.2.5-4.GA_redhat_00002.1.el7eap.noarch.rpm\neap7-wildfly-openssl-1.0.8-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-wildfly-openssl-java-1.0.8-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-yasson-1.0.5-1.redhat_00001.1.el7eap.noarch.rpm\n\nx86_64:\neap7-wildfly-openssl-linux-x86_64-1.0.8-5.Final_redhat_00001.1.el7eap.x86_64.rpm\neap7-wildfly-openssl-linux-x86_64-debuginfo-1.0.8-5.Final_redhat_00001.1.el7eap.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n8. References:\n\nhttps://access.redhat.com/security/cve/CVE-2019-9511\nhttps://access.redhat.com/security/cve/CVE-2019-9512\nhttps://access.redhat.com/security/cve/CVE-2019-9514\nhttps://access.redhat.com/security/cve/CVE-2019-9515\nhttps://access.redhat.com/security/cve/CVE-2019-14838\nhttps://access.redhat.com/security/cve/CVE-2019-14843\nhttps://access.redhat.com/security/updates/classification/#important\nhttps://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.2/\nhttps://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.2/html-single/installation_guide/\n\n9. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2019 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBXd2Ev9zjgjWX9erEAQjW/BAAl1q46jFIklzXGQYqCBNoHo/OJpqbB21F\nsqHX3rOeRckVrjfzsYuJmGFFOjC9IXcLslr7Ps6x6SNxvbozmbDPv703SP1RNzWy\n+4IqMa8tqDyNNPxtcIMBGIwvmCRpC/FgvM4qlPQ9TdmXpITlIXq8n1m8Ye5EJAAk\nbtHtkJeR81pob5xBS21CFoiNZOOWT17tyYlxpPRH69DPs9GSf6VUQGplVjWhIyXC\nnc+DUt5vRIor3RmIBqwiY3Cm2x1veKliZIU11uanyy/OpQ4fngCQPqQv2d/246xQ\ntevUzg52+/YTr2HB5p4YVEBWlmhtNLvlNmaYYPoz4hvKgZY3DBfAVLvMToS7aHZz\ntbOI+1ACdzzkXzaOmxTu5E/omvvgLOkRQ+WPS/AzHq1v7M8tFCZ9y3Q/VByxTCLy\nweXO5udaWf4jV8s8JAiT2Ugl93qxv06UJq+zB2yQ9HwNGCYGt1eWSZhGCbLp5AM+\nlI3X+McTnbHik/xvvmOgyyRnvJUFBai+AtvAdUqN8uTf//vP0DSd4LL406MQ/bNF\n3k2Rn52husN69bwsM8ZY3EpddtPOwPIVTD4zZy4+Bw25baVGKXQTQJMBMRVsduSb\nKKJgjKd93kXyZ3i//eu+VAMJhKc1QNVIU6HEcCpyx5qpZyJnomTb01VsmRkE/k+O\n4I3dv+TPBuU=aKfk\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. Description:\n\nAMQ Broker is a high-performance messaging implementation based on ActiveMQ\nArtemis. It uses an asynchronous journal for fast message persistence, and\nsupports multiple languages, protocols, and platforms. For further information, refer to the release notes linked to\nin the References section. 8) - aarch64, noarch, ppc64le, s390x, x86_64\n\n3. Description:\n\nThe container-tools module contains tools for working with containers,\nnotably podman, buildah, skopeo, and runc. \n\nBug Fix(es):\n\n* avc: podman run --security-opt label=type:svirt_qemu_net_t (BZ#1764318)\n\n* backport json-file logging support to 1.4.2 (BZ#1770176)\n\n* Selinux won\u0027t allow SCTP inter pod communication (BZ#1774382)\n\n4. Summary:\n\nThis is a security update for JBoss EAP Continuous Delivery 18.0. Description:\n\nRed Hat Single Sign-On 7.3 is a standalone server, based on the Keycloak\nproject, that provides authentication and standards-based single sign-on\ncapabilities for web and mobile applications. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. JIRA issues fixed (https://issues.jboss.org/):\n\nKEYCLOAK-11816 - Tracker bug for the RH-SSO 7.3.5 release for RHEL7\n\n7. \n\nInstallation instructions are available from the Fuse 7.6.0 product\ndocumentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.6/\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1399546 - CVE-2015-9251 js-jquery: Cross-site scripting via cross-domain ajax requests\n1432858 - CVE-2017-5929 logback: Serialization vulnerability in SocketServer and ServerSocketReceiver\n1591854 - CVE-2017-16012 js-jquery: XSS in responses from cross-origin ajax requests\n1618573 - CVE-2018-11771 apache-commons-compress: ZipArchiveInputStream.read() fails to identify correct EOF allowing for DoS via crafted zip\n1643043 - CVE-2018-15756 springframework: DoS Attack via Range Requests\n1693777 - CVE-2019-3888 undertow: leak credentials to log files UndertowLogger.REQUEST_LOGGER.undertowRequestFailed\n1703469 - CVE-2019-10174 infinispan: invokeAccessibly method from ReflectionUtil class allows to invoke private methods\n1709860 - CVE-2019-5427 c3p0: loading XML configuration leads to denial of service\n1713068 - CVE-2019-10184 undertow: Information leak in requests for directories without trailing slashes\n1725795 - CVE-2019-12814 jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server via crafted JSON message",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2019-9512"
          },
          {
            "db": "CERT/CC",
            "id": "VU#605641"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-008112"
          },
          {
            "db": "VULHUB",
            "id": "VHN-160947"
          },
          {
            "db": "PACKETSTORM",
            "id": "157741"
          },
          {
            "db": "PACKETSTORM",
            "id": "156209"
          },
          {
            "db": "PACKETSTORM",
            "id": "155480"
          },
          {
            "db": "PACKETSTORM",
            "id": "155520"
          },
          {
            "db": "PACKETSTORM",
            "id": "155484"
          },
          {
            "db": "PACKETSTORM",
            "id": "157214"
          },
          {
            "db": "PACKETSTORM",
            "id": "155704"
          },
          {
            "db": "PACKETSTORM",
            "id": "158095"
          },
          {
            "db": "PACKETSTORM",
            "id": "155518"
          },
          {
            "db": "PACKETSTORM",
            "id": "156941"
          }
        ],
        "trust": 3.33
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2019-9512",
            "trust": 3.5
          },
          {
            "db": "CERT/CC",
            "id": "VU#605641",
            "trust": 3.3
          },
          {
            "db": "OPENWALL",
            "id": "OSS-SECURITY/2019/08/20/1",
            "trust": 1.7
          },
          {
            "db": "MCAFEE",
            "id": "SB10296",
            "trust": 1.7
          },
          {
            "db": "PACKETSTORM",
            "id": "156209",
            "trust": 0.8
          },
          {
            "db": "JVN",
            "id": "JVNVU93696206",
            "trust": 0.8
          },
          {
            "db": "JVN",
            "id": "JVNVU98433488",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-008112",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201908-925",
            "trust": 0.7
          },
          {
            "db": "PACKETSTORM",
            "id": "155396",
            "trust": 0.7
          },
          {
            "db": "PACKETSTORM",
            "id": "155705",
            "trust": 0.7
          },
          {
            "db": "PACKETSTORM",
            "id": "158651",
            "trust": 0.7
          },
          {
            "db": "PACKETSTORM",
            "id": "157741",
            "trust": 0.7
          },
          {
            "db": "PACKETSTORM",
            "id": "155520",
            "trust": 0.7
          },
          {
            "db": "PACKETSTORM",
            "id": "155484",
            "trust": 0.7
          },
          {
            "db": "PACKETSTORM",
            "id": "157214",
            "trust": 0.7
          },
          {
            "db": "PACKETSTORM",
            "id": "158095",
            "trust": 0.7
          },
          {
            "db": "PACKETSTORM",
            "id": "156941",
            "trust": 0.7
          },
          {
            "db": "PACKETSTORM",
            "id": "156852",
            "trust": 0.6
          },
          {
            "db": "PACKETSTORM",
            "id": "156628",
            "trust": 0.6
          },
          {
            "db": "PACKETSTORM",
            "id": "155352",
            "trust": 0.6
          },
          {
            "db": "PACKETSTORM",
            "id": "154135",
            "trust": 0.6
          },
          {
            "db": "PACKETSTORM",
            "id": "155728",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2019.4238",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2019.4737",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2019.4332",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.4324",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.1030",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.2619",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2019.4533",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.0643",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.1766",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2019.3152",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.1076",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.0994",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2019.3114",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2019.3597.2",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.0007",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2019.4645",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2019.4596",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2019.4586",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.0100",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2019.4788",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.2071",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2019.4697",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2019.4484",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.1335",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.1427",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2019.4368",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2019.4665",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.0832",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2019.3597.3",
            "trust": 0.6
          },
          {
            "db": "NSFOCUS",
            "id": "43919",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022072128",
            "trust": 0.6
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-19-346-01",
            "trust": 0.6
          },
          {
            "db": "PACKETSTORM",
            "id": "155024",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "154430",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "154888",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "154444",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "154396",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "158650",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "154525",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "154222",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "154475",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "155037",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "154638",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "154058",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "154425",
            "trust": 0.1
          },
          {
            "db": "VULHUB",
            "id": "VHN-160947",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "155480",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "155704",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "155518",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#605641"
          },
          {
            "db": "VULHUB",
            "id": "VHN-160947"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-008112"
          },
          {
            "db": "PACKETSTORM",
            "id": "157741"
          },
          {
            "db": "PACKETSTORM",
            "id": "156209"
          },
          {
            "db": "PACKETSTORM",
            "id": "155480"
          },
          {
            "db": "PACKETSTORM",
            "id": "155520"
          },
          {
            "db": "PACKETSTORM",
            "id": "155484"
          },
          {
            "db": "PACKETSTORM",
            "id": "157214"
          },
          {
            "db": "PACKETSTORM",
            "id": "155704"
          },
          {
            "db": "PACKETSTORM",
            "id": "158095"
          },
          {
            "db": "PACKETSTORM",
            "id": "155518"
          },
          {
            "db": "PACKETSTORM",
            "id": "156941"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201908-925"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-9512"
          }
        ]
      },
      "id": "VAR-201908-0422",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-160947"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2024-07-23T20:58:10.670000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "DSA-4503",
            "trust": 0.8,
            "url": "https://www.debian.org/security/2019/dsa-4503"
          },
          {
            "title": "SwiftNIO",
            "trust": 0.8,
            "url": "https://github.com/apple/swift-nio"
          },
          {
            "title": "[ANNOUNCE] Apache Traffic Server is vulnerable to various HTTP/2 attacks (3921083)",
            "trust": 0.8,
            "url": "https://lists.apache.org/thread.html/392108390cef48af647a2e47b7fd5380e050e35ae8d1aa2030254c04@%3cusers.trafficserver.apache.org%3e"
          },
          {
            "title": "[ANNOUNCE] Apache Traffic Server is vulnerable to various HTTP/2 attacks (ad3d01e)",
            "trust": 0.8,
            "url": "https://lists.apache.org/thread.html/ad3d01e767199c1aed8033bb6b3f5bf98c011c7c536f07a5d34b3c19@%3cannounce.trafficserver.apache.org%3e"
          },
          {
            "title": "[ANNOUNCE] Apache Traffic Server is vulnerable to various HTTP/2 attacks (bde5230)",
            "trust": 0.8,
            "url": "https://lists.apache.org/thread.html/bde52309316ae798186d783a5e29f4ad1527f61c9219a289d0eee0a7@%3cdev.trafficserver.apache.org%3e"
          },
          {
            "title": "HTTP/2 Remedial measures to achieve security vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=96610"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-008112"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201908-925"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-400",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-160947"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-008112"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-9512"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.9,
            "url": "https://www.debian.org/security/2019/dsa-4503"
          },
          {
            "trust": 2.5,
            "url": "https://github.com/netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md"
          },
          {
            "trust": 2.5,
            "url": "https://www.synology.com/security/advisory/synology_sa_19_33"
          },
          {
            "trust": 2.5,
            "url": "https://seclists.org/bugtraq/2019/aug/24"
          },
          {
            "trust": 2.5,
            "url": "https://kb.cert.org/vuls/id/605641/"
          },
          {
            "trust": 2.4,
            "url": "https://access.redhat.com/errata/rhsa-2019:4019"
          },
          {
            "trust": 2.4,
            "url": "https://access.redhat.com/errata/rhsa-2019:4021"
          },
          {
            "trust": 2.4,
            "url": "https://access.redhat.com/errata/rhsa-2019:4041"
          },
          {
            "trust": 2.4,
            "url": "https://access.redhat.com/errata/rhsa-2019:4045"
          },
          {
            "trust": 2.4,
            "url": "https://access.redhat.com/errata/rhsa-2019:4269"
          },
          {
            "trust": 2.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9512"
          },
          {
            "trust": 2.3,
            "url": "https://access.redhat.com/errata/rhsa-2019:3892"
          },
          {
            "trust": 2.3,
            "url": "https://access.redhat.com/errata/rhsa-2019:4018"
          },
          {
            "trust": 2.3,
            "url": "https://access.redhat.com/errata/rhsa-2019:4020"
          },
          {
            "trust": 2.3,
            "url": "https://access.redhat.com/errata/rhsa-2019:4040"
          },
          {
            "trust": 2.3,
            "url": "https://access.redhat.com/errata/rhsa-2019:4042"
          },
          {
            "trust": 2.3,
            "url": "https://access.redhat.com/errata/rhsa-2019:4273"
          },
          {
            "trust": 2.3,
            "url": "https://access.redhat.com/errata/rhsa-2019:4352"
          },
          {
            "trust": 1.8,
            "url": "https://access.redhat.com/errata/rhsa-2020:0406"
          },
          {
            "trust": 1.7,
            "url": "https://seclists.org/bugtraq/2019/aug/31"
          },
          {
            "trust": 1.7,
            "url": "https://seclists.org/bugtraq/2019/aug/43"
          },
          {
            "trust": 1.7,
            "url": "https://seclists.org/bugtraq/2019/sep/18"
          },
          {
            "trust": 1.7,
            "url": "https://security.netapp.com/advisory/ntap-20190823-0001/"
          },
          {
            "trust": 1.7,
            "url": "https://security.netapp.com/advisory/ntap-20190823-0004/"
          },
          {
            "trust": 1.7,
            "url": "https://security.netapp.com/advisory/ntap-20190823-0005/"
          },
          {
            "trust": 1.7,
            "url": "https://support.f5.com/csp/article/k98053339"
          },
          {
            "trust": 1.7,
            "url": "https://www.debian.org/security/2019/dsa-4508"
          },
          {
            "trust": 1.7,
            "url": "https://www.debian.org/security/2019/dsa-4520"
          },
          {
            "trust": 1.7,
            "url": "http://seclists.org/fulldisclosure/2019/aug/16"
          },
          {
            "trust": 1.7,
            "url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00011.html"
          },
          {
            "trust": 1.7,
            "url": "http://www.openwall.com/lists/oss-security/2019/08/20/1"
          },
          {
            "trust": 1.7,
            "url": "https://access.redhat.com/errata/rhsa-2019:2594"
          },
          {
            "trust": 1.7,
            "url": "https://access.redhat.com/errata/rhsa-2019:2661"
          },
          {
            "trust": 1.7,
            "url": "https://access.redhat.com/errata/rhsa-2019:2682"
          },
          {
            "trust": 1.7,
            "url": "https://access.redhat.com/errata/rhsa-2019:2690"
          },
          {
            "trust": 1.7,
            "url": "https://access.redhat.com/errata/rhsa-2019:2726"
          },
          {
            "trust": 1.7,
            "url": "https://access.redhat.com/errata/rhsa-2019:2766"
          },
          {
            "trust": 1.7,
            "url": "https://access.redhat.com/errata/rhsa-2019:2769"
          },
          {
            "trust": 1.7,
            "url": "https://access.redhat.com/errata/rhsa-2019:2796"
          },
          {
            "trust": 1.7,
            "url": "https://access.redhat.com/errata/rhsa-2019:2861"
          },
          {
            "trust": 1.7,
            "url": "https://access.redhat.com/errata/rhsa-2019:2925"
          },
          {
            "trust": 1.7,
            "url": "https://access.redhat.com/errata/rhsa-2019:2939"
          },
          {
            "trust": 1.7,
            "url": "https://access.redhat.com/errata/rhsa-2019:2955"
          },
          {
            "trust": 1.7,
            "url": "https://access.redhat.com/errata/rhsa-2019:2966"
          },
          {
            "trust": 1.7,
            "url": "https://access.redhat.com/errata/rhsa-2019:3131"
          },
          {
            "trust": 1.7,
            "url": "https://access.redhat.com/errata/rhsa-2019:3245"
          },
          {
            "trust": 1.7,
            "url": "https://access.redhat.com/errata/rhsa-2019:3265"
          },
          {
            "trust": 1.7,
            "url": "https://access.redhat.com/errata/rhsa-2019:3906"
          },
          {
            "trust": 1.7,
            "url": "https://access.redhat.com/errata/rhsa-2020:0727"
          },
          {
            "trust": 1.7,
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00076.html"
          },
          {
            "trust": 1.7,
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00002.html"
          },
          {
            "trust": 1.7,
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00011.html"
          },
          {
            "trust": 1.7,
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00021.html"
          },
          {
            "trust": 1.7,
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00032.html"
          },
          {
            "trust": 1.7,
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00031.html"
          },
          {
            "trust": 1.7,
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00038.html"
          },
          {
            "trust": 1.7,
            "url": "https://usn.ubuntu.com/4308-1/"
          },
          {
            "trust": 1.6,
            "url": "https://blogs.akamai.com/sitr/2019/08/http2-vulnerabilities.html"
          },
          {
            "trust": 1.6,
            "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10296"
          },
          {
            "trust": 1.4,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9512"
          },
          {
            "trust": 1.0,
            "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
          },
          {
            "trust": 1.0,
            "url": "https://bugzilla.redhat.com/):"
          },
          {
            "trust": 1.0,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9514"
          },
          {
            "trust": 1.0,
            "url": "https://access.redhat.com/security/cve/cve-2019-9514"
          },
          {
            "trust": 1.0,
            "url": "https://access.redhat.com/security/team/contact/"
          },
          {
            "trust": 1.0,
            "url": "https://access.redhat.com/security/cve/cve-2019-9512"
          },
          {
            "trust": 1.0,
            "url": "https://access.redhat.com/security/updates/classification/#important"
          },
          {
            "trust": 1.0,
            "url": "https://lists.apache.org/thread.html/392108390cef48af647a2e47b7fd5380e050e35ae8d1aa2030254c04%40%3cusers.trafficserver.apache.org%3e"
          },
          {
            "trust": 1.0,
            "url": "https://lists.apache.org/thread.html/ad3d01e767199c1aed8033bb6b3f5bf98c011c7c536f07a5d34b3c19%40%3cannounce.trafficserver.apache.org%3e"
          },
          {
            "trust": 1.0,
            "url": "https://lists.apache.org/thread.html/bde52309316ae798186d783a5e29f4ad1527f61c9219a289d0eee0a7%40%3cdev.trafficserver.apache.org%3e"
          },
          {
            "trust": 1.0,
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4bbp27pzgsy6op6d26e5fw4gzkbfhnu7/"
          },
          {
            "trust": 1.0,
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4zqghe3wtylyayjeidjvf2figqtaypmc/"
          },
          {
            "trust": 1.0,
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/cmnfx5mnyrwwimo4btkyqcgudmho3axp/"
          },
          {
            "trust": 1.0,
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/lyo6e3h34c346d2e443glxk7ok6kiyiq/"
          },
          {
            "trust": 1.0,
            "url": "https://support.f5.com/csp/article/k98053339?utm_source=f5support\u0026amp%3butm_medium=rss"
          },
          {
            "trust": 0.8,
            "url": "https://vuls.cert.org/confluence/pages/viewpage.action?pageid=56393752"
          },
          {
            "trust": 0.8,
            "url": "https://tools.ietf.org/html/rfc7540"
          },
          {
            "trust": 0.8,
            "url": "https://tools.ietf.org/html/rfc7541"
          },
          {
            "trust": 0.8,
            "url": "https://blog.cloudflare.com/on-the-recent-http-2-dos-attacks/"
          },
          {
            "trust": 0.8,
            "url": "https://blog.litespeedtech.com/2019/08/15/litespeed-addresses-http-2-dos-advisories/"
          },
          {
            "trust": 0.8,
            "url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-9511https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-9512https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-9513https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-9514https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-9518"
          },
          {
            "trust": 0.8,
            "url": "https://jvn.jp/vu/jvnvu98433488/"
          },
          {
            "trust": 0.8,
            "url": "https://jvn.jp/vu/jvnvu93696206/"
          },
          {
            "trust": 0.8,
            "url": "https://access.redhat.com/security/cve/cve-2019-9515"
          },
          {
            "trust": 0.7,
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/lyo6e3h34c346d2e443glxk7ok6kiyiq/"
          },
          {
            "trust": 0.7,
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/cmnfx5mnyrwwimo4btkyqcgudmho3axp/"
          },
          {
            "trust": 0.7,
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4bbp27pzgsy6op6d26e5fw4gzkbfhnu7/"
          },
          {
            "trust": 0.7,
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4zqghe3wtylyayjeidjvf2figqtaypmc/"
          },
          {
            "trust": 0.7,
            "url": "https://lists.apache.org/thread.html/ad3d01e767199c1aed8033bb6b3f5bf98c011c7c536f07a5d34b3c19@%3cannounce.trafficserver.apache.org%3e"
          },
          {
            "trust": 0.7,
            "url": "https://lists.apache.org/thread.html/bde52309316ae798186d783a5e29f4ad1527f61c9219a289d0eee0a7@%3cdev.trafficserver.apache.org%3e"
          },
          {
            "trust": 0.7,
            "url": "https://lists.apache.org/thread.html/392108390cef48af647a2e47b7fd5380e050e35ae8d1aa2030254c04@%3cusers.trafficserver.apache.org%3e"
          },
          {
            "trust": 0.7,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9515"
          },
          {
            "trust": 0.6,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14838"
          },
          {
            "trust": 0.6,
            "url": "https://access.redhat.com/security/cve/cve-2019-14838"
          },
          {
            "trust": 0.6,
            "url": "http2-cves/"
          },
          {
            "trust": 0.6,
            "url": "https://www.cloudfoundry.org/blog/various-"
          },
          {
            "trust": 0.6,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9518"
          },
          {
            "trust": 0.6,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9517"
          },
          {
            "trust": 0.6,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9516"
          },
          {
            "trust": 0.6,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9515"
          },
          {
            "trust": 0.6,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9514"
          },
          {
            "trust": 0.6,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9513"
          },
          {
            "trust": 0.6,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9511"
          },
          {
            "trust": 0.6,
            "url": "https://support.f5.com/csp/article/k98053339?utm_source=f5support\u0026utm_medium=rss"
          },
          {
            "trust": 0.6,
            "url": "https://support.apple.com/en-au/ht210436"
          },
          {
            "trust": 0.6,
            "url": "https://support.f5.com/csp/article/k50233772"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/support/pages/node/1126605"
          },
          {
            "trust": 0.6,
            "url": "https://www.suse.com/support/update/announcement/2019/suse-su-201914246-1.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/support/pages/node/1104951"
          },
          {
            "trust": 0.6,
            "url": "https://access.redhat.com/errata/rhsa-2019:3905"
          },
          {
            "trust": 0.6,
            "url": "https://www.us-cert.gov/ics/advisories/icsa-19-346-01"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/support/pages/node/1109787"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/support/pages/node/1109781"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/support/pages/node/1108515"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/support/pages/node/1109775"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/support/pages/node/1165894"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/support/pages/node/1165906"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/support/pages/node/1135167"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/support/pages/node/1164346"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/support/pages/node/1164364"
          },
          {
            "trust": 0.6,
            "url": "https://www.suse.com/support/update/announcement/2020/suse-su-20200059-1.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-dependent-libraries-affect-ibm-db2-leading-to-denial-of-service-or-privilege-escalation/"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/support/pages/node/1128387"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/157214/red-hat-security-advisory-2020-1445-01.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2019.4368/"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2019.4788/"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2019.4586/"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.0994/"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-node-js-affect-ibm-spectrum-protect-plus-cve-2019-15606-cve-2019-15604-cve-2019-15605-cve-2019-9511-cve-2019-9516-cve-2019-9512-cve-2019-9517-cve-2019-951/"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2019.4332/"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.0643/"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2019.4484/"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-have-been-identified-in-db2-that-affect-the-ibm-performance-management-product/"
          },
          {
            "trust": 0.6,
            "url": "http2-implementation-vulnerablility/"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/blogs/psirt/security-bulletin-websphere-liberty-susceptible-to-"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/155728/red-hat-security-advisory-2019-4352-01.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.2619/"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2019.3114/"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-kubernetes-affect-ibm-infosphere-information-server/"
          },
          {
            "trust": 0.6,
            "url": "https://portal.msrc.microsoft.com/zh-cn/security-guidance/advisory/cve-2019-9512"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-websphere-application-server-liberty-affect-ibm-spectrum-protect-operations-center-and-client-management-service/"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.1335/"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/157741/red-hat-security-advisory-2020-2067-01.html"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/156209/red-hat-security-advisory-2020-0406-01.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2019.3597.3/"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/158095/red-hat-security-advisory-2020-2565-01.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2019.4737/"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.0832/"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/support/pages/node/1137466"
          },
          {
            "trust": 0.6,
            "url": "http://www.nsfocus.net/vulndb/43919"
          },
          {
            "trust": 0.6,
            "url": "https://vigilance.fr/vulnerability/http-2-multiple-vulnerabilities-30040"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/155484/red-hat-security-advisory-2019-4019-01.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-netty-affect-ibm-operations-analytics-predictive-insights-cve-2019-9514-cve-2019-9512-cve-2019-9518-cve-2019-9515/"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.1076/"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/156628/red-hat-security-advisory-2020-0727-01.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-dependent-libraries-affect-ibm-db2-leading-to-denial-of-service-or-privilege-escalation-3/"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.2071/"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/support/pages/node/1127397"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.1427/"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2019.4645/"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2019.3597.2/"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2019.4665/"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-watson-discovery-for-ibm-cloud-pak-for-data-affected-by-vulnerability-in-netty/"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-netty-affect-ibm-netcool-agile-service-manager/"
          },
          {
            "trust": 0.6,
            "url": "https://pivotal.io/security/cve-2019-9517"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2019.4697/"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-db2-warehouse-has-released-a-fix-in-response-to-multiple-vulnerabilities-found-in-ibm-db2/"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-transformation-advisor-is-affected-by-vulnerabilities-in-websphere-application-server-liberty-cve-2019-9515-cve-2019-9518-cve-2019-9517-cve-2019-9512-cve-2019-9514-c/"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2019.4596/"
          },
          {
            "trust": 0.6,
            "url": "https://support.apple.com/en-us/ht210436"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/155520/red-hat-security-advisory-2019-4045-01.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-ibm-db2-and-ibm-java-runtime-affect-ibm-spectrum-protect-server/"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-in-ibm-websphere-application-server-affect-ibm-sterling-b2b-integrator/"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/support/pages/node/1128279"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/156852/red-hat-security-advisory-2020-0922-01.html"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/156941/red-hat-security-advisory-2020-0983-01.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.1766/"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/154135/debian-security-advisory-4503-1.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022072128"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2019.3152/"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-dependent-libraries-affect-ibm-db2-leading-to-denial-of-service-or-privilege-escalation-2/"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-infosphere-information-server-is-affected-by-multiple-vulnerabilities-in-websphere-application-server-liberty/"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/158651/red-hat-security-advisory-2020-3197-01.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.4324/"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2019.4533/"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/support/pages/node/1150960"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/155396/red-hat-security-advisory-2019-3906-01.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.0100/"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/155705/red-hat-security-advisory-2019-4273-01.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.0007/"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2019.4238/"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/155352/red-hat-security-advisory-2019-3892-01.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/support/pages/node/1165852"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.1030/"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/support/pages/node/1127853"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/support/pages/node/1168528"
          },
          {
            "trust": 0.5,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9511"
          },
          {
            "trust": 0.5,
            "url": "https://access.redhat.com/security/cve/cve-2019-9511"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/team/key/"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/articles/11258"
          },
          {
            "trust": 0.4,
            "url": "https://issues.jboss.org/):"
          },
          {
            "trust": 0.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14843"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2019-14843"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2020-11619"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2020-7238"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2020-11620"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.2/html-single/installation_guide/"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.2/"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/documentation/en-us/red_hat_single_sign-on/7.3/"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2019-14837"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14837"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9517"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2019-9517"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2019-9516"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2019-9518"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9516"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9518"
          },
          {
            "trust": 0.1,
            "url": "https://kc.mcafee.com/corporate/index?page=content\u0026amp;id=sb10296"
          },
          {
            "trust": 0.1,
            "url": "https://support.f5.com/csp/article/k98053339?utm_source=f5support\u0026amp;amp;utm_medium=rss"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-16335"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-11112"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-3875"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-11113"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-10968"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-14832"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-9546"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-16943"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-10672"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-10201"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/documentation/en-us/red_hat_build_of_thorntail/2.5/html/release_notes_for_thorntail_2.5/"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2020:2067"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-3875"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-20330"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-12406"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-12400"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-0210"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-0205"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20330"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-12419"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-10673"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-17531"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-16335"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-0210"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-10086"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-10219"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14832"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-17531"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-14540"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-17267"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-10199"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=catrhoar.thorntail\u0026version=2.5.1"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-16942"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-12406"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14887"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14892"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-10201"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-9548"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-1729"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-16943"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-10969"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-12419"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-17267"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-0205"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-14893"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-11111"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-10199"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-9547"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-16942"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14893"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-14888"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-12400"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-14892"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-10219"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-10086"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-14887"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14540"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-14820"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-8840"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14820"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14888"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=appplatform\u0026downloadtype=securitypatches\u0026version=7.2"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=core.service.rhsso\u0026downloadtype=securitypatches\u0026version=7.3"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-0222"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20444"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-10247"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-20445"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-20444"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=jboss.amq.broker\u0026version=7.4.3"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-16869"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-0222"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-7238"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2020:1445"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-10241"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-10247"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-16869"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-10241"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20445"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/documentation/en-us/red_hat_amq/7.4/"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-16884"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-16884"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-11620"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2020:2565"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-11619"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-19343"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-3805"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-19343"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-3805"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9513"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-10174"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2015-9251"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-10184"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14379"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-11771"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-5427"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-12422"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-3888"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-5929"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-12422"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14439"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-11272"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/documentation/en-us/red_hat_fuse/7.6/"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-17570"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-3888"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-9513"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-17570"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=jboss.fuse\u0026version=7.6.0"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2017-5929"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2018-11771"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-14439"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-3802"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-12814"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-10184"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-12384"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2018-15756"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-5427"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-15756"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-9251"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2017-16012"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-10174"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-12384"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-11272"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-3802"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-12814"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-16012"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2020:0983"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-14379"
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#605641"
          },
          {
            "db": "VULHUB",
            "id": "VHN-160947"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-008112"
          },
          {
            "db": "PACKETSTORM",
            "id": "157741"
          },
          {
            "db": "PACKETSTORM",
            "id": "156209"
          },
          {
            "db": "PACKETSTORM",
            "id": "155480"
          },
          {
            "db": "PACKETSTORM",
            "id": "155520"
          },
          {
            "db": "PACKETSTORM",
            "id": "155484"
          },
          {
            "db": "PACKETSTORM",
            "id": "157214"
          },
          {
            "db": "PACKETSTORM",
            "id": "155704"
          },
          {
            "db": "PACKETSTORM",
            "id": "158095"
          },
          {
            "db": "PACKETSTORM",
            "id": "155518"
          },
          {
            "db": "PACKETSTORM",
            "id": "156941"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201908-925"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-9512"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CERT/CC",
            "id": "VU#605641"
          },
          {
            "db": "VULHUB",
            "id": "VHN-160947"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-008112"
          },
          {
            "db": "PACKETSTORM",
            "id": "157741"
          },
          {
            "db": "PACKETSTORM",
            "id": "156209"
          },
          {
            "db": "PACKETSTORM",
            "id": "155480"
          },
          {
            "db": "PACKETSTORM",
            "id": "155520"
          },
          {
            "db": "PACKETSTORM",
            "id": "155484"
          },
          {
            "db": "PACKETSTORM",
            "id": "157214"
          },
          {
            "db": "PACKETSTORM",
            "id": "155704"
          },
          {
            "db": "PACKETSTORM",
            "id": "158095"
          },
          {
            "db": "PACKETSTORM",
            "id": "155518"
          },
          {
            "db": "PACKETSTORM",
            "id": "156941"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201908-925"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-9512"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-08-13T00:00:00",
            "db": "CERT/CC",
            "id": "VU#605641"
          },
          {
            "date": "2019-08-13T00:00:00",
            "db": "VULHUB",
            "id": "VHN-160947"
          },
          {
            "date": "2019-08-26T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-008112"
          },
          {
            "date": "2020-05-18T16:42:53",
            "db": "PACKETSTORM",
            "id": "157741"
          },
          {
            "date": "2020-02-05T18:34:34",
            "db": "PACKETSTORM",
            "id": "156209"
          },
          {
            "date": "2019-11-27T15:38:24",
            "db": "PACKETSTORM",
            "id": "155480"
          },
          {
            "date": "2019-12-02T19:20:27",
            "db": "PACKETSTORM",
            "id": "155520"
          },
          {
            "date": "2019-11-27T15:43:14",
            "db": "PACKETSTORM",
            "id": "155484"
          },
          {
            "date": "2020-04-14T15:39:41",
            "db": "PACKETSTORM",
            "id": "157214"
          },
          {
            "date": "2019-12-17T15:42:47",
            "db": "PACKETSTORM",
            "id": "155704"
          },
          {
            "date": "2020-06-16T00:54:44",
            "db": "PACKETSTORM",
            "id": "158095"
          },
          {
            "date": "2019-12-02T19:20:11",
            "db": "PACKETSTORM",
            "id": "155518"
          },
          {
            "date": "2020-03-27T13:16:40",
            "db": "PACKETSTORM",
            "id": "156941"
          },
          {
            "date": "2019-08-13T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201908-925"
          },
          {
            "date": "2019-08-13T21:15:12.287000",
            "db": "NVD",
            "id": "CVE-2019-9512"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-11-19T00:00:00",
            "db": "CERT/CC",
            "id": "VU#605641"
          },
          {
            "date": "2019-08-23T00:00:00",
            "db": "VULHUB",
            "id": "VHN-160947"
          },
          {
            "date": "2019-08-26T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-008112"
          },
          {
            "date": "2022-07-22T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201908-925"
          },
          {
            "date": "2023-11-07T03:13:41.880000",
            "db": "NVD",
            "id": "CVE-2019-9512"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201908-925"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "HTTP/2 implementations do not robustly handle abnormal traffic and resource exhaustion",
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#605641"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "resource management error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201908-925"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201908-0261

    Vulnerability from variot - Updated: 2024-07-23 20:56

    Some HTTP/2 implementations are vulnerable to a flood of empty frames, potentially leading to a denial of service. The attacker sends a stream of frames with an empty payload and without the end-of-stream flag. These frames can be DATA, HEADERS, CONTINUATION and/or PUSH_PROMISE. The peer spends time processing each frame disproportionate to attack bandwidth. This can consume excess CPU. Multiple HTTP/2 implementations are vulnerable to a variety of denial-of-service (DoS) attacks. HTTP/2 is the second version of the hypertext transfer protocol, which is mainly used to ensure the communication between the client and the server. A resource management error vulnerability exists in HTTP/2. An attacker could exploit this vulnerability to cause a denial of service. Description:

    Red Hat Fuse provides a small-footprint, flexible, open source enterprise service bus and integration platform. Red Hat A-MQ is a standards compliant messaging system that is tailored for use in mission critical applications. It includes bug fixes, which are documented in the patch notes accompanying the package on the download page. See the download link given in the references section below.

    The References section of this erratum contains a download link (you must log in to download the update). Description:

    Red Hat Process Automation Manager is an open source business process management suite that combines process management and decision service management and enables business and IT users to create, manage, validate, and deploy process applications and decision services.

    It is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process. Description:

    Red Hat Data Grid is a distributed, in-memory, NoSQL datastore based on the Infinispan project.

    This release of Red Hat Data Grid 7.3.3 serves as a replacement for Red Hat Data Grid 7.3.2 and includes bug fixes and enhancements, which are described in the Release Notes, linked to in the References section of this erratum. Solution:

    To install this update, do the following:

    1. Download the Data Grid 7.3.3 server patch from the customer portal. Back up your existing Data Grid installation. You should back up databases, configuration files, and so on. Install the Data Grid 7.3.3 server patch. Refer to the 7.3 Release Notes for patching instructions. Restart Data Grid to ensure the changes take effect. The purpose of this text-only errata is to inform you about the security issues fixed in this release. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

    APPLE-SA-2019-08-13-5 SwiftNIO HTTP/2 1.5.0

    SwiftNIO HTTP/2 1.5.0 is now available and addresses the following:

    SwiftNIO HTTP/2 Available for: SwiftNIO HTTP/2 1.0.0 through 1.4.0 on macOS Sierra 10.12 and later and Ubuntu 14.04 and later Impact: A HTTP/2 server may consume unbounded amounts of memory when receiving certain traffic patterns and eventually suffer resource exhaustion Description: This issue was addressed with improved buffer size management. CVE-2019-9512: Jonathan Looney of Netflix CVE-2019-9514: Jonathan Looney of Netflix CVE-2019-9515: Jonathan Looney of Netflix CVE-2019-9516: Jonathan Looney of Netflix

    SwiftNIO HTTP/2 Available for: SwiftNIO HTTP/2 1.0.0 through 1.4.0 on macOS Sierra 10.12 and later and Ubuntu 14.04 and later Impact: A HTTP/2 server may consume excessive CPU resources when receiving certain traffic patterns Description: This issue was addressed with improved input validation. CVE-2019-9518: Piotr Sikora of Google, Envoy Security Team

    Installation note:

    SwiftNIO HTTP/2 1.5.0 may be obtained via Swift Package Manager.

    Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 and https://github.com/apple/swift-nio-http2/releases/tag/1.5.0. Description:

    AMQ Broker is a high-performance messaging implementation based on ActiveMQ Artemis. It uses an asynchronous journal for fast message persistence, and supports multiple languages, protocols, and platforms. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

    ===================================================================== Red Hat Security Advisory

    Synopsis: Important: rh-nodejs10-nodejs security update Advisory ID: RHSA-2019:2939-01 Product: Red Hat Software Collections Advisory URL: https://access.redhat.com/errata/RHSA-2019:2939 Issue date: 2019-09-30 CVE Names: CVE-2019-9511 CVE-2019-9512 CVE-2019-9513 CVE-2019-9514 CVE-2019-9515 CVE-2019-9516 CVE-2019-9517 CVE-2019-9518 =====================================================================

    1. Summary:

    An update for rh-nodejs10-nodejs is now available for Red Hat Software Collections.

    Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

    1. Relevant releases/architectures:

    Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - aarch64, noarch, ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5) - noarch, ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6) - noarch, ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7) - noarch, ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64

    1. Description:

    Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language.

    The following packages have been upgraded to a later upstream version: rh-nodejs10-nodejs (10.16.3).

    Security Fix(es):

    • HTTP/2: large amount of data requests leads to denial of service (CVE-2019-9511)

    • HTTP/2: flood using PING frames results in unbounded memory growth (CVE-2019-9512)

    • HTTP/2: flood using PRIORITY frames results in excessive resource consumption (CVE-2019-9513)

    • HTTP/2: flood using HEADERS frames results in unbounded memory growth (CVE-2019-9514)

    • HTTP/2: flood using SETTINGS frames results in unbounded memory growth (CVE-2019-9515)

    • HTTP/2: 0-length headers lead to denial of service (CVE-2019-9516)

    • HTTP/2: request for large response leads to denial of service (CVE-2019-9517)

    • HTTP/2: flood using empty frames results in excessive resource consumption (CVE-2019-9518)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

    1. Solution:

    For details on how to apply this update, which includes the changes described in this advisory, refer to:

    https://access.redhat.com/articles/11258

    1. Package List:

    Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):

    Source: rh-nodejs10-3.2-3.el7.src.rpm rh-nodejs10-nodejs-10.16.3-3.el7.src.rpm

    aarch64: rh-nodejs10-3.2-3.el7.aarch64.rpm rh-nodejs10-nodejs-10.16.3-3.el7.aarch64.rpm rh-nodejs10-nodejs-debuginfo-10.16.3-3.el7.aarch64.rpm rh-nodejs10-nodejs-devel-10.16.3-3.el7.aarch64.rpm rh-nodejs10-npm-6.9.0-10.16.3.3.el7.aarch64.rpm rh-nodejs10-runtime-3.2-3.el7.aarch64.rpm rh-nodejs10-scldevel-3.2-3.el7.aarch64.rpm

    noarch: rh-nodejs10-nodejs-docs-10.16.3-3.el7.noarch.rpm

    ppc64le: rh-nodejs10-3.2-3.el7.ppc64le.rpm rh-nodejs10-nodejs-10.16.3-3.el7.ppc64le.rpm rh-nodejs10-nodejs-debuginfo-10.16.3-3.el7.ppc64le.rpm rh-nodejs10-nodejs-devel-10.16.3-3.el7.ppc64le.rpm rh-nodejs10-npm-6.9.0-10.16.3.3.el7.ppc64le.rpm rh-nodejs10-runtime-3.2-3.el7.ppc64le.rpm rh-nodejs10-scldevel-3.2-3.el7.ppc64le.rpm

    s390x: rh-nodejs10-3.2-3.el7.s390x.rpm rh-nodejs10-nodejs-10.16.3-3.el7.s390x.rpm rh-nodejs10-nodejs-debuginfo-10.16.3-3.el7.s390x.rpm rh-nodejs10-nodejs-devel-10.16.3-3.el7.s390x.rpm rh-nodejs10-npm-6.9.0-10.16.3.3.el7.s390x.rpm rh-nodejs10-runtime-3.2-3.el7.s390x.rpm rh-nodejs10-scldevel-3.2-3.el7.s390x.rpm

    Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):

    Source: rh-nodejs10-3.2-3.el7.src.rpm rh-nodejs10-nodejs-10.16.3-3.el7.src.rpm

    aarch64: rh-nodejs10-3.2-3.el7.aarch64.rpm rh-nodejs10-nodejs-10.16.3-3.el7.aarch64.rpm rh-nodejs10-nodejs-debuginfo-10.16.3-3.el7.aarch64.rpm rh-nodejs10-nodejs-devel-10.16.3-3.el7.aarch64.rpm rh-nodejs10-npm-6.9.0-10.16.3.3.el7.aarch64.rpm rh-nodejs10-runtime-3.2-3.el7.aarch64.rpm rh-nodejs10-scldevel-3.2-3.el7.aarch64.rpm

    noarch: rh-nodejs10-nodejs-docs-10.16.3-3.el7.noarch.rpm

    ppc64le: rh-nodejs10-3.2-3.el7.ppc64le.rpm rh-nodejs10-nodejs-10.16.3-3.el7.ppc64le.rpm rh-nodejs10-nodejs-debuginfo-10.16.3-3.el7.ppc64le.rpm rh-nodejs10-nodejs-devel-10.16.3-3.el7.ppc64le.rpm rh-nodejs10-npm-6.9.0-10.16.3.3.el7.ppc64le.rpm rh-nodejs10-runtime-3.2-3.el7.ppc64le.rpm rh-nodejs10-scldevel-3.2-3.el7.ppc64le.rpm

    s390x: rh-nodejs10-3.2-3.el7.s390x.rpm rh-nodejs10-nodejs-10.16.3-3.el7.s390x.rpm rh-nodejs10-nodejs-debuginfo-10.16.3-3.el7.s390x.rpm rh-nodejs10-nodejs-devel-10.16.3-3.el7.s390x.rpm rh-nodejs10-npm-6.9.0-10.16.3.3.el7.s390x.rpm rh-nodejs10-runtime-3.2-3.el7.s390x.rpm rh-nodejs10-scldevel-3.2-3.el7.s390x.rpm

    x86_64: rh-nodejs10-3.2-3.el7.x86_64.rpm rh-nodejs10-nodejs-10.16.3-3.el7.x86_64.rpm rh-nodejs10-nodejs-debuginfo-10.16.3-3.el7.x86_64.rpm rh-nodejs10-nodejs-devel-10.16.3-3.el7.x86_64.rpm rh-nodejs10-npm-6.9.0-10.16.3.3.el7.x86_64.rpm rh-nodejs10-runtime-3.2-3.el7.x86_64.rpm rh-nodejs10-scldevel-3.2-3.el7.x86_64.rpm

    Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5):

    Source: rh-nodejs10-3.2-3.el7.src.rpm rh-nodejs10-nodejs-10.16.3-3.el7.src.rpm

    noarch: rh-nodejs10-nodejs-docs-10.16.3-3.el7.noarch.rpm

    ppc64le: rh-nodejs10-3.2-3.el7.ppc64le.rpm rh-nodejs10-nodejs-10.16.3-3.el7.ppc64le.rpm rh-nodejs10-nodejs-debuginfo-10.16.3-3.el7.ppc64le.rpm rh-nodejs10-nodejs-devel-10.16.3-3.el7.ppc64le.rpm rh-nodejs10-npm-6.9.0-10.16.3.3.el7.ppc64le.rpm rh-nodejs10-runtime-3.2-3.el7.ppc64le.rpm rh-nodejs10-scldevel-3.2-3.el7.ppc64le.rpm

    s390x: rh-nodejs10-3.2-3.el7.s390x.rpm rh-nodejs10-nodejs-10.16.3-3.el7.s390x.rpm rh-nodejs10-nodejs-debuginfo-10.16.3-3.el7.s390x.rpm rh-nodejs10-nodejs-devel-10.16.3-3.el7.s390x.rpm rh-nodejs10-npm-6.9.0-10.16.3.3.el7.s390x.rpm rh-nodejs10-runtime-3.2-3.el7.s390x.rpm rh-nodejs10-scldevel-3.2-3.el7.s390x.rpm

    x86_64: rh-nodejs10-3.2-3.el7.x86_64.rpm rh-nodejs10-nodejs-10.16.3-3.el7.x86_64.rpm rh-nodejs10-nodejs-debuginfo-10.16.3-3.el7.x86_64.rpm rh-nodejs10-nodejs-devel-10.16.3-3.el7.x86_64.rpm rh-nodejs10-npm-6.9.0-10.16.3.3.el7.x86_64.rpm rh-nodejs10-runtime-3.2-3.el7.x86_64.rpm rh-nodejs10-scldevel-3.2-3.el7.x86_64.rpm

    Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6):

    Source: rh-nodejs10-3.2-3.el7.src.rpm rh-nodejs10-nodejs-10.16.3-3.el7.src.rpm

    noarch: rh-nodejs10-nodejs-docs-10.16.3-3.el7.noarch.rpm

    ppc64le: rh-nodejs10-3.2-3.el7.ppc64le.rpm rh-nodejs10-nodejs-10.16.3-3.el7.ppc64le.rpm rh-nodejs10-nodejs-debuginfo-10.16.3-3.el7.ppc64le.rpm rh-nodejs10-nodejs-devel-10.16.3-3.el7.ppc64le.rpm rh-nodejs10-npm-6.9.0-10.16.3.3.el7.ppc64le.rpm rh-nodejs10-runtime-3.2-3.el7.ppc64le.rpm rh-nodejs10-scldevel-3.2-3.el7.ppc64le.rpm

    s390x: rh-nodejs10-3.2-3.el7.s390x.rpm rh-nodejs10-nodejs-10.16.3-3.el7.s390x.rpm rh-nodejs10-nodejs-debuginfo-10.16.3-3.el7.s390x.rpm rh-nodejs10-nodejs-devel-10.16.3-3.el7.s390x.rpm rh-nodejs10-npm-6.9.0-10.16.3.3.el7.s390x.rpm rh-nodejs10-runtime-3.2-3.el7.s390x.rpm rh-nodejs10-scldevel-3.2-3.el7.s390x.rpm

    x86_64: rh-nodejs10-3.2-3.el7.x86_64.rpm rh-nodejs10-nodejs-10.16.3-3.el7.x86_64.rpm rh-nodejs10-nodejs-debuginfo-10.16.3-3.el7.x86_64.rpm rh-nodejs10-nodejs-devel-10.16.3-3.el7.x86_64.rpm rh-nodejs10-npm-6.9.0-10.16.3.3.el7.x86_64.rpm rh-nodejs10-runtime-3.2-3.el7.x86_64.rpm rh-nodejs10-scldevel-3.2-3.el7.x86_64.rpm

    Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7):

    Source: rh-nodejs10-3.2-3.el7.src.rpm rh-nodejs10-nodejs-10.16.3-3.el7.src.rpm

    noarch: rh-nodejs10-nodejs-docs-10.16.3-3.el7.noarch.rpm

    ppc64le: rh-nodejs10-3.2-3.el7.ppc64le.rpm rh-nodejs10-nodejs-10.16.3-3.el7.ppc64le.rpm rh-nodejs10-nodejs-debuginfo-10.16.3-3.el7.ppc64le.rpm rh-nodejs10-nodejs-devel-10.16.3-3.el7.ppc64le.rpm rh-nodejs10-npm-6.9.0-10.16.3.3.el7.ppc64le.rpm rh-nodejs10-runtime-3.2-3.el7.ppc64le.rpm rh-nodejs10-scldevel-3.2-3.el7.ppc64le.rpm

    s390x: rh-nodejs10-3.2-3.el7.s390x.rpm rh-nodejs10-nodejs-10.16.3-3.el7.s390x.rpm rh-nodejs10-nodejs-debuginfo-10.16.3-3.el7.s390x.rpm rh-nodejs10-nodejs-devel-10.16.3-3.el7.s390x.rpm rh-nodejs10-npm-6.9.0-10.16.3.3.el7.s390x.rpm rh-nodejs10-runtime-3.2-3.el7.s390x.rpm rh-nodejs10-scldevel-3.2-3.el7.s390x.rpm

    x86_64: rh-nodejs10-3.2-3.el7.x86_64.rpm rh-nodejs10-nodejs-10.16.3-3.el7.x86_64.rpm rh-nodejs10-nodejs-debuginfo-10.16.3-3.el7.x86_64.rpm rh-nodejs10-nodejs-devel-10.16.3-3.el7.x86_64.rpm rh-nodejs10-npm-6.9.0-10.16.3.3.el7.x86_64.rpm rh-nodejs10-runtime-3.2-3.el7.x86_64.rpm rh-nodejs10-scldevel-3.2-3.el7.x86_64.rpm

    Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):

    Source: rh-nodejs10-3.2-3.el7.src.rpm rh-nodejs10-nodejs-10.16.3-3.el7.src.rpm

    noarch: rh-nodejs10-nodejs-docs-10.16.3-3.el7.noarch.rpm

    x86_64: rh-nodejs10-3.2-3.el7.x86_64.rpm rh-nodejs10-nodejs-10.16.3-3.el7.x86_64.rpm rh-nodejs10-nodejs-debuginfo-10.16.3-3.el7.x86_64.rpm rh-nodejs10-nodejs-devel-10.16.3-3.el7.x86_64.rpm rh-nodejs10-npm-6.9.0-10.16.3.3.el7.x86_64.rpm rh-nodejs10-runtime-3.2-3.el7.x86_64.rpm rh-nodejs10-scldevel-3.2-3.el7.x86_64.rpm

    These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

    1. References:

    https://access.redhat.com/security/cve/CVE-2019-9511 https://access.redhat.com/security/cve/CVE-2019-9512 https://access.redhat.com/security/cve/CVE-2019-9513 https://access.redhat.com/security/cve/CVE-2019-9514 https://access.redhat.com/security/cve/CVE-2019-9515 https://access.redhat.com/security/cve/CVE-2019-9516 https://access.redhat.com/security/cve/CVE-2019-9517 https://access.redhat.com/security/cve/CVE-2019-9518 https://access.redhat.com/security/updates/classification/#important

    1. Contact:

    The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

    Copyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

    iQIVAwUBXZKSV9zjgjWX9erEAQjWxw//TqsnsdfKIaX7qXrxNwXVylKrY8SrbeXt x6Qvt8AOqLn+F+JmManmBtNm9jcpuhGiKmnukzZUpWNhjJiofb2kocQHvvIJ9067 /sTyDXnFmoPYwWVjBhgw24wr/7IZc8qRFTL+Tsz2XVi/kwT2IKrq5erOb9CKVFG1 YYZ0hJKVpcrVoMTgbwp26epTsl2/CcENdNcaL8A31Hn4hBVUYU5FAx9ZTrSnOwV9 QKJ04S0BN5ChgQSXmGYGL02U5GZtA9GWPdDGH0JDckX1t4zwya8Q467xKfbmhp+n AFwBxnP5f/j7VCjwr+vM/XU4BBiK6S82LhGUQgv+uCCaLAFFA2NxRMaa25te7i/u Gu3f5O6OIfkmrPAhHsMfjqXKWJRigc8o26LAT9uGJ9j1FI5xAEa927/xQm08dopo Jvcp8hsf8bi0VM36QSJVarv9aXxJVLpQWBroCV6/Ed+Sxb+Tru/h0G1o8Cwsv6L5 OzMkws/4bxutdFf97MpF1XMxmVrTUE2Wg1lkDOAw0VSikCxgvIhS4heAtIT+nJcR DY+uqboU4KSHFRkol1tIAqlZchD7b+liLbok2Z75NSX4Jg/M3cXfRvw8DKyB8dNc vDET3a6LRCpyR+okLS2hLfb7jTEvi8rOq8Ywsc7caj4hgKsWkRXgo1udbecn0Vrf NSxxFO6EuZE= =bNnl -----END PGP SIGNATURE-----

    -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201908-0261",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "leap",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "opensuse",
            "version": "15.1"
          },
          {
            "model": "linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "debian",
            "version": "10.0"
          },
          {
            "model": "web gateway",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "mcafee",
            "version": "7.7.2.0"
          },
          {
            "model": "web gateway",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "mcafee",
            "version": "7.7.2.24"
          },
          {
            "model": "vs960hd",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "synology",
            "version": null
          },
          {
            "model": "node.js",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "nodejs",
            "version": "8.16.1"
          },
          {
            "model": "node.js",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "nodejs",
            "version": "10.12.0"
          },
          {
            "model": "openshift service mesh",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": "1.0"
          },
          {
            "model": "software collections",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": "1.0"
          },
          {
            "model": "node.js",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "nodejs",
            "version": "8.9.0"
          },
          {
            "model": "fedora",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "fedoraproject",
            "version": "29"
          },
          {
            "model": "graalvm",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "19.2.0"
          },
          {
            "model": "node.js",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "nodejs",
            "version": "10.0.0"
          },
          {
            "model": "jboss enterprise application platform",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": "7.2.0"
          },
          {
            "model": "web gateway",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "mcafee",
            "version": "8.2.0"
          },
          {
            "model": "jboss enterprise application platform",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": "7.3.0"
          },
          {
            "model": "node.js",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "nodejs",
            "version": "12.0.0"
          },
          {
            "model": "node.js",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "nodejs",
            "version": "10.13.0"
          },
          {
            "model": "node.js",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "nodejs",
            "version": "8.0.0"
          },
          {
            "model": "traffic server",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "apache",
            "version": "8.0.0"
          },
          {
            "model": "diskstation manager",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "synology",
            "version": "6.2"
          },
          {
            "model": "node.js",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "nodejs",
            "version": "12.8.1"
          },
          {
            "model": "swiftnio",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "apple",
            "version": "1.4.0"
          },
          {
            "model": "traffic server",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "apache",
            "version": "7.0.0"
          },
          {
            "model": "quay",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": "3.0.0"
          },
          {
            "model": "linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "debian",
            "version": "9.0"
          },
          {
            "model": "jboss core services",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": "1.0"
          },
          {
            "model": "traffic server",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "apache",
            "version": "7.1.6"
          },
          {
            "model": "enterprise linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": "8.0"
          },
          {
            "model": "web gateway",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "mcafee",
            "version": "8.1.0"
          },
          {
            "model": "node.js",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "nodejs",
            "version": "10.16.3"
          },
          {
            "model": "leap",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "opensuse",
            "version": "15.0"
          },
          {
            "model": "ubuntu linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "canonical",
            "version": "16.04"
          },
          {
            "model": "traffic server",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "apache",
            "version": "8.0.3"
          },
          {
            "model": "fedora",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "fedoraproject",
            "version": "30"
          },
          {
            "model": "web gateway",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "mcafee",
            "version": "7.8.2.13"
          },
          {
            "model": "ubuntu linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "canonical",
            "version": "18.04"
          },
          {
            "model": "skynas",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "synology",
            "version": null
          },
          {
            "model": "swiftnio",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "apple",
            "version": "1.0.0"
          },
          {
            "model": "web gateway",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "mcafee",
            "version": "7.8.2.0"
          },
          {
            "model": "node.js",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "nodejs",
            "version": "8.8.1"
          },
          {
            "model": "ubuntu linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "canonical",
            "version": "19.04"
          },
          {
            "model": "traffic server",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "apache",
            "version": "6.0.0"
          },
          {
            "model": "traffic server",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "apache",
            "version": "6.2.3"
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "akamai",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "amazon",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "apache traffic server",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "apple",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "cloudflare",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "envoy",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "facebook",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "go programming language",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "litespeed",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "microsoft",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "netty",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "node js",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "synology",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "twisted",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "ubuntu",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "grpc",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "nghttp2",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "nginx",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#605641"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-9518"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:a:apple:swiftnio:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "1.4.0",
                        "versionStartIncluding": "1.0.0",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionStartIncluding": "10.12",
                        "vulnerable": false
                      },
                      {
                        "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionStartIncluding": "14.04",
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "8.0.3",
                    "versionStartIncluding": "8.0.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "7.1.6",
                    "versionStartIncluding": "7.0.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "6.2.3",
                    "versionStartIncluding": "6.0.0",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:synology:skynas:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:synology:diskstation_manager:6.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:synology:vs960hd_firmware:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:synology:vs960hd:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:redhat:software_collections:1.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:redhat:jboss_core_services:1.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.2.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:redhat:quay:3.0.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:redhat:openshift_service_mesh:1.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.3.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:oracle:graalvm:19.2.0:*:*:*:enterprise:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:mcafee:web_gateway:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "7.7.2.24",
                    "versionStartIncluding": "7.7.2.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:mcafee:web_gateway:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "7.8.2.13",
                    "versionStartIncluding": "7.8.2.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:mcafee:web_gateway:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "8.2.0",
                    "versionStartIncluding": "8.1.0",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "8.8.1",
                    "versionStartIncluding": "8.0.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "10.12.0",
                    "versionStartIncluding": "10.0.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "12.8.1",
                    "versionStartIncluding": "12.0.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "10.16.3",
                    "versionStartIncluding": "10.13.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "8.16.1",
                    "versionStartIncluding": "8.9.0",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2019-9518"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Red Hat",
        "sources": [
          {
            "db": "PACKETSTORM",
            "id": "155728"
          },
          {
            "db": "PACKETSTORM",
            "id": "155352"
          },
          {
            "db": "PACKETSTORM",
            "id": "158651"
          },
          {
            "db": "PACKETSTORM",
            "id": "154712"
          },
          {
            "db": "PACKETSTORM",
            "id": "157214"
          },
          {
            "db": "PACKETSTORM",
            "id": "156628"
          },
          {
            "db": "PACKETSTORM",
            "id": "156941"
          },
          {
            "db": "PACKETSTORM",
            "id": "156852"
          },
          {
            "db": "PACKETSTORM",
            "id": "154693"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201908-940"
          }
        ],
        "trust": 1.5
      },
      "cve": "CVE-2019-9518",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.8,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "HIGH",
                "trust": 1.0,
                "userInteractionRequired": false,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.8,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "VHN-160953",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "NVD",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 3.9,
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "cret@cert.org",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 3.9,
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2019-9518",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "cret@cert.org",
                "id": "CVE-2019-9518",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201908-940",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "VULHUB",
                "id": "VHN-160953",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-160953"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201908-940"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-9518"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-9518"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Some HTTP/2 implementations are vulnerable to a flood of empty frames, potentially leading to a denial of service. The attacker sends a stream of frames with an empty payload and without the end-of-stream flag. These frames can be DATA, HEADERS, CONTINUATION and/or PUSH_PROMISE. The peer spends time processing each frame disproportionate to attack bandwidth. This can consume excess CPU. Multiple HTTP/2 implementations are vulnerable to a variety of denial-of-service (DoS) attacks. HTTP/2 is the second version of the hypertext transfer protocol, which is mainly used to ensure the communication between the client and the server. A resource management error vulnerability exists in HTTP/2. An attacker could exploit this vulnerability to cause a denial of service. Description:\n\nRed Hat Fuse provides a small-footprint, flexible, open source enterprise\nservice bus and integration platform. Red Hat A-MQ is a standards compliant\nmessaging system that is tailored for use in mission critical applications. It\nincludes bug fixes, which are documented in the patch notes accompanying\nthe package on the download page. See the download link given in the\nreferences section below. \n\nThe References section of this erratum contains a download link (you must\nlog in to download the update). Description:\n\nRed Hat Process Automation Manager is an open source business process\nmanagement suite that combines process management and decision service\nmanagement and enables business and IT users to create, manage, validate,\nand deploy process applications and decision services. \n\nIt is recommended to halt the server by stopping the JBoss Application\nServer process before installing this update; after installing the update,\nrestart the server by starting the JBoss Application Server process. Description:\n\nRed Hat Data Grid is a distributed, in-memory, NoSQL datastore based on the\nInfinispan project. \n\nThis release of Red Hat Data Grid 7.3.3 serves as a replacement for Red Hat\nData Grid 7.3.2 and includes bug fixes and enhancements, which are\ndescribed in the Release Notes, linked to in the References section of this\nerratum. Solution:\n\nTo install this update, do the following:\n\n1. Download the Data Grid 7.3.3 server patch from the customer portal. Back up your existing Data Grid installation. You should back up\ndatabases, configuration files, and so on. Install the Data Grid 7.3.3 server patch. Refer to the 7.3 Release Notes\nfor patching instructions. Restart Data Grid to ensure the changes take effect. \nThe purpose of this text-only errata is to inform you about the security\nissues fixed in this release. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2019-08-13-5 SwiftNIO HTTP/2 1.5.0\n\nSwiftNIO HTTP/2 1.5.0 is now available and addresses the following:\n\nSwiftNIO HTTP/2\nAvailable for: SwiftNIO HTTP/2 1.0.0 through 1.4.0 on\nmacOS Sierra 10.12 and later and Ubuntu 14.04 and later\nImpact: A HTTP/2 server may consume unbounded amounts of memory when\nreceiving certain traffic patterns and eventually suffer resource\nexhaustion\nDescription: This issue was addressed with improved buffer size\nmanagement. \nCVE-2019-9512: Jonathan Looney of Netflix\nCVE-2019-9514: Jonathan Looney of Netflix\nCVE-2019-9515: Jonathan Looney of Netflix\nCVE-2019-9516: Jonathan Looney of Netflix\n\nSwiftNIO HTTP/2\nAvailable for: SwiftNIO HTTP/2 1.0.0 through 1.4.0 on\nmacOS Sierra 10.12 and later and Ubuntu 14.04 and later\nImpact: A HTTP/2 server may consume excessive CPU resources when\nreceiving certain traffic patterns\nDescription: This issue was addressed with improved input validation. \nCVE-2019-9518: Piotr Sikora of Google, Envoy Security Team\n\nInstallation note:\n\nSwiftNIO HTTP/2 1.5.0 may be obtained via Swift Package Manager. \n\nInformation will also be posted to the Apple Security Updates\nweb site: https://support.apple.com/kb/HT201222 and\nhttps://github.com/apple/swift-nio-http2/releases/tag/1.5.0. Description:\n\nAMQ Broker is a high-performance messaging implementation based on ActiveMQ\nArtemis. It uses an asynchronous journal for fast message persistence, and\nsupports multiple languages, protocols, and platforms. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n                   Red Hat Security Advisory\n\nSynopsis:          Important: rh-nodejs10-nodejs security update\nAdvisory ID:       RHSA-2019:2939-01\nProduct:           Red Hat Software Collections\nAdvisory URL:      https://access.redhat.com/errata/RHSA-2019:2939\nIssue date:        2019-09-30\nCVE Names:         CVE-2019-9511 CVE-2019-9512 CVE-2019-9513 \n                   CVE-2019-9514 CVE-2019-9515 CVE-2019-9516 \n                   CVE-2019-9517 CVE-2019-9518 \n=====================================================================\n\n1. Summary:\n\nAn update for rh-nodejs10-nodejs is now available for Red Hat Software\nCollections. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - aarch64, noarch, ppc64le, s390x, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5) - noarch, ppc64le, s390x, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6) - noarch, ppc64le, s390x, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7) - noarch, ppc64le, s390x, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64\n\n3. Description:\n\nNode.js is a software development platform for building fast and scalable\nnetwork applications in the JavaScript programming language. \n\nThe following packages have been upgraded to a later upstream version:\nrh-nodejs10-nodejs (10.16.3). \n\nSecurity Fix(es):\n\n* HTTP/2: large amount of data requests leads to denial of service\n(CVE-2019-9511)\n\n* HTTP/2: flood using PING frames results in unbounded memory growth\n(CVE-2019-9512)\n\n* HTTP/2: flood using PRIORITY frames results in excessive resource\nconsumption (CVE-2019-9513)\n\n* HTTP/2: flood using HEADERS frames results in unbounded memory growth\n(CVE-2019-9514)\n\n* HTTP/2: flood using SETTINGS frames results in unbounded memory growth\n(CVE-2019-9515)\n\n* HTTP/2: 0-length headers lead to denial of service (CVE-2019-9516)\n\n* HTTP/2: request for large response leads to denial of service\n(CVE-2019-9517)\n\n* HTTP/2: flood using empty frames results in excessive resource\nconsumption (CVE-2019-9518)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Package List:\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-nodejs10-3.2-3.el7.src.rpm\nrh-nodejs10-nodejs-10.16.3-3.el7.src.rpm\n\naarch64:\nrh-nodejs10-3.2-3.el7.aarch64.rpm\nrh-nodejs10-nodejs-10.16.3-3.el7.aarch64.rpm\nrh-nodejs10-nodejs-debuginfo-10.16.3-3.el7.aarch64.rpm\nrh-nodejs10-nodejs-devel-10.16.3-3.el7.aarch64.rpm\nrh-nodejs10-npm-6.9.0-10.16.3.3.el7.aarch64.rpm\nrh-nodejs10-runtime-3.2-3.el7.aarch64.rpm\nrh-nodejs10-scldevel-3.2-3.el7.aarch64.rpm\n\nnoarch:\nrh-nodejs10-nodejs-docs-10.16.3-3.el7.noarch.rpm\n\nppc64le:\nrh-nodejs10-3.2-3.el7.ppc64le.rpm\nrh-nodejs10-nodejs-10.16.3-3.el7.ppc64le.rpm\nrh-nodejs10-nodejs-debuginfo-10.16.3-3.el7.ppc64le.rpm\nrh-nodejs10-nodejs-devel-10.16.3-3.el7.ppc64le.rpm\nrh-nodejs10-npm-6.9.0-10.16.3.3.el7.ppc64le.rpm\nrh-nodejs10-runtime-3.2-3.el7.ppc64le.rpm\nrh-nodejs10-scldevel-3.2-3.el7.ppc64le.rpm\n\ns390x:\nrh-nodejs10-3.2-3.el7.s390x.rpm\nrh-nodejs10-nodejs-10.16.3-3.el7.s390x.rpm\nrh-nodejs10-nodejs-debuginfo-10.16.3-3.el7.s390x.rpm\nrh-nodejs10-nodejs-devel-10.16.3-3.el7.s390x.rpm\nrh-nodejs10-npm-6.9.0-10.16.3.3.el7.s390x.rpm\nrh-nodejs10-runtime-3.2-3.el7.s390x.rpm\nrh-nodejs10-scldevel-3.2-3.el7.s390x.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-nodejs10-3.2-3.el7.src.rpm\nrh-nodejs10-nodejs-10.16.3-3.el7.src.rpm\n\naarch64:\nrh-nodejs10-3.2-3.el7.aarch64.rpm\nrh-nodejs10-nodejs-10.16.3-3.el7.aarch64.rpm\nrh-nodejs10-nodejs-debuginfo-10.16.3-3.el7.aarch64.rpm\nrh-nodejs10-nodejs-devel-10.16.3-3.el7.aarch64.rpm\nrh-nodejs10-npm-6.9.0-10.16.3.3.el7.aarch64.rpm\nrh-nodejs10-runtime-3.2-3.el7.aarch64.rpm\nrh-nodejs10-scldevel-3.2-3.el7.aarch64.rpm\n\nnoarch:\nrh-nodejs10-nodejs-docs-10.16.3-3.el7.noarch.rpm\n\nppc64le:\nrh-nodejs10-3.2-3.el7.ppc64le.rpm\nrh-nodejs10-nodejs-10.16.3-3.el7.ppc64le.rpm\nrh-nodejs10-nodejs-debuginfo-10.16.3-3.el7.ppc64le.rpm\nrh-nodejs10-nodejs-devel-10.16.3-3.el7.ppc64le.rpm\nrh-nodejs10-npm-6.9.0-10.16.3.3.el7.ppc64le.rpm\nrh-nodejs10-runtime-3.2-3.el7.ppc64le.rpm\nrh-nodejs10-scldevel-3.2-3.el7.ppc64le.rpm\n\ns390x:\nrh-nodejs10-3.2-3.el7.s390x.rpm\nrh-nodejs10-nodejs-10.16.3-3.el7.s390x.rpm\nrh-nodejs10-nodejs-debuginfo-10.16.3-3.el7.s390x.rpm\nrh-nodejs10-nodejs-devel-10.16.3-3.el7.s390x.rpm\nrh-nodejs10-npm-6.9.0-10.16.3.3.el7.s390x.rpm\nrh-nodejs10-runtime-3.2-3.el7.s390x.rpm\nrh-nodejs10-scldevel-3.2-3.el7.s390x.rpm\n\nx86_64:\nrh-nodejs10-3.2-3.el7.x86_64.rpm\nrh-nodejs10-nodejs-10.16.3-3.el7.x86_64.rpm\nrh-nodejs10-nodejs-debuginfo-10.16.3-3.el7.x86_64.rpm\nrh-nodejs10-nodejs-devel-10.16.3-3.el7.x86_64.rpm\nrh-nodejs10-npm-6.9.0-10.16.3.3.el7.x86_64.rpm\nrh-nodejs10-runtime-3.2-3.el7.x86_64.rpm\nrh-nodejs10-scldevel-3.2-3.el7.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5):\n\nSource:\nrh-nodejs10-3.2-3.el7.src.rpm\nrh-nodejs10-nodejs-10.16.3-3.el7.src.rpm\n\nnoarch:\nrh-nodejs10-nodejs-docs-10.16.3-3.el7.noarch.rpm\n\nppc64le:\nrh-nodejs10-3.2-3.el7.ppc64le.rpm\nrh-nodejs10-nodejs-10.16.3-3.el7.ppc64le.rpm\nrh-nodejs10-nodejs-debuginfo-10.16.3-3.el7.ppc64le.rpm\nrh-nodejs10-nodejs-devel-10.16.3-3.el7.ppc64le.rpm\nrh-nodejs10-npm-6.9.0-10.16.3.3.el7.ppc64le.rpm\nrh-nodejs10-runtime-3.2-3.el7.ppc64le.rpm\nrh-nodejs10-scldevel-3.2-3.el7.ppc64le.rpm\n\ns390x:\nrh-nodejs10-3.2-3.el7.s390x.rpm\nrh-nodejs10-nodejs-10.16.3-3.el7.s390x.rpm\nrh-nodejs10-nodejs-debuginfo-10.16.3-3.el7.s390x.rpm\nrh-nodejs10-nodejs-devel-10.16.3-3.el7.s390x.rpm\nrh-nodejs10-npm-6.9.0-10.16.3.3.el7.s390x.rpm\nrh-nodejs10-runtime-3.2-3.el7.s390x.rpm\nrh-nodejs10-scldevel-3.2-3.el7.s390x.rpm\n\nx86_64:\nrh-nodejs10-3.2-3.el7.x86_64.rpm\nrh-nodejs10-nodejs-10.16.3-3.el7.x86_64.rpm\nrh-nodejs10-nodejs-debuginfo-10.16.3-3.el7.x86_64.rpm\nrh-nodejs10-nodejs-devel-10.16.3-3.el7.x86_64.rpm\nrh-nodejs10-npm-6.9.0-10.16.3.3.el7.x86_64.rpm\nrh-nodejs10-runtime-3.2-3.el7.x86_64.rpm\nrh-nodejs10-scldevel-3.2-3.el7.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6):\n\nSource:\nrh-nodejs10-3.2-3.el7.src.rpm\nrh-nodejs10-nodejs-10.16.3-3.el7.src.rpm\n\nnoarch:\nrh-nodejs10-nodejs-docs-10.16.3-3.el7.noarch.rpm\n\nppc64le:\nrh-nodejs10-3.2-3.el7.ppc64le.rpm\nrh-nodejs10-nodejs-10.16.3-3.el7.ppc64le.rpm\nrh-nodejs10-nodejs-debuginfo-10.16.3-3.el7.ppc64le.rpm\nrh-nodejs10-nodejs-devel-10.16.3-3.el7.ppc64le.rpm\nrh-nodejs10-npm-6.9.0-10.16.3.3.el7.ppc64le.rpm\nrh-nodejs10-runtime-3.2-3.el7.ppc64le.rpm\nrh-nodejs10-scldevel-3.2-3.el7.ppc64le.rpm\n\ns390x:\nrh-nodejs10-3.2-3.el7.s390x.rpm\nrh-nodejs10-nodejs-10.16.3-3.el7.s390x.rpm\nrh-nodejs10-nodejs-debuginfo-10.16.3-3.el7.s390x.rpm\nrh-nodejs10-nodejs-devel-10.16.3-3.el7.s390x.rpm\nrh-nodejs10-npm-6.9.0-10.16.3.3.el7.s390x.rpm\nrh-nodejs10-runtime-3.2-3.el7.s390x.rpm\nrh-nodejs10-scldevel-3.2-3.el7.s390x.rpm\n\nx86_64:\nrh-nodejs10-3.2-3.el7.x86_64.rpm\nrh-nodejs10-nodejs-10.16.3-3.el7.x86_64.rpm\nrh-nodejs10-nodejs-debuginfo-10.16.3-3.el7.x86_64.rpm\nrh-nodejs10-nodejs-devel-10.16.3-3.el7.x86_64.rpm\nrh-nodejs10-npm-6.9.0-10.16.3.3.el7.x86_64.rpm\nrh-nodejs10-runtime-3.2-3.el7.x86_64.rpm\nrh-nodejs10-scldevel-3.2-3.el7.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7):\n\nSource:\nrh-nodejs10-3.2-3.el7.src.rpm\nrh-nodejs10-nodejs-10.16.3-3.el7.src.rpm\n\nnoarch:\nrh-nodejs10-nodejs-docs-10.16.3-3.el7.noarch.rpm\n\nppc64le:\nrh-nodejs10-3.2-3.el7.ppc64le.rpm\nrh-nodejs10-nodejs-10.16.3-3.el7.ppc64le.rpm\nrh-nodejs10-nodejs-debuginfo-10.16.3-3.el7.ppc64le.rpm\nrh-nodejs10-nodejs-devel-10.16.3-3.el7.ppc64le.rpm\nrh-nodejs10-npm-6.9.0-10.16.3.3.el7.ppc64le.rpm\nrh-nodejs10-runtime-3.2-3.el7.ppc64le.rpm\nrh-nodejs10-scldevel-3.2-3.el7.ppc64le.rpm\n\ns390x:\nrh-nodejs10-3.2-3.el7.s390x.rpm\nrh-nodejs10-nodejs-10.16.3-3.el7.s390x.rpm\nrh-nodejs10-nodejs-debuginfo-10.16.3-3.el7.s390x.rpm\nrh-nodejs10-nodejs-devel-10.16.3-3.el7.s390x.rpm\nrh-nodejs10-npm-6.9.0-10.16.3.3.el7.s390x.rpm\nrh-nodejs10-runtime-3.2-3.el7.s390x.rpm\nrh-nodejs10-scldevel-3.2-3.el7.s390x.rpm\n\nx86_64:\nrh-nodejs10-3.2-3.el7.x86_64.rpm\nrh-nodejs10-nodejs-10.16.3-3.el7.x86_64.rpm\nrh-nodejs10-nodejs-debuginfo-10.16.3-3.el7.x86_64.rpm\nrh-nodejs10-nodejs-devel-10.16.3-3.el7.x86_64.rpm\nrh-nodejs10-npm-6.9.0-10.16.3.3.el7.x86_64.rpm\nrh-nodejs10-runtime-3.2-3.el7.x86_64.rpm\nrh-nodejs10-scldevel-3.2-3.el7.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-nodejs10-3.2-3.el7.src.rpm\nrh-nodejs10-nodejs-10.16.3-3.el7.src.rpm\n\nnoarch:\nrh-nodejs10-nodejs-docs-10.16.3-3.el7.noarch.rpm\n\nx86_64:\nrh-nodejs10-3.2-3.el7.x86_64.rpm\nrh-nodejs10-nodejs-10.16.3-3.el7.x86_64.rpm\nrh-nodejs10-nodejs-debuginfo-10.16.3-3.el7.x86_64.rpm\nrh-nodejs10-nodejs-devel-10.16.3-3.el7.x86_64.rpm\nrh-nodejs10-npm-6.9.0-10.16.3.3.el7.x86_64.rpm\nrh-nodejs10-runtime-3.2-3.el7.x86_64.rpm\nrh-nodejs10-scldevel-3.2-3.el7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2019-9511\nhttps://access.redhat.com/security/cve/CVE-2019-9512\nhttps://access.redhat.com/security/cve/CVE-2019-9513\nhttps://access.redhat.com/security/cve/CVE-2019-9514\nhttps://access.redhat.com/security/cve/CVE-2019-9515\nhttps://access.redhat.com/security/cve/CVE-2019-9516\nhttps://access.redhat.com/security/cve/CVE-2019-9517\nhttps://access.redhat.com/security/cve/CVE-2019-9518\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2019 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBXZKSV9zjgjWX9erEAQjWxw//TqsnsdfKIaX7qXrxNwXVylKrY8SrbeXt\nx6Qvt8AOqLn+F+JmManmBtNm9jcpuhGiKmnukzZUpWNhjJiofb2kocQHvvIJ9067\n/sTyDXnFmoPYwWVjBhgw24wr/7IZc8qRFTL+Tsz2XVi/kwT2IKrq5erOb9CKVFG1\nYYZ0hJKVpcrVoMTgbwp26epTsl2/CcENdNcaL8A31Hn4hBVUYU5FAx9ZTrSnOwV9\nQKJ04S0BN5ChgQSXmGYGL02U5GZtA9GWPdDGH0JDckX1t4zwya8Q467xKfbmhp+n\nAFwBxnP5f/j7VCjwr+vM/XU4BBiK6S82LhGUQgv+uCCaLAFFA2NxRMaa25te7i/u\nGu3f5O6OIfkmrPAhHsMfjqXKWJRigc8o26LAT9uGJ9j1FI5xAEa927/xQm08dopo\nJvcp8hsf8bi0VM36QSJVarv9aXxJVLpQWBroCV6/Ed+Sxb+Tru/h0G1o8Cwsv6L5\nOzMkws/4bxutdFf97MpF1XMxmVrTUE2Wg1lkDOAw0VSikCxgvIhS4heAtIT+nJcR\nDY+uqboU4KSHFRkol1tIAqlZchD7b+liLbok2Z75NSX4Jg/M3cXfRvw8DKyB8dNc\nvDET3a6LRCpyR+okLS2hLfb7jTEvi8rOq8Ywsc7caj4hgKsWkRXgo1udbecn0Vrf\nNSxxFO6EuZE=\n=bNnl\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2019-9518"
          },
          {
            "db": "CERT/CC",
            "id": "VU#605641"
          },
          {
            "db": "VULHUB",
            "id": "VHN-160953"
          },
          {
            "db": "PACKETSTORM",
            "id": "155728"
          },
          {
            "db": "PACKETSTORM",
            "id": "155352"
          },
          {
            "db": "PACKETSTORM",
            "id": "158651"
          },
          {
            "db": "PACKETSTORM",
            "id": "154712"
          },
          {
            "db": "PACKETSTORM",
            "id": "157214"
          },
          {
            "db": "PACKETSTORM",
            "id": "156628"
          },
          {
            "db": "PACKETSTORM",
            "id": "156941"
          },
          {
            "db": "PACKETSTORM",
            "id": "154058"
          },
          {
            "db": "PACKETSTORM",
            "id": "156852"
          },
          {
            "db": "PACKETSTORM",
            "id": "154693"
          }
        ],
        "trust": 2.61
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2019-9518",
            "trust": 2.7
          },
          {
            "db": "CERT/CC",
            "id": "VU#605641",
            "trust": 2.5
          },
          {
            "db": "MCAFEE",
            "id": "SB10296",
            "trust": 1.7
          },
          {
            "db": "PACKETSTORM",
            "id": "158651",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201908-940",
            "trust": 0.7
          },
          {
            "db": "PACKETSTORM",
            "id": "155728",
            "trust": 0.7
          },
          {
            "db": "PACKETSTORM",
            "id": "155352",
            "trust": 0.7
          },
          {
            "db": "PACKETSTORM",
            "id": "157214",
            "trust": 0.7
          },
          {
            "db": "PACKETSTORM",
            "id": "156628",
            "trust": 0.7
          },
          {
            "db": "PACKETSTORM",
            "id": "156941",
            "trust": 0.7
          },
          {
            "db": "PACKETSTORM",
            "id": "156852",
            "trust": 0.7
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.1335",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2019.3597.2",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.0832",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.0100",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.2619",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2019.4596",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2019.4238",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2019.4343",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.1427",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.0643",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2019.3597.3",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.0007",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.5666",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.1030",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2019.4586",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2019.4332",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.1076",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2019.4737",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2019.3325",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2019.4645",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2019.3299",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2019.4788",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2019.3412",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2019.4665",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2019.3114",
            "trust": 0.6
          },
          {
            "db": "NSFOCUS",
            "id": "43922",
            "trust": 0.6
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-19-346-01",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022072128",
            "trust": 0.6
          },
          {
            "db": "PACKETSTORM",
            "id": "158650",
            "trust": 0.1
          },
          {
            "db": "VULHUB",
            "id": "VHN-160953",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "154712",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "154058",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "154693",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#605641"
          },
          {
            "db": "VULHUB",
            "id": "VHN-160953"
          },
          {
            "db": "PACKETSTORM",
            "id": "155728"
          },
          {
            "db": "PACKETSTORM",
            "id": "155352"
          },
          {
            "db": "PACKETSTORM",
            "id": "158651"
          },
          {
            "db": "PACKETSTORM",
            "id": "154712"
          },
          {
            "db": "PACKETSTORM",
            "id": "157214"
          },
          {
            "db": "PACKETSTORM",
            "id": "156628"
          },
          {
            "db": "PACKETSTORM",
            "id": "156941"
          },
          {
            "db": "PACKETSTORM",
            "id": "154058"
          },
          {
            "db": "PACKETSTORM",
            "id": "156852"
          },
          {
            "db": "PACKETSTORM",
            "id": "154693"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201908-940"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-9518"
          }
        ]
      },
      "id": "VAR-201908-0261",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-160953"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2024-07-23T20:56:58.444000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "HTTP/2 Remedial measures to achieve security vulnerabilities",
            "trust": 0.6,
            "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=96623"
          }
        ],
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201908-940"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-770",
            "trust": 1.1
          },
          {
            "problemtype": "CWE-400",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-160953"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-9518"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.5,
            "url": "https://github.com/netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md"
          },
          {
            "trust": 2.5,
            "url": "https://www.synology.com/security/advisory/synology_sa_19_33"
          },
          {
            "trust": 2.4,
            "url": "https://access.redhat.com/errata/rhsa-2019:3892"
          },
          {
            "trust": 2.4,
            "url": "https://access.redhat.com/errata/rhsa-2019:4352"
          },
          {
            "trust": 2.3,
            "url": "https://www.debian.org/security/2019/dsa-4520"
          },
          {
            "trust": 1.8,
            "url": "https://access.redhat.com/errata/rhsa-2019:2939"
          },
          {
            "trust": 1.8,
            "url": "https://access.redhat.com/errata/rhsa-2019:2955"
          },
          {
            "trust": 1.8,
            "url": "https://access.redhat.com/errata/rhsa-2020:0727"
          },
          {
            "trust": 1.7,
            "url": "https://seclists.org/bugtraq/2019/aug/24"
          },
          {
            "trust": 1.7,
            "url": "https://seclists.org/bugtraq/2019/sep/18"
          },
          {
            "trust": 1.7,
            "url": "https://kb.cert.org/vuls/id/605641/"
          },
          {
            "trust": 1.7,
            "url": "https://security.netapp.com/advisory/ntap-20190823-0005/"
          },
          {
            "trust": 1.7,
            "url": "http://seclists.org/fulldisclosure/2019/aug/16"
          },
          {
            "trust": 1.7,
            "url": "https://access.redhat.com/errata/rhsa-2019:2925"
          },
          {
            "trust": 1.7,
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00032.html"
          },
          {
            "trust": 1.7,
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00031.html"
          },
          {
            "trust": 1.6,
            "url": "https://blogs.akamai.com/sitr/2019/08/http2-vulnerabilities.html"
          },
          {
            "trust": 1.6,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9518"
          },
          {
            "trust": 1.6,
            "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10296"
          },
          {
            "trust": 1.1,
            "url": "https://support.f5.com/csp/article/k46011592"
          },
          {
            "trust": 1.0,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9514"
          },
          {
            "trust": 1.0,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9515"
          },
          {
            "trust": 1.0,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9512"
          },
          {
            "trust": 1.0,
            "url": "https://lists.apache.org/thread.html/091b518265bce56a16af87b77c8cfacda902a02079e866f9fdf13b61%40%3cusers.trafficserver.apache.org%3e"
          },
          {
            "trust": 1.0,
            "url": "https://lists.apache.org/thread.html/2653c56545573b528f3f6352a29eccaf498bd6fb2a6a59568d81a61d%40%3cannounce.trafficserver.apache.org%3e"
          },
          {
            "trust": 1.0,
            "url": "https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe%40%3ccommits.druid.apache.org%3e"
          },
          {
            "trust": 1.0,
            "url": "https://lists.apache.org/thread.html/ff5b0821a6985159a832ff6d1a4bd311ac07ecc7db1e2d8bab619107%40%3cdev.trafficserver.apache.org%3e"
          },
          {
            "trust": 1.0,
            "url": "https://lists.apache.org/thread.html/r99a625fb17032646d96cd23dec49603ff630e9318e44a686d63046bc%40%3ccommits.cassandra.apache.org%3e"
          },
          {
            "trust": 1.0,
            "url": "https://lists.apache.org/thread.html/rd31230d01fa6aad18bdadc0720acd1747e53690bd35f73a48e7a9b75%40%3ccommits.cassandra.apache.org%3e"
          },
          {
            "trust": 1.0,
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4zqghe3wtylyayjeidjvf2figqtaypmc/"
          },
          {
            "trust": 1.0,
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/cmnfx5mnyrwwimo4btkyqcgudmho3axp/"
          },
          {
            "trust": 1.0,
            "url": "https://support.f5.com/csp/article/k46011592?utm_source=f5support\u0026amp%3butm_medium=rss"
          },
          {
            "trust": 0.9,
            "url": "https://access.redhat.com/security/updates/classification/#important"
          },
          {
            "trust": 0.9,
            "url": "https://access.redhat.com/security/cve/cve-2019-9512"
          },
          {
            "trust": 0.9,
            "url": "https://access.redhat.com/security/cve/cve-2019-9514"
          },
          {
            "trust": 0.9,
            "url": "https://access.redhat.com/security/cve/cve-2019-9515"
          },
          {
            "trust": 0.9,
            "url": "https://access.redhat.com/security/cve/cve-2019-9518"
          },
          {
            "trust": 0.9,
            "url": "https://access.redhat.com/security/team/contact/"
          },
          {
            "trust": 0.9,
            "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
          },
          {
            "trust": 0.9,
            "url": "https://bugzilla.redhat.com/):"
          },
          {
            "trust": 0.8,
            "url": "https://vuls.cert.org/confluence/pages/viewpage.action?pageid=56393752"
          },
          {
            "trust": 0.8,
            "url": "https://tools.ietf.org/html/rfc7540"
          },
          {
            "trust": 0.8,
            "url": "https://tools.ietf.org/html/rfc7541"
          },
          {
            "trust": 0.8,
            "url": "https://blog.cloudflare.com/on-the-recent-http-2-dos-attacks/"
          },
          {
            "trust": 0.8,
            "url": "https://blog.litespeedtech.com/2019/08/15/litespeed-addresses-http-2-dos-advisories/"
          },
          {
            "trust": 0.8,
            "url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-9511https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-9512https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-9513https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-9514https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-9518"
          },
          {
            "trust": 0.7,
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/cmnfx5mnyrwwimo4btkyqcgudmho3axp/"
          },
          {
            "trust": 0.7,
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4zqghe3wtylyayjeidjvf2figqtaypmc/"
          },
          {
            "trust": 0.7,
            "url": "https://lists.apache.org/thread.html/r99a625fb17032646d96cd23dec49603ff630e9318e44a686d63046bc@%3ccommits.cassandra.apache.org%3e"
          },
          {
            "trust": 0.7,
            "url": "https://lists.apache.org/thread.html/rd31230d01fa6aad18bdadc0720acd1747e53690bd35f73a48e7a9b75@%3ccommits.cassandra.apache.org%3e"
          },
          {
            "trust": 0.7,
            "url": "https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe@%3ccommits.druid.apache.org%3e"
          },
          {
            "trust": 0.7,
            "url": "https://lists.apache.org/thread.html/2653c56545573b528f3f6352a29eccaf498bd6fb2a6a59568d81a61d@%3cannounce.trafficserver.apache.org%3e"
          },
          {
            "trust": 0.7,
            "url": "https://lists.apache.org/thread.html/ff5b0821a6985159a832ff6d1a4bd311ac07ecc7db1e2d8bab619107@%3cdev.trafficserver.apache.org%3e"
          },
          {
            "trust": 0.7,
            "url": "https://lists.apache.org/thread.html/091b518265bce56a16af87b77c8cfacda902a02079e866f9fdf13b61@%3cusers.trafficserver.apache.org%3e"
          },
          {
            "trust": 0.6,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9516"
          },
          {
            "trust": 0.6,
            "url": "https://support.f5.com/csp/article/k46011592?utm_source=f5support\u0026utm_medium=rss"
          },
          {
            "trust": 0.6,
            "url": "http2-cves/"
          },
          {
            "trust": 0.6,
            "url": "https://www.cloudfoundry.org/blog/various-"
          },
          {
            "trust": 0.6,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9518"
          },
          {
            "trust": 0.6,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9517"
          },
          {
            "trust": 0.6,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9516"
          },
          {
            "trust": 0.6,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9515"
          },
          {
            "trust": 0.6,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9514"
          },
          {
            "trust": 0.6,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9513"
          },
          {
            "trust": 0.6,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9512"
          },
          {
            "trust": 0.6,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9511"
          },
          {
            "trust": 0.6,
            "url": "https://www.suse.com/support/update/announcement/2019/suse-su-20192260-1.html"
          },
          {
            "trust": 0.6,
            "url": "https://security.business.xerox.com/wp-content/uploads/2019/11/cert_xrx19-029_ffpsv2_win10_securitybulletin_nov2019.pdf"
          },
          {
            "trust": 0.6,
            "url": "https://support.apple.com/en-au/ht210436"
          },
          {
            "trust": 0.6,
            "url": "https://www.suse.com/support/update/announcement/2019/suse-su-20192254-1.html"
          },
          {
            "trust": 0.6,
            "url": "https://support.f5.com/csp/article/k50233772"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/support/pages/node/1126605"
          },
          {
            "trust": 0.6,
            "url": "https://www.suse.com/support/update/announcement/2019/suse-su-201914246-1.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/support/pages/node/1104951"
          },
          {
            "trust": 0.6,
            "url": "https://www.us-cert.gov/ics/advisories/icsa-19-346-01"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/support/pages/node/1109787"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/support/pages/node/1109781"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/support/pages/node/1108515"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/support/pages/node/1109775"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/support/pages/node/1165894"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/support/pages/node/1165906"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/support/pages/node/1135167"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/support/pages/node/1164346"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/support/pages/node/1164364"
          },
          {
            "trust": 0.6,
            "url": "https://www.suse.com/support/update/announcement/2020/suse-su-20200059-1.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-dependent-libraries-affect-ibm-db2-leading-to-denial-of-service-or-privilege-escalation/"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/support/pages/node/1128387"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/157214/red-hat-security-advisory-2020-1445-01.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2019.4788/"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2019.4586/"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-node-js-affect-ibm-spectrum-protect-plus-cve-2019-15606-cve-2019-15604-cve-2019-15605-cve-2019-9511-cve-2019-9516-cve-2019-9512-cve-2019-9517-cve-2019-951/"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2019.4332/"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.0643/"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-have-been-identified-in-db2-that-affect-the-ibm-performance-management-product/"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/support/pages/node/1143454"
          },
          {
            "trust": 0.6,
            "url": "http2-implementation-vulnerablility/"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/blogs/psirt/security-bulletin-websphere-liberty-susceptible-to-"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/155728/red-hat-security-advisory-2019-4352-01.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.2619/"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2019.3114/"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-kubernetes-affect-ibm-infosphere-information-server/"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2019.3299/"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.5666"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-websphere-application-server-liberty-affect-ibm-spectrum-protect-operations-center-and-client-management-service/"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.1335/"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2019.3597.3/"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2019.4737/"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.0832/"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/support/pages/node/1137466"
          },
          {
            "trust": 0.6,
            "url": "https://vigilance.fr/vulnerability/http-2-multiple-vulnerabilities-30040"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-netty-affect-ibm-operations-analytics-predictive-insights-cve-2019-9514-cve-2019-9512-cve-2019-9518-cve-2019-9515/"
          },
          {
            "trust": 0.6,
            "url": "http://www.nsfocus.net/vulndb/43922"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.1076/"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2019.3325/"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/156628/red-hat-security-advisory-2020-0727-01.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-dependent-libraries-affect-ibm-db2-leading-to-denial-of-service-or-privilege-escalation-3/"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/support/pages/node/1127397"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.1427/"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2019.4645/"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2019.3597.2/"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2019.4665/"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-watson-discovery-for-ibm-cloud-pak-for-data-affected-by-vulnerability-in-netty/"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-netty-affect-ibm-netcool-agile-service-manager/"
          },
          {
            "trust": 0.6,
            "url": "https://pivotal.io/security/cve-2019-9517"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-db2-warehouse-has-released-a-fix-in-response-to-multiple-vulnerabilities-found-in-ibm-db2/"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-transformation-advisor-is-affected-by-vulnerabilities-in-websphere-application-server-liberty-cve-2019-9515-cve-2019-9518-cve-2019-9517-cve-2019-9512-cve-2019-9514-c/"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2019.4596/"
          },
          {
            "trust": 0.6,
            "url": "https://support.apple.com/en-us/ht210436"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-in-ibm-websphere-application-server-affect-ibm-sterling-b2b-integrator/"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/156852/red-hat-security-advisory-2020-0922-01.html"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/156941/red-hat-security-advisory-2020-0983-01.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022072128"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-dependent-libraries-affect-ibm-db2-leading-to-denial-of-service-or-privilege-escalation-2/"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-infosphere-information-server-is-affected-by-multiple-vulnerabilities-in-websphere-application-server-liberty/"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/158651/red-hat-security-advisory-2020-3197-01.html"
          },
          {
            "trust": 0.6,
            "url": "https://portal.msrc.microsoft.com/zh-cn/security-guidance/advisory/cve-2019-9518"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/support/pages/node/1150960"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2019.4343/"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.0100/"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/support/pages/node/1167160"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.0007/"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2019.4238/"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2019.3412/"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/155352/red-hat-security-advisory-2019-3892-01.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/support/pages/node/1165852"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.1030/"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/support/pages/node/1127853"
          },
          {
            "trust": 0.5,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9517"
          },
          {
            "trust": 0.5,
            "url": "https://access.redhat.com/security/cve/cve-2019-9517"
          },
          {
            "trust": 0.5,
            "url": "https://access.redhat.com/security/cve/cve-2019-9516"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2019-16869"
          },
          {
            "trust": 0.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-16869"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2019-9511"
          },
          {
            "trust": 0.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9511"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2019-10173"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-10173"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20444"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2019-20445"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2019-20444"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2020-7238"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20445"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9513"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2019-9513"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-0201"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-12384"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2019-0201"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2019-12384"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/articles/11258"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/team/key/"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2019-0222"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-10247"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-0222"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-7238"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-10241"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2019-10247"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2019-10241"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-10174"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14379"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2019-10184"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2019-3888"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-3888"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-10184"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2019-10174"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2019-14379"
          },
          {
            "trust": 0.1,
            "url": "https://kc.mcafee.com/corporate/index?page=content\u0026amp;id=sb10296"
          },
          {
            "trust": 0.1,
            "url": "https://support.f5.com/csp/article/k46011592?utm_source=f5support\u0026amp;amp;utm_medium=rss"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=jboss.fuse\u0026downloadtype=securitypatches\u0026version=6.3"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=jboss.amq.broker\u0026downloadtype=securitypatches\u0026version=6.3.0"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_fuse/6.3/html/release_notes/index"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-11796"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-0204"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-15095"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2018-19360"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2018-8034"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14720"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2018-14718"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14718"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-19361"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2018-14719"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14719"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-12022"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2018-14720"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2018-1000850"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=jboss.fuse\u0026version=7.5.0"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-1000850"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-12023"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-17485"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-8009"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-8034"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/documentation/en-us/red_hat_fuse/7.5/"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-19360"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-11775"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2018-11796"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2018-19362"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-1131"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2018-1131"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-19362"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-0204"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2018-12023"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2018-14721"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2018-12022"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2018-11775"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-11307"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14721"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-14860"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2017-17485"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2017-15095"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2018-8009"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2018-11307"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14860"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2018-19361"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-14060"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-11112"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-12406"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-9547"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/documentation/en-us/red_hat_process_automation_manager/7.8/html/release_notes_for_red_hat_process_automation_manager_7.8/index"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-11113"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-10968"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-17573"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-1718"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-9546"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-14060"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-13990"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-11620"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-10672"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=rhpam\u0026version=7.8.0"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-12406"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-17573"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-11612"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2020:3197"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20330"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-14061"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-11619"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-10673"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-1718"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-9548"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-10086"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-10086"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-13990"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-14062"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-8840"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-10672"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-11619"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-10969"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-11620"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-11111"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-20330"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-12423"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-11112"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-11612"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-12423"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-10968"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-11111"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-10969"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-14061"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-11113"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-14062"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-10673"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=jboss.amq.broker\u0026version=7.4.3"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2020:1445"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/documentation/en-us/red_hat_amq/7.4/"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2018-14335"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product\\xdata.grid\u0026downloadtype=patches\u0026version=7.3"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-10212"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-10212"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/documentation/en-us/red_hat_data_grid/7.3/html-single/red_hat_data_grid_7.3_release_notes/index"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-3805"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14335"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-3805"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2015-9251"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-11771"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-5427"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-12422"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-5929"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-12422"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14439"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-11272"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/documentation/en-us/red_hat_fuse/7.6/"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-17570"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-17570"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=jboss.fuse\u0026version=7.6.0"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2017-5929"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2018-11771"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-14439"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-3802"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-12814"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2018-15756"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-5427"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-15756"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-9251"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2017-16012"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-11272"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-3802"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-12814"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-16012"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2020:0983"
          },
          {
            "trust": 0.1,
            "url": "https://support.apple.com/kb/ht201222"
          },
          {
            "trust": 0.1,
            "url": "https://www.apple.com/support/security/pgp/"
          },
          {
            "trust": 0.1,
            "url": "https://github.com/apple/swift-nio-http2/releases/tag/1.5.0."
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/documentation/en-us/red_hat_amq/7.6/"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=jboss.amq.broker\u0026version=7.6.0\u0026productchanged=yes"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2020:0922"
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#605641"
          },
          {
            "db": "VULHUB",
            "id": "VHN-160953"
          },
          {
            "db": "PACKETSTORM",
            "id": "155728"
          },
          {
            "db": "PACKETSTORM",
            "id": "155352"
          },
          {
            "db": "PACKETSTORM",
            "id": "158651"
          },
          {
            "db": "PACKETSTORM",
            "id": "154712"
          },
          {
            "db": "PACKETSTORM",
            "id": "157214"
          },
          {
            "db": "PACKETSTORM",
            "id": "156628"
          },
          {
            "db": "PACKETSTORM",
            "id": "156941"
          },
          {
            "db": "PACKETSTORM",
            "id": "154058"
          },
          {
            "db": "PACKETSTORM",
            "id": "156852"
          },
          {
            "db": "PACKETSTORM",
            "id": "154693"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201908-940"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-9518"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CERT/CC",
            "id": "VU#605641"
          },
          {
            "db": "VULHUB",
            "id": "VHN-160953"
          },
          {
            "db": "PACKETSTORM",
            "id": "155728"
          },
          {
            "db": "PACKETSTORM",
            "id": "155352"
          },
          {
            "db": "PACKETSTORM",
            "id": "158651"
          },
          {
            "db": "PACKETSTORM",
            "id": "154712"
          },
          {
            "db": "PACKETSTORM",
            "id": "157214"
          },
          {
            "db": "PACKETSTORM",
            "id": "156628"
          },
          {
            "db": "PACKETSTORM",
            "id": "156941"
          },
          {
            "db": "PACKETSTORM",
            "id": "154058"
          },
          {
            "db": "PACKETSTORM",
            "id": "156852"
          },
          {
            "db": "PACKETSTORM",
            "id": "154693"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201908-940"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-9518"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-08-13T00:00:00",
            "db": "CERT/CC",
            "id": "VU#605641"
          },
          {
            "date": "2019-08-13T00:00:00",
            "db": "VULHUB",
            "id": "VHN-160953"
          },
          {
            "date": "2019-12-19T22:07:40",
            "db": "PACKETSTORM",
            "id": "155728"
          },
          {
            "date": "2019-11-15T16:16:10",
            "db": "PACKETSTORM",
            "id": "155352"
          },
          {
            "date": "2020-07-29T17:53:05",
            "db": "PACKETSTORM",
            "id": "158651"
          },
          {
            "date": "2019-10-02T15:03:59",
            "db": "PACKETSTORM",
            "id": "154712"
          },
          {
            "date": "2020-04-14T15:39:41",
            "db": "PACKETSTORM",
            "id": "157214"
          },
          {
            "date": "2020-03-05T14:41:17",
            "db": "PACKETSTORM",
            "id": "156628"
          },
          {
            "date": "2020-03-27T13:16:40",
            "db": "PACKETSTORM",
            "id": "156941"
          },
          {
            "date": "2019-08-14T22:22:22",
            "db": "PACKETSTORM",
            "id": "154058"
          },
          {
            "date": "2020-03-23T15:57:42",
            "db": "PACKETSTORM",
            "id": "156852"
          },
          {
            "date": "2019-09-30T22:22:22",
            "db": "PACKETSTORM",
            "id": "154693"
          },
          {
            "date": "2019-08-13T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201908-940"
          },
          {
            "date": "2019-08-13T21:15:13.003000",
            "db": "NVD",
            "id": "CVE-2019-9518"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-11-19T00:00:00",
            "db": "CERT/CC",
            "id": "VU#605641"
          },
          {
            "date": "2020-10-22T00:00:00",
            "db": "VULHUB",
            "id": "VHN-160953"
          },
          {
            "date": "2022-11-09T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201908-940"
          },
          {
            "date": "2023-11-07T03:13:43.380000",
            "db": "NVD",
            "id": "CVE-2019-9518"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201908-940"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "HTTP/2 implementations do not robustly handle abnormal traffic and resource exhaustion",
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#605641"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "resource management error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201908-940"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201908-0266

    Vulnerability from variot - Updated: 2024-07-23 20:13

    Some HTTP/2 implementations are vulnerable to a header leak, potentially leading to a denial of service. The attacker sends a stream of headers with a 0-length header name and 0-length header value, optionally Huffman encoded into 1-byte or greater headers. Some implementations allocate memory for these headers and keep the allocation alive until the session dies. This can consume excess memory. Multiple HTTP/2 implementations are vulnerable to a variety of denial-of-service (DoS) attacks. Apple SwiftNIO Used in products such as HTTP/2 Contains a resource exhaustion vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. HTTP/2 is the second version of the hypertext transfer protocol, which is mainly used to ensure the communication between the client and the server. A resource management error vulnerability exists in HTTP/2. A vulnerability in the HTTP/2 implementation of Nginx could allow an unauthenticated, remote malicious user to cause a denial of service (DoS) condition on a targeted system. The vulnerability is due to improper parsing of zero length headers by the affected software that could lead to excessive CPU usage. An attacker could exploit this vulnerability by sending a request that submits malicious input to an affected system. A successful exploit could result in a DoS condition on the targeted system. nginx.org has confirmed the vulnerability and released software updates.

    For the oldstable distribution (stretch), these problems have been fixed in version 1.10.3-1+deb9u3.

    For the stable distribution (buster), these problems have been fixed in version 1.14.2-2+deb10u1.

    We recommend that you upgrade your nginx packages.

    For the detailed security status of nginx please refer to its security tracker page at: https://security-tracker.debian.org/tracker/nginx

    Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/

    Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----

    iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl1e7q4ACgkQEMKTtsN8 TjanPg/+JLLuKVdUDpVPFNkX1ckmT5gsoCwzGz3ybhcDMxbf7jD8jtmXFiGFn4fP MXsx6MgrRZn3hq+2VF6MKZjKh9n1hBX38PkqjHKEtV6Xzor97xxLH0rrMlBMEQ7y rz96YTffJfcj+ykI3Vlye1GGDEiKyu0vWgoutXH3i8GUYFyDk//HQdI0eJLQhkfo TMRdbAKmMGeMt/8tSz4G0wewdxc9xjNwE1lKkV22JbT6t656f5QtvOLxt2HvM5c4 gFtFFBv7e1ymh0CKz4VxOxjEH+4ogx5HfzcYP2LjaZJsCFOw8ZUbdieFhlF0R2jH vskBuYLPa/djYHoZ55KY/WTmTsn72y7ZEuQcAdiHRVjg6wRFaum/KkdwutBBCeEj odvrGUcgdLLx4uAC7JOt9HME77Rgu1wTnx3l9L3QCwxIXpHqL8zOuSrSKYDuntDT agQ/awapEYYK5IAgo7YGkhHHHbTSLQ2UX9KfmyoPXJ+H9Vl/XjGhPwdDSEYNqrE9 IKQ8gaFCVOgjJo8lTa5NBsvxa08Gh6jQGZo8Rgfjs4KvUS847Cpb086BvU9pMs36 46+cLbkJ2jkfMLd4slZ5Gf2wkagUJmeZD5O7bY90Szs/IUOJez0LWaN3l7VSMtvY a3a/Y53cX1QYt60eiE6x/ifraOHzcsJglrUNmK8VPfJ9tSTFhWY=+ZOE -----END PGP SIGNATURE----- . Description:

    This release adds the new Apache HTTP Server 2.4.37 packages that are part of the JBoss Core Services offering.

    This release serves as a replacement for Red Hat JBoss Core Services Pack Apache Server 2.4.29 and includes bug fixes and enhancements. Refer to the Release Notes for information on the most significant bug fixes and enhancements included in this release. After installing the updated packages, the httpd daemon will be restarted automatically. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

    ====================================================================
    Red Hat Security Advisory

    Synopsis: Important: rh-nginx110-nginx security update Advisory ID: RHSA-2019:2745-01 Product: Red Hat Software Collections Advisory URL: https://access.redhat.com/errata/RHSA-2019:2745 Issue date: 2019-09-12 CVE Names: CVE-2019-9511 CVE-2019-9513 CVE-2019-9516 ==================================================================== 1. Summary:

    An update for rh-nginx110-nginx is now available for Red Hat Software Collections.

    Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

    1. Relevant releases/architectures:

    Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - x86_64

    1. Description:

    nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage.

    Security Fix(es):

    • HTTP/2: large amount of data request leads to denial of service (CVE-2019-9511)

    • HTTP/2: flood using PRIORITY frames resulting in excessive resource consumption (CVE-2019-9513)

    • HTTP/2: 0-length headers leads to denial of service (CVE-2019-9516)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

    1. Solution:

    For details on how to apply this update, which includes the changes described in this advisory, refer to:

    https://access.redhat.com/articles/11258

    The rh-nginx110-nginx service must be restarted for this update to take effect.

    1. Bugs fixed (https://bugzilla.redhat.com/):

    1735741 - CVE-2019-9513 HTTP/2: flood using PRIORITY frames resulting in excessive resource consumption 1741860 - CVE-2019-9511 HTTP/2: large amount of data request leads to denial of service 1741864 - CVE-2019-9516 HTTP/2: 0-length headers leads to denial of service

    1. Package List:

    Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6):

    Source: rh-nginx110-nginx-1.10.2-9.el6.1.src.rpm

    x86_64: rh-nginx110-nginx-1.10.2-9.el6.1.x86_64.rpm rh-nginx110-nginx-debuginfo-1.10.2-9.el6.1.x86_64.rpm rh-nginx110-nginx-mod-http-image-filter-1.10.2-9.el6.1.x86_64.rpm rh-nginx110-nginx-mod-http-perl-1.10.2-9.el6.1.x86_64.rpm rh-nginx110-nginx-mod-http-xslt-filter-1.10.2-9.el6.1.x86_64.rpm rh-nginx110-nginx-mod-mail-1.10.2-9.el6.1.x86_64.rpm rh-nginx110-nginx-mod-stream-1.10.2-9.el6.1.x86_64.rpm

    Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6):

    Source: rh-nginx110-nginx-1.10.2-9.el6.1.src.rpm

    x86_64: rh-nginx110-nginx-1.10.2-9.el6.1.x86_64.rpm rh-nginx110-nginx-debuginfo-1.10.2-9.el6.1.x86_64.rpm rh-nginx110-nginx-mod-http-image-filter-1.10.2-9.el6.1.x86_64.rpm rh-nginx110-nginx-mod-http-perl-1.10.2-9.el6.1.x86_64.rpm rh-nginx110-nginx-mod-http-xslt-filter-1.10.2-9.el6.1.x86_64.rpm rh-nginx110-nginx-mod-mail-1.10.2-9.el6.1.x86_64.rpm rh-nginx110-nginx-mod-stream-1.10.2-9.el6.1.x86_64.rpm

    Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):

    Source: rh-nginx110-nginx-1.10.2-9.el7.1.src.rpm

    x86_64: rh-nginx110-nginx-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-debuginfo-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-mod-http-image-filter-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-mod-http-perl-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-mod-http-xslt-filter-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-mod-mail-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-mod-stream-1.10.2-9.el7.1.x86_64.rpm

    Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4):

    Source: rh-nginx110-nginx-1.10.2-9.el7.1.src.rpm

    x86_64: rh-nginx110-nginx-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-debuginfo-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-mod-http-image-filter-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-mod-http-perl-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-mod-http-xslt-filter-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-mod-mail-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-mod-stream-1.10.2-9.el7.1.x86_64.rpm

    Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5):

    Source: rh-nginx110-nginx-1.10.2-9.el7.1.src.rpm

    x86_64: rh-nginx110-nginx-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-debuginfo-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-mod-http-image-filter-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-mod-http-perl-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-mod-http-xslt-filter-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-mod-mail-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-mod-stream-1.10.2-9.el7.1.x86_64.rpm

    Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6):

    Source: rh-nginx110-nginx-1.10.2-9.el7.1.src.rpm

    x86_64: rh-nginx110-nginx-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-debuginfo-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-mod-http-image-filter-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-mod-http-perl-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-mod-http-xslt-filter-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-mod-mail-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-mod-stream-1.10.2-9.el7.1.x86_64.rpm

    Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7):

    Source: rh-nginx110-nginx-1.10.2-9.el7.1.src.rpm

    x86_64: rh-nginx110-nginx-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-debuginfo-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-mod-http-image-filter-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-mod-http-perl-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-mod-http-xslt-filter-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-mod-mail-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-mod-stream-1.10.2-9.el7.1.x86_64.rpm

    Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):

    Source: rh-nginx110-nginx-1.10.2-9.el7.1.src.rpm

    x86_64: rh-nginx110-nginx-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-debuginfo-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-mod-http-image-filter-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-mod-http-perl-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-mod-http-xslt-filter-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-mod-mail-1.10.2-9.el7.1.x86_64.rpm rh-nginx110-nginx-mod-stream-1.10.2-9.el7.1.x86_64.rpm

    These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

    1. References:

    https://access.redhat.com/security/cve/CVE-2019-9511 https://access.redhat.com/security/cve/CVE-2019-9513 https://access.redhat.com/security/cve/CVE-2019-9516 https://access.redhat.com/security/updates/classification/#important

    1. Contact:

    The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

    Copyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

    iQIVAwUBXXoyktzjgjWX9erEAQhqVxAApUw26k8XmcjEQM1gNlPgcNvj98eqGOxP vsQLEYCjMQuNtZdeZdgSGv1RLdIxK60CByHpOpy4HVa2cN96CLTDl+cRd2l5JyK2 mVCGTg6Iyin0Vp0gRLG8xwUZqiqfwRRmdvFaK2YD8sH3ykBAheg3udRBr11/l8X+ 4kBCmOttfl0ZTNe/VBi8j5l8bpSZm2W9Hw0gzdzFikI8ScPSOzZkmgRXT3LBCt2k rNGGNrrJLOC9jqwsNea6WXIpmTIdbtiAnL6V22adVjdBGkoJBxe79pqdgvJNYC14 ENl1NKX0UEidrYZ/PS6YtCnFNEpsONM43ZtHliEzMxYCnk/pQNAx4iArdf81tKG6 uglPwQlgaEJm+/2Nnlst07cABT9boYOUcGiKpQhzzs9QuABqJN1u2ZgTDmQkq9gU BGuV3ejUHRHlYuMyNNS/L9SLDAHptsCEzpEzr8Vl4T+m1ah9+AUeI+PqgO1n/1Nl Omt/g+f6ErlKMF2Jf8VkuYnLroqptZefYQJ1+mP9PhYYCh7jw3r00xi036SNeR/0 Elhvl6t48tYTZogIaOetCuJGgukluOPlYBJAlj2/pQjWlAWAYvvb5ha0fitXbDJR LF0KoJoT/6yZLD+XAuHkM9j7spA0iND1czI5j1Ay6R6DnsGAubJxdB4L0RRQ2U7X zMtgbVh8BNU=zH69 -----END PGP SIGNATURE-----

    -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . JIRA issues fixed (https://issues.jboss.org/):

    JBCS-826 - Rebase nghttp2 to 1.39.2

    1. 8) - aarch64, noarch, ppc64le, s390x, x86_64

    2. Description:

    AMQ Broker is a high-performance messaging implementation based on ActiveMQ Artemis. It uses an asynchronous journal for fast message persistence, and supports multiple languages, protocols, and platforms. Solution:

    Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.

    The References section of this erratum contains a download link (you must log in to download the update). 7) - noarch, x86_64

    1. Description:

    Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language.

    The following packages have been upgraded to a later upstream version: rh-nodejs10-nodejs (10.16.3)

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201908-0266",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "leap",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "opensuse",
            "version": "15.1"
          },
          {
            "model": "linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "debian",
            "version": "10.0"
          },
          {
            "model": "web gateway",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "mcafee",
            "version": "7.7.2.0"
          },
          {
            "model": "web gateway",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "mcafee",
            "version": "7.7.2.24"
          },
          {
            "model": "vs960hd",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "synology",
            "version": null
          },
          {
            "model": "fedora",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "fedoraproject",
            "version": "32"
          },
          {
            "model": "node.js",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "nodejs",
            "version": "8.16.1"
          },
          {
            "model": "openshift service mesh",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": "1.0"
          },
          {
            "model": "software collections",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": "1.0"
          },
          {
            "model": "fedora",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "fedoraproject",
            "version": "29"
          },
          {
            "model": "graalvm",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "19.2.0"
          },
          {
            "model": "node.js",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "nodejs",
            "version": "10.0.0"
          },
          {
            "model": "jboss enterprise application platform",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": "7.2.0"
          },
          {
            "model": "web gateway",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "mcafee",
            "version": "8.2.0"
          },
          {
            "model": "nginx",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "1.17.0"
          },
          {
            "model": "jboss enterprise application platform",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": "7.3.0"
          },
          {
            "model": "node.js",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "nodejs",
            "version": "12.0.0"
          },
          {
            "model": "nginx",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "1.17.2"
          },
          {
            "model": "traffic server",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "apache",
            "version": "8.0.0"
          },
          {
            "model": "node.js",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "nodejs",
            "version": "8.0.0"
          },
          {
            "model": "diskstation manager",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "synology",
            "version": "6.2"
          },
          {
            "model": "node.js",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "nodejs",
            "version": "12.8.1"
          },
          {
            "model": "swiftnio",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "apple",
            "version": "1.4.0"
          },
          {
            "model": "traffic server",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "apache",
            "version": "7.0.0"
          },
          {
            "model": "quay",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": "3.0.0"
          },
          {
            "model": "linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "debian",
            "version": "9.0"
          },
          {
            "model": "jboss core services",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": "1.0"
          },
          {
            "model": "traffic server",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "apache",
            "version": "7.1.6"
          },
          {
            "model": "enterprise linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": "8.0"
          },
          {
            "model": "web gateway",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "mcafee",
            "version": "8.1.0"
          },
          {
            "model": "node.js",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "nodejs",
            "version": "10.16.3"
          },
          {
            "model": "nginx",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "1.9.5"
          },
          {
            "model": "leap",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "opensuse",
            "version": "15.0"
          },
          {
            "model": "ubuntu linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "canonical",
            "version": "16.04"
          },
          {
            "model": "traffic server",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "apache",
            "version": "8.0.3"
          },
          {
            "model": "fedora",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "fedoraproject",
            "version": "30"
          },
          {
            "model": "web gateway",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "mcafee",
            "version": "7.8.2.13"
          },
          {
            "model": "ubuntu linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "canonical",
            "version": "18.04"
          },
          {
            "model": "skynas",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "synology",
            "version": null
          },
          {
            "model": "nginx",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "1.16.1"
          },
          {
            "model": "swiftnio",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "apple",
            "version": "1.0.0"
          },
          {
            "model": "web gateway",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "mcafee",
            "version": "7.8.2.0"
          },
          {
            "model": "ubuntu linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "canonical",
            "version": "19.04"
          },
          {
            "model": "traffic server",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "apache",
            "version": "6.0.0"
          },
          {
            "model": "traffic server",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "apache",
            "version": "6.2.3"
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "akamai",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "amazon",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "apache traffic server",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "apple",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "cloudflare",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "envoy",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "facebook",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "go programming language",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "litespeed",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "microsoft",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "netty",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "node js",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "synology",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "twisted",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "ubuntu",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "grpc",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "nghttp2",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "nginx",
            "version": null
          },
          {
            "model": "traffic server",
            "scope": null,
            "trust": 0.8,
            "vendor": "apache",
            "version": null
          },
          {
            "model": "ubuntu",
            "scope": null,
            "trust": 0.8,
            "vendor": "canonical",
            "version": null
          },
          {
            "model": "gnu/linux",
            "scope": null,
            "trust": 0.8,
            "vendor": "debian",
            "version": null
          },
          {
            "model": "fedora",
            "scope": null,
            "trust": 0.8,
            "vendor": "fedora",
            "version": null
          },
          {
            "model": "diskstation manager",
            "scope": null,
            "trust": 0.8,
            "vendor": "synology",
            "version": null
          },
          {
            "model": "skynas",
            "scope": null,
            "trust": 0.8,
            "vendor": "synology",
            "version": null
          },
          {
            "model": "vs960hd",
            "scope": null,
            "trust": 0.8,
            "vendor": "synology",
            "version": null
          },
          {
            "model": "swiftnio",
            "scope": null,
            "trust": 0.8,
            "vendor": "apple",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#605641"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-008116"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-9516"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:a:apple:swiftnio:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "1.4.0",
                        "versionStartIncluding": "1.0.0",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionStartIncluding": "10.12",
                        "vulnerable": false
                      },
                      {
                        "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionStartIncluding": "14.04",
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "8.0.3",
                    "versionStartIncluding": "8.0.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "7.1.6",
                    "versionStartIncluding": "7.0.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "6.2.3",
                    "versionStartIncluding": "6.0.0",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:synology:skynas:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:synology:diskstation_manager:6.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:synology:vs960hd_firmware:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:synology:vs960hd:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:redhat:software_collections:1.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:redhat:jboss_core_services:1.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.2.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:redhat:quay:3.0.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:redhat:openshift_service_mesh:1.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.3.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:oracle:graalvm:19.2.0:*:*:*:enterprise:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:mcafee:web_gateway:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "7.7.2.24",
                    "versionStartIncluding": "7.7.2.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:mcafee:web_gateway:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "7.8.2.13",
                    "versionStartIncluding": "7.8.2.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:mcafee:web_gateway:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "8.2.0",
                    "versionStartIncluding": "8.1.0",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "1.16.1",
                    "versionStartIncluding": "1.9.5",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "1.17.2",
                    "versionStartIncluding": "1.17.0",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "12.8.1",
                    "versionStartIncluding": "12.0.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "8.16.1",
                    "versionStartIncluding": "8.0.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "10.16.3",
                    "versionStartIncluding": "10.0.0",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2019-9516"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Red Hat",
        "sources": [
          {
            "db": "PACKETSTORM",
            "id": "154712"
          },
          {
            "db": "PACKETSTORM",
            "id": "155417"
          },
          {
            "db": "PACKETSTORM",
            "id": "154470"
          },
          {
            "db": "PACKETSTORM",
            "id": "154697"
          },
          {
            "db": "PACKETSTORM",
            "id": "157214"
          },
          {
            "db": "PACKETSTORM",
            "id": "154533"
          },
          {
            "db": "PACKETSTORM",
            "id": "156852"
          },
          {
            "db": "PACKETSTORM",
            "id": "154693"
          }
        ],
        "trust": 0.8
      },
      "cve": "CVE-2019-9516",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "NVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 6.8,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.0,
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "MEDIUM",
                "trust": 1.0,
                "userInteractionRequired": false,
                "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:C",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "Complete",
                "baseScore": 7.8,
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "CVE-2019-9516",
                "impactScore": null,
                "integrityImpact": "None",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "High",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.8,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "VHN-160951",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:C",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "VULMON",
                "availabilityImpact": "COMPLETE",
                "baseScore": 6.8,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.0,
                "id": "CVE-2019-9516",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "MEDIUM",
                "trust": 0.1,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "NVD",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 2.8,
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "cret@cert.org",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 3.9,
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 7.5,
                "baseSeverity": "High",
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "CVE-2019-9516",
                "impactScore": null,
                "integrityImpact": "None",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2019-9516",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "cret@cert.org",
                "id": "CVE-2019-9516",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2019-9516",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201908-938",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-160951",
                "trust": 0.1,
                "value": "HIGH"
              },
              {
                "author": "VULMON",
                "id": "CVE-2019-9516",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-160951"
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-9516"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-008116"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201908-938"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-9516"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-9516"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Some HTTP/2 implementations are vulnerable to a header leak, potentially leading to a denial of service. The attacker sends a stream of headers with a 0-length header name and 0-length header value, optionally Huffman encoded into 1-byte or greater headers. Some implementations allocate memory for these headers and keep the allocation alive until the session dies. This can consume excess memory. Multiple HTTP/2 implementations are vulnerable to a variety of denial-of-service (DoS) attacks. Apple SwiftNIO Used in products such as HTTP/2 Contains a resource exhaustion vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. HTTP/2 is the second version of the hypertext transfer protocol, which is mainly used to ensure the communication between the client and the server. A resource management error vulnerability exists in HTTP/2. A vulnerability in the HTTP/2 implementation of Nginx could allow an unauthenticated, remote malicious user to cause a denial of service (DoS) condition on a targeted system. \nThe vulnerability is due to improper parsing of zero length headers by the affected software that could lead to excessive CPU usage.  An attacker could exploit this vulnerability by sending a request that\nsubmits malicious input to an affected system. A successful exploit\ncould result in a DoS condition on the targeted system. \nnginx.org has confirmed the vulnerability and released software updates. \n\nFor the oldstable distribution (stretch), these problems have been fixed\nin version 1.10.3-1+deb9u3. \n\nFor the stable distribution (buster), these problems have been fixed in\nversion 1.14.2-2+deb10u1. \n\nWe recommend that you upgrade your nginx packages. \n\nFor the detailed security status of nginx please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/nginx\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl1e7q4ACgkQEMKTtsN8\nTjanPg/+JLLuKVdUDpVPFNkX1ckmT5gsoCwzGz3ybhcDMxbf7jD8jtmXFiGFn4fP\nMXsx6MgrRZn3hq+2VF6MKZjKh9n1hBX38PkqjHKEtV6Xzor97xxLH0rrMlBMEQ7y\nrz96YTffJfcj+ykI3Vlye1GGDEiKyu0vWgoutXH3i8GUYFyDk//HQdI0eJLQhkfo\nTMRdbAKmMGeMt/8tSz4G0wewdxc9xjNwE1lKkV22JbT6t656f5QtvOLxt2HvM5c4\ngFtFFBv7e1ymh0CKz4VxOxjEH+4ogx5HfzcYP2LjaZJsCFOw8ZUbdieFhlF0R2jH\nvskBuYLPa/djYHoZ55KY/WTmTsn72y7ZEuQcAdiHRVjg6wRFaum/KkdwutBBCeEj\nodvrGUcgdLLx4uAC7JOt9HME77Rgu1wTnx3l9L3QCwxIXpHqL8zOuSrSKYDuntDT\nagQ/awapEYYK5IAgo7YGkhHHHbTSLQ2UX9KfmyoPXJ+H9Vl/XjGhPwdDSEYNqrE9\nIKQ8gaFCVOgjJo8lTa5NBsvxa08Gh6jQGZo8Rgfjs4KvUS847Cpb086BvU9pMs36\n46+cLbkJ2jkfMLd4slZ5Gf2wkagUJmeZD5O7bY90Szs/IUOJez0LWaN3l7VSMtvY\na3a/Y53cX1QYt60eiE6x/ifraOHzcsJglrUNmK8VPfJ9tSTFhWY=+ZOE\n-----END PGP SIGNATURE-----\n. Description:\n\nThis release adds the new Apache HTTP Server 2.4.37 packages that are part\nof the JBoss Core Services offering. \n\nThis release serves as a replacement for Red Hat JBoss Core Services Pack\nApache Server 2.4.29 and includes bug fixes and enhancements. Refer to the\nRelease Notes for information on the most significant bug fixes and\nenhancements included in this release. After installing the updated\npackages, the httpd daemon will be restarted automatically. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n====================================================================                   \nRed Hat Security Advisory\n\nSynopsis:          Important: rh-nginx110-nginx security update\nAdvisory ID:       RHSA-2019:2745-01\nProduct:           Red Hat Software Collections\nAdvisory URL:      https://access.redhat.com/errata/RHSA-2019:2745\nIssue date:        2019-09-12\nCVE Names:         CVE-2019-9511 CVE-2019-9513 CVE-2019-9516\n====================================================================\n1. Summary:\n\nAn update for rh-nginx110-nginx is now available for Red Hat Software\nCollections. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - x86_64\n\n3. Description:\n\nnginx is a web and proxy server supporting HTTP and other protocols, with a\nfocus on high concurrency, performance, and low memory usage. \n\nSecurity Fix(es):\n\n* HTTP/2: large amount of data request leads to denial of service\n(CVE-2019-9511)\n\n* HTTP/2: flood using PRIORITY frames resulting in excessive resource\nconsumption (CVE-2019-9513)\n\n* HTTP/2: 0-length headers leads to denial of service (CVE-2019-9516)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe rh-nginx110-nginx service must be restarted for this update to take\neffect. \n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1735741 - CVE-2019-9513 HTTP/2: flood using PRIORITY frames resulting in excessive resource consumption\n1741860 - CVE-2019-9511 HTTP/2: large amount of data request leads to denial of service\n1741864 - CVE-2019-9516 HTTP/2: 0-length headers leads to denial of service\n\n6. Package List:\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 6):\n\nSource:\nrh-nginx110-nginx-1.10.2-9.el6.1.src.rpm\n\nx86_64:\nrh-nginx110-nginx-1.10.2-9.el6.1.x86_64.rpm\nrh-nginx110-nginx-debuginfo-1.10.2-9.el6.1.x86_64.rpm\nrh-nginx110-nginx-mod-http-image-filter-1.10.2-9.el6.1.x86_64.rpm\nrh-nginx110-nginx-mod-http-perl-1.10.2-9.el6.1.x86_64.rpm\nrh-nginx110-nginx-mod-http-xslt-filter-1.10.2-9.el6.1.x86_64.rpm\nrh-nginx110-nginx-mod-mail-1.10.2-9.el6.1.x86_64.rpm\nrh-nginx110-nginx-mod-stream-1.10.2-9.el6.1.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6):\n\nSource:\nrh-nginx110-nginx-1.10.2-9.el6.1.src.rpm\n\nx86_64:\nrh-nginx110-nginx-1.10.2-9.el6.1.x86_64.rpm\nrh-nginx110-nginx-debuginfo-1.10.2-9.el6.1.x86_64.rpm\nrh-nginx110-nginx-mod-http-image-filter-1.10.2-9.el6.1.x86_64.rpm\nrh-nginx110-nginx-mod-http-perl-1.10.2-9.el6.1.x86_64.rpm\nrh-nginx110-nginx-mod-http-xslt-filter-1.10.2-9.el6.1.x86_64.rpm\nrh-nginx110-nginx-mod-mail-1.10.2-9.el6.1.x86_64.rpm\nrh-nginx110-nginx-mod-stream-1.10.2-9.el6.1.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-nginx110-nginx-1.10.2-9.el7.1.src.rpm\n\nx86_64:\nrh-nginx110-nginx-1.10.2-9.el7.1.x86_64.rpm\nrh-nginx110-nginx-debuginfo-1.10.2-9.el7.1.x86_64.rpm\nrh-nginx110-nginx-mod-http-image-filter-1.10.2-9.el7.1.x86_64.rpm\nrh-nginx110-nginx-mod-http-perl-1.10.2-9.el7.1.x86_64.rpm\nrh-nginx110-nginx-mod-http-xslt-filter-1.10.2-9.el7.1.x86_64.rpm\nrh-nginx110-nginx-mod-mail-1.10.2-9.el7.1.x86_64.rpm\nrh-nginx110-nginx-mod-stream-1.10.2-9.el7.1.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4):\n\nSource:\nrh-nginx110-nginx-1.10.2-9.el7.1.src.rpm\n\nx86_64:\nrh-nginx110-nginx-1.10.2-9.el7.1.x86_64.rpm\nrh-nginx110-nginx-debuginfo-1.10.2-9.el7.1.x86_64.rpm\nrh-nginx110-nginx-mod-http-image-filter-1.10.2-9.el7.1.x86_64.rpm\nrh-nginx110-nginx-mod-http-perl-1.10.2-9.el7.1.x86_64.rpm\nrh-nginx110-nginx-mod-http-xslt-filter-1.10.2-9.el7.1.x86_64.rpm\nrh-nginx110-nginx-mod-mail-1.10.2-9.el7.1.x86_64.rpm\nrh-nginx110-nginx-mod-stream-1.10.2-9.el7.1.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5):\n\nSource:\nrh-nginx110-nginx-1.10.2-9.el7.1.src.rpm\n\nx86_64:\nrh-nginx110-nginx-1.10.2-9.el7.1.x86_64.rpm\nrh-nginx110-nginx-debuginfo-1.10.2-9.el7.1.x86_64.rpm\nrh-nginx110-nginx-mod-http-image-filter-1.10.2-9.el7.1.x86_64.rpm\nrh-nginx110-nginx-mod-http-perl-1.10.2-9.el7.1.x86_64.rpm\nrh-nginx110-nginx-mod-http-xslt-filter-1.10.2-9.el7.1.x86_64.rpm\nrh-nginx110-nginx-mod-mail-1.10.2-9.el7.1.x86_64.rpm\nrh-nginx110-nginx-mod-stream-1.10.2-9.el7.1.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6):\n\nSource:\nrh-nginx110-nginx-1.10.2-9.el7.1.src.rpm\n\nx86_64:\nrh-nginx110-nginx-1.10.2-9.el7.1.x86_64.rpm\nrh-nginx110-nginx-debuginfo-1.10.2-9.el7.1.x86_64.rpm\nrh-nginx110-nginx-mod-http-image-filter-1.10.2-9.el7.1.x86_64.rpm\nrh-nginx110-nginx-mod-http-perl-1.10.2-9.el7.1.x86_64.rpm\nrh-nginx110-nginx-mod-http-xslt-filter-1.10.2-9.el7.1.x86_64.rpm\nrh-nginx110-nginx-mod-mail-1.10.2-9.el7.1.x86_64.rpm\nrh-nginx110-nginx-mod-stream-1.10.2-9.el7.1.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7):\n\nSource:\nrh-nginx110-nginx-1.10.2-9.el7.1.src.rpm\n\nx86_64:\nrh-nginx110-nginx-1.10.2-9.el7.1.x86_64.rpm\nrh-nginx110-nginx-debuginfo-1.10.2-9.el7.1.x86_64.rpm\nrh-nginx110-nginx-mod-http-image-filter-1.10.2-9.el7.1.x86_64.rpm\nrh-nginx110-nginx-mod-http-perl-1.10.2-9.el7.1.x86_64.rpm\nrh-nginx110-nginx-mod-http-xslt-filter-1.10.2-9.el7.1.x86_64.rpm\nrh-nginx110-nginx-mod-mail-1.10.2-9.el7.1.x86_64.rpm\nrh-nginx110-nginx-mod-stream-1.10.2-9.el7.1.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-nginx110-nginx-1.10.2-9.el7.1.src.rpm\n\nx86_64:\nrh-nginx110-nginx-1.10.2-9.el7.1.x86_64.rpm\nrh-nginx110-nginx-debuginfo-1.10.2-9.el7.1.x86_64.rpm\nrh-nginx110-nginx-mod-http-image-filter-1.10.2-9.el7.1.x86_64.rpm\nrh-nginx110-nginx-mod-http-perl-1.10.2-9.el7.1.x86_64.rpm\nrh-nginx110-nginx-mod-http-xslt-filter-1.10.2-9.el7.1.x86_64.rpm\nrh-nginx110-nginx-mod-mail-1.10.2-9.el7.1.x86_64.rpm\nrh-nginx110-nginx-mod-stream-1.10.2-9.el7.1.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2019-9511\nhttps://access.redhat.com/security/cve/CVE-2019-9513\nhttps://access.redhat.com/security/cve/CVE-2019-9516\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2019 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBXXoyktzjgjWX9erEAQhqVxAApUw26k8XmcjEQM1gNlPgcNvj98eqGOxP\nvsQLEYCjMQuNtZdeZdgSGv1RLdIxK60CByHpOpy4HVa2cN96CLTDl+cRd2l5JyK2\nmVCGTg6Iyin0Vp0gRLG8xwUZqiqfwRRmdvFaK2YD8sH3ykBAheg3udRBr11/l8X+\n4kBCmOttfl0ZTNe/VBi8j5l8bpSZm2W9Hw0gzdzFikI8ScPSOzZkmgRXT3LBCt2k\nrNGGNrrJLOC9jqwsNea6WXIpmTIdbtiAnL6V22adVjdBGkoJBxe79pqdgvJNYC14\nENl1NKX0UEidrYZ/PS6YtCnFNEpsONM43ZtHliEzMxYCnk/pQNAx4iArdf81tKG6\nuglPwQlgaEJm+/2Nnlst07cABT9boYOUcGiKpQhzzs9QuABqJN1u2ZgTDmQkq9gU\nBGuV3ejUHRHlYuMyNNS/L9SLDAHptsCEzpEzr8Vl4T+m1ah9+AUeI+PqgO1n/1Nl\nOmt/g+f6ErlKMF2Jf8VkuYnLroqptZefYQJ1+mP9PhYYCh7jw3r00xi036SNeR/0\nElhvl6t48tYTZogIaOetCuJGgukluOPlYBJAlj2/pQjWlAWAYvvb5ha0fitXbDJR\nLF0KoJoT/6yZLD+XAuHkM9j7spA0iND1czI5j1Ay6R6DnsGAubJxdB4L0RRQ2U7X\nzMtgbVh8BNU=zH69\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. JIRA issues fixed (https://issues.jboss.org/):\n\nJBCS-826 - Rebase nghttp2 to 1.39.2\n\n7. 8) - aarch64, noarch, ppc64le, s390x, x86_64\n\n3. Description:\n\nAMQ Broker is a high-performance messaging implementation based on ActiveMQ\nArtemis. It uses an asynchronous journal for fast message persistence, and\nsupports multiple languages, protocols, and platforms. Solution:\n\nBefore applying the update, back up your existing installation, including\nall applications, configuration files, databases and database settings, and\nso on. \n\nThe References section of this erratum contains a download link (you must\nlog in to download the update). 7) - noarch, x86_64\n\n3. Description:\n\nNode.js is a software development platform for building fast and scalable\nnetwork applications in the JavaScript programming language. \n\nThe following packages have been upgraded to a later upstream version:\nrh-nodejs10-nodejs (10.16.3)",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2019-9516"
          },
          {
            "db": "CERT/CC",
            "id": "VU#605641"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-008116"
          },
          {
            "db": "VULHUB",
            "id": "VHN-160951"
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-9516"
          },
          {
            "db": "PACKETSTORM",
            "id": "154190"
          },
          {
            "db": "PACKETSTORM",
            "id": "154712"
          },
          {
            "db": "PACKETSTORM",
            "id": "155417"
          },
          {
            "db": "PACKETSTORM",
            "id": "154470"
          },
          {
            "db": "PACKETSTORM",
            "id": "154697"
          },
          {
            "db": "PACKETSTORM",
            "id": "157214"
          },
          {
            "db": "PACKETSTORM",
            "id": "154533"
          },
          {
            "db": "PACKETSTORM",
            "id": "156852"
          },
          {
            "db": "PACKETSTORM",
            "id": "154693"
          }
        ],
        "trust": 3.33
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2019-9516",
            "trust": 3.5
          },
          {
            "db": "CERT/CC",
            "id": "VU#605641",
            "trust": 3.4
          },
          {
            "db": "MCAFEE",
            "id": "SB10296",
            "trust": 1.8
          },
          {
            "db": "JVN",
            "id": "JVNVU93696206",
            "trust": 0.8
          },
          {
            "db": "JVN",
            "id": "JVNVU98433488",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-008116",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201908-938",
            "trust": 0.7
          },
          {
            "db": "PACKETSTORM",
            "id": "154190",
            "trust": 0.7
          },
          {
            "db": "PACKETSTORM",
            "id": "157214",
            "trust": 0.7
          },
          {
            "db": "PACKETSTORM",
            "id": "156852",
            "trust": 0.7
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2019.3116",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2019.3213",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2019.4788",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2019.3129",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.1076",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2019.3597.3",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2019.4645",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2019.4403",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.1335",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2019.3597.2",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2019.3299",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.0100",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.1030",
            "trust": 0.6
          },
          {
            "db": "PACKETSTORM",
            "id": "156941",
            "trust": 0.6
          },
          {
            "db": "PACKETSTORM",
            "id": "155414",
            "trust": 0.6
          },
          {
            "db": "PACKETSTORM",
            "id": "154697",
            "trust": 0.2
          },
          {
            "db": "PACKETSTORM",
            "id": "154698",
            "trust": 0.1
          },
          {
            "db": "VULHUB",
            "id": "VHN-160951",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-9516",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "154712",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "155417",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "154470",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "154533",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "154693",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#605641"
          },
          {
            "db": "VULHUB",
            "id": "VHN-160951"
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-9516"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-008116"
          },
          {
            "db": "PACKETSTORM",
            "id": "154190"
          },
          {
            "db": "PACKETSTORM",
            "id": "154712"
          },
          {
            "db": "PACKETSTORM",
            "id": "155417"
          },
          {
            "db": "PACKETSTORM",
            "id": "154470"
          },
          {
            "db": "PACKETSTORM",
            "id": "154697"
          },
          {
            "db": "PACKETSTORM",
            "id": "157214"
          },
          {
            "db": "PACKETSTORM",
            "id": "154533"
          },
          {
            "db": "PACKETSTORM",
            "id": "156852"
          },
          {
            "db": "PACKETSTORM",
            "id": "154693"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201908-938"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-9516"
          }
        ]
      },
      "id": "VAR-201908-0266",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-160951"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2024-07-23T20:13:00.989000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "DSA-4505",
            "trust": 0.8,
            "url": "https://www.debian.org/security/2019/dsa-4505"
          },
          {
            "title": "FEDORA-2019-befd924cfe",
            "trust": 0.8,
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/tazzevtcn2b4wt6aibj7xgyjmbtorju5/"
          },
          {
            "title": "FEDORA-2019-6a2980de56",
            "trust": 0.8,
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4zqghe3wtylyayjeidjvf2figqtaypmc/"
          },
          {
            "title": "FEDORA-2019-5a6a7bc12c",
            "trust": 0.8,
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/cmnfx5mnyrwwimo4btkyqcgudmho3axp/"
          },
          {
            "title": "SwiftNIO",
            "trust": 0.8,
            "url": "https://github.com/apple/swift-nio"
          },
          {
            "title": "Apache Traffic Server",
            "trust": 0.8,
            "url": "https://github.com/apache/trafficserver"
          },
          {
            "title": "Synology-SA-19:33 HTTP/2 DoS Attacks",
            "trust": 0.8,
            "url": "https://www.synology.com/ja-jp/security/advisory/synology_sa_19_33"
          },
          {
            "title": "USN-4099-1",
            "trust": 0.8,
            "url": "https://usn.ubuntu.com/4099-1/"
          },
          {
            "title": "HTTP/2 Remedial measures to achieve security vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=96621"
          },
          {
            "title": "Red Hat: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.29 SP3 security update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20192950 - security advisory"
          },
          {
            "title": "Red Hat: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.29 SP3 security update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20192946 - security advisory"
          },
          {
            "title": "Red Hat: Important: rh-nginx110-nginx security update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20192745 - security advisory"
          },
          {
            "title": "Red Hat: Important: rh-nginx114-nginx security update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20192775 - security advisory"
          },
          {
            "title": "Red Hat: Important: nginx:1.14 security update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20192799 - security advisory"
          },
          {
            "title": "Red Hat: Important: rh-nginx112-nginx security update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20192746 - security advisory"
          },
          {
            "title": "Red Hat: Important: Red Hat Quay v3.1.1 security update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20192966 - security advisory"
          },
          {
            "title": "Red Hat: CVE-2019-9516",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2019-9516"
          },
          {
            "title": "Debian CVElist Bug Report Logs: nginx: CVE-2019-9511 CVE-2019-9513 CVE-2019-9516",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=aa3f98e7e42f366cb232cf3ada195106"
          },
          {
            "title": "Ubuntu Security Notice: nginx vulnerabilities",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-4099-1"
          },
          {
            "title": "Debian Security Advisories: DSA-4505-1 nginx -- security update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=b38c3ef2fccf5f32d01340c117d4ef05"
          },
          {
            "title": "Red Hat: Important: nodejs:10 security update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20192925 - security advisory"
          },
          {
            "title": "Arch Linux Issues: ",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=cve-2019-9516"
          },
          {
            "title": "Red Hat: Important: rh-nodejs8-nodejs security update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20192955 - security advisory"
          },
          {
            "title": "Red Hat: Important: rh-nodejs10-nodejs security update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20192939 - security advisory"
          },
          {
            "title": "Arch Linux Advisories: [ASA-201908-13] nginx: denial of service",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=asa-201908-13"
          },
          {
            "title": "Amazon Linux AMI: ALAS-2019-1299",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2019-1299"
          },
          {
            "title": "Arch Linux Advisories: [ASA-201908-12] nginx-mainline: denial of service",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=asa-201908-12"
          },
          {
            "title": "Amazon Linux 2: ALAS2-2019-1342",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=alas2-2019-1342"
          },
          {
            "title": "Red Hat: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 Security Release",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20193935 - security advisory"
          },
          {
            "title": "Red Hat: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 Security Release on RHEL 6",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20193932 - security advisory"
          },
          {
            "title": "Red Hat: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 Security Release on RHEL 7",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20193933 - security advisory"
          },
          {
            "title": "Red Hat: Important: Red Hat AMQ Broker 7.4.3 release and security update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20201445 - security advisory"
          },
          {
            "title": "Red Hat: Important: Red Hat AMQ Broker 7.6 release and security update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20200922 - security advisory"
          },
          {
            "title": "Red Hat: Important: Red Hat Fuse 7.6.0 security update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20200983 - security advisory"
          },
          {
            "title": "IBM: IBM Security Bulletin: Version 8.15.0 of Node.js included in IBM Cloud Event Management 2.3.0 has several security vulnerabilities.",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=3b9c6b5fbfb51d956856e88dff5a7acd"
          },
          {
            "title": "IBM: IBM Security Bulletin: Node.js vulnerabilities affect IBM Spectrum Control (formerly Tivoli Storage Productivity Center) (CVE-2019-9511, CVE-2019-9512, CVE-2019-9513, CVE-2019-9514, CVE-2019-9515, CVE-2019-9516, CVE-2019-9517, CVE-2019-9518)",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=5ad9418973cac91ba73c01ad16b1f5a4"
          },
          {
            "title": "IBM: IBM Security Bulletin: Multiple vulnerabilities affect IBM\u00ae SDK for Node.js\u2122 in IBM Cloud",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=89d19e42a01e098dd5f88e0433d2bb5d"
          },
          {
            "title": "IBM: Security Bulletin: IBM Cloud Transformation Advisor is affected by a Node.js vulnerabilities",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=8f76cfb8f0c5ea84a0bc28705788f854"
          },
          {
            "title": "IBM: IBM Security Bulletin: Multiple vulnerabilities in Node.js affect IBM Cloud App Management",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=1ce0280dd79176d32c26f34906d1d4de"
          },
          {
            "title": "IBM: IBM Security Bulletin: Multiple vulnerabilities in Node.js affect IBM Cloud App Management",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=b76ff63209def4a949aa18bdf6b518b8"
          },
          {
            "title": "IBM: IBM Security Bulletin: Multiple vulnerabilities in Node.js affect IBM i",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=247686da02fe524817c1939b0f6b6a5c"
          },
          {
            "title": "Fortinet Security Advisories: HTTP/2 Multiple DoS Attacks (VU#605641)",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=fortinet_security_advisories\u0026qid=fg-ir-19-225"
          },
          {
            "title": "bogeitingress",
            "trust": 0.1,
            "url": "https://github.com/lieshoujieyuan/bogeitingress "
          },
          {
            "title": "DC-4-Vulnhub-Walkthrough",
            "trust": 0.1,
            "url": "https://github.com/vshaliii/dc-4-vulnhub-walkthrough "
          },
          {
            "title": "",
            "trust": 0.1,
            "url": "https://github.com/khulnasoft-lab/awesome-security "
          },
          {
            "title": "Threatpost",
            "trust": 0.1,
            "url": "https://threatpost.com/http-bugs/147405/"
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2019-9516"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-008116"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201908-938"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-770",
            "trust": 1.1
          },
          {
            "problemtype": "CWE-400",
            "trust": 0.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-160951"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-008116"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-9516"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.6,
            "url": "https://github.com/netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md"
          },
          {
            "trust": 2.6,
            "url": "https://www.synology.com/security/advisory/synology_sa_19_33"
          },
          {
            "trust": 2.6,
            "url": "https://seclists.org/bugtraq/2019/aug/24"
          },
          {
            "trust": 2.6,
            "url": "https://kb.cert.org/vuls/id/605641/"
          },
          {
            "trust": 2.5,
            "url": "https://access.redhat.com/errata/rhsa-2019:3932"
          },
          {
            "trust": 2.5,
            "url": "https://usn.ubuntu.com/4099-1/"
          },
          {
            "trust": 2.4,
            "url": "https://www.debian.org/security/2019/dsa-4505"
          },
          {
            "trust": 2.4,
            "url": "https://access.redhat.com/errata/rhsa-2019:3933"
          },
          {
            "trust": 2.4,
            "url": "https://access.redhat.com/errata/rhsa-2019:3935"
          },
          {
            "trust": 2.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9516"
          },
          {
            "trust": 1.9,
            "url": "https://access.redhat.com/errata/rhsa-2019:2745"
          },
          {
            "trust": 1.9,
            "url": "https://access.redhat.com/errata/rhsa-2019:2799"
          },
          {
            "trust": 1.9,
            "url": "https://access.redhat.com/errata/rhsa-2019:2939"
          },
          {
            "trust": 1.9,
            "url": "https://access.redhat.com/errata/rhsa-2019:2946"
          },
          {
            "trust": 1.9,
            "url": "https://access.redhat.com/errata/rhsa-2019:2955"
          },
          {
            "trust": 1.8,
            "url": "https://seclists.org/bugtraq/2019/aug/40"
          },
          {
            "trust": 1.8,
            "url": "https://security.netapp.com/advisory/ntap-20190823-0002/"
          },
          {
            "trust": 1.8,
            "url": "https://security.netapp.com/advisory/ntap-20190823-0005/"
          },
          {
            "trust": 1.8,
            "url": "http://seclists.org/fulldisclosure/2019/aug/16"
          },
          {
            "trust": 1.8,
            "url": "https://access.redhat.com/errata/rhsa-2019:2746"
          },
          {
            "trust": 1.8,
            "url": "https://access.redhat.com/errata/rhsa-2019:2775"
          },
          {
            "trust": 1.8,
            "url": "https://access.redhat.com/errata/rhsa-2019:2925"
          },
          {
            "trust": 1.8,
            "url": "https://access.redhat.com/errata/rhsa-2019:2950"
          },
          {
            "trust": 1.8,
            "url": "https://access.redhat.com/errata/rhsa-2019:2966"
          },
          {
            "trust": 1.8,
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00032.html"
          },
          {
            "trust": 1.8,
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00031.html"
          },
          {
            "trust": 1.8,
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00035.html"
          },
          {
            "trust": 1.8,
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00014.html"
          },
          {
            "trust": 1.7,
            "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10296"
          },
          {
            "trust": 1.6,
            "url": "https://blogs.akamai.com/sitr/2019/08/http2-vulnerabilities.html"
          },
          {
            "trust": 1.4,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9516"
          },
          {
            "trust": 1.2,
            "url": "https://support.f5.com/csp/article/k02591030"
          },
          {
            "trust": 1.0,
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4zqghe3wtylyayjeidjvf2figqtaypmc/"
          },
          {
            "trust": 1.0,
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/bp556leg3wenhzi5taq6zebftjb4e2is/"
          },
          {
            "trust": 1.0,
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/cmnfx5mnyrwwimo4btkyqcgudmho3axp/"
          },
          {
            "trust": 1.0,
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/h472d5hpxn6rrxcnfml3bk5oyc52cxf2/"
          },
          {
            "trust": 1.0,
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/popaec4fwl4uu4ldegpy5npalu24ffqd/"
          },
          {
            "trust": 1.0,
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/tazzevtcn2b4wt6aibj7xgyjmbtorju5/"
          },
          {
            "trust": 1.0,
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/xhtku7yq5eep2xnsav4m4vj7qcbojmod/"
          },
          {
            "trust": 1.0,
            "url": "https://support.f5.com/csp/article/k02591030?utm_source=f5support\u0026amp%3butm_medium=rss"
          },
          {
            "trust": 0.8,
            "url": "https://vuls.cert.org/confluence/pages/viewpage.action?pageid=56393752"
          },
          {
            "trust": 0.8,
            "url": "https://tools.ietf.org/html/rfc7540"
          },
          {
            "trust": 0.8,
            "url": "https://tools.ietf.org/html/rfc7541"
          },
          {
            "trust": 0.8,
            "url": "https://blog.cloudflare.com/on-the-recent-http-2-dos-attacks/"
          },
          {
            "trust": 0.8,
            "url": "https://blog.litespeedtech.com/2019/08/15/litespeed-addresses-http-2-dos-advisories/"
          },
          {
            "trust": 0.8,
            "url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-9511https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-9512https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-9513https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-9514https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-9518"
          },
          {
            "trust": 0.8,
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/bp556leg3wenhzi5taq6zebftjb4e2is/"
          },
          {
            "trust": 0.8,
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/cmnfx5mnyrwwimo4btkyqcgudmho3axp/"
          },
          {
            "trust": 0.8,
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/xhtku7yq5eep2xnsav4m4vj7qcbojmod/"
          },
          {
            "trust": 0.8,
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4zqghe3wtylyayjeidjvf2figqtaypmc/"
          },
          {
            "trust": 0.8,
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/popaec4fwl4uu4ldegpy5npalu24ffqd/"
          },
          {
            "trust": 0.8,
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/tazzevtcn2b4wt6aibj7xgyjmbtorju5/"
          },
          {
            "trust": 0.8,
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/h472d5hpxn6rrxcnfml3bk5oyc52cxf2/"
          },
          {
            "trust": 0.8,
            "url": "https://jvn.jp/vu/jvnvu98433488/"
          },
          {
            "trust": 0.8,
            "url": "https://jvn.jp/vu/jvnvu93696206/"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9511"
          },
          {
            "trust": 0.8,
            "url": "https://access.redhat.com/security/updates/classification/#important"
          },
          {
            "trust": 0.8,
            "url": "https://access.redhat.com/security/cve/cve-2019-9516"
          },
          {
            "trust": 0.8,
            "url": "https://access.redhat.com/security/team/contact/"
          },
          {
            "trust": 0.8,
            "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
          },
          {
            "trust": 0.8,
            "url": "https://bugzilla.redhat.com/):"
          },
          {
            "trust": 0.7,
            "url": "https://support.f5.com/csp/article/k02591030?utm_source=f5support\u0026utm_medium=rss"
          },
          {
            "trust": 0.7,
            "url": "https://access.redhat.com/security/cve/cve-2019-9511"
          },
          {
            "trust": 0.6,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9513"
          },
          {
            "trust": 0.6,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9517"
          },
          {
            "trust": 0.6,
            "url": "https://access.redhat.com/security/cve/cve-2019-9517"
          },
          {
            "trust": 0.6,
            "url": "https://access.redhat.com/articles/11258"
          },
          {
            "trust": 0.6,
            "url": "https://access.redhat.com/security/team/key/"
          },
          {
            "trust": 0.6,
            "url": "http2-cves/"
          },
          {
            "trust": 0.6,
            "url": "https://www.cloudfoundry.org/blog/various-"
          },
          {
            "trust": 0.6,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9518"
          },
          {
            "trust": 0.6,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9517"
          },
          {
            "trust": 0.6,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9515"
          },
          {
            "trust": 0.6,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9514"
          },
          {
            "trust": 0.6,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9513"
          },
          {
            "trust": 0.6,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9512"
          },
          {
            "trust": 0.6,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9511"
          },
          {
            "trust": 0.6,
            "url": "https://support.f5.com/csp/article/k50233772"
          },
          {
            "trust": 0.6,
            "url": "http://mailman.nginx.org/pipermail/nginx-announce/2019/000249.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.suse.com/support/update/announcement/2019/suse-su-201914246-1.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.suse.com/support/update/announcement/2020/suse-su-20200059-1.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.suse.com/support/update/announcement/2019/suse-su-20192254-1.html"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/157214/red-hat-security-advisory-2020-1445-01.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2019.4645/"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2019.4403/"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2019.3597.2/"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2019.4788/"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/154190/debian-security-advisory-4505-1.html"
          },
          {
            "trust": 0.6,
            "url": "https://pivotal.io/security/cve-2019-9517"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-node-js-affect-ibm-spectrum-protect-plus-cve-2019-15606-cve-2019-15604-cve-2019-15605-cve-2019-9511-cve-2019-9516-cve-2019-9512-cve-2019-9517-cve-2019-951/"
          },
          {
            "trust": 0.6,
            "url": "https://support.apple.com/en-us/ht210436"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/support/pages/node/1143454"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2019.3116/"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2019.3213/"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/156852/red-hat-security-advisory-2020-0922-01.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-kubernetes-affect-ibm-infosphere-information-server/"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2019.3299/"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/156941/red-hat-security-advisory-2020-0983-01.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.1335/"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/support/pages/node/1072144"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2019.3597.3/"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/155414/red-hat-security-advisory-2019-3935-01.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/support/pages/node/1150960"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/support/pages/node/1137466"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.0100/"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/support/pages/node/1167160"
          },
          {
            "trust": 0.6,
            "url": "https://vigilance.fr/vulnerability/http-2-multiple-vulnerabilities-30040"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2019.3129/"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.1076/"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.1030/"
          },
          {
            "trust": 0.5,
            "url": "https://access.redhat.com/security/cve/cve-2019-9513"
          },
          {
            "trust": 0.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9514"
          },
          {
            "trust": 0.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9515"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2019-9512"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2019-9514"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2019-9515"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2019-9518"
          },
          {
            "trust": 0.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9512"
          },
          {
            "trust": 0.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9518"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2019-0222"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20444"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-10247"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2019-20445"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2019-20444"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2019-16869"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-0222"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-7238"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2020-7238"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-10241"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2019-10247"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-16869"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2019-10241"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20445"
          },
          {
            "trust": 0.1,
            "url": "https://kc.mcafee.com/corporate/index?page=content\u0026amp;id=sb10296"
          },
          {
            "trust": 0.1,
            "url": "https://support.f5.com/csp/article/k02591030?utm_source=f5support\u0026amp;amp;utm_medium=rss"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/770.html"
          },
          {
            "trust": 0.1,
            "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=60633"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          },
          {
            "trust": 0.1,
            "url": "https://www.kb.cert.org/vuls/id/605641"
          },
          {
            "trust": 0.1,
            "url": "https://security-tracker.debian.org/tracker/nginx"
          },
          {
            "trust": 0.1,
            "url": "https://www.debian.org/security/faq"
          },
          {
            "trust": 0.1,
            "url": "https://www.debian.org/security/"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-0197"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-5407"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-17199"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-17189"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2018-0737"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2018-17199"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-0737"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-0217"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-0734"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-0217"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-0197"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2018-17189"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2018-5407"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-0196"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-0196"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2018-0734"
          },
          {
            "trust": 0.1,
            "url": "https://issues.jboss.org/):"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=jboss.amq.broker\u0026version=7.4.3"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2020:1445"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/documentation/en-us/red_hat_amq/7.4/"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/documentation/en-us/red_hat_amq/7.6/"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=jboss.amq.broker\u0026version=7.6.0\u0026productchanged=yes"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2020:0922"
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#605641"
          },
          {
            "db": "VULHUB",
            "id": "VHN-160951"
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-9516"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-008116"
          },
          {
            "db": "PACKETSTORM",
            "id": "154190"
          },
          {
            "db": "PACKETSTORM",
            "id": "154712"
          },
          {
            "db": "PACKETSTORM",
            "id": "155417"
          },
          {
            "db": "PACKETSTORM",
            "id": "154470"
          },
          {
            "db": "PACKETSTORM",
            "id": "154697"
          },
          {
            "db": "PACKETSTORM",
            "id": "157214"
          },
          {
            "db": "PACKETSTORM",
            "id": "154533"
          },
          {
            "db": "PACKETSTORM",
            "id": "156852"
          },
          {
            "db": "PACKETSTORM",
            "id": "154693"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201908-938"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-9516"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CERT/CC",
            "id": "VU#605641"
          },
          {
            "db": "VULHUB",
            "id": "VHN-160951"
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-9516"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-008116"
          },
          {
            "db": "PACKETSTORM",
            "id": "154190"
          },
          {
            "db": "PACKETSTORM",
            "id": "154712"
          },
          {
            "db": "PACKETSTORM",
            "id": "155417"
          },
          {
            "db": "PACKETSTORM",
            "id": "154470"
          },
          {
            "db": "PACKETSTORM",
            "id": "154697"
          },
          {
            "db": "PACKETSTORM",
            "id": "157214"
          },
          {
            "db": "PACKETSTORM",
            "id": "154533"
          },
          {
            "db": "PACKETSTORM",
            "id": "156852"
          },
          {
            "db": "PACKETSTORM",
            "id": "154693"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201908-938"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-9516"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-08-13T00:00:00",
            "db": "CERT/CC",
            "id": "VU#605641"
          },
          {
            "date": "2019-08-13T00:00:00",
            "db": "VULHUB",
            "id": "VHN-160951"
          },
          {
            "date": "2019-08-13T00:00:00",
            "db": "VULMON",
            "id": "CVE-2019-9516"
          },
          {
            "date": "2019-08-26T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-008116"
          },
          {
            "date": "2019-08-22T20:20:23",
            "db": "PACKETSTORM",
            "id": "154190"
          },
          {
            "date": "2019-10-02T15:03:59",
            "db": "PACKETSTORM",
            "id": "154712"
          },
          {
            "date": "2019-11-20T21:11:11",
            "db": "PACKETSTORM",
            "id": "155417"
          },
          {
            "date": "2019-09-12T14:32:43",
            "db": "PACKETSTORM",
            "id": "154470"
          },
          {
            "date": "2019-10-01T20:45:33",
            "db": "PACKETSTORM",
            "id": "154697"
          },
          {
            "date": "2020-04-14T15:39:41",
            "db": "PACKETSTORM",
            "id": "157214"
          },
          {
            "date": "2019-09-19T16:28:51",
            "db": "PACKETSTORM",
            "id": "154533"
          },
          {
            "date": "2020-03-23T15:57:42",
            "db": "PACKETSTORM",
            "id": "156852"
          },
          {
            "date": "2019-09-30T22:22:22",
            "db": "PACKETSTORM",
            "id": "154693"
          },
          {
            "date": "2019-08-13T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201908-938"
          },
          {
            "date": "2019-08-13T21:15:12.583000",
            "db": "NVD",
            "id": "CVE-2019-9516"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-11-19T00:00:00",
            "db": "CERT/CC",
            "id": "VU#605641"
          },
          {
            "date": "2020-10-22T00:00:00",
            "db": "VULHUB",
            "id": "VHN-160951"
          },
          {
            "date": "2022-08-05T00:00:00",
            "db": "VULMON",
            "id": "CVE-2019-9516"
          },
          {
            "date": "2019-08-26T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-008116"
          },
          {
            "date": "2021-10-29T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201908-938"
          },
          {
            "date": "2023-11-07T03:13:42.893000",
            "db": "NVD",
            "id": "CVE-2019-9516"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201908-938"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "HTTP/2 implementations do not robustly handle abnormal traffic and resource exhaustion",
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#605641"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "resource management error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201908-938"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201908-0263

    Vulnerability from variot - Updated: 2024-07-23 19:59

    Some HTTP/2 implementations are vulnerable to resource loops, potentially leading to a denial of service. The attacker creates multiple request streams and continually shuffles the priority of the streams in a way that causes substantial churn to the priority tree. This can consume excess CPU. Multiple HTTP/2 implementations are vulnerable to a variety of denial-of-service (DoS) attacks. HTTP/2 is the second version of the hypertext transfer protocol, which is mainly used to ensure the communication between the client and the server. A resource management error vulnerability exists in HTTP/2. A vulnerability in the HTTP/2 implementation of Nginx could allow an unauthenticated, remote malicious user to cause a denial of service (DoS) condition on a targeted system. The vulnerability is due to improper priority changes in the affected software that could lead to excessive CPU usage. An attacker could exploit this vulnerability by sending a request that submits malicious input to an affected system. A successful exploit could result in a DoS condition on the targeted system. nginx.org has confirmed the vulnerability and released software updates. Solution:

    Before applying this update, make sure all previously released errata relevant to your system have been applied. The purpose of this text-only errata is to inform you about the security issues fixed in this release. Solution:

    Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.

    Installation instructions are available from the Fuse 7.6.0 product documentation page: https://access.redhat.com/documentation/en-us/red_hat_fuse/7.6/

    1. Bugs fixed (https://bugzilla.redhat.com/):

    1399546 - CVE-2015-9251 js-jquery: Cross-site scripting via cross-domain ajax requests 1432858 - CVE-2017-5929 logback: Serialization vulnerability in SocketServer and ServerSocketReceiver 1591854 - CVE-2017-16012 js-jquery: XSS in responses from cross-origin ajax requests 1618573 - CVE-2018-11771 apache-commons-compress: ZipArchiveInputStream.read() fails to identify correct EOF allowing for DoS via crafted zip 1643043 - CVE-2018-15756 springframework: DoS Attack via Range Requests 1693777 - CVE-2019-3888 undertow: leak credentials to log files UndertowLogger.REQUEST_LOGGER.undertowRequestFailed 1703469 - CVE-2019-10174 infinispan: invokeAccessibly method from ReflectionUtil class allows to invoke private methods 1709860 - CVE-2019-5427 c3p0: loading XML configuration leads to denial of service 1713068 - CVE-2019-10184 undertow: Information leak in requests for directories without trailing slashes 1725795 - CVE-2019-12814 jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server via crafted JSON message. Description:

    This release adds the new Apache HTTP Server 2.4.37 packages that are part of the JBoss Core Services offering.

    This release serves as a replacement for Red Hat JBoss Core Services Pack Apache Server 2.4.29 and includes bug fixes and enhancements. Refer to the Release Notes for information on the most significant bug fixes and enhancements included in this release. After installing the updated packages, the httpd daemon will be restarted automatically. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

    ====================================================================
    Red Hat Security Advisory

    Synopsis: Important: rh-nginx112-nginx security update Advisory ID: RHSA-2019:2746-01 Product: Red Hat Software Collections Advisory URL: https://access.redhat.com/errata/RHSA-2019:2746 Issue date: 2019-09-12 CVE Names: CVE-2019-9511 CVE-2019-9513 CVE-2019-9516 ==================================================================== 1. Summary:

    An update for rh-nginx112-nginx is now available for Red Hat Software Collections.

    Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

    1. Relevant releases/architectures:

    Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - aarch64, ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4) - ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5) - ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6) - ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7) - ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - x86_64

    1. Description:

    nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage.

    Security Fix(es):

    • HTTP/2: large amount of data request leads to denial of service (CVE-2019-9511)

    • HTTP/2: flood using PRIORITY frames resulting in excessive resource consumption (CVE-2019-9513)

    • HTTP/2: 0-length headers leads to denial of service (CVE-2019-9516)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

    1. Solution:

    For details on how to apply this update, which includes the changes described in this advisory, refer to:

    https://access.redhat.com/articles/11258

    The rh-nginx112-nginx service must be restarted for this update to take effect.

    1. Package List:

    Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):

    Source: rh-nginx112-nginx-1.12.1-3.el7.1.src.rpm

    aarch64: rh-nginx112-nginx-1.12.1-3.el7.1.aarch64.rpm rh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.aarch64.rpm rh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.aarch64.rpm rh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.aarch64.rpm rh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.aarch64.rpm rh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.aarch64.rpm

    ppc64le: rh-nginx112-nginx-1.12.1-3.el7.1.ppc64le.rpm rh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.ppc64le.rpm rh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.ppc64le.rpm rh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.ppc64le.rpm rh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.ppc64le.rpm rh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.ppc64le.rpm

    s390x: rh-nginx112-nginx-1.12.1-3.el7.1.s390x.rpm rh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.s390x.rpm rh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.s390x.rpm rh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.s390x.rpm rh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.s390x.rpm rh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.s390x.rpm

    Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):

    Source: rh-nginx112-nginx-1.12.1-3.el7.1.src.rpm

    aarch64: rh-nginx112-nginx-1.12.1-3.el7.1.aarch64.rpm rh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.aarch64.rpm rh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.aarch64.rpm rh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.aarch64.rpm rh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.aarch64.rpm rh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.aarch64.rpm

    ppc64le: rh-nginx112-nginx-1.12.1-3.el7.1.ppc64le.rpm rh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.ppc64le.rpm rh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.ppc64le.rpm rh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.ppc64le.rpm rh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.ppc64le.rpm rh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.ppc64le.rpm

    s390x: rh-nginx112-nginx-1.12.1-3.el7.1.s390x.rpm rh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.s390x.rpm rh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.s390x.rpm rh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.s390x.rpm rh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.s390x.rpm rh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.s390x.rpm

    x86_64: rh-nginx112-nginx-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-mod-http-perl-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.x86_64.rpm

    Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4):

    Source: rh-nginx112-nginx-1.12.1-3.el7.1.src.rpm

    ppc64le: rh-nginx112-nginx-1.12.1-3.el7.1.ppc64le.rpm rh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.ppc64le.rpm rh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.ppc64le.rpm rh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.ppc64le.rpm rh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.ppc64le.rpm rh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.ppc64le.rpm

    s390x: rh-nginx112-nginx-1.12.1-3.el7.1.s390x.rpm rh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.s390x.rpm rh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.s390x.rpm rh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.s390x.rpm rh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.s390x.rpm rh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.s390x.rpm

    x86_64: rh-nginx112-nginx-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-mod-http-perl-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.x86_64.rpm

    Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5):

    Source: rh-nginx112-nginx-1.12.1-3.el7.1.src.rpm

    ppc64le: rh-nginx112-nginx-1.12.1-3.el7.1.ppc64le.rpm rh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.ppc64le.rpm rh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.ppc64le.rpm rh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.ppc64le.rpm rh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.ppc64le.rpm rh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.ppc64le.rpm

    s390x: rh-nginx112-nginx-1.12.1-3.el7.1.s390x.rpm rh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.s390x.rpm rh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.s390x.rpm rh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.s390x.rpm rh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.s390x.rpm rh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.s390x.rpm

    x86_64: rh-nginx112-nginx-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-mod-http-perl-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.x86_64.rpm

    Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6):

    Source: rh-nginx112-nginx-1.12.1-3.el7.1.src.rpm

    ppc64le: rh-nginx112-nginx-1.12.1-3.el7.1.ppc64le.rpm rh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.ppc64le.rpm rh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.ppc64le.rpm rh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.ppc64le.rpm rh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.ppc64le.rpm rh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.ppc64le.rpm

    s390x: rh-nginx112-nginx-1.12.1-3.el7.1.s390x.rpm rh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.s390x.rpm rh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.s390x.rpm rh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.s390x.rpm rh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.s390x.rpm rh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.s390x.rpm

    x86_64: rh-nginx112-nginx-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-mod-http-perl-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.x86_64.rpm

    Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7):

    Source: rh-nginx112-nginx-1.12.1-3.el7.1.src.rpm

    ppc64le: rh-nginx112-nginx-1.12.1-3.el7.1.ppc64le.rpm rh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.ppc64le.rpm rh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.ppc64le.rpm rh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.ppc64le.rpm rh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.ppc64le.rpm rh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.ppc64le.rpm

    s390x: rh-nginx112-nginx-1.12.1-3.el7.1.s390x.rpm rh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.s390x.rpm rh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.s390x.rpm rh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.s390x.rpm rh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.s390x.rpm rh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.s390x.rpm

    x86_64: rh-nginx112-nginx-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-mod-http-perl-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.x86_64.rpm

    Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):

    Source: rh-nginx112-nginx-1.12.1-3.el7.1.src.rpm

    x86_64: rh-nginx112-nginx-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-mod-http-perl-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.x86_64.rpm

    These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

    1. References:

    https://access.redhat.com/security/cve/CVE-2019-9511 https://access.redhat.com/security/cve/CVE-2019-9513 https://access.redhat.com/security/cve/CVE-2019-9516 https://access.redhat.com/security/updates/classification/#important

    1. Contact:

    The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

    Copyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

    iQIVAwUBXXo0dNzjgjWX9erEAQhefQ//dizpNyk55ohd3bzckhrY1IwL4dPGUqa9 PPhd+kqZlhQYr8VqABpda7hXEg65TUrrz8eM8BESmoNc/4vdUjzbO0KI5ByM2zgS ieDmP/4dcZtKlYH6TmSaRMZ5+D1jdgcoP6nkwuC/4a+b0HyB+9P6z/Prn94RLM5d kbhKEU1nLqNW7KjxSYtHU8Nc0n34WeXKiNaLHviV7dFbC0Pxhlt0W/2CpNDsgvco rGHbK6pWsajWGdYZ78zSrnmAIGn6R84LEK8kRcCzzm0c7ehewC4vkSghdCqfqLC2 PO2koEfNNYRPSA8WgEZYBjVAIkGJz7mhDBN99kOQjf3VDpgPmOa+NJ0pDel6F7Nv oEx8ruGYQzLt0z2aCaY7lavHJ4isCJOHE7hvyqgumDmpkC14bxNrhjy+65o6fQVS 7RrzBtPtRTR2UAH0NhkKTXDjVS7NK+OIEcb1mj19DUvMUXDHLaZfYos0erqqf9j/ issNZShxG2rbCBlDZRC875AAeby/0k0ETYg8VeqazhtSaNF2wx0ZnanoOQ+skFaO 7QmNe8O4vrk5A0yFhSjVrYNj2A51XplqXdrdmaN6FEKGm0WEd3BkLEX352bo5NHt fXpdT29tQwd5IHBsx5Ti3ik2lzxIRzRChed8Hnu4xHs/j++rJMNkQ39ku8kmqXVL pTuQ2UprbLU=PAtT -----END PGP SIGNATURE-----

    -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . 7) - noarch, x86_64

    1. Description:

    Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language.

    The following packages have been upgraded to a later upstream version: rh-nodejs10-nodejs (10.16.3). 8) - aarch64, noarch, ppc64le, s390x, x86_64

    1. ========================================================================== Ubuntu Security Notice USN-6754-2 May 07, 2024

    nghttp2 vulnerability

    A security issue affects these releases of Ubuntu and its derivatives:

    • Ubuntu 24.04 LTS

    Summary:

    Several security issues were fixed in nghttp2.

    Software Description: - nghttp2: HTTP/2 C Library and tools

    Details:

    USN-6754-1 fixed vulnerabilities in nghttp2. This update provides the corresponding update for Ubuntu 24.04 LTS.

    Original advisory details:

    It was discovered that nghttp2 incorrectly handled the HTTP/2 implementation. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2019-9511, CVE-2019-9513)

    It was discovered that nghttp2 incorrectly handled request cancellation. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2023-44487)

    It was discovered that nghttp2 could be made to process an unlimited number of HTTP/2 CONTINUATION frames. (CVE-2024-28182)

    Update instructions:

    The problem can be corrected by updating your system to the following package versions:

    Ubuntu 24.04 LTS libnghttp2-14 1.59.0-1ubuntu0.1 nghttp2 1.59.0-1ubuntu0.1 nghttp2-client 1.59.0-1ubuntu0.1 nghttp2-proxy 1.59.0-1ubuntu0.1 nghttp2-server 1.59.0-1ubuntu0.1

    In general, a standard system update will make all the necessary changes

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201908-0263",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "leap",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "opensuse",
            "version": "15.1"
          },
          {
            "model": "enterprise communications broker",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "3.1.0"
          },
          {
            "model": "linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "debian",
            "version": "10.0"
          },
          {
            "model": "web gateway",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "mcafee",
            "version": "7.7.2.0"
          },
          {
            "model": "web gateway",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "mcafee",
            "version": "7.7.2.24"
          },
          {
            "model": "vs960hd",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "synology",
            "version": null
          },
          {
            "model": "node.js",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "nodejs",
            "version": "8.16.1"
          },
          {
            "model": "node.js",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "nodejs",
            "version": "10.12.0"
          },
          {
            "model": "openshift service mesh",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": "1.0"
          },
          {
            "model": "software collections",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": "1.0"
          },
          {
            "model": "node.js",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "nodejs",
            "version": "8.9.0"
          },
          {
            "model": "fedora",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "fedoraproject",
            "version": "29"
          },
          {
            "model": "graalvm",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "19.2.0"
          },
          {
            "model": "node.js",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "nodejs",
            "version": "10.0.0"
          },
          {
            "model": "jboss enterprise application platform",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": "7.2.0"
          },
          {
            "model": "web gateway",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "mcafee",
            "version": "8.2.0"
          },
          {
            "model": "nginx",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "1.17.0"
          },
          {
            "model": "jboss enterprise application platform",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": "7.3.0"
          },
          {
            "model": "node.js",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "nodejs",
            "version": "12.0.0"
          },
          {
            "model": "node.js",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "nodejs",
            "version": "10.13.0"
          },
          {
            "model": "nginx",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "1.17.2"
          },
          {
            "model": "traffic server",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "apache",
            "version": "8.0.0"
          },
          {
            "model": "node.js",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "nodejs",
            "version": "8.0.0"
          },
          {
            "model": "enterprise communications broker",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "3.2.0"
          },
          {
            "model": "diskstation manager",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "synology",
            "version": "6.2"
          },
          {
            "model": "node.js",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "nodejs",
            "version": "12.8.1"
          },
          {
            "model": "swiftnio",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "apple",
            "version": "1.4.0"
          },
          {
            "model": "traffic server",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "apache",
            "version": "7.0.0"
          },
          {
            "model": "quay",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": "3.0.0"
          },
          {
            "model": "linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "debian",
            "version": "9.0"
          },
          {
            "model": "jboss core services",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": "1.0"
          },
          {
            "model": "traffic server",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "apache",
            "version": "7.1.6"
          },
          {
            "model": "enterprise linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": "8.0"
          },
          {
            "model": "web gateway",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "mcafee",
            "version": "8.1.0"
          },
          {
            "model": "node.js",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "nodejs",
            "version": "10.16.3"
          },
          {
            "model": "nginx",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "1.9.5"
          },
          {
            "model": "leap",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "opensuse",
            "version": "15.0"
          },
          {
            "model": "ubuntu linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "canonical",
            "version": "16.04"
          },
          {
            "model": "traffic server",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "apache",
            "version": "8.0.3"
          },
          {
            "model": "fedora",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "fedoraproject",
            "version": "30"
          },
          {
            "model": "web gateway",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "mcafee",
            "version": "7.8.2.13"
          },
          {
            "model": "ubuntu linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "canonical",
            "version": "18.04"
          },
          {
            "model": "skynas",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "synology",
            "version": null
          },
          {
            "model": "nginx",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "1.16.1"
          },
          {
            "model": "swiftnio",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "apple",
            "version": "1.0.0"
          },
          {
            "model": "web gateway",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "mcafee",
            "version": "7.8.2.0"
          },
          {
            "model": "node.js",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "nodejs",
            "version": "8.8.1"
          },
          {
            "model": "ubuntu linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "canonical",
            "version": "19.04"
          },
          {
            "model": "traffic server",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "apache",
            "version": "6.0.0"
          },
          {
            "model": "traffic server",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "apache",
            "version": "6.2.3"
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "akamai",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "amazon",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "apache traffic server",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "apple",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "cloudflare",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "envoy",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "facebook",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "go programming language",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "litespeed",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "microsoft",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "netty",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "node js",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "synology",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "twisted",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "ubuntu",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "grpc",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "nghttp2",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "nginx",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#605641"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-9513"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:a:apple:swiftnio:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "1.4.0",
                        "versionStartIncluding": "1.0.0",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionStartIncluding": "10.12",
                        "vulnerable": false
                      },
                      {
                        "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionStartIncluding": "14.04",
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "8.0.3",
                    "versionStartIncluding": "8.0.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "7.1.6",
                    "versionStartIncluding": "7.0.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "6.2.3",
                    "versionStartIncluding": "6.0.0",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:synology:skynas:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:synology:diskstation_manager:6.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:synology:vs960hd_firmware:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:synology:vs960hd:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:redhat:software_collections:1.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:redhat:jboss_core_services:1.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.2.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:redhat:quay:3.0.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:redhat:openshift_service_mesh:1.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.3.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:oracle:graalvm:19.2.0:*:*:*:enterprise:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:mcafee:web_gateway:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "7.7.2.24",
                    "versionStartIncluding": "7.7.2.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:mcafee:web_gateway:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "7.8.2.13",
                    "versionStartIncluding": "7.8.2.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:mcafee:web_gateway:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "8.2.0",
                    "versionStartIncluding": "8.1.0",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "1.16.1",
                    "versionStartIncluding": "1.9.5",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "1.17.2",
                    "versionStartIncluding": "1.17.0",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:oracle:enterprise_communications_broker:3.1.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:oracle:enterprise_communications_broker:3.2.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "8.8.1",
                    "versionStartIncluding": "8.0.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "10.12.0",
                    "versionStartIncluding": "10.0.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "12.8.1",
                    "versionStartIncluding": "12.0.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "10.16.3",
                    "versionStartIncluding": "10.13.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "8.16.1",
                    "versionStartIncluding": "8.9.0",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2019-9513"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Red Hat",
        "sources": [
          {
            "db": "PACKETSTORM",
            "id": "155414"
          },
          {
            "db": "PACKETSTORM",
            "id": "155417"
          },
          {
            "db": "PACKETSTORM",
            "id": "156941"
          },
          {
            "db": "PACKETSTORM",
            "id": "155416"
          },
          {
            "db": "PACKETSTORM",
            "id": "154471"
          },
          {
            "db": "PACKETSTORM",
            "id": "154693"
          },
          {
            "db": "PACKETSTORM",
            "id": "154663"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201908-935"
          }
        ],
        "trust": 1.3
      },
      "cve": "CVE-2019-9513",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.8,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "HIGH",
                "trust": 1.0,
                "userInteractionRequired": false,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.8,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "VHN-160948",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:C",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULMON",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.8,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "CVE-2019-9513",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "HIGH",
                "trust": 0.1,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "NVD",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 3.9,
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "cret@cert.org",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 3.9,
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2019-9513",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "cret@cert.org",
                "id": "CVE-2019-9513",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201908-935",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "VULHUB",
                "id": "VHN-160948",
                "trust": 0.1,
                "value": "HIGH"
              },
              {
                "author": "VULMON",
                "id": "CVE-2019-9513",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-160948"
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-9513"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201908-935"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-9513"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-9513"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Some HTTP/2 implementations are vulnerable to resource loops, potentially leading to a denial of service. The attacker creates multiple request streams and continually shuffles the priority of the streams in a way that causes substantial churn to the priority tree. This can consume excess CPU. Multiple HTTP/2 implementations are vulnerable to a variety of denial-of-service (DoS) attacks. HTTP/2 is the second version of the hypertext transfer protocol, which is mainly used to ensure the communication between the client and the server. A resource management error vulnerability exists in HTTP/2. A vulnerability in the HTTP/2 implementation of Nginx could allow an unauthenticated, remote malicious user to cause a denial of service (DoS) condition on a targeted system. \nThe vulnerability is due to improper priority changes in the affected software that could lead to excessive CPU usage. An attacker could exploit this vulnerability by sending a request that submits malicious input to an affected system. A successful exploit could result in a DoS condition on the targeted system. \nnginx.org has confirmed the vulnerability and released software updates. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \nThe purpose of this text-only errata is to inform you about the security\nissues fixed in this release. Solution:\n\nBefore applying the update, back up your existing installation, including\nall applications, configuration files, databases and database settings, and\nso on. \n\nInstallation instructions are available from the Fuse 7.6.0 product\ndocumentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.6/\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1399546 - CVE-2015-9251 js-jquery: Cross-site scripting via cross-domain ajax requests\n1432858 - CVE-2017-5929 logback: Serialization vulnerability in SocketServer and ServerSocketReceiver\n1591854 - CVE-2017-16012 js-jquery: XSS in responses from cross-origin ajax requests\n1618573 - CVE-2018-11771 apache-commons-compress: ZipArchiveInputStream.read() fails to identify correct EOF allowing for DoS via crafted zip\n1643043 - CVE-2018-15756 springframework: DoS Attack via Range Requests\n1693777 - CVE-2019-3888 undertow: leak credentials to log files UndertowLogger.REQUEST_LOGGER.undertowRequestFailed\n1703469 - CVE-2019-10174 infinispan: invokeAccessibly method from ReflectionUtil class allows to invoke private methods\n1709860 - CVE-2019-5427 c3p0: loading XML configuration leads to denial of service\n1713068 - CVE-2019-10184 undertow: Information leak in requests for directories without trailing slashes\n1725795 - CVE-2019-12814 jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server via crafted JSON message. Description:\n\nThis release adds the new Apache HTTP Server 2.4.37 packages that are part\nof the JBoss Core Services offering. \n\nThis release serves as a replacement for Red Hat JBoss Core Services Pack\nApache Server 2.4.29 and includes bug fixes and enhancements. Refer to the\nRelease Notes for information on the most significant bug fixes and\nenhancements included in this release. After installing the updated\npackages, the httpd daemon will be restarted automatically. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n====================================================================                   \nRed Hat Security Advisory\n\nSynopsis:          Important: rh-nginx112-nginx security update\nAdvisory ID:       RHSA-2019:2746-01\nProduct:           Red Hat Software Collections\nAdvisory URL:      https://access.redhat.com/errata/RHSA-2019:2746\nIssue date:        2019-09-12\nCVE Names:         CVE-2019-9511 CVE-2019-9513 CVE-2019-9516\n====================================================================\n1. Summary:\n\nAn update for rh-nginx112-nginx is now available for Red Hat Software\nCollections. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - aarch64, ppc64le, s390x, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4) - ppc64le, s390x, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5) - ppc64le, s390x, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6) - ppc64le, s390x, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7) - ppc64le, s390x, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - x86_64\n\n3. Description:\n\nnginx is a web and proxy server supporting HTTP and other protocols, with a\nfocus on high concurrency, performance, and low memory usage. \n\nSecurity Fix(es):\n\n* HTTP/2: large amount of data request leads to denial of service\n(CVE-2019-9511)\n\n* HTTP/2: flood using PRIORITY frames resulting in excessive resource\nconsumption (CVE-2019-9513)\n\n* HTTP/2: 0-length headers leads to denial of service (CVE-2019-9516)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe rh-nginx112-nginx service must be restarted for this update to take\neffect. \n\n5. Package List:\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-nginx112-nginx-1.12.1-3.el7.1.src.rpm\n\naarch64:\nrh-nginx112-nginx-1.12.1-3.el7.1.aarch64.rpm\nrh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.aarch64.rpm\nrh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.aarch64.rpm\nrh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.aarch64.rpm\nrh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.aarch64.rpm\nrh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.aarch64.rpm\n\nppc64le:\nrh-nginx112-nginx-1.12.1-3.el7.1.ppc64le.rpm\nrh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.ppc64le.rpm\nrh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.ppc64le.rpm\nrh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.ppc64le.rpm\nrh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.ppc64le.rpm\nrh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.ppc64le.rpm\n\ns390x:\nrh-nginx112-nginx-1.12.1-3.el7.1.s390x.rpm\nrh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.s390x.rpm\nrh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.s390x.rpm\nrh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.s390x.rpm\nrh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.s390x.rpm\nrh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.s390x.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-nginx112-nginx-1.12.1-3.el7.1.src.rpm\n\naarch64:\nrh-nginx112-nginx-1.12.1-3.el7.1.aarch64.rpm\nrh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.aarch64.rpm\nrh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.aarch64.rpm\nrh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.aarch64.rpm\nrh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.aarch64.rpm\nrh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.aarch64.rpm\n\nppc64le:\nrh-nginx112-nginx-1.12.1-3.el7.1.ppc64le.rpm\nrh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.ppc64le.rpm\nrh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.ppc64le.rpm\nrh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.ppc64le.rpm\nrh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.ppc64le.rpm\nrh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.ppc64le.rpm\n\ns390x:\nrh-nginx112-nginx-1.12.1-3.el7.1.s390x.rpm\nrh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.s390x.rpm\nrh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.s390x.rpm\nrh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.s390x.rpm\nrh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.s390x.rpm\nrh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.s390x.rpm\n\nx86_64:\nrh-nginx112-nginx-1.12.1-3.el7.1.x86_64.rpm\nrh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.x86_64.rpm\nrh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.x86_64.rpm\nrh-nginx112-nginx-mod-http-perl-1.12.1-3.el7.1.x86_64.rpm\nrh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.x86_64.rpm\nrh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.x86_64.rpm\nrh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4):\n\nSource:\nrh-nginx112-nginx-1.12.1-3.el7.1.src.rpm\n\nppc64le:\nrh-nginx112-nginx-1.12.1-3.el7.1.ppc64le.rpm\nrh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.ppc64le.rpm\nrh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.ppc64le.rpm\nrh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.ppc64le.rpm\nrh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.ppc64le.rpm\nrh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.ppc64le.rpm\n\ns390x:\nrh-nginx112-nginx-1.12.1-3.el7.1.s390x.rpm\nrh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.s390x.rpm\nrh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.s390x.rpm\nrh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.s390x.rpm\nrh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.s390x.rpm\nrh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.s390x.rpm\n\nx86_64:\nrh-nginx112-nginx-1.12.1-3.el7.1.x86_64.rpm\nrh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.x86_64.rpm\nrh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.x86_64.rpm\nrh-nginx112-nginx-mod-http-perl-1.12.1-3.el7.1.x86_64.rpm\nrh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.x86_64.rpm\nrh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.x86_64.rpm\nrh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5):\n\nSource:\nrh-nginx112-nginx-1.12.1-3.el7.1.src.rpm\n\nppc64le:\nrh-nginx112-nginx-1.12.1-3.el7.1.ppc64le.rpm\nrh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.ppc64le.rpm\nrh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.ppc64le.rpm\nrh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.ppc64le.rpm\nrh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.ppc64le.rpm\nrh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.ppc64le.rpm\n\ns390x:\nrh-nginx112-nginx-1.12.1-3.el7.1.s390x.rpm\nrh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.s390x.rpm\nrh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.s390x.rpm\nrh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.s390x.rpm\nrh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.s390x.rpm\nrh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.s390x.rpm\n\nx86_64:\nrh-nginx112-nginx-1.12.1-3.el7.1.x86_64.rpm\nrh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.x86_64.rpm\nrh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.x86_64.rpm\nrh-nginx112-nginx-mod-http-perl-1.12.1-3.el7.1.x86_64.rpm\nrh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.x86_64.rpm\nrh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.x86_64.rpm\nrh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6):\n\nSource:\nrh-nginx112-nginx-1.12.1-3.el7.1.src.rpm\n\nppc64le:\nrh-nginx112-nginx-1.12.1-3.el7.1.ppc64le.rpm\nrh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.ppc64le.rpm\nrh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.ppc64le.rpm\nrh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.ppc64le.rpm\nrh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.ppc64le.rpm\nrh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.ppc64le.rpm\n\ns390x:\nrh-nginx112-nginx-1.12.1-3.el7.1.s390x.rpm\nrh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.s390x.rpm\nrh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.s390x.rpm\nrh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.s390x.rpm\nrh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.s390x.rpm\nrh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.s390x.rpm\n\nx86_64:\nrh-nginx112-nginx-1.12.1-3.el7.1.x86_64.rpm\nrh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.x86_64.rpm\nrh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.x86_64.rpm\nrh-nginx112-nginx-mod-http-perl-1.12.1-3.el7.1.x86_64.rpm\nrh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.x86_64.rpm\nrh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.x86_64.rpm\nrh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7):\n\nSource:\nrh-nginx112-nginx-1.12.1-3.el7.1.src.rpm\n\nppc64le:\nrh-nginx112-nginx-1.12.1-3.el7.1.ppc64le.rpm\nrh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.ppc64le.rpm\nrh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.ppc64le.rpm\nrh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.ppc64le.rpm\nrh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.ppc64le.rpm\nrh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.ppc64le.rpm\n\ns390x:\nrh-nginx112-nginx-1.12.1-3.el7.1.s390x.rpm\nrh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.s390x.rpm\nrh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.s390x.rpm\nrh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.s390x.rpm\nrh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.s390x.rpm\nrh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.s390x.rpm\n\nx86_64:\nrh-nginx112-nginx-1.12.1-3.el7.1.x86_64.rpm\nrh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.x86_64.rpm\nrh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.x86_64.rpm\nrh-nginx112-nginx-mod-http-perl-1.12.1-3.el7.1.x86_64.rpm\nrh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.x86_64.rpm\nrh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.x86_64.rpm\nrh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-nginx112-nginx-1.12.1-3.el7.1.src.rpm\n\nx86_64:\nrh-nginx112-nginx-1.12.1-3.el7.1.x86_64.rpm\nrh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.x86_64.rpm\nrh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.x86_64.rpm\nrh-nginx112-nginx-mod-http-perl-1.12.1-3.el7.1.x86_64.rpm\nrh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.x86_64.rpm\nrh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.x86_64.rpm\nrh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2019-9511\nhttps://access.redhat.com/security/cve/CVE-2019-9513\nhttps://access.redhat.com/security/cve/CVE-2019-9516\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2019 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBXXo0dNzjgjWX9erEAQhefQ//dizpNyk55ohd3bzckhrY1IwL4dPGUqa9\nPPhd+kqZlhQYr8VqABpda7hXEg65TUrrz8eM8BESmoNc/4vdUjzbO0KI5ByM2zgS\nieDmP/4dcZtKlYH6TmSaRMZ5+D1jdgcoP6nkwuC/4a+b0HyB+9P6z/Prn94RLM5d\nkbhKEU1nLqNW7KjxSYtHU8Nc0n34WeXKiNaLHviV7dFbC0Pxhlt0W/2CpNDsgvco\nrGHbK6pWsajWGdYZ78zSrnmAIGn6R84LEK8kRcCzzm0c7ehewC4vkSghdCqfqLC2\nPO2koEfNNYRPSA8WgEZYBjVAIkGJz7mhDBN99kOQjf3VDpgPmOa+NJ0pDel6F7Nv\noEx8ruGYQzLt0z2aCaY7lavHJ4isCJOHE7hvyqgumDmpkC14bxNrhjy+65o6fQVS\n7RrzBtPtRTR2UAH0NhkKTXDjVS7NK+OIEcb1mj19DUvMUXDHLaZfYos0erqqf9j/\nissNZShxG2rbCBlDZRC875AAeby/0k0ETYg8VeqazhtSaNF2wx0ZnanoOQ+skFaO\n7QmNe8O4vrk5A0yFhSjVrYNj2A51XplqXdrdmaN6FEKGm0WEd3BkLEX352bo5NHt\nfXpdT29tQwd5IHBsx5Ti3ik2lzxIRzRChed8Hnu4xHs/j++rJMNkQ39ku8kmqXVL\npTuQ2UprbLU=PAtT\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. 7) - noarch, x86_64\n\n3. Description:\n\nNode.js is a software development platform for building fast and scalable\nnetwork applications in the JavaScript programming language. \n\nThe following packages have been upgraded to a later upstream version:\nrh-nodejs10-nodejs (10.16.3). 8) - aarch64, noarch, ppc64le, s390x, x86_64\n\n3. ==========================================================================\nUbuntu Security Notice USN-6754-2\nMay 07, 2024\n\nnghttp2 vulnerability\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 24.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in nghttp2. \n\nSoftware Description:\n- nghttp2: HTTP/2 C Library and tools\n\nDetails:\n\nUSN-6754-1 fixed vulnerabilities in nghttp2. This update provides the\ncorresponding update for Ubuntu 24.04 LTS. \n\nOriginal advisory details:\n\n  It was discovered that nghttp2 incorrectly handled the HTTP/2\n  implementation. This issue\n  only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2019-9511,\n  CVE-2019-9513)\n\n  It was discovered that nghttp2 incorrectly handled request cancellation. This issue only affected Ubuntu\n  16.04 LTS and Ubuntu 18.04 LTS. (CVE-2023-44487)\n\n  It was discovered that nghttp2 could be made to process an unlimited \nnumber\n  of HTTP/2 CONTINUATION frames. (CVE-2024-28182)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 24.04 LTS\n   libnghttp2-14                   1.59.0-1ubuntu0.1\n   nghttp2                         1.59.0-1ubuntu0.1\n   nghttp2-client                  1.59.0-1ubuntu0.1\n   nghttp2-proxy                   1.59.0-1ubuntu0.1\n   nghttp2-server                  1.59.0-1ubuntu0.1\n\nIn general, a standard system update will make all the necessary changes",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2019-9513"
          },
          {
            "db": "CERT/CC",
            "id": "VU#605641"
          },
          {
            "db": "VULHUB",
            "id": "VHN-160948"
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-9513"
          },
          {
            "db": "PACKETSTORM",
            "id": "155414"
          },
          {
            "db": "PACKETSTORM",
            "id": "155417"
          },
          {
            "db": "PACKETSTORM",
            "id": "156941"
          },
          {
            "db": "PACKETSTORM",
            "id": "155416"
          },
          {
            "db": "PACKETSTORM",
            "id": "154471"
          },
          {
            "db": "PACKETSTORM",
            "id": "154693"
          },
          {
            "db": "PACKETSTORM",
            "id": "154663"
          },
          {
            "db": "PACKETSTORM",
            "id": "178500"
          }
        ],
        "trust": 2.52
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2019-9513",
            "trust": 2.6
          },
          {
            "db": "CERT/CC",
            "id": "VU#605641",
            "trust": 2.5
          },
          {
            "db": "MCAFEE",
            "id": "SB10296",
            "trust": 1.7
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201908-935",
            "trust": 0.7
          },
          {
            "db": "PACKETSTORM",
            "id": "155414",
            "trust": 0.7
          },
          {
            "db": "PACKETSTORM",
            "id": "156941",
            "trust": 0.7
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2019.3306",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2019.3116",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2019.4788",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.1544",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2019.3129",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.1076",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2019.4343",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2019.3597.3",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2019.4645",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2019.4665",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.0007",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2019.4403",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2019.4238",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2019.4596",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2019.3597.2",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.0643",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2019.3299",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.0100",
            "trust": 0.6
          },
          {
            "db": "NSFOCUS",
            "id": "43920",
            "trust": 0.6
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-19-346-01",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-160948",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-9513",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "155417",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "155416",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "154471",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "154693",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "154663",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "178500",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#605641"
          },
          {
            "db": "VULHUB",
            "id": "VHN-160948"
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-9513"
          },
          {
            "db": "PACKETSTORM",
            "id": "155414"
          },
          {
            "db": "PACKETSTORM",
            "id": "155417"
          },
          {
            "db": "PACKETSTORM",
            "id": "156941"
          },
          {
            "db": "PACKETSTORM",
            "id": "155416"
          },
          {
            "db": "PACKETSTORM",
            "id": "154471"
          },
          {
            "db": "PACKETSTORM",
            "id": "154693"
          },
          {
            "db": "PACKETSTORM",
            "id": "154663"
          },
          {
            "db": "PACKETSTORM",
            "id": "178500"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201908-935"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-9513"
          }
        ]
      },
      "id": "VAR-201908-0263",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-160948"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2024-07-23T19:59:26.276000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "HTTP/2 Remedial measures to achieve security vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=96619"
          },
          {
            "title": "Red Hat: Important: Red Hat OpenShift Service Mesh 1.0.1 RPMs",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20193041 - security advisory"
          },
          {
            "title": "Red Hat: Important: nghttp2 security update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20192692 - security advisory"
          },
          {
            "title": "Red Hat: Important: rh-nginx110-nginx security update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20192745 - security advisory"
          },
          {
            "title": "Red Hat: Important: rh-nginx112-nginx security update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20192746 - security advisory"
          },
          {
            "title": "Red Hat: Important: rh-nginx114-nginx security update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20192775 - security advisory"
          },
          {
            "title": "Red Hat: Important: httpd24-httpd and httpd24-nghttp2 security update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20192949 - security advisory"
          },
          {
            "title": "Red Hat: Important: nginx:1.14 security update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20192799 - security advisory"
          },
          {
            "title": "Debian Security Advisories: DSA-4511-1 nghttp2 -- security update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=5abd31eeab4f550ac0063c6db4c6fefa"
          },
          {
            "title": "Red Hat: Important: Red Hat Quay v3.1.1 security update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20192966 - security advisory"
          },
          {
            "title": "Ubuntu Security Notice: nginx vulnerabilities",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-4099-1"
          },
          {
            "title": "Red Hat: CVE-2019-9513",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2019-9513"
          },
          {
            "title": "Debian CVElist Bug Report Logs: nginx: CVE-2019-9511 CVE-2019-9513 CVE-2019-9516",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=aa3f98e7e42f366cb232cf3ada195106"
          },
          {
            "title": "Arch Linux Issues: ",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=cve-2019-9513"
          },
          {
            "title": "Red Hat: Important: nodejs:10 security update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20192925 - security advisory"
          },
          {
            "title": "Debian Security Advisories: DSA-4505-1 nginx -- security update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=b38c3ef2fccf5f32d01340c117d4ef05"
          },
          {
            "title": "Red Hat: Important: rh-nodejs8-nodejs security update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20192955 - security advisory"
          },
          {
            "title": "Red Hat: Important: rh-nodejs10-nodejs security update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20192939 - security advisory"
          },
          {
            "title": "Amazon Linux AMI: ALAS-2019-1298",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2019-1298"
          },
          {
            "title": "Arch Linux Advisories: [ASA-201908-13] nginx: denial of service",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=asa-201908-13"
          },
          {
            "title": "Arch Linux Advisories: [ASA-201908-17] libnghttp2: denial of service",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=asa-201908-17"
          },
          {
            "title": "Amazon Linux 2: ALAS2-2019-1298",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=alas2-2019-1298"
          },
          {
            "title": "Amazon Linux AMI: ALAS-2019-1299",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2019-1299"
          },
          {
            "title": "Red Hat: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 Security Release on RHEL 6",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20193932 - security advisory"
          },
          {
            "title": "Red Hat: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 Security Release on RHEL 7",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20193933 - security advisory"
          },
          {
            "title": "Red Hat: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 Security Release",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20193935 - security advisory"
          },
          {
            "title": "Arch Linux Advisories: [ASA-201908-12] nginx-mainline: denial of service",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=asa-201908-12"
          },
          {
            "title": "Debian Security Advisories: DSA-4669-1 nodejs -- security update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=0919b27d8bf334fac6a8fbea7195b6b0"
          },
          {
            "title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - October 2019",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=1258fbf11199f28879a6fcc9f39902e9"
          },
          {
            "title": "Red Hat: Important: Red Hat Fuse 7.6.0 security update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20200983 - security advisory"
          },
          {
            "title": "IBM: Security Bulletin: IBM Cloud Transformation Advisor is affected by vulnerabilities in WebSphere Application Server Liberty (CVE-2019-9515, CVE-2019-9518, CVE-2019-9517, CVE-2019-9512, CVE-2019-9514, CVE-2019-9513)",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=cbf2ee0b22e92590472860fdb3718cab"
          },
          {
            "title": "IBM: IBM Security Bulletin: Version 8.15.0 of Node.js included in IBM Cloud Event Management 2.3.0 has several security vulnerabilities.",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=3b9c6b5fbfb51d956856e88dff5a7acd"
          },
          {
            "title": "IBM: IBM Security Bulletin: Node.js vulnerabilities affect IBM Spectrum Control (formerly Tivoli Storage Productivity Center) (CVE-2019-9511, CVE-2019-9512, CVE-2019-9513, CVE-2019-9514, CVE-2019-9515, CVE-2019-9516, CVE-2019-9517, CVE-2019-9518)",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=5ad9418973cac91ba73c01ad16b1f5a4"
          },
          {
            "title": "IBM: IBM Security Bulletin: Multiple vulnerabilities affect IBM\u00c2\u00ae SDK for Node.js\u00e2\u201e\u00a2 in IBM Cloud",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=89d19e42a01e098dd5f88e0433d2bb5d"
          },
          {
            "title": "IBM: Security Bulletin: IBM Cloud Transformation Advisor is affected by a Node.js vulnerabilities",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=8f76cfb8f0c5ea84a0bc28705788f854"
          },
          {
            "title": "IBM: IBM Security Bulletin: Multiple vulnerabilities in Node.js affect IBM Cloud App Management",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=1ce0280dd79176d32c26f34906d1d4de"
          },
          {
            "title": "IBM: IBM Security Bulletin: Multiple vulnerabilities in Node.js affect IBM Cloud App Management",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=b76ff63209def4a949aa18bdf6b518b8"
          },
          {
            "title": "IBM: IBM Security Bulletin: Multiple vulnerabilities in Node.js affect IBM i",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=247686da02fe524817c1939b0f6b6a5c"
          },
          {
            "title": "Fortinet Security Advisories: HTTP/2 Multiple DoS Attacks (VU#605641)",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=fortinet_security_advisories\u0026qid=fg-ir-19-225"
          },
          {
            "title": "bogeitingress",
            "trust": 0.1,
            "url": "https://github.com/lieshoujieyuan/bogeitingress "
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2019-9513"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201908-935"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "NVD-CWE-Other",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-400",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-160948"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-9513"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.5,
            "url": "https://github.com/netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md"
          },
          {
            "trust": 2.5,
            "url": "https://www.synology.com/security/advisory/synology_sa_19_33"
          },
          {
            "trust": 2.4,
            "url": "https://access.redhat.com/errata/rhsa-2019:3932"
          },
          {
            "trust": 2.4,
            "url": "https://access.redhat.com/errata/rhsa-2019:3933"
          },
          {
            "trust": 2.4,
            "url": "https://access.redhat.com/errata/rhsa-2019:3935"
          },
          {
            "trust": 2.3,
            "url": "https://www.debian.org/security/2019/dsa-4511"
          },
          {
            "trust": 2.3,
            "url": "https://usn.ubuntu.com/4099-1/"
          },
          {
            "trust": 1.8,
            "url": "https://access.redhat.com/errata/rhsa-2019:2746"
          },
          {
            "trust": 1.8,
            "url": "https://access.redhat.com/errata/rhsa-2019:2925"
          },
          {
            "trust": 1.8,
            "url": "https://access.redhat.com/errata/rhsa-2019:2939"
          },
          {
            "trust": 1.7,
            "url": "https://seclists.org/bugtraq/2019/aug/40"
          },
          {
            "trust": 1.7,
            "url": "https://seclists.org/bugtraq/2019/sep/1"
          },
          {
            "trust": 1.7,
            "url": "https://kb.cert.org/vuls/id/605641/"
          },
          {
            "trust": 1.7,
            "url": "https://security.netapp.com/advisory/ntap-20190823-0002/"
          },
          {
            "trust": 1.7,
            "url": "https://security.netapp.com/advisory/ntap-20190823-0005/"
          },
          {
            "trust": 1.7,
            "url": "https://www.debian.org/security/2019/dsa-4505"
          },
          {
            "trust": 1.7,
            "url": "https://www.debian.org/security/2020/dsa-4669"
          },
          {
            "trust": 1.7,
            "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
          },
          {
            "trust": 1.7,
            "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
          },
          {
            "trust": 1.7,
            "url": "https://access.redhat.com/errata/rhsa-2019:2692"
          },
          {
            "trust": 1.7,
            "url": "https://access.redhat.com/errata/rhsa-2019:2745"
          },
          {
            "trust": 1.7,
            "url": "https://access.redhat.com/errata/rhsa-2019:2775"
          },
          {
            "trust": 1.7,
            "url": "https://access.redhat.com/errata/rhsa-2019:2799"
          },
          {
            "trust": 1.7,
            "url": "https://access.redhat.com/errata/rhsa-2019:2949"
          },
          {
            "trust": 1.7,
            "url": "https://access.redhat.com/errata/rhsa-2019:2955"
          },
          {
            "trust": 1.7,
            "url": "https://access.redhat.com/errata/rhsa-2019:2966"
          },
          {
            "trust": 1.7,
            "url": "https://access.redhat.com/errata/rhsa-2019:3041"
          },
          {
            "trust": 1.7,
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00032.html"
          },
          {
            "trust": 1.7,
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00031.html"
          },
          {
            "trust": 1.7,
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00035.html"
          },
          {
            "trust": 1.7,
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00003.html"
          },
          {
            "trust": 1.7,
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00005.html"
          },
          {
            "trust": 1.7,
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00014.html"
          },
          {
            "trust": 1.6,
            "url": "https://blogs.akamai.com/sitr/2019/08/http2-vulnerabilities.html"
          },
          {
            "trust": 1.6,
            "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10296"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9513"
          },
          {
            "trust": 1.1,
            "url": "https://support.f5.com/csp/article/k02591030"
          },
          {
            "trust": 1.0,
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4zqghe3wtylyayjeidjvf2figqtaypmc/"
          },
          {
            "trust": 1.0,
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/cmnfx5mnyrwwimo4btkyqcgudmho3axp/"
          },
          {
            "trust": 1.0,
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/jubyaf6ed3o4xchq5c2hyenjlxyxzc4m/"
          },
          {
            "trust": 1.0,
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/lzluypyy3rx4zjdwzrjiksulyrj4pxw7/"
          },
          {
            "trust": 1.0,
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/popaec4fwl4uu4ldegpy5npalu24ffqd/"
          },
          {
            "trust": 1.0,
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/tazzevtcn2b4wt6aibj7xgyjmbtorju5/"
          },
          {
            "trust": 1.0,
            "url": "https://support.f5.com/csp/article/k02591030?utm_source=f5support\u0026amp%3butm_medium=rss"
          },
          {
            "trust": 0.8,
            "url": "https://vuls.cert.org/confluence/pages/viewpage.action?pageid=56393752"
          },
          {
            "trust": 0.8,
            "url": "https://tools.ietf.org/html/rfc7540"
          },
          {
            "trust": 0.8,
            "url": "https://tools.ietf.org/html/rfc7541"
          },
          {
            "trust": 0.8,
            "url": "https://blog.cloudflare.com/on-the-recent-http-2-dos-attacks/"
          },
          {
            "trust": 0.8,
            "url": "https://blog.litespeedtech.com/2019/08/15/litespeed-addresses-http-2-dos-advisories/"
          },
          {
            "trust": 0.8,
            "url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-9511https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-9512https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-9513https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-9514https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-9518"
          },
          {
            "trust": 0.7,
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/cmnfx5mnyrwwimo4btkyqcgudmho3axp/"
          },
          {
            "trust": 0.7,
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4zqghe3wtylyayjeidjvf2figqtaypmc/"
          },
          {
            "trust": 0.7,
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/popaec4fwl4uu4ldegpy5npalu24ffqd/"
          },
          {
            "trust": 0.7,
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/lzluypyy3rx4zjdwzrjiksulyrj4pxw7/"
          },
          {
            "trust": 0.7,
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/jubyaf6ed3o4xchq5c2hyenjlxyxzc4m/"
          },
          {
            "trust": 0.7,
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/tazzevtcn2b4wt6aibj7xgyjmbtorju5/"
          },
          {
            "trust": 0.7,
            "url": "https://access.redhat.com/security/updates/classification/#important"
          },
          {
            "trust": 0.7,
            "url": "https://access.redhat.com/security/cve/cve-2019-9516"
          },
          {
            "trust": 0.7,
            "url": "https://access.redhat.com/security/cve/cve-2019-9513"
          },
          {
            "trust": 0.7,
            "url": "https://access.redhat.com/security/team/contact/"
          },
          {
            "trust": 0.7,
            "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
          },
          {
            "trust": 0.7,
            "url": "https://bugzilla.redhat.com/):"
          },
          {
            "trust": 0.7,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9516"
          },
          {
            "trust": 0.6,
            "url": "https://access.redhat.com/security/cve/cve-2019-9511"
          },
          {
            "trust": 0.6,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9517"
          },
          {
            "trust": 0.6,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9511"
          },
          {
            "trust": 0.6,
            "url": "https://access.redhat.com/security/cve/cve-2019-9517"
          },
          {
            "trust": 0.6,
            "url": "https://access.redhat.com/articles/11258"
          },
          {
            "trust": 0.6,
            "url": "https://support.f5.com/csp/article/k02591030?utm_source=f5support\u0026utm_medium=rss"
          },
          {
            "trust": 0.6,
            "url": "http2-cves/"
          },
          {
            "trust": 0.6,
            "url": "https://www.cloudfoundry.org/blog/various-"
          },
          {
            "trust": 0.6,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9518"
          },
          {
            "trust": 0.6,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9517"
          },
          {
            "trust": 0.6,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9516"
          },
          {
            "trust": 0.6,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9515"
          },
          {
            "trust": 0.6,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9514"
          },
          {
            "trust": 0.6,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9513"
          },
          {
            "trust": 0.6,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9512"
          },
          {
            "trust": 0.6,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9511"
          },
          {
            "trust": 0.6,
            "url": "http://mailman.nginx.org/pipermail/nginx-announce/2019/000249.html"
          },
          {
            "trust": 0.6,
            "url": "https://security.business.xerox.com/wp-content/uploads/2019/11/cert_xrx19-029_ffpsv2_win10_securitybulletin_nov2019.pdf"
          },
          {
            "trust": 0.6,
            "url": "https://www.suse.com/support/update/announcement/2019/suse-su-20192254-1.html"
          },
          {
            "trust": 0.6,
            "url": "https://support.f5.com/csp/article/k50233772"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/support/pages/node/1126605"
          },
          {
            "trust": 0.6,
            "url": "https://www.suse.com/support/update/announcement/2019/suse-su-201914246-1.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/support/pages/node/1104951"
          },
          {
            "trust": 0.6,
            "url": "https://www.us-cert.gov/ics/advisories/icsa-19-346-01"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/support/pages/node/1165894"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/support/pages/node/1165906"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/support/pages/node/1135167"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/support/pages/node/1164346"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/support/pages/node/1164364"
          },
          {
            "trust": 0.6,
            "url": "https://www.suse.com/support/update/announcement/2020/suse-su-20200059-1.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.1544/"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/support/pages/node/1127397"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/support/pages/node/1128387"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2019.4645/"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2019.4403/"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2019.3597.2/"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2019.4665/"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2019.4788/"
          },
          {
            "trust": 0.6,
            "url": "https://pivotal.io/security/cve-2019-9517"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-node-js-affect-ibm-spectrum-protect-plus-cve-2019-15606-cve-2019-15604-cve-2019-15605-cve-2019-9511-cve-2019-9516-cve-2019-9512-cve-2019-9517-cve-2019-951/"
          },
          {
            "trust": 0.6,
            "url": "http-2-cve-2019-9515-cve-2019-9518-cve-2019-9517-cve-2019-9514-cve-2019-9512-cve-2019/"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-console-and-rest-api-are-vulnerable-to-multiple-denial-of-service-attacks-within-"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-transformation-advisor-is-affected-by-vulnerabilities-in-websphere-application-server-liberty-cve-2019-9515-cve-2019-9518-cve-2019-9517-cve-2019-9512-cve-2019-9514-c/"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2019.4596/"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.0643/"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/support/pages/node/1143454"
          },
          {
            "trust": 0.6,
            "url": "http2-implementation-vulnerablility/"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/blogs/psirt/security-bulletin-websphere-liberty-susceptible-to-"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2019.3306/"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2019.3116/"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-in-ibm-websphere-application-server-affect-ibm-sterling-b2b-integrator/"
          },
          {
            "trust": 0.6,
            "url": "https://portal.msrc.microsoft.com/zh-cn/security-guidance/advisory/cve-2019-9513"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-kubernetes-affect-ibm-infosphere-information-server/"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2019.3299/"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/156941/red-hat-security-advisory-2020-0983-01.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-websphere-application-server-liberty-affect-ibm-spectrum-protect-operations-center-and-client-management-service/"
          },
          {
            "trust": 0.6,
            "url": "http-2-implementation-used-by-watson-knowledge-catalog-for-ibm-cloud-pak-for-data/"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-infosphere-information-server-is-affected-by-multiple-vulnerabilities-in-websphere-application-server-liberty/"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2019.3597.3/"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/155414/red-hat-security-advisory-2019-3935-01.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/support/pages/node/1150960"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/support/pages/node/1137466"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2019.4343/"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.0100/"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/support/pages/node/1167160"
          },
          {
            "trust": 0.6,
            "url": "https://vigilance.fr/vulnerability/http-2-multiple-vulnerabilities-30040"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.0007/"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/blogs/psirt/security-bulletin-vyatta-5600-vrouter-software-patches-release-1801-ze-2/"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2019.3129/"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2019.4238/"
          },
          {
            "trust": 0.6,
            "url": "http://www.nsfocus.net/vulndb/43920"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/support/pages/node/1165852"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.1076/"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/support/pages/node/1127853"
          },
          {
            "trust": 0.5,
            "url": "https://access.redhat.com/security/team/key/"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-0197"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-5407"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-17199"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-17189"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2018-0737"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2018-17199"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-0737"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2019-0217"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-0734"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-0217"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2019-0197"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2018-17189"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2018-5407"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2019-0196"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-0196"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2018-0734"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9514"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9515"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2019-9512"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2019-9514"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2019-9515"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2019-9518"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9512"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9518"
          },
          {
            "trust": 0.1,
            "url": "https://kc.mcafee.com/corporate/index?page=content\u0026amp;id=sb10296"
          },
          {
            "trust": 0.1,
            "url": "https://support.f5.com/csp/article/k02591030?utm_source=f5support\u0026amp;amp;utm_medium=rss"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-10174"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2015-9251"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-10184"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14379"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-11771"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-5427"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-12422"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-3888"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-5929"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-12422"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14439"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-11272"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/documentation/en-us/red_hat_fuse/7.6/"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-17570"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-3888"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-17570"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=jboss.fuse\u0026version=7.6.0"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2017-5929"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2018-11771"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-14439"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-3802"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-12814"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-10184"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-12384"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2018-15756"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-5427"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-15756"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-9251"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2017-16012"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-10174"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-12384"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-11272"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-3802"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-12814"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-16012"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2020:0983"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-14379"
          },
          {
            "trust": 0.1,
            "url": "https://ubuntu.com/security/notices/usn-6754-2"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2023-44487"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2024-28182"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/nghttp2/1.59.0-1ubuntu0.1"
          },
          {
            "trust": 0.1,
            "url": "https://ubuntu.com/security/notices/usn-6754-1"
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#605641"
          },
          {
            "db": "VULHUB",
            "id": "VHN-160948"
          },
          {
            "db": "PACKETSTORM",
            "id": "155414"
          },
          {
            "db": "PACKETSTORM",
            "id": "155417"
          },
          {
            "db": "PACKETSTORM",
            "id": "156941"
          },
          {
            "db": "PACKETSTORM",
            "id": "155416"
          },
          {
            "db": "PACKETSTORM",
            "id": "154471"
          },
          {
            "db": "PACKETSTORM",
            "id": "154693"
          },
          {
            "db": "PACKETSTORM",
            "id": "154663"
          },
          {
            "db": "PACKETSTORM",
            "id": "178500"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201908-935"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-9513"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CERT/CC",
            "id": "VU#605641"
          },
          {
            "db": "VULHUB",
            "id": "VHN-160948"
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-9513"
          },
          {
            "db": "PACKETSTORM",
            "id": "155414"
          },
          {
            "db": "PACKETSTORM",
            "id": "155417"
          },
          {
            "db": "PACKETSTORM",
            "id": "156941"
          },
          {
            "db": "PACKETSTORM",
            "id": "155416"
          },
          {
            "db": "PACKETSTORM",
            "id": "154471"
          },
          {
            "db": "PACKETSTORM",
            "id": "154693"
          },
          {
            "db": "PACKETSTORM",
            "id": "154663"
          },
          {
            "db": "PACKETSTORM",
            "id": "178500"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201908-935"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-9513"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-08-13T00:00:00",
            "db": "CERT/CC",
            "id": "VU#605641"
          },
          {
            "date": "2019-08-13T00:00:00",
            "db": "VULHUB",
            "id": "VHN-160948"
          },
          {
            "date": "2019-08-13T00:00:00",
            "db": "VULMON",
            "id": "CVE-2019-9513"
          },
          {
            "date": "2019-11-20T23:02:22",
            "db": "PACKETSTORM",
            "id": "155414"
          },
          {
            "date": "2019-11-20T21:11:11",
            "db": "PACKETSTORM",
            "id": "155417"
          },
          {
            "date": "2020-03-27T13:16:40",
            "db": "PACKETSTORM",
            "id": "156941"
          },
          {
            "date": "2019-11-20T20:55:55",
            "db": "PACKETSTORM",
            "id": "155416"
          },
          {
            "date": "2019-09-12T14:32:51",
            "db": "PACKETSTORM",
            "id": "154471"
          },
          {
            "date": "2019-09-30T22:22:22",
            "db": "PACKETSTORM",
            "id": "154693"
          },
          {
            "date": "2019-09-30T13:33:33",
            "db": "PACKETSTORM",
            "id": "154663"
          },
          {
            "date": "2024-05-09T15:42:01",
            "db": "PACKETSTORM",
            "id": "178500"
          },
          {
            "date": "2019-08-13T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201908-935"
          },
          {
            "date": "2019-08-13T21:15:12.380000",
            "db": "NVD",
            "id": "CVE-2019-9513"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-11-19T00:00:00",
            "db": "CERT/CC",
            "id": "VU#605641"
          },
          {
            "date": "2020-10-22T00:00:00",
            "db": "VULHUB",
            "id": "VHN-160948"
          },
          {
            "date": "2022-08-12T00:00:00",
            "db": "VULMON",
            "id": "CVE-2019-9513"
          },
          {
            "date": "2022-03-10T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201908-935"
          },
          {
            "date": "2023-11-07T03:13:42.177000",
            "db": "NVD",
            "id": "CVE-2019-9513"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "PACKETSTORM",
            "id": "178500"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201908-935"
          }
        ],
        "trust": 0.7
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "HTTP/2 implementations do not robustly handle abnormal traffic and resource exhaustion",
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#605641"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "other",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201908-935"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201908-0421

    Vulnerability from variot - Updated: 2024-07-23 19:49

    Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service. The attacker requests a large amount of data from a specified resource over multiple streams. They manipulate window size and stream priority to force the server to queue the data in 1-byte chunks. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both. Multiple HTTP/2 implementations are vulnerable to a variety of denial-of-service (DoS) attacks. HTTP/2 is the second version of the hypertext transfer protocol, which is mainly used to ensure the communication between the client and the server. A resource management error vulnerability exists in HTTP/2. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

    ====================================================================
    Red Hat Security Advisory

    Synopsis: Important: rh-nginx114-nginx security update Advisory ID: RHSA-2019:2775-01 Product: Red Hat Software Collections Advisory URL: https://access.redhat.com/errata/RHSA-2019:2775 Issue date: 2019-09-16 CVE Names: CVE-2019-9511 CVE-2019-9513 CVE-2019-9516 ==================================================================== 1. Summary:

    An update for rh-nginx114-nginx is now available for Red Hat Software Collections.

    Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

    1. Relevant releases/architectures:

    Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - aarch64, ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4) - ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5) - ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6) - ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7) - ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - x86_64

    1. Description:

    nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage.

    Security Fix(es):

    • HTTP/2: large amount of data request leads to denial of service (CVE-2019-9511)

    • HTTP/2: flood using PRIORITY frames resulting in excessive resource consumption (CVE-2019-9513)

    • HTTP/2: 0-length headers leads to denial of service (CVE-2019-9516)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

    1. Solution:

    For details on how to apply this update, which includes the changes described in this advisory, refer to:

    https://access.redhat.com/articles/11258

    The rh-nginx114-nginx service must be restarted for this update to take effect.

    1. Bugs fixed (https://bugzilla.redhat.com/):

    1735741 - CVE-2019-9513 HTTP/2: flood using PRIORITY frames resulting in excessive resource consumption 1741860 - CVE-2019-9511 HTTP/2: large amount of data requests leads to denial of service 1741864 - CVE-2019-9516 HTTP/2: 0-length headers lead to denial of service

    1. Package List:

    Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):

    Source: rh-nginx114-nginx-1.14.1-1.el7.1.src.rpm

    aarch64: rh-nginx114-nginx-1.14.1-1.el7.1.aarch64.rpm rh-nginx114-nginx-debuginfo-1.14.1-1.el7.1.aarch64.rpm rh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.1.aarch64.rpm rh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.1.aarch64.rpm rh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.1.aarch64.rpm rh-nginx114-nginx-mod-mail-1.14.1-1.el7.1.aarch64.rpm rh-nginx114-nginx-mod-stream-1.14.1-1.el7.1.aarch64.rpm

    ppc64le: rh-nginx114-nginx-1.14.1-1.el7.1.ppc64le.rpm rh-nginx114-nginx-debuginfo-1.14.1-1.el7.1.ppc64le.rpm rh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.1.ppc64le.rpm rh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.1.ppc64le.rpm rh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.1.ppc64le.rpm rh-nginx114-nginx-mod-mail-1.14.1-1.el7.1.ppc64le.rpm rh-nginx114-nginx-mod-stream-1.14.1-1.el7.1.ppc64le.rpm

    s390x: rh-nginx114-nginx-1.14.1-1.el7.1.s390x.rpm rh-nginx114-nginx-debuginfo-1.14.1-1.el7.1.s390x.rpm rh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.1.s390x.rpm rh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.1.s390x.rpm rh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.1.s390x.rpm rh-nginx114-nginx-mod-mail-1.14.1-1.el7.1.s390x.rpm rh-nginx114-nginx-mod-stream-1.14.1-1.el7.1.s390x.rpm

    Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):

    Source: rh-nginx114-nginx-1.14.1-1.el7.1.src.rpm

    aarch64: rh-nginx114-nginx-1.14.1-1.el7.1.aarch64.rpm rh-nginx114-nginx-debuginfo-1.14.1-1.el7.1.aarch64.rpm rh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.1.aarch64.rpm rh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.1.aarch64.rpm rh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.1.aarch64.rpm rh-nginx114-nginx-mod-mail-1.14.1-1.el7.1.aarch64.rpm rh-nginx114-nginx-mod-stream-1.14.1-1.el7.1.aarch64.rpm

    ppc64le: rh-nginx114-nginx-1.14.1-1.el7.1.ppc64le.rpm rh-nginx114-nginx-debuginfo-1.14.1-1.el7.1.ppc64le.rpm rh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.1.ppc64le.rpm rh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.1.ppc64le.rpm rh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.1.ppc64le.rpm rh-nginx114-nginx-mod-mail-1.14.1-1.el7.1.ppc64le.rpm rh-nginx114-nginx-mod-stream-1.14.1-1.el7.1.ppc64le.rpm

    s390x: rh-nginx114-nginx-1.14.1-1.el7.1.s390x.rpm rh-nginx114-nginx-debuginfo-1.14.1-1.el7.1.s390x.rpm rh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.1.s390x.rpm rh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.1.s390x.rpm rh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.1.s390x.rpm rh-nginx114-nginx-mod-mail-1.14.1-1.el7.1.s390x.rpm rh-nginx114-nginx-mod-stream-1.14.1-1.el7.1.s390x.rpm

    x86_64: rh-nginx114-nginx-1.14.1-1.el7.1.x86_64.rpm rh-nginx114-nginx-debuginfo-1.14.1-1.el7.1.x86_64.rpm rh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.1.x86_64.rpm rh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.1.x86_64.rpm rh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.1.x86_64.rpm rh-nginx114-nginx-mod-mail-1.14.1-1.el7.1.x86_64.rpm rh-nginx114-nginx-mod-stream-1.14.1-1.el7.1.x86_64.rpm

    Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4):

    Source: rh-nginx114-nginx-1.14.1-1.el7.1.src.rpm

    ppc64le: rh-nginx114-nginx-1.14.1-1.el7.1.ppc64le.rpm rh-nginx114-nginx-debuginfo-1.14.1-1.el7.1.ppc64le.rpm rh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.1.ppc64le.rpm rh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.1.ppc64le.rpm rh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.1.ppc64le.rpm rh-nginx114-nginx-mod-mail-1.14.1-1.el7.1.ppc64le.rpm rh-nginx114-nginx-mod-stream-1.14.1-1.el7.1.ppc64le.rpm

    s390x: rh-nginx114-nginx-1.14.1-1.el7.1.s390x.rpm rh-nginx114-nginx-debuginfo-1.14.1-1.el7.1.s390x.rpm rh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.1.s390x.rpm rh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.1.s390x.rpm rh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.1.s390x.rpm rh-nginx114-nginx-mod-mail-1.14.1-1.el7.1.s390x.rpm rh-nginx114-nginx-mod-stream-1.14.1-1.el7.1.s390x.rpm

    x86_64: rh-nginx114-nginx-1.14.1-1.el7.1.x86_64.rpm rh-nginx114-nginx-debuginfo-1.14.1-1.el7.1.x86_64.rpm rh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.1.x86_64.rpm rh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.1.x86_64.rpm rh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.1.x86_64.rpm rh-nginx114-nginx-mod-mail-1.14.1-1.el7.1.x86_64.rpm rh-nginx114-nginx-mod-stream-1.14.1-1.el7.1.x86_64.rpm

    Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5):

    Source: rh-nginx114-nginx-1.14.1-1.el7.1.src.rpm

    ppc64le: rh-nginx114-nginx-1.14.1-1.el7.1.ppc64le.rpm rh-nginx114-nginx-debuginfo-1.14.1-1.el7.1.ppc64le.rpm rh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.1.ppc64le.rpm rh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.1.ppc64le.rpm rh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.1.ppc64le.rpm rh-nginx114-nginx-mod-mail-1.14.1-1.el7.1.ppc64le.rpm rh-nginx114-nginx-mod-stream-1.14.1-1.el7.1.ppc64le.rpm

    s390x: rh-nginx114-nginx-1.14.1-1.el7.1.s390x.rpm rh-nginx114-nginx-debuginfo-1.14.1-1.el7.1.s390x.rpm rh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.1.s390x.rpm rh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.1.s390x.rpm rh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.1.s390x.rpm rh-nginx114-nginx-mod-mail-1.14.1-1.el7.1.s390x.rpm rh-nginx114-nginx-mod-stream-1.14.1-1.el7.1.s390x.rpm

    x86_64: rh-nginx114-nginx-1.14.1-1.el7.1.x86_64.rpm rh-nginx114-nginx-debuginfo-1.14.1-1.el7.1.x86_64.rpm rh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.1.x86_64.rpm rh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.1.x86_64.rpm rh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.1.x86_64.rpm rh-nginx114-nginx-mod-mail-1.14.1-1.el7.1.x86_64.rpm rh-nginx114-nginx-mod-stream-1.14.1-1.el7.1.x86_64.rpm

    Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6):

    Source: rh-nginx114-nginx-1.14.1-1.el7.1.src.rpm

    ppc64le: rh-nginx114-nginx-1.14.1-1.el7.1.ppc64le.rpm rh-nginx114-nginx-debuginfo-1.14.1-1.el7.1.ppc64le.rpm rh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.1.ppc64le.rpm rh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.1.ppc64le.rpm rh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.1.ppc64le.rpm rh-nginx114-nginx-mod-mail-1.14.1-1.el7.1.ppc64le.rpm rh-nginx114-nginx-mod-stream-1.14.1-1.el7.1.ppc64le.rpm

    s390x: rh-nginx114-nginx-1.14.1-1.el7.1.s390x.rpm rh-nginx114-nginx-debuginfo-1.14.1-1.el7.1.s390x.rpm rh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.1.s390x.rpm rh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.1.s390x.rpm rh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.1.s390x.rpm rh-nginx114-nginx-mod-mail-1.14.1-1.el7.1.s390x.rpm rh-nginx114-nginx-mod-stream-1.14.1-1.el7.1.s390x.rpm

    x86_64: rh-nginx114-nginx-1.14.1-1.el7.1.x86_64.rpm rh-nginx114-nginx-debuginfo-1.14.1-1.el7.1.x86_64.rpm rh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.1.x86_64.rpm rh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.1.x86_64.rpm rh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.1.x86_64.rpm rh-nginx114-nginx-mod-mail-1.14.1-1.el7.1.x86_64.rpm rh-nginx114-nginx-mod-stream-1.14.1-1.el7.1.x86_64.rpm

    Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7):

    Source: rh-nginx114-nginx-1.14.1-1.el7.1.src.rpm

    ppc64le: rh-nginx114-nginx-1.14.1-1.el7.1.ppc64le.rpm rh-nginx114-nginx-debuginfo-1.14.1-1.el7.1.ppc64le.rpm rh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.1.ppc64le.rpm rh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.1.ppc64le.rpm rh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.1.ppc64le.rpm rh-nginx114-nginx-mod-mail-1.14.1-1.el7.1.ppc64le.rpm rh-nginx114-nginx-mod-stream-1.14.1-1.el7.1.ppc64le.rpm

    s390x: rh-nginx114-nginx-1.14.1-1.el7.1.s390x.rpm rh-nginx114-nginx-debuginfo-1.14.1-1.el7.1.s390x.rpm rh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.1.s390x.rpm rh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.1.s390x.rpm rh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.1.s390x.rpm rh-nginx114-nginx-mod-mail-1.14.1-1.el7.1.s390x.rpm rh-nginx114-nginx-mod-stream-1.14.1-1.el7.1.s390x.rpm

    x86_64: rh-nginx114-nginx-1.14.1-1.el7.1.x86_64.rpm rh-nginx114-nginx-debuginfo-1.14.1-1.el7.1.x86_64.rpm rh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.1.x86_64.rpm rh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.1.x86_64.rpm rh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.1.x86_64.rpm rh-nginx114-nginx-mod-mail-1.14.1-1.el7.1.x86_64.rpm rh-nginx114-nginx-mod-stream-1.14.1-1.el7.1.x86_64.rpm

    Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):

    Source: rh-nginx114-nginx-1.14.1-1.el7.1.src.rpm

    x86_64: rh-nginx114-nginx-1.14.1-1.el7.1.x86_64.rpm rh-nginx114-nginx-debuginfo-1.14.1-1.el7.1.x86_64.rpm rh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.1.x86_64.rpm rh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.1.x86_64.rpm rh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.1.x86_64.rpm rh-nginx114-nginx-mod-mail-1.14.1-1.el7.1.x86_64.rpm rh-nginx114-nginx-mod-stream-1.14.1-1.el7.1.x86_64.rpm

    These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

    1. References:

    https://access.redhat.com/security/cve/CVE-2019-9511 https://access.redhat.com/security/cve/CVE-2019-9513 https://access.redhat.com/security/cve/CVE-2019-9516 https://access.redhat.com/security/updates/classification/#important

    1. Contact:

    The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

    Copyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

    iQIVAwUBXYD0u9zjgjWX9erEAQh90w/7BWdh3Jxs9cP+P0kgwkv3Y0BLGblHx0B4 3BkFoa4B+/k2xrCOl+vy6cPip7PY7KVemOfv6g3BYlqAISOxU2lSjScEMwhdrh4g 2Ng7xkoUOoQ0KfXmVzMayVUkRwgam+utdacHnNgdGdYPwhCmticW0n5PfNakMOb6 CCmUZ91tfV7orMPiH+f1nBIulXok4zcOzdvZElSh97dmQcjoi+T5EoqbcFY8n5Ck Y+COohJ3X026oab73Tr2Kayju43TJGUdNR8lVmap4H8QkXqvbTrjd2YqXj8Zg7qr oNh7J2jnRec01+rYG8sL225+ZrdTtZ6c7kXQpUDh+jkjDImfJZz38HkI5/mRU+iS VSqP5PAhKvYlOXvIGIOoWtMXLDmnuzVEo/E/tScHc85Mp+6B5yM5r93dTGuRfjo1 yvSIftS3y7A8NtP7oJvpvVhcVAyc024X124PtojSoL+s5K60jzy06rky4WxIy0uh kqK1W/SowueKFreJjBo4N6ZZ6rjBZ8okZKqWjRCi56szhP3KJ4+563g5VfltLsd5 YqN9li8tUNzjrehVkZKEKfv6RkEQUuAbyAEVL6yFzVk3lTf1SgjlQhCNedWmD6N7 aeVU/tMNw4gMXXtmLPObL54HNUNgM799BLVzzna+wofr2iT7nnUZakCsfn+jHYk7 3Z3oFnpnL5o=L5z9 -----END PGP SIGNATURE-----

    -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . Description:

    Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. Solution:

    Before applying this update, ensure all previously released errata relevant to your system have been applied. JIRA issues fixed (https://issues.jboss.org/):

    JBEAP-17075 - (7.2.z) Upgrade yasson from 1.0.2.redhat-00001 to 1.0.5 JBEAP-17220 - (7.2.x) HHH-13504 Upgrade ByteBuddy to 1.9.11 JBEAP-17365 - GSS Upgrade RESTEasy from 3.6.1.SP6 to 3.6.1.SP7 JBEAP-17476 - GSS Upgrade Generic JMS RA 2.0.2.Final JBEAP-17478 - GSS Upgrade JBoss Remoting from 5.0.14.SP1 to 5.0.16.Final JBEAP-17483 - GSS Upgrade Apache CXF from 3.2.9 to 3.2.10 JBEAP-17495 - (7.2.z) Upgrade PicketLink from 2.5.5.SP12-redhat-00007 to 2.5.5.SP12-redhat-00009 JBEAP-17496 - (7.2.z) Upgrade PicketLink bindings from 2.5.5.SP12-redhat-00007 to 2.5.5.SP12-redhat-00009 JBEAP-17513 - GSS Upgrade Hibernate ORM from 5.3.11.SP1 to 5.3.13 JBEAP-17521 - (7.2.z) Upgrade picketbox from 5.0.3.Final-redhat-00004 to 5.0.3.Final-redhat-00005 JBEAP-17523 - GSS Upgrade wildfly-core from 6.0.16 to 6.0.17 JBEAP-17547 - GSS Upgrade Elytron-Tool from 1.4.3 to 1.4.4.Final JBEAP-17548 - GSS Upgrade Elytron from 1.6.4.Final-redhat-00001 to 1.6.5.Final-redhat-00001 JBEAP-17560 - GSS Upgrade HAL from 3.0.16 to 3.0.17 JBEAP-17579 - GSS Upgrade JBoss MSC from 1.4.8 to 1.4.11 JBEAP-17582 - GSS Upgrade JSF based on Mojarra 2.3.5.SP3-redhat-00002 to 2.3.5.SP3-redhat-00003 JBEAP-17605 - Tracker bug for the EAP 7.2.5 release for RHEL-8 JBEAP-17631 - GSS Upgrade Undertow from 2.0.25.SP1 to 2.0.26.SP3 JBEAP-17647 - GSS Upgrade IronJacamar from 1.4.17.Final to 1.4.18.Final JBEAP-17665 - GSS Upgrade XNIO from 3.7.3.Final-redhat-00001 to 3.7.6.Final JBEAP-17722 - GSS Upgrade wildfly-http-client from 1.0.15.Final-redhat-00001 to 1.0.17.Final JBEAP-17874 - (7.2.z) Upgrade to wildfly-openssl 1.0.8 JBEAP-17880 - (7.2.z) Upgrade XNIO from 3.7.6.Final-redhat-00001 to 3.7.6.SP1

    For the oldstable distribution (stretch), these problems have been fixed in version 1.10.3-1+deb9u3.

    For the stable distribution (buster), these problems have been fixed in version 1.14.2-2+deb10u1.

    We recommend that you upgrade your nginx packages.

    For the detailed security status of nginx please refer to its security tracker page at: https://security-tracker.debian.org/tracker/nginx

    Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/

    Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----

    iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl1e7q4ACgkQEMKTtsN8 TjanPg/+JLLuKVdUDpVPFNkX1ckmT5gsoCwzGz3ybhcDMxbf7jD8jtmXFiGFn4fP MXsx6MgrRZn3hq+2VF6MKZjKh9n1hBX38PkqjHKEtV6Xzor97xxLH0rrMlBMEQ7y rz96YTffJfcj+ykI3Vlye1GGDEiKyu0vWgoutXH3i8GUYFyDk//HQdI0eJLQhkfo TMRdbAKmMGeMt/8tSz4G0wewdxc9xjNwE1lKkV22JbT6t656f5QtvOLxt2HvM5c4 gFtFFBv7e1ymh0CKz4VxOxjEH+4ogx5HfzcYP2LjaZJsCFOw8ZUbdieFhlF0R2jH vskBuYLPa/djYHoZ55KY/WTmTsn72y7ZEuQcAdiHRVjg6wRFaum/KkdwutBBCeEj odvrGUcgdLLx4uAC7JOt9HME77Rgu1wTnx3l9L3QCwxIXpHqL8zOuSrSKYDuntDT agQ/awapEYYK5IAgo7YGkhHHHbTSLQ2UX9KfmyoPXJ+H9Vl/XjGhPwdDSEYNqrE9 IKQ8gaFCVOgjJo8lTa5NBsvxa08Gh6jQGZo8Rgfjs4KvUS847Cpb086BvU9pMs36 46+cLbkJ2jkfMLd4slZ5Gf2wkagUJmeZD5O7bY90Szs/IUOJez0LWaN3l7VSMtvY a3a/Y53cX1QYt60eiE6x/ifraOHzcsJglrUNmK8VPfJ9tSTFhWY=+ZOE -----END PGP SIGNATURE----- . The purpose of this text-only errata is to inform you about the security issues fixed in this release.

    Installation instructions are available from the Fuse 7.7.0 product documentation page: https://access.redhat.com/documentation/en-us/red_hat_fuse/7.7/

    1. Bugs fixed (https://bugzilla.redhat.com/):

    1343616 - CVE-2016-4970 netty: Infinite loop vulnerability when handling renegotiation using SslProvider.OpenSsl 1620529 - CVE-2018-1000632 dom4j: XML Injection in Class: Element. Methods: addElement, addAttribute which can impact the integrity of XML documents 1632452 - CVE-2018-3831 elasticsearch: Information exposure via _cluster/settings API 1637492 - CVE-2018-11797 pdfbox: unbounded computation in parser resulting in a denial of service 1638391 - CVE-2018-12541 vertx: WebSocket HTTP upgrade implementation holds the entire http request in memory before the handshake 1697598 - CVE-2019-3797 spring-data-jpa: Additional information exposure with Spring Data JPA derived queries 1700016 - CVE-2019-0231 mina-core: Retaining an open socket in close_notify SSL-TLS leading to Information disclosure. 1713468 - CVE-2019-12086 jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server. 1715075 - CVE-2019-10172 jackson-mapper-asl: XML external entity similar to CVE-2016-3720 1728604 - CVE-2019-9827 hawtio: server side request forgery via initial /proxy/ substring of a URI 1741860 - CVE-2019-9511 HTTP/2: large amount of data requests leads to denial of service 1752770 - CVE-2020-1757 undertow: servletPath is normalized incorrectly leading to dangerous application mapping which could result in security bypass 1755831 - CVE-2019-16335 jackson-databind: Serialization gadgets in com.zaxxer.hikari.HikariDataSource 1755849 - CVE-2019-14540 jackson-databind: Serialization gadgets in com.zaxxer.hikari.HikariConfig 1758167 - CVE-2019-17267 jackson-databind: Serialization gadgets in classes of the ehcache package 1758171 - CVE-2019-14892 jackson-databind: Serialization gadgets in classes of the commons-configuration package 1758182 - CVE-2019-14893 jackson-databind: Serialization gadgets in classes of the xalan package 1758187 - CVE-2019-16942 jackson-databind: Serialization gadgets in org.apache.commons.dbcp.datasources. 1758191 - CVE-2019-16943 jackson-databind: Serialization gadgets in com.p6spy.engine.spy.P6DataSource 1764658 - CVE-2019-12400 xml-security: Apache Santuario potentially loads XML parsing code from an untrusted source 1767483 - CVE-2019-10086 apache-commons-beanutils: does not suppresses the class property in PropertyUtilsBean by default 1772464 - CVE-2019-14888 undertow: possible Denial Of Service (DOS) in Undertow HTTP server listening on HTTPS 1775293 - CVE-2019-17531 jackson-databind: Serialization gadgets in org.apache.log4j.receivers.db. 1793154 - CVE-2019-20330 jackson-databind: lacks certain net.sf.ehcache blocking 1796225 - CVE-2020-7238 netty: HTTP Request Smuggling due to Transfer-Encoding whitespace mishandling 1797011 - CVE-2019-17573 cxf: reflected XSS in the services listing page 1798509 - CVE-2019-20445 netty: HttpObjectDecoder.java allows Content-Length header to accompanied by second Content-Length header 1798524 - CVE-2019-20444 netty: HTTP request smuggling 1807305 - CVE-2020-1745 undertow: AJP File Read/Inclusion Vulnerability 1815212 - CVE-2020-1953 apache-commons-configuration: uncontrolled class instantiation when loading YAML files 1815470 - CVE-2020-10673 jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution 1815495 - CVE-2020-10672 jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution 1816330 - CVE-2020-8840 jackson-databind: Lacks certain xbean-reflect/JNDI blocking 1816332 - CVE-2020-9546 jackson-databind: Serialization gadgets in shaded-hikari-config 1816337 - CVE-2020-9547 jackson-databind: Serialization gadgets in ibatis-sqlmap 1816340 - CVE-2020-9548 jackson-databind: Serialization gadgets in anteros-core 1819208 - CVE-2020-10968 jackson-databind: Serialization gadgets in org.aoju.bus.proxy.provider.*.RmiProvider 1819212 - CVE-2020-10969 jackson-databind: Serialization gadgets in javax.swing.JEditorPane 1821304 - CVE-2020-11111 jackson-databind: Serialization gadgets in org.apache.activemq.jms.pool.XaPooledConnectionFactory 1821311 - CVE-2020-11112 jackson-databind: Serialization gadgets in org.apache.commons.proxy.provider.remoting.RmiProvider 1821315 - CVE-2020-11113 jackson-databind: Serialization gadgets in org.apache.openjpa.ee.WASRegistryManagedRuntime 1826798 - CVE-2020-11620 jackson-databind: Serialization gadgets in commons-jelly:commons-jelly 1826805 - CVE-2020-11619 jackson-databind: Serialization gadgets in org.springframework:spring-aop 1848958 - CVE-2020-14195 jackson-databind: serialization in org.jsecurity.realm.jndi.JndiRealmFactory 1848960 - CVE-2020-14060 jackson-databind: serialization in oadd.org.apache.xalan.lib.sql.JNDIConnectionPool 1848962 - CVE-2020-14062 jackson-databind: serialization in com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool 1848966 - CVE-2020-14061 jackson-databind: serialization in weblogic/oracle-aqjms

    1. Description:

    AMQ Broker is a high-performance messaging implementation based on ActiveMQ Artemis. It uses an asynchronous journal for fast message persistence, and supports multiple languages, protocols, and platforms. Solution:

    Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.

    The References section of this erratum contains a download link (you must log in to download the update). Description:

    This release adds the new Apache HTTP Server 2.4.37 packages that are part of the JBoss Core Services offering.

    This release serves as a replacement for Red Hat JBoss Core Services Pack Apache Server 2.4.29 and includes bug fixes and enhancements. Refer to the Release Notes for information on the most significant bug fixes and enhancements included in this release. After installing the updated packages, the httpd daemon will be restarted automatically. 7) - noarch, x86_64

    1. Description:

    Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language.

    The following packages have been upgraded to a later upstream version: rh-nodejs10-nodejs (10.16.3). ========================================================================== Ubuntu Security Notice USN-6754-1 April 25, 2024

    nghttp2 vulnerabilities

    A security issue affects these releases of Ubuntu and its derivatives:

    • Ubuntu 23.10
    • Ubuntu 22.04 LTS
    • Ubuntu 20.04 LTS
    • Ubuntu 18.04 LTS (Available with Ubuntu Pro)
    • Ubuntu 16.04 LTS (Available with Ubuntu Pro)

    Summary:

    Several security issues were fixed in nghttp2.

    Software Description: - nghttp2: HTTP/2 C Library and tools

    Details:

    It was discovered that nghttp2 incorrectly handled the HTTP/2 implementation. A remote attacker could possibly use this issue to cause nghttp2 to consume resources, leading to a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2019-9511, CVE-2019-9513)

    It was discovered that nghttp2 incorrectly handled request cancellation. A remote attacker could possibly use this issue to cause nghttp2 to consume resources, leading to a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2023-44487)

    It was discovered that nghttp2 could be made to process an unlimited number of HTTP/2 CONTINUATION frames. A remote attacker could possibly use this issue to cause nghttp2 to consume resources, leading to a denial of service. (CVE-2024-28182)

    Update instructions:

    The problem can be corrected by updating your system to the following package versions:

    Ubuntu 23.10: libnghttp2-14 1.55.1-1ubuntu0.2 nghttp2 1.55.1-1ubuntu0.2 nghttp2-client 1.55.1-1ubuntu0.2 nghttp2-proxy 1.55.1-1ubuntu0.2 nghttp2-server 1.55.1-1ubuntu0.2

    Ubuntu 22.04 LTS: libnghttp2-14 1.43.0-1ubuntu0.2 nghttp2 1.43.0-1ubuntu0.2 nghttp2-client 1.43.0-1ubuntu0.2 nghttp2-proxy 1.43.0-1ubuntu0.2 nghttp2-server 1.43.0-1ubuntu0.2

    Ubuntu 20.04 LTS: libnghttp2-14 1.40.0-1ubuntu0.3 nghttp2 1.40.0-1ubuntu0.3 nghttp2-client 1.40.0-1ubuntu0.3 nghttp2-proxy 1.40.0-1ubuntu0.3 nghttp2-server 1.40.0-1ubuntu0.3

    Ubuntu 18.04 LTS (Available with Ubuntu Pro): libnghttp2-14 1.30.0-1ubuntu1+esm2 nghttp2 1.30.0-1ubuntu1+esm2 nghttp2-client 1.30.0-1ubuntu1+esm2 nghttp2-proxy 1.30.0-1ubuntu1+esm2 nghttp2-server 1.30.0-1ubuntu1+esm2

    Ubuntu 16.04 LTS (Available with Ubuntu Pro): libnghttp2-14 1.7.1-1ubuntu0.1~esm2 nghttp2 1.7.1-1ubuntu0.1~esm2 nghttp2-client 1.7.1-1ubuntu0.1~esm2 nghttp2-proxy 1.7.1-1ubuntu0.1~esm2 nghttp2-server 1.7.1-1ubuntu0.1~esm2

    In general, a standard system update will make all the necessary changes

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201908-0421",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "leap",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "opensuse",
            "version": "15.1"
          },
          {
            "model": "enterprise communications broker",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "3.1.0"
          },
          {
            "model": "linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "debian",
            "version": "10.0"
          },
          {
            "model": "web gateway",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "mcafee",
            "version": "7.7.2.0"
          },
          {
            "model": "web gateway",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "mcafee",
            "version": "7.7.2.24"
          },
          {
            "model": "vs960hd",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "synology",
            "version": null
          },
          {
            "model": "node.js",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "nodejs",
            "version": "8.16.1"
          },
          {
            "model": "node.js",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "nodejs",
            "version": "10.12.0"
          },
          {
            "model": "openshift service mesh",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": "1.0"
          },
          {
            "model": "software collections",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": "1.0"
          },
          {
            "model": "node.js",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "nodejs",
            "version": "8.9.0"
          },
          {
            "model": "fedora",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "fedoraproject",
            "version": "29"
          },
          {
            "model": "graalvm",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "19.2.0"
          },
          {
            "model": "node.js",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "nodejs",
            "version": "10.0.0"
          },
          {
            "model": "jboss enterprise application platform",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": "7.2.0"
          },
          {
            "model": "web gateway",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "mcafee",
            "version": "8.2.0"
          },
          {
            "model": "nginx",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "1.17.0"
          },
          {
            "model": "jboss enterprise application platform",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": "7.3.0"
          },
          {
            "model": "node.js",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "nodejs",
            "version": "12.0.0"
          },
          {
            "model": "node.js",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "nodejs",
            "version": "10.13.0"
          },
          {
            "model": "nginx",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "1.17.2"
          },
          {
            "model": "traffic server",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "apache",
            "version": "8.0.0"
          },
          {
            "model": "node.js",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "nodejs",
            "version": "8.0.0"
          },
          {
            "model": "enterprise communications broker",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "3.2.0"
          },
          {
            "model": "diskstation manager",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "synology",
            "version": "6.2"
          },
          {
            "model": "node.js",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "nodejs",
            "version": "12.8.1"
          },
          {
            "model": "swiftnio",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "apple",
            "version": "1.4.0"
          },
          {
            "model": "traffic server",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "apache",
            "version": "7.0.0"
          },
          {
            "model": "quay",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": "3.0.0"
          },
          {
            "model": "linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "debian",
            "version": "9.0"
          },
          {
            "model": "jboss core services",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": "1.0"
          },
          {
            "model": "traffic server",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "apache",
            "version": "7.1.6"
          },
          {
            "model": "enterprise linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": "8.0"
          },
          {
            "model": "web gateway",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "mcafee",
            "version": "8.1.0"
          },
          {
            "model": "node.js",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "nodejs",
            "version": "10.16.3"
          },
          {
            "model": "nginx",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "1.9.5"
          },
          {
            "model": "leap",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "opensuse",
            "version": "15.0"
          },
          {
            "model": "ubuntu linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "canonical",
            "version": "16.04"
          },
          {
            "model": "traffic server",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "apache",
            "version": "8.0.3"
          },
          {
            "model": "fedora",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "fedoraproject",
            "version": "30"
          },
          {
            "model": "web gateway",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "mcafee",
            "version": "7.8.2.13"
          },
          {
            "model": "ubuntu linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "canonical",
            "version": "18.04"
          },
          {
            "model": "skynas",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "synology",
            "version": null
          },
          {
            "model": "nginx",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "f5",
            "version": "1.16.1"
          },
          {
            "model": "swiftnio",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "apple",
            "version": "1.0.0"
          },
          {
            "model": "web gateway",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "mcafee",
            "version": "7.8.2.0"
          },
          {
            "model": "node.js",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "nodejs",
            "version": "8.8.1"
          },
          {
            "model": "ubuntu linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "canonical",
            "version": "19.04"
          },
          {
            "model": "traffic server",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "apache",
            "version": "6.0.0"
          },
          {
            "model": "traffic server",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "apache",
            "version": "6.2.3"
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "akamai",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "amazon",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "apache traffic server",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "apple",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "cloudflare",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "envoy",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "facebook",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "go programming language",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "litespeed",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "microsoft",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "netty",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "node js",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "synology",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "twisted",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "ubuntu",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "grpc",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "nghttp2",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "nginx",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#605641"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-9511"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:a:apple:swiftnio:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "1.4.0",
                        "versionStartIncluding": "1.0.0",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionStartIncluding": "10.12",
                        "vulnerable": false
                      },
                      {
                        "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionStartIncluding": "14.04",
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "8.0.3",
                    "versionStartIncluding": "8.0.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "7.1.6",
                    "versionStartIncluding": "7.0.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "6.2.3",
                    "versionStartIncluding": "6.0.0",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:synology:skynas:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:synology:diskstation_manager:6.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:synology:vs960hd_firmware:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:synology:vs960hd:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:redhat:software_collections:1.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:redhat:jboss_core_services:1.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.2.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:redhat:quay:3.0.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:redhat:openshift_service_mesh:1.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.3.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:oracle:graalvm:19.2.0:*:*:*:enterprise:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:mcafee:web_gateway:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "7.7.2.24",
                    "versionStartIncluding": "7.7.2.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:mcafee:web_gateway:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "7.8.2.13",
                    "versionStartIncluding": "7.8.2.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:mcafee:web_gateway:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "8.2.0",
                    "versionStartIncluding": "8.1.0",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "1.16.1",
                    "versionStartIncluding": "1.9.5",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "1.17.2",
                    "versionStartIncluding": "1.17.0",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:oracle:enterprise_communications_broker:3.1.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:oracle:enterprise_communications_broker:3.2.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "8.8.1",
                    "versionStartIncluding": "8.0.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "10.12.0",
                    "versionStartIncluding": "10.0.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "12.8.1",
                    "versionStartIncluding": "12.0.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "10.16.3",
                    "versionStartIncluding": "10.13.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "8.16.1",
                    "versionStartIncluding": "8.9.0",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2019-9511"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Red Hat",
        "sources": [
          {
            "db": "PACKETSTORM",
            "id": "154510"
          },
          {
            "db": "PACKETSTORM",
            "id": "155479"
          },
          {
            "db": "PACKETSTORM",
            "id": "158636"
          },
          {
            "db": "PACKETSTORM",
            "id": "157214"
          },
          {
            "db": "PACKETSTORM",
            "id": "155416"
          },
          {
            "db": "PACKETSTORM",
            "id": "154693"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2019-9511",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.8,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "HIGH",
                "trust": 1.0,
                "userInteractionRequired": false,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.8,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "VHN-160946",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "NVD",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 3.9,
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "cret@cert.org",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 3.9,
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2019-9511",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "cret@cert.org",
                "id": "CVE-2019-9511",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "VULHUB",
                "id": "VHN-160946",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-160946"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-9511"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-9511"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service. The attacker requests a large amount of data from a specified resource over multiple streams. They manipulate window size and stream priority to force the server to queue the data in 1-byte chunks. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both. Multiple HTTP/2 implementations are vulnerable to a variety of denial-of-service (DoS) attacks. HTTP/2 is the second version of the hypertext transfer protocol, which is mainly used to ensure the communication between the client and the server. A resource management error vulnerability exists in HTTP/2. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n====================================================================                   \nRed Hat Security Advisory\n\nSynopsis:          Important: rh-nginx114-nginx security update\nAdvisory ID:       RHSA-2019:2775-01\nProduct:           Red Hat Software Collections\nAdvisory URL:      https://access.redhat.com/errata/RHSA-2019:2775\nIssue date:        2019-09-16\nCVE Names:         CVE-2019-9511 CVE-2019-9513 CVE-2019-9516\n====================================================================\n1. Summary:\n\nAn update for rh-nginx114-nginx is now available for Red Hat Software\nCollections. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - aarch64, ppc64le, s390x, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4) - ppc64le, s390x, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5) - ppc64le, s390x, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6) - ppc64le, s390x, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7) - ppc64le, s390x, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - x86_64\n\n3. Description:\n\nnginx is a web and proxy server supporting HTTP and other protocols, with a\nfocus on high concurrency, performance, and low memory usage. \n\nSecurity Fix(es):\n\n* HTTP/2: large amount of data request leads to denial of service\n(CVE-2019-9511)\n\n* HTTP/2: flood using PRIORITY frames resulting in excessive resource\nconsumption (CVE-2019-9513)\n\n* HTTP/2: 0-length headers leads to denial of service (CVE-2019-9516)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe rh-nginx114-nginx service must be restarted for this update to take\neffect. \n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1735741 - CVE-2019-9513 HTTP/2: flood using PRIORITY frames resulting in excessive resource consumption\n1741860 - CVE-2019-9511 HTTP/2: large amount of data requests leads to denial of service\n1741864 - CVE-2019-9516 HTTP/2: 0-length headers lead to denial of service\n\n6. Package List:\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-nginx114-nginx-1.14.1-1.el7.1.src.rpm\n\naarch64:\nrh-nginx114-nginx-1.14.1-1.el7.1.aarch64.rpm\nrh-nginx114-nginx-debuginfo-1.14.1-1.el7.1.aarch64.rpm\nrh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.1.aarch64.rpm\nrh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.1.aarch64.rpm\nrh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.1.aarch64.rpm\nrh-nginx114-nginx-mod-mail-1.14.1-1.el7.1.aarch64.rpm\nrh-nginx114-nginx-mod-stream-1.14.1-1.el7.1.aarch64.rpm\n\nppc64le:\nrh-nginx114-nginx-1.14.1-1.el7.1.ppc64le.rpm\nrh-nginx114-nginx-debuginfo-1.14.1-1.el7.1.ppc64le.rpm\nrh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.1.ppc64le.rpm\nrh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.1.ppc64le.rpm\nrh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.1.ppc64le.rpm\nrh-nginx114-nginx-mod-mail-1.14.1-1.el7.1.ppc64le.rpm\nrh-nginx114-nginx-mod-stream-1.14.1-1.el7.1.ppc64le.rpm\n\ns390x:\nrh-nginx114-nginx-1.14.1-1.el7.1.s390x.rpm\nrh-nginx114-nginx-debuginfo-1.14.1-1.el7.1.s390x.rpm\nrh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.1.s390x.rpm\nrh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.1.s390x.rpm\nrh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.1.s390x.rpm\nrh-nginx114-nginx-mod-mail-1.14.1-1.el7.1.s390x.rpm\nrh-nginx114-nginx-mod-stream-1.14.1-1.el7.1.s390x.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-nginx114-nginx-1.14.1-1.el7.1.src.rpm\n\naarch64:\nrh-nginx114-nginx-1.14.1-1.el7.1.aarch64.rpm\nrh-nginx114-nginx-debuginfo-1.14.1-1.el7.1.aarch64.rpm\nrh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.1.aarch64.rpm\nrh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.1.aarch64.rpm\nrh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.1.aarch64.rpm\nrh-nginx114-nginx-mod-mail-1.14.1-1.el7.1.aarch64.rpm\nrh-nginx114-nginx-mod-stream-1.14.1-1.el7.1.aarch64.rpm\n\nppc64le:\nrh-nginx114-nginx-1.14.1-1.el7.1.ppc64le.rpm\nrh-nginx114-nginx-debuginfo-1.14.1-1.el7.1.ppc64le.rpm\nrh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.1.ppc64le.rpm\nrh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.1.ppc64le.rpm\nrh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.1.ppc64le.rpm\nrh-nginx114-nginx-mod-mail-1.14.1-1.el7.1.ppc64le.rpm\nrh-nginx114-nginx-mod-stream-1.14.1-1.el7.1.ppc64le.rpm\n\ns390x:\nrh-nginx114-nginx-1.14.1-1.el7.1.s390x.rpm\nrh-nginx114-nginx-debuginfo-1.14.1-1.el7.1.s390x.rpm\nrh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.1.s390x.rpm\nrh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.1.s390x.rpm\nrh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.1.s390x.rpm\nrh-nginx114-nginx-mod-mail-1.14.1-1.el7.1.s390x.rpm\nrh-nginx114-nginx-mod-stream-1.14.1-1.el7.1.s390x.rpm\n\nx86_64:\nrh-nginx114-nginx-1.14.1-1.el7.1.x86_64.rpm\nrh-nginx114-nginx-debuginfo-1.14.1-1.el7.1.x86_64.rpm\nrh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.1.x86_64.rpm\nrh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.1.x86_64.rpm\nrh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.1.x86_64.rpm\nrh-nginx114-nginx-mod-mail-1.14.1-1.el7.1.x86_64.rpm\nrh-nginx114-nginx-mod-stream-1.14.1-1.el7.1.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4):\n\nSource:\nrh-nginx114-nginx-1.14.1-1.el7.1.src.rpm\n\nppc64le:\nrh-nginx114-nginx-1.14.1-1.el7.1.ppc64le.rpm\nrh-nginx114-nginx-debuginfo-1.14.1-1.el7.1.ppc64le.rpm\nrh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.1.ppc64le.rpm\nrh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.1.ppc64le.rpm\nrh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.1.ppc64le.rpm\nrh-nginx114-nginx-mod-mail-1.14.1-1.el7.1.ppc64le.rpm\nrh-nginx114-nginx-mod-stream-1.14.1-1.el7.1.ppc64le.rpm\n\ns390x:\nrh-nginx114-nginx-1.14.1-1.el7.1.s390x.rpm\nrh-nginx114-nginx-debuginfo-1.14.1-1.el7.1.s390x.rpm\nrh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.1.s390x.rpm\nrh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.1.s390x.rpm\nrh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.1.s390x.rpm\nrh-nginx114-nginx-mod-mail-1.14.1-1.el7.1.s390x.rpm\nrh-nginx114-nginx-mod-stream-1.14.1-1.el7.1.s390x.rpm\n\nx86_64:\nrh-nginx114-nginx-1.14.1-1.el7.1.x86_64.rpm\nrh-nginx114-nginx-debuginfo-1.14.1-1.el7.1.x86_64.rpm\nrh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.1.x86_64.rpm\nrh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.1.x86_64.rpm\nrh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.1.x86_64.rpm\nrh-nginx114-nginx-mod-mail-1.14.1-1.el7.1.x86_64.rpm\nrh-nginx114-nginx-mod-stream-1.14.1-1.el7.1.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5):\n\nSource:\nrh-nginx114-nginx-1.14.1-1.el7.1.src.rpm\n\nppc64le:\nrh-nginx114-nginx-1.14.1-1.el7.1.ppc64le.rpm\nrh-nginx114-nginx-debuginfo-1.14.1-1.el7.1.ppc64le.rpm\nrh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.1.ppc64le.rpm\nrh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.1.ppc64le.rpm\nrh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.1.ppc64le.rpm\nrh-nginx114-nginx-mod-mail-1.14.1-1.el7.1.ppc64le.rpm\nrh-nginx114-nginx-mod-stream-1.14.1-1.el7.1.ppc64le.rpm\n\ns390x:\nrh-nginx114-nginx-1.14.1-1.el7.1.s390x.rpm\nrh-nginx114-nginx-debuginfo-1.14.1-1.el7.1.s390x.rpm\nrh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.1.s390x.rpm\nrh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.1.s390x.rpm\nrh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.1.s390x.rpm\nrh-nginx114-nginx-mod-mail-1.14.1-1.el7.1.s390x.rpm\nrh-nginx114-nginx-mod-stream-1.14.1-1.el7.1.s390x.rpm\n\nx86_64:\nrh-nginx114-nginx-1.14.1-1.el7.1.x86_64.rpm\nrh-nginx114-nginx-debuginfo-1.14.1-1.el7.1.x86_64.rpm\nrh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.1.x86_64.rpm\nrh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.1.x86_64.rpm\nrh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.1.x86_64.rpm\nrh-nginx114-nginx-mod-mail-1.14.1-1.el7.1.x86_64.rpm\nrh-nginx114-nginx-mod-stream-1.14.1-1.el7.1.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6):\n\nSource:\nrh-nginx114-nginx-1.14.1-1.el7.1.src.rpm\n\nppc64le:\nrh-nginx114-nginx-1.14.1-1.el7.1.ppc64le.rpm\nrh-nginx114-nginx-debuginfo-1.14.1-1.el7.1.ppc64le.rpm\nrh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.1.ppc64le.rpm\nrh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.1.ppc64le.rpm\nrh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.1.ppc64le.rpm\nrh-nginx114-nginx-mod-mail-1.14.1-1.el7.1.ppc64le.rpm\nrh-nginx114-nginx-mod-stream-1.14.1-1.el7.1.ppc64le.rpm\n\ns390x:\nrh-nginx114-nginx-1.14.1-1.el7.1.s390x.rpm\nrh-nginx114-nginx-debuginfo-1.14.1-1.el7.1.s390x.rpm\nrh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.1.s390x.rpm\nrh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.1.s390x.rpm\nrh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.1.s390x.rpm\nrh-nginx114-nginx-mod-mail-1.14.1-1.el7.1.s390x.rpm\nrh-nginx114-nginx-mod-stream-1.14.1-1.el7.1.s390x.rpm\n\nx86_64:\nrh-nginx114-nginx-1.14.1-1.el7.1.x86_64.rpm\nrh-nginx114-nginx-debuginfo-1.14.1-1.el7.1.x86_64.rpm\nrh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.1.x86_64.rpm\nrh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.1.x86_64.rpm\nrh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.1.x86_64.rpm\nrh-nginx114-nginx-mod-mail-1.14.1-1.el7.1.x86_64.rpm\nrh-nginx114-nginx-mod-stream-1.14.1-1.el7.1.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7):\n\nSource:\nrh-nginx114-nginx-1.14.1-1.el7.1.src.rpm\n\nppc64le:\nrh-nginx114-nginx-1.14.1-1.el7.1.ppc64le.rpm\nrh-nginx114-nginx-debuginfo-1.14.1-1.el7.1.ppc64le.rpm\nrh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.1.ppc64le.rpm\nrh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.1.ppc64le.rpm\nrh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.1.ppc64le.rpm\nrh-nginx114-nginx-mod-mail-1.14.1-1.el7.1.ppc64le.rpm\nrh-nginx114-nginx-mod-stream-1.14.1-1.el7.1.ppc64le.rpm\n\ns390x:\nrh-nginx114-nginx-1.14.1-1.el7.1.s390x.rpm\nrh-nginx114-nginx-debuginfo-1.14.1-1.el7.1.s390x.rpm\nrh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.1.s390x.rpm\nrh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.1.s390x.rpm\nrh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.1.s390x.rpm\nrh-nginx114-nginx-mod-mail-1.14.1-1.el7.1.s390x.rpm\nrh-nginx114-nginx-mod-stream-1.14.1-1.el7.1.s390x.rpm\n\nx86_64:\nrh-nginx114-nginx-1.14.1-1.el7.1.x86_64.rpm\nrh-nginx114-nginx-debuginfo-1.14.1-1.el7.1.x86_64.rpm\nrh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.1.x86_64.rpm\nrh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.1.x86_64.rpm\nrh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.1.x86_64.rpm\nrh-nginx114-nginx-mod-mail-1.14.1-1.el7.1.x86_64.rpm\nrh-nginx114-nginx-mod-stream-1.14.1-1.el7.1.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-nginx114-nginx-1.14.1-1.el7.1.src.rpm\n\nx86_64:\nrh-nginx114-nginx-1.14.1-1.el7.1.x86_64.rpm\nrh-nginx114-nginx-debuginfo-1.14.1-1.el7.1.x86_64.rpm\nrh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.1.x86_64.rpm\nrh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.1.x86_64.rpm\nrh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.1.x86_64.rpm\nrh-nginx114-nginx-mod-mail-1.14.1-1.el7.1.x86_64.rpm\nrh-nginx114-nginx-mod-stream-1.14.1-1.el7.1.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2019-9511\nhttps://access.redhat.com/security/cve/CVE-2019-9513\nhttps://access.redhat.com/security/cve/CVE-2019-9516\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2019 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBXYD0u9zjgjWX9erEAQh90w/7BWdh3Jxs9cP+P0kgwkv3Y0BLGblHx0B4\n3BkFoa4B+/k2xrCOl+vy6cPip7PY7KVemOfv6g3BYlqAISOxU2lSjScEMwhdrh4g\n2Ng7xkoUOoQ0KfXmVzMayVUkRwgam+utdacHnNgdGdYPwhCmticW0n5PfNakMOb6\nCCmUZ91tfV7orMPiH+f1nBIulXok4zcOzdvZElSh97dmQcjoi+T5EoqbcFY8n5Ck\nY+COohJ3X026oab73Tr2Kayju43TJGUdNR8lVmap4H8QkXqvbTrjd2YqXj8Zg7qr\noNh7J2jnRec01+rYG8sL225+ZrdTtZ6c7kXQpUDh+jkjDImfJZz38HkI5/mRU+iS\nVSqP5PAhKvYlOXvIGIOoWtMXLDmnuzVEo/E/tScHc85Mp+6B5yM5r93dTGuRfjo1\nyvSIftS3y7A8NtP7oJvpvVhcVAyc024X124PtojSoL+s5K60jzy06rky4WxIy0uh\nkqK1W/SowueKFreJjBo4N6ZZ6rjBZ8okZKqWjRCi56szhP3KJ4+563g5VfltLsd5\nYqN9li8tUNzjrehVkZKEKfv6RkEQUuAbyAEVL6yFzVk3lTf1SgjlQhCNedWmD6N7\naeVU/tMNw4gMXXtmLPObL54HNUNgM799BLVzzna+wofr2iT7nnUZakCsfn+jHYk7\n3Z3oFnpnL5o=L5z9\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. Description:\n\nRed Hat JBoss Enterprise Application Platform 7 is a platform for Java\napplications based on the WildFly application runtime. Solution:\n\nBefore applying this update, ensure all previously released errata relevant\nto your system have been applied. JIRA issues fixed (https://issues.jboss.org/):\n\nJBEAP-17075 - (7.2.z) Upgrade yasson from 1.0.2.redhat-00001 to 1.0.5\nJBEAP-17220 - (7.2.x) HHH-13504 Upgrade ByteBuddy to 1.9.11\nJBEAP-17365 - [GSS](7.2.z) Upgrade RESTEasy from 3.6.1.SP6 to 3.6.1.SP7\nJBEAP-17476 - [GSS](7.2.z) Upgrade Generic JMS RA 2.0.2.Final\nJBEAP-17478 - [GSS](7.2.z) Upgrade JBoss Remoting from 5.0.14.SP1 to 5.0.16.Final\nJBEAP-17483 - [GSS](7.2.z) Upgrade Apache CXF from 3.2.9 to 3.2.10\nJBEAP-17495 - (7.2.z) Upgrade PicketLink from 2.5.5.SP12-redhat-00007 to 2.5.5.SP12-redhat-00009\nJBEAP-17496 - (7.2.z) Upgrade PicketLink bindings from 2.5.5.SP12-redhat-00007 to 2.5.5.SP12-redhat-00009\nJBEAP-17513 - [GSS](7.2.z) Upgrade Hibernate ORM from 5.3.11.SP1 to 5.3.13\nJBEAP-17521 - (7.2.z) Upgrade picketbox from 5.0.3.Final-redhat-00004 to 5.0.3.Final-redhat-00005\nJBEAP-17523 - [GSS](7.2.z) Upgrade wildfly-core from 6.0.16 to 6.0.17\nJBEAP-17547 - [GSS](7.2.z) Upgrade Elytron-Tool from 1.4.3 to 1.4.4.Final\nJBEAP-17548 - [GSS](7.2.z) Upgrade Elytron from 1.6.4.Final-redhat-00001 to 1.6.5.Final-redhat-00001\nJBEAP-17560 - [GSS](7.2.z) Upgrade HAL from 3.0.16 to 3.0.17\nJBEAP-17579 - [GSS](7.2.z) Upgrade JBoss MSC from 1.4.8 to 1.4.11\nJBEAP-17582 - [GSS](7.2.z) Upgrade JSF based on Mojarra 2.3.5.SP3-redhat-00002 to 2.3.5.SP3-redhat-00003\nJBEAP-17605 - Tracker bug for the EAP 7.2.5 release for RHEL-8\nJBEAP-17631 - [GSS](7.2.z) Upgrade Undertow from 2.0.25.SP1 to 2.0.26.SP3\nJBEAP-17647 - [GSS](7.2.z) Upgrade IronJacamar from 1.4.17.Final to 1.4.18.Final\nJBEAP-17665 - [GSS](7.2.z) Upgrade XNIO from 3.7.3.Final-redhat-00001 to 3.7.6.Final\nJBEAP-17722 - [GSS](7.2.z) Upgrade wildfly-http-client from 1.0.15.Final-redhat-00001 to 1.0.17.Final\nJBEAP-17874 - (7.2.z) Upgrade to wildfly-openssl 1.0.8\nJBEAP-17880 - (7.2.z) Upgrade XNIO from 3.7.6.Final-redhat-00001 to 3.7.6.SP1\n\n7. \n\nFor the oldstable distribution (stretch), these problems have been fixed\nin version 1.10.3-1+deb9u3. \n\nFor the stable distribution (buster), these problems have been fixed in\nversion 1.14.2-2+deb10u1. \n\nWe recommend that you upgrade your nginx packages. \n\nFor the detailed security status of nginx please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/nginx\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl1e7q4ACgkQEMKTtsN8\nTjanPg/+JLLuKVdUDpVPFNkX1ckmT5gsoCwzGz3ybhcDMxbf7jD8jtmXFiGFn4fP\nMXsx6MgrRZn3hq+2VF6MKZjKh9n1hBX38PkqjHKEtV6Xzor97xxLH0rrMlBMEQ7y\nrz96YTffJfcj+ykI3Vlye1GGDEiKyu0vWgoutXH3i8GUYFyDk//HQdI0eJLQhkfo\nTMRdbAKmMGeMt/8tSz4G0wewdxc9xjNwE1lKkV22JbT6t656f5QtvOLxt2HvM5c4\ngFtFFBv7e1ymh0CKz4VxOxjEH+4ogx5HfzcYP2LjaZJsCFOw8ZUbdieFhlF0R2jH\nvskBuYLPa/djYHoZ55KY/WTmTsn72y7ZEuQcAdiHRVjg6wRFaum/KkdwutBBCeEj\nodvrGUcgdLLx4uAC7JOt9HME77Rgu1wTnx3l9L3QCwxIXpHqL8zOuSrSKYDuntDT\nagQ/awapEYYK5IAgo7YGkhHHHbTSLQ2UX9KfmyoPXJ+H9Vl/XjGhPwdDSEYNqrE9\nIKQ8gaFCVOgjJo8lTa5NBsvxa08Gh6jQGZo8Rgfjs4KvUS847Cpb086BvU9pMs36\n46+cLbkJ2jkfMLd4slZ5Gf2wkagUJmeZD5O7bY90Szs/IUOJez0LWaN3l7VSMtvY\na3a/Y53cX1QYt60eiE6x/ifraOHzcsJglrUNmK8VPfJ9tSTFhWY=+ZOE\n-----END PGP SIGNATURE-----\n. \nThe purpose of this text-only errata is to inform you about the security\nissues fixed in this release. \n\nInstallation instructions are available from the Fuse 7.7.0 product\ndocumentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.7/\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1343616 - CVE-2016-4970 netty: Infinite loop vulnerability when handling renegotiation using SslProvider.OpenSsl\n1620529 - CVE-2018-1000632 dom4j: XML Injection in Class: Element. Methods: addElement, addAttribute which can impact the integrity of XML documents\n1632452 - CVE-2018-3831 elasticsearch: Information exposure via _cluster/settings API\n1637492 - CVE-2018-11797 pdfbox: unbounded computation in parser resulting in a denial of service\n1638391 - CVE-2018-12541 vertx: WebSocket HTTP upgrade implementation holds the entire http request in memory before the handshake\n1697598 - CVE-2019-3797 spring-data-jpa: Additional information exposure with Spring Data JPA derived queries\n1700016 - CVE-2019-0231 mina-core: Retaining an open socket in close_notify SSL-TLS leading to Information disclosure. \n1713468 - CVE-2019-12086 jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server. \n1715075 - CVE-2019-10172 jackson-mapper-asl: XML external entity similar to CVE-2016-3720\n1728604 - CVE-2019-9827 hawtio: server side request forgery via initial /proxy/ substring of a URI\n1741860 - CVE-2019-9511 HTTP/2: large amount of data requests leads to denial of service\n1752770 - CVE-2020-1757 undertow: servletPath is normalized incorrectly leading to dangerous application mapping which could result in security bypass\n1755831 - CVE-2019-16335 jackson-databind: Serialization gadgets in com.zaxxer.hikari.HikariDataSource\n1755849 - CVE-2019-14540 jackson-databind: Serialization gadgets in com.zaxxer.hikari.HikariConfig\n1758167 - CVE-2019-17267 jackson-databind: Serialization gadgets in classes of the ehcache package\n1758171 - CVE-2019-14892 jackson-databind: Serialization gadgets in classes of the commons-configuration package\n1758182 - CVE-2019-14893 jackson-databind: Serialization gadgets in classes of the xalan package\n1758187 - CVE-2019-16942 jackson-databind: Serialization gadgets in org.apache.commons.dbcp.datasources.*\n1758191 - CVE-2019-16943 jackson-databind: Serialization gadgets in com.p6spy.engine.spy.P6DataSource\n1764658 - CVE-2019-12400 xml-security: Apache Santuario potentially loads XML parsing code from an untrusted source\n1767483 - CVE-2019-10086 apache-commons-beanutils: does not suppresses the class property in PropertyUtilsBean by default\n1772464 - CVE-2019-14888 undertow: possible Denial Of Service (DOS) in Undertow HTTP server listening on HTTPS\n1775293 - CVE-2019-17531 jackson-databind: Serialization gadgets in org.apache.log4j.receivers.db.*\n1793154 - CVE-2019-20330 jackson-databind: lacks certain net.sf.ehcache blocking\n1796225 - CVE-2020-7238 netty: HTTP Request Smuggling due to Transfer-Encoding whitespace mishandling\n1797011 - CVE-2019-17573 cxf: reflected XSS in the services listing page\n1798509 - CVE-2019-20445 netty: HttpObjectDecoder.java allows Content-Length header to accompanied by second Content-Length header\n1798524 - CVE-2019-20444 netty: HTTP request smuggling\n1807305 - CVE-2020-1745 undertow: AJP File Read/Inclusion Vulnerability\n1815212 - CVE-2020-1953 apache-commons-configuration: uncontrolled class instantiation when loading YAML files\n1815470 - CVE-2020-10673 jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution\n1815495 - CVE-2020-10672 jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution\n1816330 - CVE-2020-8840 jackson-databind: Lacks certain xbean-reflect/JNDI blocking\n1816332 - CVE-2020-9546 jackson-databind: Serialization gadgets in shaded-hikari-config\n1816337 - CVE-2020-9547 jackson-databind: Serialization gadgets in ibatis-sqlmap\n1816340 - CVE-2020-9548 jackson-databind: Serialization gadgets in anteros-core\n1819208 - CVE-2020-10968 jackson-databind: Serialization gadgets in org.aoju.bus.proxy.provider.*.RmiProvider\n1819212 - CVE-2020-10969 jackson-databind: Serialization gadgets in javax.swing.JEditorPane\n1821304 - CVE-2020-11111 jackson-databind: Serialization gadgets in org.apache.activemq.jms.pool.XaPooledConnectionFactory\n1821311 - CVE-2020-11112 jackson-databind: Serialization gadgets in org.apache.commons.proxy.provider.remoting.RmiProvider\n1821315 - CVE-2020-11113 jackson-databind: Serialization gadgets in org.apache.openjpa.ee.WASRegistryManagedRuntime\n1826798 - CVE-2020-11620 jackson-databind: Serialization gadgets in commons-jelly:commons-jelly\n1826805 - CVE-2020-11619 jackson-databind: Serialization gadgets in org.springframework:spring-aop\n1848958 - CVE-2020-14195 jackson-databind: serialization in org.jsecurity.realm.jndi.JndiRealmFactory\n1848960 - CVE-2020-14060 jackson-databind: serialization in oadd.org.apache.xalan.lib.sql.JNDIConnectionPool\n1848962 - CVE-2020-14062 jackson-databind: serialization in com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool\n1848966 - CVE-2020-14061 jackson-databind: serialization in weblogic/oracle-aqjms\n\n5. Description:\n\nAMQ Broker is a high-performance messaging implementation based on ActiveMQ\nArtemis. It uses an asynchronous journal for fast message persistence, and\nsupports multiple languages, protocols, and platforms. Solution:\n\nBefore applying the update, back up your existing installation, including\nall applications, configuration files, databases and database settings, and\nso on. \n\nThe References section of this erratum contains a download link (you must\nlog in to download the update). Description:\n\nThis release adds the new Apache HTTP Server 2.4.37 packages that are part\nof the JBoss Core Services offering. \n\nThis release serves as a replacement for Red Hat JBoss Core Services Pack\nApache Server 2.4.29 and includes bug fixes and enhancements. Refer to the\nRelease Notes for information on the most significant bug fixes and\nenhancements included in this release. After installing the updated\npackages, the httpd daemon will be restarted automatically. 7) - noarch, x86_64\n\n3. Description:\n\nNode.js is a software development platform for building fast and scalable\nnetwork applications in the JavaScript programming language. \n\nThe following packages have been upgraded to a later upstream version:\nrh-nodejs10-nodejs (10.16.3). ==========================================================================\nUbuntu Security Notice USN-6754-1\nApril 25, 2024\n\nnghttp2 vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 23.10\n- Ubuntu 22.04 LTS\n- Ubuntu 20.04 LTS\n- Ubuntu 18.04 LTS (Available with Ubuntu Pro)\n- Ubuntu 16.04 LTS (Available with Ubuntu Pro)\n\nSummary:\n\nSeveral security issues were fixed in nghttp2. \n\nSoftware Description:\n- nghttp2: HTTP/2 C Library and tools\n\nDetails:\n\nIt was discovered that nghttp2 incorrectly handled the HTTP/2\nimplementation. A remote attacker could possibly use this issue to cause\nnghttp2 to consume resources, leading to a denial of service. This issue\nonly affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2019-9511,\nCVE-2019-9513)\n\nIt was discovered that nghttp2 incorrectly handled request cancellation. A\nremote attacker could possibly use this issue to cause nghttp2 to consume\nresources, leading to a denial of service. This issue only affected Ubuntu\n16.04 LTS and Ubuntu 18.04 LTS. (CVE-2023-44487)\n\nIt was discovered that nghttp2 could be made to process an unlimited number\nof HTTP/2 CONTINUATION frames. A remote attacker could possibly use this\nissue to cause nghttp2 to consume resources, leading to a denial of\nservice. (CVE-2024-28182)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 23.10:\n   libnghttp2-14                   1.55.1-1ubuntu0.2\n   nghttp2                         1.55.1-1ubuntu0.2\n   nghttp2-client                  1.55.1-1ubuntu0.2\n   nghttp2-proxy                   1.55.1-1ubuntu0.2\n   nghttp2-server                  1.55.1-1ubuntu0.2\n\nUbuntu 22.04 LTS:\n   libnghttp2-14                   1.43.0-1ubuntu0.2\n   nghttp2                         1.43.0-1ubuntu0.2\n   nghttp2-client                  1.43.0-1ubuntu0.2\n   nghttp2-proxy                   1.43.0-1ubuntu0.2\n   nghttp2-server                  1.43.0-1ubuntu0.2\n\nUbuntu 20.04 LTS:\n   libnghttp2-14                   1.40.0-1ubuntu0.3\n   nghttp2                         1.40.0-1ubuntu0.3\n   nghttp2-client                  1.40.0-1ubuntu0.3\n   nghttp2-proxy                   1.40.0-1ubuntu0.3\n   nghttp2-server                  1.40.0-1ubuntu0.3\n\nUbuntu 18.04 LTS (Available with Ubuntu Pro):\n   libnghttp2-14                   1.30.0-1ubuntu1+esm2\n   nghttp2                         1.30.0-1ubuntu1+esm2\n   nghttp2-client                  1.30.0-1ubuntu1+esm2\n   nghttp2-proxy                   1.30.0-1ubuntu1+esm2\n   nghttp2-server                  1.30.0-1ubuntu1+esm2\n\nUbuntu 16.04 LTS (Available with Ubuntu Pro):\n   libnghttp2-14                   1.7.1-1ubuntu0.1~esm2\n   nghttp2                         1.7.1-1ubuntu0.1~esm2\n   nghttp2-client                  1.7.1-1ubuntu0.1~esm2\n   nghttp2-proxy                   1.7.1-1ubuntu0.1~esm2\n   nghttp2-server                  1.7.1-1ubuntu0.1~esm2\n\nIn general, a standard system update will make all the necessary changes",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2019-9511"
          },
          {
            "db": "CERT/CC",
            "id": "VU#605641"
          },
          {
            "db": "VULHUB",
            "id": "VHN-160946"
          },
          {
            "db": "PACKETSTORM",
            "id": "154510"
          },
          {
            "db": "PACKETSTORM",
            "id": "155479"
          },
          {
            "db": "PACKETSTORM",
            "id": "154190"
          },
          {
            "db": "PACKETSTORM",
            "id": "158636"
          },
          {
            "db": "PACKETSTORM",
            "id": "157214"
          },
          {
            "db": "PACKETSTORM",
            "id": "155416"
          },
          {
            "db": "PACKETSTORM",
            "id": "154693"
          },
          {
            "db": "PACKETSTORM",
            "id": "168812"
          },
          {
            "db": "PACKETSTORM",
            "id": "178284"
          }
        ],
        "trust": 2.52
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2019-9511",
            "trust": 2.0
          },
          {
            "db": "CERT/CC",
            "id": "VU#605641",
            "trust": 1.9
          },
          {
            "db": "MCAFEE",
            "id": "SB10296",
            "trust": 1.1
          },
          {
            "db": "PACKETSTORM",
            "id": "158636",
            "trust": 0.2
          },
          {
            "db": "PACKETSTORM",
            "id": "154693",
            "trust": 0.2
          },
          {
            "db": "PACKETSTORM",
            "id": "154510",
            "trust": 0.2
          },
          {
            "db": "PACKETSTORM",
            "id": "154190",
            "trust": 0.2
          },
          {
            "db": "PACKETSTORM",
            "id": "154725",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "154284",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "154401",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "154712",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "154117",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "154663",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "154471",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "154699",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "154533",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "154470",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "154848",
            "trust": 0.1
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201908-924",
            "trust": 0.1
          },
          {
            "db": "VULHUB",
            "id": "VHN-160946",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "155479",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "157214",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "155416",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "168812",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "178284",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#605641"
          },
          {
            "db": "VULHUB",
            "id": "VHN-160946"
          },
          {
            "db": "PACKETSTORM",
            "id": "154510"
          },
          {
            "db": "PACKETSTORM",
            "id": "155479"
          },
          {
            "db": "PACKETSTORM",
            "id": "154190"
          },
          {
            "db": "PACKETSTORM",
            "id": "158636"
          },
          {
            "db": "PACKETSTORM",
            "id": "157214"
          },
          {
            "db": "PACKETSTORM",
            "id": "155416"
          },
          {
            "db": "PACKETSTORM",
            "id": "154693"
          },
          {
            "db": "PACKETSTORM",
            "id": "168812"
          },
          {
            "db": "PACKETSTORM",
            "id": "178284"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-9511"
          }
        ]
      },
      "id": "VAR-201908-0421",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-160946"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2024-07-23T19:49:30.261000Z",
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-770",
            "trust": 1.1
          },
          {
            "problemtype": "CWE-400",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-160946"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-9511"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.9,
            "url": "https://github.com/netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md"
          },
          {
            "trust": 1.9,
            "url": "https://www.synology.com/security/advisory/synology_sa_19_33"
          },
          {
            "trust": 1.6,
            "url": "https://blogs.akamai.com/sitr/2019/08/http2-vulnerabilities.html"
          },
          {
            "trust": 1.2,
            "url": "https://access.redhat.com/errata/rhsa-2019:2775"
          },
          {
            "trust": 1.2,
            "url": "https://access.redhat.com/errata/rhsa-2019:2939"
          },
          {
            "trust": 1.2,
            "url": "https://access.redhat.com/errata/rhsa-2019:3933"
          },
          {
            "trust": 1.2,
            "url": "https://access.redhat.com/errata/rhsa-2019:4020"
          },
          {
            "trust": 1.1,
            "url": "https://seclists.org/bugtraq/2019/aug/40"
          },
          {
            "trust": 1.1,
            "url": "https://seclists.org/bugtraq/2019/sep/1"
          },
          {
            "trust": 1.1,
            "url": "https://kb.cert.org/vuls/id/605641/"
          },
          {
            "trust": 1.1,
            "url": "https://security.netapp.com/advisory/ntap-20190823-0002/"
          },
          {
            "trust": 1.1,
            "url": "https://security.netapp.com/advisory/ntap-20190823-0005/"
          },
          {
            "trust": 1.1,
            "url": "https://support.f5.com/csp/article/k02591030"
          },
          {
            "trust": 1.1,
            "url": "https://www.debian.org/security/2019/dsa-4505"
          },
          {
            "trust": 1.1,
            "url": "https://www.debian.org/security/2019/dsa-4511"
          },
          {
            "trust": 1.1,
            "url": "https://www.debian.org/security/2020/dsa-4669"
          },
          {
            "trust": 1.1,
            "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
          },
          {
            "trust": 1.1,
            "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
          },
          {
            "trust": 1.1,
            "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
          },
          {
            "trust": 1.1,
            "url": "https://access.redhat.com/errata/rhsa-2019:2692"
          },
          {
            "trust": 1.1,
            "url": "https://access.redhat.com/errata/rhsa-2019:2745"
          },
          {
            "trust": 1.1,
            "url": "https://access.redhat.com/errata/rhsa-2019:2746"
          },
          {
            "trust": 1.1,
            "url": "https://access.redhat.com/errata/rhsa-2019:2799"
          },
          {
            "trust": 1.1,
            "url": "https://access.redhat.com/errata/rhsa-2019:2925"
          },
          {
            "trust": 1.1,
            "url": "https://access.redhat.com/errata/rhsa-2019:2949"
          },
          {
            "trust": 1.1,
            "url": "https://access.redhat.com/errata/rhsa-2019:2955"
          },
          {
            "trust": 1.1,
            "url": "https://access.redhat.com/errata/rhsa-2019:2966"
          },
          {
            "trust": 1.1,
            "url": "https://access.redhat.com/errata/rhsa-2019:3041"
          },
          {
            "trust": 1.1,
            "url": "https://access.redhat.com/errata/rhsa-2019:3932"
          },
          {
            "trust": 1.1,
            "url": "https://access.redhat.com/errata/rhsa-2019:3935"
          },
          {
            "trust": 1.1,
            "url": "https://access.redhat.com/errata/rhsa-2019:4018"
          },
          {
            "trust": 1.1,
            "url": "https://access.redhat.com/errata/rhsa-2019:4019"
          },
          {
            "trust": 1.1,
            "url": "https://access.redhat.com/errata/rhsa-2019:4021"
          },
          {
            "trust": 1.1,
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00032.html"
          },
          {
            "trust": 1.1,
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00031.html"
          },
          {
            "trust": 1.1,
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00035.html"
          },
          {
            "trust": 1.1,
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00003.html"
          },
          {
            "trust": 1.1,
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00005.html"
          },
          {
            "trust": 1.1,
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00014.html"
          },
          {
            "trust": 1.1,
            "url": "https://usn.ubuntu.com/4099-1/"
          },
          {
            "trust": 1.0,
            "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10296"
          },
          {
            "trust": 1.0,
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/bp556leg3wenhzi5taq6zebftjb4e2is/"
          },
          {
            "trust": 1.0,
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/jubyaf6ed3o4xchq5c2hyenjlxyxzc4m/"
          },
          {
            "trust": 1.0,
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/lzluypyy3rx4zjdwzrjiksulyrj4pxw7/"
          },
          {
            "trust": 1.0,
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/popaec4fwl4uu4ldegpy5npalu24ffqd/"
          },
          {
            "trust": 1.0,
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/tazzevtcn2b4wt6aibj7xgyjmbtorju5/"
          },
          {
            "trust": 1.0,
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/xhtku7yq5eep2xnsav4m4vj7qcbojmod/"
          },
          {
            "trust": 1.0,
            "url": "https://support.f5.com/csp/article/k02591030?utm_source=f5support\u0026amp%3butm_medium=rss"
          },
          {
            "trust": 0.9,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9511"
          },
          {
            "trust": 0.8,
            "url": "https://vuls.cert.org/confluence/pages/viewpage.action?pageid=56393752"
          },
          {
            "trust": 0.8,
            "url": "https://tools.ietf.org/html/rfc7540"
          },
          {
            "trust": 0.8,
            "url": "https://tools.ietf.org/html/rfc7541"
          },
          {
            "trust": 0.8,
            "url": "https://blog.cloudflare.com/on-the-recent-http-2-dos-attacks/"
          },
          {
            "trust": 0.8,
            "url": "https://blog.litespeedtech.com/2019/08/15/litespeed-addresses-http-2-dos-advisories/"
          },
          {
            "trust": 0.8,
            "url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-9511https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-9512https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-9513https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-9514https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-9518"
          },
          {
            "trust": 0.6,
            "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
          },
          {
            "trust": 0.6,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9513"
          },
          {
            "trust": 0.6,
            "url": "https://access.redhat.com/security/cve/cve-2019-9511"
          },
          {
            "trust": 0.6,
            "url": "https://bugzilla.redhat.com/):"
          },
          {
            "trust": 0.6,
            "url": "https://access.redhat.com/security/team/contact/"
          },
          {
            "trust": 0.6,
            "url": "https://access.redhat.com/security/updates/classification/#important"
          },
          {
            "trust": 0.5,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9516"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/team/key/"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2019-9516"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/articles/11258"
          },
          {
            "trust": 0.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9514"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2019-9513"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9515"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2019-9512"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2019-9514"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2019-9515"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9512"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9517"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2019-9517"
          },
          {
            "trust": 0.2,
            "url": "https://www.debian.org/security/faq"
          },
          {
            "trust": 0.2,
            "url": "https://www.debian.org/security/"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2019-20444"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20445"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20444"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2019-20445"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2020-7238"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2019-9518"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9518"
          },
          {
            "trust": 0.1,
            "url": "https://kc.mcafee.com/corporate/index?page=content\u0026amp;id=sb10296"
          },
          {
            "trust": 0.1,
            "url": "https://support.f5.com/csp/article/k02591030?utm_source=f5support\u0026amp;amp;utm_medium=rss"
          },
          {
            "trust": 0.1,
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/bp556leg3wenhzi5taq6zebftjb4e2is/"
          },
          {
            "trust": 0.1,
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/xhtku7yq5eep2xnsav4m4vj7qcbojmod/"
          },
          {
            "trust": 0.1,
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/popaec4fwl4uu4ldegpy5npalu24ffqd/"
          },
          {
            "trust": 0.1,
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/lzluypyy3rx4zjdwzrjiksulyrj4pxw7/"
          },
          {
            "trust": 0.1,
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/jubyaf6ed3o4xchq5c2hyenjlxyxzc4m/"
          },
          {
            "trust": 0.1,
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/tazzevtcn2b4wt6aibj7xgyjmbtorju5/"
          },
          {
            "trust": 0.1,
            "url": "https://issues.jboss.org/):"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14843"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-14838"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.2/html-single/installation_guide/"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.2/"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-14843"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14838"
          },
          {
            "trust": 0.1,
            "url": "https://security-tracker.debian.org/tracker/nginx"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-16335"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-11797"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-11112"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-11113"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-10968"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-9546"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-14060"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-16943"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-10672"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-17573"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-11619"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-10172"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-10672"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-20330"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-12086"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2018-1000632"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-1000632"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-12400"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2018-3831"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-0231"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20330"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2018-11797"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-10673"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=jboss.fuse\u0026version=7.7.0"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-17531"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-16335"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-10086"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-14062"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2018-12541"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-3797"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2016-4970"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-17531"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-9827"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-14540"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-17267"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-1745"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/documentation/en-us/red_hat_fuse/7.7/"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-10172"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-12086"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-16942"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14892"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4970"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-9548"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-1953"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-1757"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-16943"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-10969"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-11620"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-0231"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-17267"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-14893"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-11111"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9827"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-9547"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-17573"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-16942"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14893"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-3831"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-14888"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-12400"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-14892"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-14061"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-10086"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-12541"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14540"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-8840"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2020:3192"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-14195"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-3797"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14888"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-0222"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-10247"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=jboss.amq.broker\u0026version=7.4.3"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-16869"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-0222"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-7238"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2020:1445"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-10241"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-10247"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-16869"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-10241"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/documentation/en-us/red_hat_amq/7.4/"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-0197"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-5407"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-17199"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-17189"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2018-0737"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2018-17199"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-0737"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-0217"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-0734"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-0217"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-0197"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2018-17189"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2018-5407"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-0196"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-0196"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2018-0734"
          },
          {
            "trust": 0.1,
            "url": "https://security-tracker.debian.org/tracker/nodejs"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-15606"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-15604"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-15605"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/nghttp2/1.40.0-1ubuntu0.3"
          },
          {
            "trust": 0.1,
            "url": "https://ubuntu.com/security/notices/usn-6754-1"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2023-44487"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/nghttp2/1.43.0-1ubuntu0.2"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/nghttp2/1.55.1-1ubuntu0.2"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2024-28182"
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#605641"
          },
          {
            "db": "VULHUB",
            "id": "VHN-160946"
          },
          {
            "db": "PACKETSTORM",
            "id": "154510"
          },
          {
            "db": "PACKETSTORM",
            "id": "155479"
          },
          {
            "db": "PACKETSTORM",
            "id": "154190"
          },
          {
            "db": "PACKETSTORM",
            "id": "158636"
          },
          {
            "db": "PACKETSTORM",
            "id": "157214"
          },
          {
            "db": "PACKETSTORM",
            "id": "155416"
          },
          {
            "db": "PACKETSTORM",
            "id": "154693"
          },
          {
            "db": "PACKETSTORM",
            "id": "168812"
          },
          {
            "db": "PACKETSTORM",
            "id": "178284"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-9511"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CERT/CC",
            "id": "VU#605641"
          },
          {
            "db": "VULHUB",
            "id": "VHN-160946"
          },
          {
            "db": "PACKETSTORM",
            "id": "154510"
          },
          {
            "db": "PACKETSTORM",
            "id": "155479"
          },
          {
            "db": "PACKETSTORM",
            "id": "154190"
          },
          {
            "db": "PACKETSTORM",
            "id": "158636"
          },
          {
            "db": "PACKETSTORM",
            "id": "157214"
          },
          {
            "db": "PACKETSTORM",
            "id": "155416"
          },
          {
            "db": "PACKETSTORM",
            "id": "154693"
          },
          {
            "db": "PACKETSTORM",
            "id": "168812"
          },
          {
            "db": "PACKETSTORM",
            "id": "178284"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-9511"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-08-13T00:00:00",
            "db": "CERT/CC",
            "id": "VU#605641"
          },
          {
            "date": "2019-08-13T00:00:00",
            "db": "VULHUB",
            "id": "VHN-160946"
          },
          {
            "date": "2019-09-17T20:58:22",
            "db": "PACKETSTORM",
            "id": "154510"
          },
          {
            "date": "2019-11-27T15:37:53",
            "db": "PACKETSTORM",
            "id": "155479"
          },
          {
            "date": "2019-08-22T20:20:23",
            "db": "PACKETSTORM",
            "id": "154190"
          },
          {
            "date": "2020-07-29T00:05:59",
            "db": "PACKETSTORM",
            "id": "158636"
          },
          {
            "date": "2020-04-14T15:39:41",
            "db": "PACKETSTORM",
            "id": "157214"
          },
          {
            "date": "2019-11-20T20:55:55",
            "db": "PACKETSTORM",
            "id": "155416"
          },
          {
            "date": "2019-09-30T22:22:22",
            "db": "PACKETSTORM",
            "id": "154693"
          },
          {
            "date": "2020-04-28T19:12:00",
            "db": "PACKETSTORM",
            "id": "168812"
          },
          {
            "date": "2024-04-26T15:13:40",
            "db": "PACKETSTORM",
            "id": "178284"
          },
          {
            "date": "2019-08-13T21:15:12.223000",
            "db": "NVD",
            "id": "CVE-2019-9511"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-11-19T00:00:00",
            "db": "CERT/CC",
            "id": "VU#605641"
          },
          {
            "date": "2020-10-22T00:00:00",
            "db": "VULHUB",
            "id": "VHN-160946"
          },
          {
            "date": "2023-11-07T03:13:41.610000",
            "db": "NVD",
            "id": "CVE-2019-9511"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "PACKETSTORM",
            "id": "178284"
          }
        ],
        "trust": 0.1
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "HTTP/2 implementations do not robustly handle abnormal traffic and resource exhaustion",
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#605641"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "xss",
        "sources": [
          {
            "db": "PACKETSTORM",
            "id": "158636"
          },
          {
            "db": "PACKETSTORM",
            "id": "157214"
          }
        ],
        "trust": 0.2
      }
    }

    VAR-201908-0260

    Vulnerability from variot - Updated: 2024-07-23 19:32

    Some HTTP/2 implementations are vulnerable to unconstrained interal data buffering, potentially leading to a denial of service. The attacker opens the HTTP/2 window so the peer can send without constraint; however, they leave the TCP window closed so the peer cannot actually write (many of) the bytes on the wire. The attacker then sends a stream of requests for a large response object. Depending on how the servers queue the responses, this can consume excess memory, CPU, or both. Multiple HTTP/2 implementations are vulnerable to a variety of denial-of-service (DoS) attacks. Apple SwiftNIO and Apache Traffic Server Used in HTTP/2 Contains a resource exhaustion vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. HTTP/2 is the second version of the hypertext transfer protocol, which is mainly used to ensure the communication between the client and the server. A resource management error vulnerability exists in HTTP/2. 8) - aarch64, noarch, ppc64le, s390x, x86_64

    1. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

    ====================================================================
    Red Hat Security Advisory

    Synopsis: Important: httpd24-httpd and httpd24-nghttp2 security update Advisory ID: RHSA-2019:2949-01 Product: Red Hat Software Collections Advisory URL: https://access.redhat.com/errata/RHSA-2019:2949 Issue date: 2019-10-01 CVE Names: CVE-2019-9511 CVE-2019-9513 CVE-2019-9517 ==================================================================== 1. Summary:

    An update for httpd24-httpd and httpd24-nghttp2 is now available for Red Hat Software Collections.

    Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

    1. Relevant releases/architectures:

    Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - noarch, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - aarch64, noarch, ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5) - noarch, ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6) - noarch, ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7) - noarch, ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - noarch, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64

    1. Description:

    The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.

    Security Fix(es):

    • HTTP/2: large amount of data requests leads to denial of service (CVE-2019-9511)

    • HTTP/2: flood using PRIORITY frames resulting in excessive resource consumption (CVE-2019-9513)

    • HTTP/2: request for large response leads to denial of service (CVE-2019-9517)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

    1. Solution:

    For details on how to apply this update, which includes the changes described in this advisory, refer to:

    https://access.redhat.com/articles/11258

    After installing the updated packages, the httpd daemon will be restarted automatically.

    1. Bugs fixed (https://bugzilla.redhat.com/):

    1735741 - CVE-2019-9513 HTTP/2: flood using PRIORITY frames results in excessive resource consumption 1741860 - CVE-2019-9511 HTTP/2: large amount of data requests leads to denial of service 1741868 - CVE-2019-9517 HTTP/2: request for large response leads to denial of service

    1. Package List:

    Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6):

    Source: httpd24-httpd-2.4.34-8.el6.1.src.rpm httpd24-nghttp2-1.7.1-7.el6.1.src.rpm

    noarch: httpd24-httpd-manual-2.4.34-8.el6.1.noarch.rpm

    x86_64: httpd24-httpd-2.4.34-8.el6.1.x86_64.rpm httpd24-httpd-debuginfo-2.4.34-8.el6.1.x86_64.rpm httpd24-httpd-devel-2.4.34-8.el6.1.x86_64.rpm httpd24-httpd-tools-2.4.34-8.el6.1.x86_64.rpm httpd24-libnghttp2-1.7.1-7.el6.1.x86_64.rpm httpd24-libnghttp2-devel-1.7.1-7.el6.1.x86_64.rpm httpd24-mod_ldap-2.4.34-8.el6.1.x86_64.rpm httpd24-mod_proxy_html-2.4.34-8.el6.1.x86_64.rpm httpd24-mod_session-2.4.34-8.el6.1.x86_64.rpm httpd24-mod_ssl-2.4.34-8.el6.1.x86_64.rpm httpd24-nghttp2-1.7.1-7.el6.1.x86_64.rpm httpd24-nghttp2-debuginfo-1.7.1-7.el6.1.x86_64.rpm

    Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6):

    Source: httpd24-httpd-2.4.34-8.el6.1.src.rpm httpd24-nghttp2-1.7.1-7.el6.1.src.rpm

    noarch: httpd24-httpd-manual-2.4.34-8.el6.1.noarch.rpm

    x86_64: httpd24-httpd-2.4.34-8.el6.1.x86_64.rpm httpd24-httpd-debuginfo-2.4.34-8.el6.1.x86_64.rpm httpd24-httpd-devel-2.4.34-8.el6.1.x86_64.rpm httpd24-httpd-tools-2.4.34-8.el6.1.x86_64.rpm httpd24-libnghttp2-1.7.1-7.el6.1.x86_64.rpm httpd24-libnghttp2-devel-1.7.1-7.el6.1.x86_64.rpm httpd24-mod_ldap-2.4.34-8.el6.1.x86_64.rpm httpd24-mod_proxy_html-2.4.34-8.el6.1.x86_64.rpm httpd24-mod_session-2.4.34-8.el6.1.x86_64.rpm httpd24-mod_ssl-2.4.34-8.el6.1.x86_64.rpm httpd24-nghttp2-1.7.1-7.el6.1.x86_64.rpm httpd24-nghttp2-debuginfo-1.7.1-7.el6.1.x86_64.rpm

    Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):

    Source: httpd24-httpd-2.4.34-8.el7.1.src.rpm httpd24-nghttp2-1.7.1-7.el7.1.src.rpm

    aarch64: httpd24-httpd-2.4.34-8.el7.1.aarch64.rpm httpd24-httpd-debuginfo-2.4.34-8.el7.1.aarch64.rpm httpd24-httpd-devel-2.4.34-8.el7.1.aarch64.rpm httpd24-httpd-tools-2.4.34-8.el7.1.aarch64.rpm httpd24-libnghttp2-1.7.1-7.el7.1.aarch64.rpm httpd24-libnghttp2-devel-1.7.1-7.el7.1.aarch64.rpm httpd24-mod_ldap-2.4.34-8.el7.1.aarch64.rpm httpd24-mod_md-2.4.34-8.el7.1.aarch64.rpm httpd24-mod_proxy_html-2.4.34-8.el7.1.aarch64.rpm httpd24-mod_session-2.4.34-8.el7.1.aarch64.rpm httpd24-mod_ssl-2.4.34-8.el7.1.aarch64.rpm httpd24-nghttp2-1.7.1-7.el7.1.aarch64.rpm httpd24-nghttp2-debuginfo-1.7.1-7.el7.1.aarch64.rpm

    noarch: httpd24-httpd-manual-2.4.34-8.el7.1.noarch.rpm

    ppc64le: httpd24-httpd-2.4.34-8.el7.1.ppc64le.rpm httpd24-httpd-debuginfo-2.4.34-8.el7.1.ppc64le.rpm httpd24-httpd-devel-2.4.34-8.el7.1.ppc64le.rpm httpd24-httpd-tools-2.4.34-8.el7.1.ppc64le.rpm httpd24-libnghttp2-1.7.1-7.el7.1.ppc64le.rpm httpd24-libnghttp2-devel-1.7.1-7.el7.1.ppc64le.rpm httpd24-mod_ldap-2.4.34-8.el7.1.ppc64le.rpm httpd24-mod_md-2.4.34-8.el7.1.ppc64le.rpm httpd24-mod_proxy_html-2.4.34-8.el7.1.ppc64le.rpm httpd24-mod_session-2.4.34-8.el7.1.ppc64le.rpm httpd24-mod_ssl-2.4.34-8.el7.1.ppc64le.rpm httpd24-nghttp2-1.7.1-7.el7.1.ppc64le.rpm httpd24-nghttp2-debuginfo-1.7.1-7.el7.1.ppc64le.rpm

    s390x: httpd24-httpd-2.4.34-8.el7.1.s390x.rpm httpd24-httpd-debuginfo-2.4.34-8.el7.1.s390x.rpm httpd24-httpd-devel-2.4.34-8.el7.1.s390x.rpm httpd24-httpd-tools-2.4.34-8.el7.1.s390x.rpm httpd24-libnghttp2-1.7.1-7.el7.1.s390x.rpm httpd24-libnghttp2-devel-1.7.1-7.el7.1.s390x.rpm httpd24-mod_ldap-2.4.34-8.el7.1.s390x.rpm httpd24-mod_md-2.4.34-8.el7.1.s390x.rpm httpd24-mod_proxy_html-2.4.34-8.el7.1.s390x.rpm httpd24-mod_session-2.4.34-8.el7.1.s390x.rpm httpd24-mod_ssl-2.4.34-8.el7.1.s390x.rpm httpd24-nghttp2-1.7.1-7.el7.1.s390x.rpm httpd24-nghttp2-debuginfo-1.7.1-7.el7.1.s390x.rpm

    Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):

    Source: httpd24-httpd-2.4.34-8.el7.1.src.rpm httpd24-nghttp2-1.7.1-7.el7.1.src.rpm

    aarch64: httpd24-httpd-2.4.34-8.el7.1.aarch64.rpm httpd24-httpd-debuginfo-2.4.34-8.el7.1.aarch64.rpm httpd24-httpd-devel-2.4.34-8.el7.1.aarch64.rpm httpd24-httpd-tools-2.4.34-8.el7.1.aarch64.rpm httpd24-libnghttp2-1.7.1-7.el7.1.aarch64.rpm httpd24-libnghttp2-devel-1.7.1-7.el7.1.aarch64.rpm httpd24-mod_ldap-2.4.34-8.el7.1.aarch64.rpm httpd24-mod_md-2.4.34-8.el7.1.aarch64.rpm httpd24-mod_proxy_html-2.4.34-8.el7.1.aarch64.rpm httpd24-mod_session-2.4.34-8.el7.1.aarch64.rpm httpd24-mod_ssl-2.4.34-8.el7.1.aarch64.rpm httpd24-nghttp2-1.7.1-7.el7.1.aarch64.rpm httpd24-nghttp2-debuginfo-1.7.1-7.el7.1.aarch64.rpm

    noarch: httpd24-httpd-manual-2.4.34-8.el7.1.noarch.rpm

    ppc64le: httpd24-httpd-2.4.34-8.el7.1.ppc64le.rpm httpd24-httpd-debuginfo-2.4.34-8.el7.1.ppc64le.rpm httpd24-httpd-devel-2.4.34-8.el7.1.ppc64le.rpm httpd24-httpd-tools-2.4.34-8.el7.1.ppc64le.rpm httpd24-libnghttp2-1.7.1-7.el7.1.ppc64le.rpm httpd24-libnghttp2-devel-1.7.1-7.el7.1.ppc64le.rpm httpd24-mod_ldap-2.4.34-8.el7.1.ppc64le.rpm httpd24-mod_md-2.4.34-8.el7.1.ppc64le.rpm httpd24-mod_proxy_html-2.4.34-8.el7.1.ppc64le.rpm httpd24-mod_session-2.4.34-8.el7.1.ppc64le.rpm httpd24-mod_ssl-2.4.34-8.el7.1.ppc64le.rpm httpd24-nghttp2-1.7.1-7.el7.1.ppc64le.rpm httpd24-nghttp2-debuginfo-1.7.1-7.el7.1.ppc64le.rpm

    s390x: httpd24-httpd-2.4.34-8.el7.1.s390x.rpm httpd24-httpd-debuginfo-2.4.34-8.el7.1.s390x.rpm httpd24-httpd-devel-2.4.34-8.el7.1.s390x.rpm httpd24-httpd-tools-2.4.34-8.el7.1.s390x.rpm httpd24-libnghttp2-1.7.1-7.el7.1.s390x.rpm httpd24-libnghttp2-devel-1.7.1-7.el7.1.s390x.rpm httpd24-mod_ldap-2.4.34-8.el7.1.s390x.rpm httpd24-mod_md-2.4.34-8.el7.1.s390x.rpm httpd24-mod_proxy_html-2.4.34-8.el7.1.s390x.rpm httpd24-mod_session-2.4.34-8.el7.1.s390x.rpm httpd24-mod_ssl-2.4.34-8.el7.1.s390x.rpm httpd24-nghttp2-1.7.1-7.el7.1.s390x.rpm httpd24-nghttp2-debuginfo-1.7.1-7.el7.1.s390x.rpm

    x86_64: httpd24-httpd-2.4.34-8.el7.1.x86_64.rpm httpd24-httpd-debuginfo-2.4.34-8.el7.1.x86_64.rpm httpd24-httpd-devel-2.4.34-8.el7.1.x86_64.rpm httpd24-httpd-tools-2.4.34-8.el7.1.x86_64.rpm httpd24-libnghttp2-1.7.1-7.el7.1.x86_64.rpm httpd24-libnghttp2-devel-1.7.1-7.el7.1.x86_64.rpm httpd24-mod_ldap-2.4.34-8.el7.1.x86_64.rpm httpd24-mod_md-2.4.34-8.el7.1.x86_64.rpm httpd24-mod_proxy_html-2.4.34-8.el7.1.x86_64.rpm httpd24-mod_session-2.4.34-8.el7.1.x86_64.rpm httpd24-mod_ssl-2.4.34-8.el7.1.x86_64.rpm httpd24-nghttp2-1.7.1-7.el7.1.x86_64.rpm httpd24-nghttp2-debuginfo-1.7.1-7.el7.1.x86_64.rpm

    Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5):

    Source: httpd24-httpd-2.4.34-8.el7.1.src.rpm httpd24-nghttp2-1.7.1-7.el7.1.src.rpm

    noarch: httpd24-httpd-manual-2.4.34-8.el7.1.noarch.rpm

    ppc64le: httpd24-httpd-2.4.34-8.el7.1.ppc64le.rpm httpd24-httpd-debuginfo-2.4.34-8.el7.1.ppc64le.rpm httpd24-httpd-devel-2.4.34-8.el7.1.ppc64le.rpm httpd24-httpd-tools-2.4.34-8.el7.1.ppc64le.rpm httpd24-libnghttp2-1.7.1-7.el7.1.ppc64le.rpm httpd24-libnghttp2-devel-1.7.1-7.el7.1.ppc64le.rpm httpd24-mod_ldap-2.4.34-8.el7.1.ppc64le.rpm httpd24-mod_md-2.4.34-8.el7.1.ppc64le.rpm httpd24-mod_proxy_html-2.4.34-8.el7.1.ppc64le.rpm httpd24-mod_session-2.4.34-8.el7.1.ppc64le.rpm httpd24-mod_ssl-2.4.34-8.el7.1.ppc64le.rpm httpd24-nghttp2-1.7.1-7.el7.1.ppc64le.rpm httpd24-nghttp2-debuginfo-1.7.1-7.el7.1.ppc64le.rpm

    s390x: httpd24-httpd-2.4.34-8.el7.1.s390x.rpm httpd24-httpd-debuginfo-2.4.34-8.el7.1.s390x.rpm httpd24-httpd-devel-2.4.34-8.el7.1.s390x.rpm httpd24-httpd-tools-2.4.34-8.el7.1.s390x.rpm httpd24-libnghttp2-1.7.1-7.el7.1.s390x.rpm httpd24-libnghttp2-devel-1.7.1-7.el7.1.s390x.rpm httpd24-mod_ldap-2.4.34-8.el7.1.s390x.rpm httpd24-mod_md-2.4.34-8.el7.1.s390x.rpm httpd24-mod_proxy_html-2.4.34-8.el7.1.s390x.rpm httpd24-mod_session-2.4.34-8.el7.1.s390x.rpm httpd24-mod_ssl-2.4.34-8.el7.1.s390x.rpm httpd24-nghttp2-1.7.1-7.el7.1.s390x.rpm httpd24-nghttp2-debuginfo-1.7.1-7.el7.1.s390x.rpm

    x86_64: httpd24-httpd-2.4.34-8.el7.1.x86_64.rpm httpd24-httpd-debuginfo-2.4.34-8.el7.1.x86_64.rpm httpd24-httpd-devel-2.4.34-8.el7.1.x86_64.rpm httpd24-httpd-tools-2.4.34-8.el7.1.x86_64.rpm httpd24-libnghttp2-1.7.1-7.el7.1.x86_64.rpm httpd24-libnghttp2-devel-1.7.1-7.el7.1.x86_64.rpm httpd24-mod_ldap-2.4.34-8.el7.1.x86_64.rpm httpd24-mod_md-2.4.34-8.el7.1.x86_64.rpm httpd24-mod_proxy_html-2.4.34-8.el7.1.x86_64.rpm httpd24-mod_session-2.4.34-8.el7.1.x86_64.rpm httpd24-mod_ssl-2.4.34-8.el7.1.x86_64.rpm httpd24-nghttp2-1.7.1-7.el7.1.x86_64.rpm httpd24-nghttp2-debuginfo-1.7.1-7.el7.1.x86_64.rpm

    Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6):

    Source: httpd24-httpd-2.4.34-8.el7.1.src.rpm httpd24-nghttp2-1.7.1-7.el7.1.src.rpm

    noarch: httpd24-httpd-manual-2.4.34-8.el7.1.noarch.rpm

    ppc64le: httpd24-httpd-2.4.34-8.el7.1.ppc64le.rpm httpd24-httpd-debuginfo-2.4.34-8.el7.1.ppc64le.rpm httpd24-httpd-devel-2.4.34-8.el7.1.ppc64le.rpm httpd24-httpd-tools-2.4.34-8.el7.1.ppc64le.rpm httpd24-libnghttp2-1.7.1-7.el7.1.ppc64le.rpm httpd24-libnghttp2-devel-1.7.1-7.el7.1.ppc64le.rpm httpd24-mod_ldap-2.4.34-8.el7.1.ppc64le.rpm httpd24-mod_md-2.4.34-8.el7.1.ppc64le.rpm httpd24-mod_proxy_html-2.4.34-8.el7.1.ppc64le.rpm httpd24-mod_session-2.4.34-8.el7.1.ppc64le.rpm httpd24-mod_ssl-2.4.34-8.el7.1.ppc64le.rpm httpd24-nghttp2-1.7.1-7.el7.1.ppc64le.rpm httpd24-nghttp2-debuginfo-1.7.1-7.el7.1.ppc64le.rpm

    s390x: httpd24-httpd-2.4.34-8.el7.1.s390x.rpm httpd24-httpd-debuginfo-2.4.34-8.el7.1.s390x.rpm httpd24-httpd-devel-2.4.34-8.el7.1.s390x.rpm httpd24-httpd-tools-2.4.34-8.el7.1.s390x.rpm httpd24-libnghttp2-1.7.1-7.el7.1.s390x.rpm httpd24-libnghttp2-devel-1.7.1-7.el7.1.s390x.rpm httpd24-mod_ldap-2.4.34-8.el7.1.s390x.rpm httpd24-mod_md-2.4.34-8.el7.1.s390x.rpm httpd24-mod_proxy_html-2.4.34-8.el7.1.s390x.rpm httpd24-mod_session-2.4.34-8.el7.1.s390x.rpm httpd24-mod_ssl-2.4.34-8.el7.1.s390x.rpm httpd24-nghttp2-1.7.1-7.el7.1.s390x.rpm httpd24-nghttp2-debuginfo-1.7.1-7.el7.1.s390x.rpm

    x86_64: httpd24-httpd-2.4.34-8.el7.1.x86_64.rpm httpd24-httpd-debuginfo-2.4.34-8.el7.1.x86_64.rpm httpd24-httpd-devel-2.4.34-8.el7.1.x86_64.rpm httpd24-httpd-tools-2.4.34-8.el7.1.x86_64.rpm httpd24-libnghttp2-1.7.1-7.el7.1.x86_64.rpm httpd24-libnghttp2-devel-1.7.1-7.el7.1.x86_64.rpm httpd24-mod_ldap-2.4.34-8.el7.1.x86_64.rpm httpd24-mod_md-2.4.34-8.el7.1.x86_64.rpm httpd24-mod_proxy_html-2.4.34-8.el7.1.x86_64.rpm httpd24-mod_session-2.4.34-8.el7.1.x86_64.rpm httpd24-mod_ssl-2.4.34-8.el7.1.x86_64.rpm httpd24-nghttp2-1.7.1-7.el7.1.x86_64.rpm httpd24-nghttp2-debuginfo-1.7.1-7.el7.1.x86_64.rpm

    Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7):

    Source: httpd24-httpd-2.4.34-8.el7.1.src.rpm httpd24-nghttp2-1.7.1-7.el7.1.src.rpm

    noarch: httpd24-httpd-manual-2.4.34-8.el7.1.noarch.rpm

    ppc64le: httpd24-httpd-2.4.34-8.el7.1.ppc64le.rpm httpd24-httpd-debuginfo-2.4.34-8.el7.1.ppc64le.rpm httpd24-httpd-devel-2.4.34-8.el7.1.ppc64le.rpm httpd24-httpd-tools-2.4.34-8.el7.1.ppc64le.rpm httpd24-libnghttp2-1.7.1-7.el7.1.ppc64le.rpm httpd24-libnghttp2-devel-1.7.1-7.el7.1.ppc64le.rpm httpd24-mod_ldap-2.4.34-8.el7.1.ppc64le.rpm httpd24-mod_md-2.4.34-8.el7.1.ppc64le.rpm httpd24-mod_proxy_html-2.4.34-8.el7.1.ppc64le.rpm httpd24-mod_session-2.4.34-8.el7.1.ppc64le.rpm httpd24-mod_ssl-2.4.34-8.el7.1.ppc64le.rpm httpd24-nghttp2-1.7.1-7.el7.1.ppc64le.rpm httpd24-nghttp2-debuginfo-1.7.1-7.el7.1.ppc64le.rpm

    s390x: httpd24-httpd-2.4.34-8.el7.1.s390x.rpm httpd24-httpd-debuginfo-2.4.34-8.el7.1.s390x.rpm httpd24-httpd-devel-2.4.34-8.el7.1.s390x.rpm httpd24-httpd-tools-2.4.34-8.el7.1.s390x.rpm httpd24-libnghttp2-1.7.1-7.el7.1.s390x.rpm httpd24-libnghttp2-devel-1.7.1-7.el7.1.s390x.rpm httpd24-mod_ldap-2.4.34-8.el7.1.s390x.rpm httpd24-mod_md-2.4.34-8.el7.1.s390x.rpm httpd24-mod_proxy_html-2.4.34-8.el7.1.s390x.rpm httpd24-mod_session-2.4.34-8.el7.1.s390x.rpm httpd24-mod_ssl-2.4.34-8.el7.1.s390x.rpm httpd24-nghttp2-1.7.1-7.el7.1.s390x.rpm httpd24-nghttp2-debuginfo-1.7.1-7.el7.1.s390x.rpm

    x86_64: httpd24-httpd-2.4.34-8.el7.1.x86_64.rpm httpd24-httpd-debuginfo-2.4.34-8.el7.1.x86_64.rpm httpd24-httpd-devel-2.4.34-8.el7.1.x86_64.rpm httpd24-httpd-tools-2.4.34-8.el7.1.x86_64.rpm httpd24-libnghttp2-1.7.1-7.el7.1.x86_64.rpm httpd24-libnghttp2-devel-1.7.1-7.el7.1.x86_64.rpm httpd24-mod_ldap-2.4.34-8.el7.1.x86_64.rpm httpd24-mod_md-2.4.34-8.el7.1.x86_64.rpm httpd24-mod_proxy_html-2.4.34-8.el7.1.x86_64.rpm httpd24-mod_session-2.4.34-8.el7.1.x86_64.rpm httpd24-mod_ssl-2.4.34-8.el7.1.x86_64.rpm httpd24-nghttp2-1.7.1-7.el7.1.x86_64.rpm httpd24-nghttp2-debuginfo-1.7.1-7.el7.1.x86_64.rpm

    Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):

    Source: httpd24-httpd-2.4.34-8.el7.1.src.rpm httpd24-nghttp2-1.7.1-7.el7.1.src.rpm

    noarch: httpd24-httpd-manual-2.4.34-8.el7.1.noarch.rpm

    x86_64: httpd24-httpd-2.4.34-8.el7.1.x86_64.rpm httpd24-httpd-debuginfo-2.4.34-8.el7.1.x86_64.rpm httpd24-httpd-devel-2.4.34-8.el7.1.x86_64.rpm httpd24-httpd-tools-2.4.34-8.el7.1.x86_64.rpm httpd24-libnghttp2-1.7.1-7.el7.1.x86_64.rpm httpd24-libnghttp2-devel-1.7.1-7.el7.1.x86_64.rpm httpd24-mod_ldap-2.4.34-8.el7.1.x86_64.rpm httpd24-mod_md-2.4.34-8.el7.1.x86_64.rpm httpd24-mod_proxy_html-2.4.34-8.el7.1.x86_64.rpm httpd24-mod_session-2.4.34-8.el7.1.x86_64.rpm httpd24-mod_ssl-2.4.34-8.el7.1.x86_64.rpm httpd24-nghttp2-1.7.1-7.el7.1.x86_64.rpm httpd24-nghttp2-debuginfo-1.7.1-7.el7.1.x86_64.rpm

    These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

    1. References:

    https://access.redhat.com/security/cve/CVE-2019-9511 https://access.redhat.com/security/cve/CVE-2019-9513 https://access.redhat.com/security/cve/CVE-2019-9517 https://access.redhat.com/security/updates/classification/#important

    1. Contact:

    The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

    Copyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

    iQIVAwUBXZM+I9zjgjWX9erEAQhZww/+KbkqyDmqC5wyM0PG3/ZbsAg8Odywrvl7 P6oFYg8/Dsb5Tdrf6kZgHb6TFPYRqdptH5WTmLVedjvkvYgOeseVyzUCcjUgxP3S GjH1rGHQosMyRG82dyB3nexUnjJsDPQZ7kAnT3QS7WwzluY+jzBmQb54nEyfOK+2 Cm7MQbRJGS9igNGWlrbJpWA1caZkLDWpXxBNwmf1lh6LR/xOlbbEn3OnU4VFnIeI dbqAOP8DXSMvTFDvUuqZTJw2IjnWAYm2CJ3hi/BdRiAbsRtiIjFrQ3A3EaObt3ip P+FEXawj7/NzwMEFZu5Los+bJBH21Gdr44d0iS1FQYYC41rz0g1KVHizFVkFT2Hh m2YI65XlEd393dQMCtfrZIArZt87dBkU4JCBvKPYQ9+cF3PMR5ZzHSI2iSJ67iZM TWxkZv5mrI7DXZooOMfrW7aX8eyKk9PZy/iU24Iu8rJ4d9WZto9oDXZb4RwrurfV 2HB7wOpDz3duWsCJojE8lbpWJ8PswajfaruJq/jX7Za++v7F7GyTbSOgsAQAfDY2 XUTGiYzbrZmaIKaP3REWwTn+xTJBh8mqvUA2E+KvZzSn8fBEry8GIUsIKmxxzsz2 uqDSPyZ4Q5UO1nwLXpghkz/S1/JJztzbpLn1BJuISsTmR12R5a2Zrd8wcqpn9SOl I52/ZH/L3O8=N7om -----END PGP SIGNATURE-----

    -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . ========================================================================= Ubuntu Security Notice USN-4113-2 September 17, 2019

    apache2 regression

    A security issue affects these releases of Ubuntu and its derivatives:

    • Ubuntu 19.04
    • Ubuntu 18.04 LTS
    • Ubuntu 16.04 LTS

    Summary:

    USN-4113-1 introduced a regression in Apache. Unfortunately, that update introduced a regression when proxying balancer manager connections in some configurations. This update fixes the problem.

    We apologize for the inconvenience.

    Original advisory details:

    Stefan Eissing discovered that the HTTP/2 implementation in Apache did not properly handle upgrade requests from HTTP/1.1 to HTTP/2 in some situations. A remote attacker could use this to cause a denial of service (daemon crash). This issue only affected Ubuntu 18.04 LTS and Ubuntu 19.04. (CVE-2019-0197)

    Craig Young discovered that a memory overwrite error existed in Apache when performing HTTP/2 very early pushes in some situations. A remote attacker could use this to cause a denial of service (daemon crash). This issue only affected Ubuntu 18.04 LTS and Ubuntu 19.04. (CVE-2019-10081)

    Craig Young discovered that a read-after-free error existed in the HTTP/2 implementation in Apache during connection shutdown. A remote attacker could use this to possibly cause a denial of service (daemon crash) or possibly expose sensitive information. This issue only affected Ubuntu 18.04 LTS and Ubuntu 19.04. (CVE-2019-10082)

    Matei Badanoiu discovered that the mod_proxy component of Apache did not properly filter URLs when reporting errors in some configurations. A remote attacker could possibly use this issue to conduct cross-site scripting (XSS) attacks. (CVE-2019-10092)

    Daniel McCarney discovered that mod_remoteip component of Apache contained a stack buffer overflow when parsing headers from a trusted intermediary proxy in some situations. A remote attacker controlling a trusted proxy could use this to cause a denial of service or possibly execute arbitrary code. This issue only affected Ubuntu 19.04. (CVE-2019-10097)

    Yukitsugu Sasaki discovered that the mod_rewrite component in Apache was vulnerable to open redirects in some situations. A remote attacker could use this to possibly expose sensitive information or bypass intended restrictions. (CVE-2019-10098)

    Jonathan Looney discovered that the HTTP/2 implementation in Apache did not properly limit the amount of buffering for client connections in some situations. A remote attacker could use this to cause a denial of service (unresponsive daemon). This issue only affected Ubuntu 18.04 LTS and Ubuntu 19.04. (CVE-2019-9517)

    Update instructions:

    The problem can be corrected by updating your system to the following package versions:

    Ubuntu 19.04: apache2 2.4.38-2ubuntu2.3 apache2-bin 2.4.38-2ubuntu2.3

    Ubuntu 18.04 LTS: apache2 2.4.29-1ubuntu4.11 apache2-bin 2.4.29-1ubuntu4.11

    Ubuntu 16.04 LTS: apache2 2.4.18-2ubuntu3.13 apache2-bin 2.4.18-2ubuntu3.13

    In general, a standard system update will make all the necessary changes. JIRA issues fixed (https://issues.jboss.org/):

    JBCS-828 - Rebase nghttp2 to 1.39.2

    This release serves as a replacement for Red Hat JBoss Core Services Pack Apache Server 2.4.29 and includes bug fixes and enhancements. Refer to the Release Notes for information on the most significant bug fixes and enhancements included in this release. Description:

    Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language.

    The following packages have been upgraded to a later upstream version: rh-nodejs10-nodejs (10.16.3)

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201908-0260",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "leap",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "opensuse",
            "version": "15.1"
          },
          {
            "model": "linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "debian",
            "version": "10.0"
          },
          {
            "model": "web gateway",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "mcafee",
            "version": "7.7.2.0"
          },
          {
            "model": "communications element manager",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "8.1.0"
          },
          {
            "model": "web gateway",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "mcafee",
            "version": "7.7.2.24"
          },
          {
            "model": "vs960hd",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "synology",
            "version": null
          },
          {
            "model": "node.js",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "nodejs",
            "version": "8.16.1"
          },
          {
            "model": "node.js",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "nodejs",
            "version": "10.12.0"
          },
          {
            "model": "openshift service mesh",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": "1.0"
          },
          {
            "model": "software collections",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": "1.0"
          },
          {
            "model": "node.js",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "nodejs",
            "version": "8.9.0"
          },
          {
            "model": "fedora",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "fedoraproject",
            "version": "29"
          },
          {
            "model": "graalvm",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "19.2.0"
          },
          {
            "model": "node.js",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "nodejs",
            "version": "10.0.0"
          },
          {
            "model": "jboss enterprise application platform",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": "7.2.0"
          },
          {
            "model": "retail xstore point of service",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "7.1"
          },
          {
            "model": "communications element manager",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "8.1.1"
          },
          {
            "model": "web gateway",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "mcafee",
            "version": "8.2.0"
          },
          {
            "model": "jboss enterprise application platform",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": "7.3.0"
          },
          {
            "model": "node.js",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "nodejs",
            "version": "12.0.0"
          },
          {
            "model": "node.js",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "nodejs",
            "version": "10.13.0"
          },
          {
            "model": "node.js",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "nodejs",
            "version": "8.0.0"
          },
          {
            "model": "traffic server",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "apache",
            "version": "8.0.0"
          },
          {
            "model": "clustered data ontap",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "model": "diskstation manager",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "synology",
            "version": "6.2"
          },
          {
            "model": "node.js",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "nodejs",
            "version": "12.8.1"
          },
          {
            "model": "swiftnio",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "apple",
            "version": "1.4.0"
          },
          {
            "model": "traffic server",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "apache",
            "version": "7.0.0"
          },
          {
            "model": "quay",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": "3.0.0"
          },
          {
            "model": "communications element manager",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "8.0.0"
          },
          {
            "model": "linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "debian",
            "version": "9.0"
          },
          {
            "model": "jboss core services",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": "1.0"
          },
          {
            "model": "traffic server",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "apache",
            "version": "7.1.6"
          },
          {
            "model": "enterprise linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": "8.0"
          },
          {
            "model": "web gateway",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "mcafee",
            "version": "8.1.0"
          },
          {
            "model": "node.js",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "nodejs",
            "version": "10.16.3"
          },
          {
            "model": "leap",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "opensuse",
            "version": "15.0"
          },
          {
            "model": "ubuntu linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "canonical",
            "version": "16.04"
          },
          {
            "model": "traffic server",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "apache",
            "version": "8.0.3"
          },
          {
            "model": "fedora",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "fedoraproject",
            "version": "30"
          },
          {
            "model": "web gateway",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "mcafee",
            "version": "7.8.2.13"
          },
          {
            "model": "ubuntu linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "canonical",
            "version": "18.04"
          },
          {
            "model": "http server",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "apache",
            "version": "2.4.40"
          },
          {
            "model": "skynas",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "synology",
            "version": null
          },
          {
            "model": "instantis enterprisetrack",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "17.1"
          },
          {
            "model": "swiftnio",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "apple",
            "version": "1.0.0"
          },
          {
            "model": "web gateway",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "mcafee",
            "version": "7.8.2.0"
          },
          {
            "model": "node.js",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "nodejs",
            "version": "8.8.1"
          },
          {
            "model": "communications element manager",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "8.2.0"
          },
          {
            "model": "ubuntu linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "canonical",
            "version": "19.04"
          },
          {
            "model": "traffic server",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "apache",
            "version": "6.0.0"
          },
          {
            "model": "traffic server",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "apache",
            "version": "6.2.3"
          },
          {
            "model": "instantis enterprisetrack",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "17.3"
          },
          {
            "model": "http server",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "apache",
            "version": "2.4.20"
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "akamai",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "amazon",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "apache traffic server",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "apple",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "cloudflare",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "envoy",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "facebook",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "go programming language",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "litespeed",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "microsoft",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "netty",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "node js",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "synology",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "twisted",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "ubuntu",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "grpc",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "nghttp2",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "nginx",
            "version": null
          },
          {
            "model": "traffic server",
            "scope": null,
            "trust": 0.8,
            "vendor": "apache",
            "version": null
          },
          {
            "model": "swiftnio",
            "scope": null,
            "trust": 0.8,
            "vendor": "apple",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#605641"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-008014"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-9517"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:a:apple:swiftnio:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "1.4.0",
                        "versionStartIncluding": "1.0.0",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionStartIncluding": "10.12",
                        "vulnerable": false
                      },
                      {
                        "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionStartIncluding": "14.04",
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "8.0.3",
                    "versionStartIncluding": "8.0.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "7.1.6",
                    "versionStartIncluding": "7.0.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "6.2.3",
                    "versionStartIncluding": "6.0.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "2.4.40",
                    "versionStartIncluding": "2.4.20",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:synology:skynas:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:synology:diskstation_manager:6.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:synology:vs960hd_firmware:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:synology:vs960hd:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:redhat:software_collections:1.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:redhat:jboss_core_services:1.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.2.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:redhat:quay:3.0.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:redhat:openshift_service_mesh:1.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.3.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:7.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:oracle:graalvm:19.2.0:*:*:*:enterprise:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:oracle:instantis_enterprisetrack:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "17.3",
                    "versionStartIncluding": "17.1",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:oracle:communications_element_manager:8.2.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:oracle:communications_element_manager:8.1.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:oracle:communications_element_manager:8.1.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:oracle:communications_element_manager:8.0.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:mcafee:web_gateway:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "7.7.2.24",
                    "versionStartIncluding": "7.7.2.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:mcafee:web_gateway:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "7.8.2.13",
                    "versionStartIncluding": "7.8.2.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:mcafee:web_gateway:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "8.2.0",
                    "versionStartIncluding": "8.1.0",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "8.8.1",
                    "versionStartIncluding": "8.0.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "10.12.0",
                    "versionStartIncluding": "10.0.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "12.8.1",
                    "versionStartIncluding": "12.0.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "10.16.3",
                    "versionStartIncluding": "10.13.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "8.16.1",
                    "versionStartIncluding": "8.9.0",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2019-9517"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Red Hat",
        "sources": [
          {
            "db": "PACKETSTORM",
            "id": "154590"
          },
          {
            "db": "PACKETSTORM",
            "id": "154699"
          },
          {
            "db": "PACKETSTORM",
            "id": "154698"
          },
          {
            "db": "PACKETSTORM",
            "id": "155416"
          },
          {
            "db": "PACKETSTORM",
            "id": "154693"
          },
          {
            "db": "PACKETSTORM",
            "id": "154663"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2019-9517",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.8,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "HIGH",
                "trust": 1.0,
                "userInteractionRequired": false,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "Complete",
                "baseScore": 7.8,
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "CVE-2019-9517",
                "impactScore": null,
                "integrityImpact": "None",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "High",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.8,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "VHN-160952",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "NVD",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 3.9,
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "cret@cert.org",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 3.9,
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 7.5,
                "baseSeverity": "High",
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "CVE-2019-9517",
                "impactScore": null,
                "integrityImpact": "None",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2019-9517",
                "trust": 1.8,
                "value": "HIGH"
              },
              {
                "author": "cret@cert.org",
                "id": "CVE-2019-9517",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201908-943",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "VULHUB",
                "id": "VHN-160952",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-160952"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-008014"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201908-943"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-9517"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-9517"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Some HTTP/2 implementations are vulnerable to unconstrained interal data buffering, potentially leading to a denial of service. The attacker opens the HTTP/2 window so the peer can send without constraint; however, they leave the TCP window closed so the peer cannot actually write (many of) the bytes on the wire. The attacker then sends a stream of requests for a large response object. Depending on how the servers queue the responses, this can consume excess memory, CPU, or both. Multiple HTTP/2 implementations are vulnerable to a variety of denial-of-service (DoS) attacks. Apple SwiftNIO and Apache Traffic Server Used in HTTP/2 Contains a resource exhaustion vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. HTTP/2 is the second version of the hypertext transfer protocol, which is mainly used to ensure the communication between the client and the server. A resource management error vulnerability exists in HTTP/2. 8) - aarch64, noarch, ppc64le, s390x, x86_64\n\n3. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n====================================================================                   \nRed Hat Security Advisory\n\nSynopsis:          Important: httpd24-httpd and httpd24-nghttp2 security update\nAdvisory ID:       RHSA-2019:2949-01\nProduct:           Red Hat Software Collections\nAdvisory URL:      https://access.redhat.com/errata/RHSA-2019:2949\nIssue date:        2019-10-01\nCVE Names:         CVE-2019-9511 CVE-2019-9513 CVE-2019-9517\n====================================================================\n1. Summary:\n\nAn update for httpd24-httpd and httpd24-nghttp2 is now available for Red\nHat Software Collections. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - noarch, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - aarch64, noarch, ppc64le, s390x, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5) - noarch, ppc64le, s390x, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6) - noarch, ppc64le, s390x, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7) - noarch, ppc64le, s390x, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - noarch, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64\n\n3. Description:\n\nThe httpd packages provide the Apache HTTP Server, a powerful, efficient,\nand extensible web server. \n\nSecurity Fix(es):\n\n* HTTP/2: large amount of data requests leads to denial of service\n(CVE-2019-9511)\n\n* HTTP/2: flood using PRIORITY frames resulting in excessive resource\nconsumption (CVE-2019-9513)\n\n* HTTP/2: request for large response leads to denial of service\n(CVE-2019-9517)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted\nautomatically. \n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1735741 - CVE-2019-9513 HTTP/2: flood using PRIORITY frames results in excessive resource consumption\n1741860 - CVE-2019-9511 HTTP/2: large amount of data requests leads to denial of service\n1741868 - CVE-2019-9517 HTTP/2: request for large response leads to denial of service\n\n6. Package List:\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 6):\n\nSource:\nhttpd24-httpd-2.4.34-8.el6.1.src.rpm\nhttpd24-nghttp2-1.7.1-7.el6.1.src.rpm\n\nnoarch:\nhttpd24-httpd-manual-2.4.34-8.el6.1.noarch.rpm\n\nx86_64:\nhttpd24-httpd-2.4.34-8.el6.1.x86_64.rpm\nhttpd24-httpd-debuginfo-2.4.34-8.el6.1.x86_64.rpm\nhttpd24-httpd-devel-2.4.34-8.el6.1.x86_64.rpm\nhttpd24-httpd-tools-2.4.34-8.el6.1.x86_64.rpm\nhttpd24-libnghttp2-1.7.1-7.el6.1.x86_64.rpm\nhttpd24-libnghttp2-devel-1.7.1-7.el6.1.x86_64.rpm\nhttpd24-mod_ldap-2.4.34-8.el6.1.x86_64.rpm\nhttpd24-mod_proxy_html-2.4.34-8.el6.1.x86_64.rpm\nhttpd24-mod_session-2.4.34-8.el6.1.x86_64.rpm\nhttpd24-mod_ssl-2.4.34-8.el6.1.x86_64.rpm\nhttpd24-nghttp2-1.7.1-7.el6.1.x86_64.rpm\nhttpd24-nghttp2-debuginfo-1.7.1-7.el6.1.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6):\n\nSource:\nhttpd24-httpd-2.4.34-8.el6.1.src.rpm\nhttpd24-nghttp2-1.7.1-7.el6.1.src.rpm\n\nnoarch:\nhttpd24-httpd-manual-2.4.34-8.el6.1.noarch.rpm\n\nx86_64:\nhttpd24-httpd-2.4.34-8.el6.1.x86_64.rpm\nhttpd24-httpd-debuginfo-2.4.34-8.el6.1.x86_64.rpm\nhttpd24-httpd-devel-2.4.34-8.el6.1.x86_64.rpm\nhttpd24-httpd-tools-2.4.34-8.el6.1.x86_64.rpm\nhttpd24-libnghttp2-1.7.1-7.el6.1.x86_64.rpm\nhttpd24-libnghttp2-devel-1.7.1-7.el6.1.x86_64.rpm\nhttpd24-mod_ldap-2.4.34-8.el6.1.x86_64.rpm\nhttpd24-mod_proxy_html-2.4.34-8.el6.1.x86_64.rpm\nhttpd24-mod_session-2.4.34-8.el6.1.x86_64.rpm\nhttpd24-mod_ssl-2.4.34-8.el6.1.x86_64.rpm\nhttpd24-nghttp2-1.7.1-7.el6.1.x86_64.rpm\nhttpd24-nghttp2-debuginfo-1.7.1-7.el6.1.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nhttpd24-httpd-2.4.34-8.el7.1.src.rpm\nhttpd24-nghttp2-1.7.1-7.el7.1.src.rpm\n\naarch64:\nhttpd24-httpd-2.4.34-8.el7.1.aarch64.rpm\nhttpd24-httpd-debuginfo-2.4.34-8.el7.1.aarch64.rpm\nhttpd24-httpd-devel-2.4.34-8.el7.1.aarch64.rpm\nhttpd24-httpd-tools-2.4.34-8.el7.1.aarch64.rpm\nhttpd24-libnghttp2-1.7.1-7.el7.1.aarch64.rpm\nhttpd24-libnghttp2-devel-1.7.1-7.el7.1.aarch64.rpm\nhttpd24-mod_ldap-2.4.34-8.el7.1.aarch64.rpm\nhttpd24-mod_md-2.4.34-8.el7.1.aarch64.rpm\nhttpd24-mod_proxy_html-2.4.34-8.el7.1.aarch64.rpm\nhttpd24-mod_session-2.4.34-8.el7.1.aarch64.rpm\nhttpd24-mod_ssl-2.4.34-8.el7.1.aarch64.rpm\nhttpd24-nghttp2-1.7.1-7.el7.1.aarch64.rpm\nhttpd24-nghttp2-debuginfo-1.7.1-7.el7.1.aarch64.rpm\n\nnoarch:\nhttpd24-httpd-manual-2.4.34-8.el7.1.noarch.rpm\n\nppc64le:\nhttpd24-httpd-2.4.34-8.el7.1.ppc64le.rpm\nhttpd24-httpd-debuginfo-2.4.34-8.el7.1.ppc64le.rpm\nhttpd24-httpd-devel-2.4.34-8.el7.1.ppc64le.rpm\nhttpd24-httpd-tools-2.4.34-8.el7.1.ppc64le.rpm\nhttpd24-libnghttp2-1.7.1-7.el7.1.ppc64le.rpm\nhttpd24-libnghttp2-devel-1.7.1-7.el7.1.ppc64le.rpm\nhttpd24-mod_ldap-2.4.34-8.el7.1.ppc64le.rpm\nhttpd24-mod_md-2.4.34-8.el7.1.ppc64le.rpm\nhttpd24-mod_proxy_html-2.4.34-8.el7.1.ppc64le.rpm\nhttpd24-mod_session-2.4.34-8.el7.1.ppc64le.rpm\nhttpd24-mod_ssl-2.4.34-8.el7.1.ppc64le.rpm\nhttpd24-nghttp2-1.7.1-7.el7.1.ppc64le.rpm\nhttpd24-nghttp2-debuginfo-1.7.1-7.el7.1.ppc64le.rpm\n\ns390x:\nhttpd24-httpd-2.4.34-8.el7.1.s390x.rpm\nhttpd24-httpd-debuginfo-2.4.34-8.el7.1.s390x.rpm\nhttpd24-httpd-devel-2.4.34-8.el7.1.s390x.rpm\nhttpd24-httpd-tools-2.4.34-8.el7.1.s390x.rpm\nhttpd24-libnghttp2-1.7.1-7.el7.1.s390x.rpm\nhttpd24-libnghttp2-devel-1.7.1-7.el7.1.s390x.rpm\nhttpd24-mod_ldap-2.4.34-8.el7.1.s390x.rpm\nhttpd24-mod_md-2.4.34-8.el7.1.s390x.rpm\nhttpd24-mod_proxy_html-2.4.34-8.el7.1.s390x.rpm\nhttpd24-mod_session-2.4.34-8.el7.1.s390x.rpm\nhttpd24-mod_ssl-2.4.34-8.el7.1.s390x.rpm\nhttpd24-nghttp2-1.7.1-7.el7.1.s390x.rpm\nhttpd24-nghttp2-debuginfo-1.7.1-7.el7.1.s390x.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nhttpd24-httpd-2.4.34-8.el7.1.src.rpm\nhttpd24-nghttp2-1.7.1-7.el7.1.src.rpm\n\naarch64:\nhttpd24-httpd-2.4.34-8.el7.1.aarch64.rpm\nhttpd24-httpd-debuginfo-2.4.34-8.el7.1.aarch64.rpm\nhttpd24-httpd-devel-2.4.34-8.el7.1.aarch64.rpm\nhttpd24-httpd-tools-2.4.34-8.el7.1.aarch64.rpm\nhttpd24-libnghttp2-1.7.1-7.el7.1.aarch64.rpm\nhttpd24-libnghttp2-devel-1.7.1-7.el7.1.aarch64.rpm\nhttpd24-mod_ldap-2.4.34-8.el7.1.aarch64.rpm\nhttpd24-mod_md-2.4.34-8.el7.1.aarch64.rpm\nhttpd24-mod_proxy_html-2.4.34-8.el7.1.aarch64.rpm\nhttpd24-mod_session-2.4.34-8.el7.1.aarch64.rpm\nhttpd24-mod_ssl-2.4.34-8.el7.1.aarch64.rpm\nhttpd24-nghttp2-1.7.1-7.el7.1.aarch64.rpm\nhttpd24-nghttp2-debuginfo-1.7.1-7.el7.1.aarch64.rpm\n\nnoarch:\nhttpd24-httpd-manual-2.4.34-8.el7.1.noarch.rpm\n\nppc64le:\nhttpd24-httpd-2.4.34-8.el7.1.ppc64le.rpm\nhttpd24-httpd-debuginfo-2.4.34-8.el7.1.ppc64le.rpm\nhttpd24-httpd-devel-2.4.34-8.el7.1.ppc64le.rpm\nhttpd24-httpd-tools-2.4.34-8.el7.1.ppc64le.rpm\nhttpd24-libnghttp2-1.7.1-7.el7.1.ppc64le.rpm\nhttpd24-libnghttp2-devel-1.7.1-7.el7.1.ppc64le.rpm\nhttpd24-mod_ldap-2.4.34-8.el7.1.ppc64le.rpm\nhttpd24-mod_md-2.4.34-8.el7.1.ppc64le.rpm\nhttpd24-mod_proxy_html-2.4.34-8.el7.1.ppc64le.rpm\nhttpd24-mod_session-2.4.34-8.el7.1.ppc64le.rpm\nhttpd24-mod_ssl-2.4.34-8.el7.1.ppc64le.rpm\nhttpd24-nghttp2-1.7.1-7.el7.1.ppc64le.rpm\nhttpd24-nghttp2-debuginfo-1.7.1-7.el7.1.ppc64le.rpm\n\ns390x:\nhttpd24-httpd-2.4.34-8.el7.1.s390x.rpm\nhttpd24-httpd-debuginfo-2.4.34-8.el7.1.s390x.rpm\nhttpd24-httpd-devel-2.4.34-8.el7.1.s390x.rpm\nhttpd24-httpd-tools-2.4.34-8.el7.1.s390x.rpm\nhttpd24-libnghttp2-1.7.1-7.el7.1.s390x.rpm\nhttpd24-libnghttp2-devel-1.7.1-7.el7.1.s390x.rpm\nhttpd24-mod_ldap-2.4.34-8.el7.1.s390x.rpm\nhttpd24-mod_md-2.4.34-8.el7.1.s390x.rpm\nhttpd24-mod_proxy_html-2.4.34-8.el7.1.s390x.rpm\nhttpd24-mod_session-2.4.34-8.el7.1.s390x.rpm\nhttpd24-mod_ssl-2.4.34-8.el7.1.s390x.rpm\nhttpd24-nghttp2-1.7.1-7.el7.1.s390x.rpm\nhttpd24-nghttp2-debuginfo-1.7.1-7.el7.1.s390x.rpm\n\nx86_64:\nhttpd24-httpd-2.4.34-8.el7.1.x86_64.rpm\nhttpd24-httpd-debuginfo-2.4.34-8.el7.1.x86_64.rpm\nhttpd24-httpd-devel-2.4.34-8.el7.1.x86_64.rpm\nhttpd24-httpd-tools-2.4.34-8.el7.1.x86_64.rpm\nhttpd24-libnghttp2-1.7.1-7.el7.1.x86_64.rpm\nhttpd24-libnghttp2-devel-1.7.1-7.el7.1.x86_64.rpm\nhttpd24-mod_ldap-2.4.34-8.el7.1.x86_64.rpm\nhttpd24-mod_md-2.4.34-8.el7.1.x86_64.rpm\nhttpd24-mod_proxy_html-2.4.34-8.el7.1.x86_64.rpm\nhttpd24-mod_session-2.4.34-8.el7.1.x86_64.rpm\nhttpd24-mod_ssl-2.4.34-8.el7.1.x86_64.rpm\nhttpd24-nghttp2-1.7.1-7.el7.1.x86_64.rpm\nhttpd24-nghttp2-debuginfo-1.7.1-7.el7.1.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5):\n\nSource:\nhttpd24-httpd-2.4.34-8.el7.1.src.rpm\nhttpd24-nghttp2-1.7.1-7.el7.1.src.rpm\n\nnoarch:\nhttpd24-httpd-manual-2.4.34-8.el7.1.noarch.rpm\n\nppc64le:\nhttpd24-httpd-2.4.34-8.el7.1.ppc64le.rpm\nhttpd24-httpd-debuginfo-2.4.34-8.el7.1.ppc64le.rpm\nhttpd24-httpd-devel-2.4.34-8.el7.1.ppc64le.rpm\nhttpd24-httpd-tools-2.4.34-8.el7.1.ppc64le.rpm\nhttpd24-libnghttp2-1.7.1-7.el7.1.ppc64le.rpm\nhttpd24-libnghttp2-devel-1.7.1-7.el7.1.ppc64le.rpm\nhttpd24-mod_ldap-2.4.34-8.el7.1.ppc64le.rpm\nhttpd24-mod_md-2.4.34-8.el7.1.ppc64le.rpm\nhttpd24-mod_proxy_html-2.4.34-8.el7.1.ppc64le.rpm\nhttpd24-mod_session-2.4.34-8.el7.1.ppc64le.rpm\nhttpd24-mod_ssl-2.4.34-8.el7.1.ppc64le.rpm\nhttpd24-nghttp2-1.7.1-7.el7.1.ppc64le.rpm\nhttpd24-nghttp2-debuginfo-1.7.1-7.el7.1.ppc64le.rpm\n\ns390x:\nhttpd24-httpd-2.4.34-8.el7.1.s390x.rpm\nhttpd24-httpd-debuginfo-2.4.34-8.el7.1.s390x.rpm\nhttpd24-httpd-devel-2.4.34-8.el7.1.s390x.rpm\nhttpd24-httpd-tools-2.4.34-8.el7.1.s390x.rpm\nhttpd24-libnghttp2-1.7.1-7.el7.1.s390x.rpm\nhttpd24-libnghttp2-devel-1.7.1-7.el7.1.s390x.rpm\nhttpd24-mod_ldap-2.4.34-8.el7.1.s390x.rpm\nhttpd24-mod_md-2.4.34-8.el7.1.s390x.rpm\nhttpd24-mod_proxy_html-2.4.34-8.el7.1.s390x.rpm\nhttpd24-mod_session-2.4.34-8.el7.1.s390x.rpm\nhttpd24-mod_ssl-2.4.34-8.el7.1.s390x.rpm\nhttpd24-nghttp2-1.7.1-7.el7.1.s390x.rpm\nhttpd24-nghttp2-debuginfo-1.7.1-7.el7.1.s390x.rpm\n\nx86_64:\nhttpd24-httpd-2.4.34-8.el7.1.x86_64.rpm\nhttpd24-httpd-debuginfo-2.4.34-8.el7.1.x86_64.rpm\nhttpd24-httpd-devel-2.4.34-8.el7.1.x86_64.rpm\nhttpd24-httpd-tools-2.4.34-8.el7.1.x86_64.rpm\nhttpd24-libnghttp2-1.7.1-7.el7.1.x86_64.rpm\nhttpd24-libnghttp2-devel-1.7.1-7.el7.1.x86_64.rpm\nhttpd24-mod_ldap-2.4.34-8.el7.1.x86_64.rpm\nhttpd24-mod_md-2.4.34-8.el7.1.x86_64.rpm\nhttpd24-mod_proxy_html-2.4.34-8.el7.1.x86_64.rpm\nhttpd24-mod_session-2.4.34-8.el7.1.x86_64.rpm\nhttpd24-mod_ssl-2.4.34-8.el7.1.x86_64.rpm\nhttpd24-nghttp2-1.7.1-7.el7.1.x86_64.rpm\nhttpd24-nghttp2-debuginfo-1.7.1-7.el7.1.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6):\n\nSource:\nhttpd24-httpd-2.4.34-8.el7.1.src.rpm\nhttpd24-nghttp2-1.7.1-7.el7.1.src.rpm\n\nnoarch:\nhttpd24-httpd-manual-2.4.34-8.el7.1.noarch.rpm\n\nppc64le:\nhttpd24-httpd-2.4.34-8.el7.1.ppc64le.rpm\nhttpd24-httpd-debuginfo-2.4.34-8.el7.1.ppc64le.rpm\nhttpd24-httpd-devel-2.4.34-8.el7.1.ppc64le.rpm\nhttpd24-httpd-tools-2.4.34-8.el7.1.ppc64le.rpm\nhttpd24-libnghttp2-1.7.1-7.el7.1.ppc64le.rpm\nhttpd24-libnghttp2-devel-1.7.1-7.el7.1.ppc64le.rpm\nhttpd24-mod_ldap-2.4.34-8.el7.1.ppc64le.rpm\nhttpd24-mod_md-2.4.34-8.el7.1.ppc64le.rpm\nhttpd24-mod_proxy_html-2.4.34-8.el7.1.ppc64le.rpm\nhttpd24-mod_session-2.4.34-8.el7.1.ppc64le.rpm\nhttpd24-mod_ssl-2.4.34-8.el7.1.ppc64le.rpm\nhttpd24-nghttp2-1.7.1-7.el7.1.ppc64le.rpm\nhttpd24-nghttp2-debuginfo-1.7.1-7.el7.1.ppc64le.rpm\n\ns390x:\nhttpd24-httpd-2.4.34-8.el7.1.s390x.rpm\nhttpd24-httpd-debuginfo-2.4.34-8.el7.1.s390x.rpm\nhttpd24-httpd-devel-2.4.34-8.el7.1.s390x.rpm\nhttpd24-httpd-tools-2.4.34-8.el7.1.s390x.rpm\nhttpd24-libnghttp2-1.7.1-7.el7.1.s390x.rpm\nhttpd24-libnghttp2-devel-1.7.1-7.el7.1.s390x.rpm\nhttpd24-mod_ldap-2.4.34-8.el7.1.s390x.rpm\nhttpd24-mod_md-2.4.34-8.el7.1.s390x.rpm\nhttpd24-mod_proxy_html-2.4.34-8.el7.1.s390x.rpm\nhttpd24-mod_session-2.4.34-8.el7.1.s390x.rpm\nhttpd24-mod_ssl-2.4.34-8.el7.1.s390x.rpm\nhttpd24-nghttp2-1.7.1-7.el7.1.s390x.rpm\nhttpd24-nghttp2-debuginfo-1.7.1-7.el7.1.s390x.rpm\n\nx86_64:\nhttpd24-httpd-2.4.34-8.el7.1.x86_64.rpm\nhttpd24-httpd-debuginfo-2.4.34-8.el7.1.x86_64.rpm\nhttpd24-httpd-devel-2.4.34-8.el7.1.x86_64.rpm\nhttpd24-httpd-tools-2.4.34-8.el7.1.x86_64.rpm\nhttpd24-libnghttp2-1.7.1-7.el7.1.x86_64.rpm\nhttpd24-libnghttp2-devel-1.7.1-7.el7.1.x86_64.rpm\nhttpd24-mod_ldap-2.4.34-8.el7.1.x86_64.rpm\nhttpd24-mod_md-2.4.34-8.el7.1.x86_64.rpm\nhttpd24-mod_proxy_html-2.4.34-8.el7.1.x86_64.rpm\nhttpd24-mod_session-2.4.34-8.el7.1.x86_64.rpm\nhttpd24-mod_ssl-2.4.34-8.el7.1.x86_64.rpm\nhttpd24-nghttp2-1.7.1-7.el7.1.x86_64.rpm\nhttpd24-nghttp2-debuginfo-1.7.1-7.el7.1.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7):\n\nSource:\nhttpd24-httpd-2.4.34-8.el7.1.src.rpm\nhttpd24-nghttp2-1.7.1-7.el7.1.src.rpm\n\nnoarch:\nhttpd24-httpd-manual-2.4.34-8.el7.1.noarch.rpm\n\nppc64le:\nhttpd24-httpd-2.4.34-8.el7.1.ppc64le.rpm\nhttpd24-httpd-debuginfo-2.4.34-8.el7.1.ppc64le.rpm\nhttpd24-httpd-devel-2.4.34-8.el7.1.ppc64le.rpm\nhttpd24-httpd-tools-2.4.34-8.el7.1.ppc64le.rpm\nhttpd24-libnghttp2-1.7.1-7.el7.1.ppc64le.rpm\nhttpd24-libnghttp2-devel-1.7.1-7.el7.1.ppc64le.rpm\nhttpd24-mod_ldap-2.4.34-8.el7.1.ppc64le.rpm\nhttpd24-mod_md-2.4.34-8.el7.1.ppc64le.rpm\nhttpd24-mod_proxy_html-2.4.34-8.el7.1.ppc64le.rpm\nhttpd24-mod_session-2.4.34-8.el7.1.ppc64le.rpm\nhttpd24-mod_ssl-2.4.34-8.el7.1.ppc64le.rpm\nhttpd24-nghttp2-1.7.1-7.el7.1.ppc64le.rpm\nhttpd24-nghttp2-debuginfo-1.7.1-7.el7.1.ppc64le.rpm\n\ns390x:\nhttpd24-httpd-2.4.34-8.el7.1.s390x.rpm\nhttpd24-httpd-debuginfo-2.4.34-8.el7.1.s390x.rpm\nhttpd24-httpd-devel-2.4.34-8.el7.1.s390x.rpm\nhttpd24-httpd-tools-2.4.34-8.el7.1.s390x.rpm\nhttpd24-libnghttp2-1.7.1-7.el7.1.s390x.rpm\nhttpd24-libnghttp2-devel-1.7.1-7.el7.1.s390x.rpm\nhttpd24-mod_ldap-2.4.34-8.el7.1.s390x.rpm\nhttpd24-mod_md-2.4.34-8.el7.1.s390x.rpm\nhttpd24-mod_proxy_html-2.4.34-8.el7.1.s390x.rpm\nhttpd24-mod_session-2.4.34-8.el7.1.s390x.rpm\nhttpd24-mod_ssl-2.4.34-8.el7.1.s390x.rpm\nhttpd24-nghttp2-1.7.1-7.el7.1.s390x.rpm\nhttpd24-nghttp2-debuginfo-1.7.1-7.el7.1.s390x.rpm\n\nx86_64:\nhttpd24-httpd-2.4.34-8.el7.1.x86_64.rpm\nhttpd24-httpd-debuginfo-2.4.34-8.el7.1.x86_64.rpm\nhttpd24-httpd-devel-2.4.34-8.el7.1.x86_64.rpm\nhttpd24-httpd-tools-2.4.34-8.el7.1.x86_64.rpm\nhttpd24-libnghttp2-1.7.1-7.el7.1.x86_64.rpm\nhttpd24-libnghttp2-devel-1.7.1-7.el7.1.x86_64.rpm\nhttpd24-mod_ldap-2.4.34-8.el7.1.x86_64.rpm\nhttpd24-mod_md-2.4.34-8.el7.1.x86_64.rpm\nhttpd24-mod_proxy_html-2.4.34-8.el7.1.x86_64.rpm\nhttpd24-mod_session-2.4.34-8.el7.1.x86_64.rpm\nhttpd24-mod_ssl-2.4.34-8.el7.1.x86_64.rpm\nhttpd24-nghttp2-1.7.1-7.el7.1.x86_64.rpm\nhttpd24-nghttp2-debuginfo-1.7.1-7.el7.1.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nhttpd24-httpd-2.4.34-8.el7.1.src.rpm\nhttpd24-nghttp2-1.7.1-7.el7.1.src.rpm\n\nnoarch:\nhttpd24-httpd-manual-2.4.34-8.el7.1.noarch.rpm\n\nx86_64:\nhttpd24-httpd-2.4.34-8.el7.1.x86_64.rpm\nhttpd24-httpd-debuginfo-2.4.34-8.el7.1.x86_64.rpm\nhttpd24-httpd-devel-2.4.34-8.el7.1.x86_64.rpm\nhttpd24-httpd-tools-2.4.34-8.el7.1.x86_64.rpm\nhttpd24-libnghttp2-1.7.1-7.el7.1.x86_64.rpm\nhttpd24-libnghttp2-devel-1.7.1-7.el7.1.x86_64.rpm\nhttpd24-mod_ldap-2.4.34-8.el7.1.x86_64.rpm\nhttpd24-mod_md-2.4.34-8.el7.1.x86_64.rpm\nhttpd24-mod_proxy_html-2.4.34-8.el7.1.x86_64.rpm\nhttpd24-mod_session-2.4.34-8.el7.1.x86_64.rpm\nhttpd24-mod_ssl-2.4.34-8.el7.1.x86_64.rpm\nhttpd24-nghttp2-1.7.1-7.el7.1.x86_64.rpm\nhttpd24-nghttp2-debuginfo-1.7.1-7.el7.1.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2019-9511\nhttps://access.redhat.com/security/cve/CVE-2019-9513\nhttps://access.redhat.com/security/cve/CVE-2019-9517\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2019 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBXZM+I9zjgjWX9erEAQhZww/+KbkqyDmqC5wyM0PG3/ZbsAg8Odywrvl7\nP6oFYg8/Dsb5Tdrf6kZgHb6TFPYRqdptH5WTmLVedjvkvYgOeseVyzUCcjUgxP3S\nGjH1rGHQosMyRG82dyB3nexUnjJsDPQZ7kAnT3QS7WwzluY+jzBmQb54nEyfOK+2\nCm7MQbRJGS9igNGWlrbJpWA1caZkLDWpXxBNwmf1lh6LR/xOlbbEn3OnU4VFnIeI\ndbqAOP8DXSMvTFDvUuqZTJw2IjnWAYm2CJ3hi/BdRiAbsRtiIjFrQ3A3EaObt3ip\nP+FEXawj7/NzwMEFZu5Los+bJBH21Gdr44d0iS1FQYYC41rz0g1KVHizFVkFT2Hh\nm2YI65XlEd393dQMCtfrZIArZt87dBkU4JCBvKPYQ9+cF3PMR5ZzHSI2iSJ67iZM\nTWxkZv5mrI7DXZooOMfrW7aX8eyKk9PZy/iU24Iu8rJ4d9WZto9oDXZb4RwrurfV\n2HB7wOpDz3duWsCJojE8lbpWJ8PswajfaruJq/jX7Za++v7F7GyTbSOgsAQAfDY2\nXUTGiYzbrZmaIKaP3REWwTn+xTJBh8mqvUA2E+KvZzSn8fBEry8GIUsIKmxxzsz2\nuqDSPyZ4Q5UO1nwLXpghkz/S1/JJztzbpLn1BJuISsTmR12R5a2Zrd8wcqpn9SOl\nI52/ZH/L3O8=N7om\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. =========================================================================\nUbuntu Security Notice USN-4113-2\nSeptember 17, 2019\n\napache2 regression\n=========================================================================\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 19.04\n- Ubuntu 18.04 LTS\n- Ubuntu 16.04 LTS\n\nSummary:\n\nUSN-4113-1 introduced a regression in Apache. \nUnfortunately, that update introduced a regression when proxying\nbalancer manager connections in some configurations. This update\nfixes the problem. \n\nWe apologize for the inconvenience. \n\nOriginal advisory details:\n\n Stefan Eissing discovered that the HTTP/2 implementation in Apache\n did not properly handle upgrade requests from HTTP/1.1 to HTTP/2 in\n some situations. A remote attacker could use this to cause a denial\n of service (daemon crash). This issue only affected Ubuntu 18.04 LTS\n and Ubuntu 19.04. (CVE-2019-0197)\n\n Craig Young discovered that a memory overwrite error existed in\n Apache when performing HTTP/2 very early pushes in some situations. A\n remote attacker could use this to cause a denial of service (daemon\n crash). This issue only affected Ubuntu 18.04 LTS and Ubuntu 19.04. \n (CVE-2019-10081)\n\n Craig Young discovered that a read-after-free error existed in the\n HTTP/2 implementation in Apache during connection shutdown. A remote\n attacker could use this to possibly cause a denial of service (daemon\n crash) or possibly expose sensitive information. This issue only\n affected Ubuntu 18.04 LTS and Ubuntu 19.04. (CVE-2019-10082)\n\n Matei Badanoiu discovered that the mod_proxy component of\n Apache did not properly filter URLs when reporting errors in some\n configurations. A remote attacker could possibly use this issue to\n conduct cross-site scripting (XSS) attacks. (CVE-2019-10092)\n\n Daniel McCarney discovered that mod_remoteip component of Apache\n contained a stack buffer overflow when parsing headers from a trusted\n intermediary proxy in some situations. A remote attacker controlling a\n trusted proxy could use this to cause a denial of service or possibly\n execute arbitrary code. This issue only affected Ubuntu 19.04. \n (CVE-2019-10097)\n\n Yukitsugu Sasaki discovered that the mod_rewrite component in Apache\n was vulnerable to open redirects in some situations. A remote attacker\n could use this to possibly expose sensitive information or bypass\n intended restrictions. (CVE-2019-10098)\n\n Jonathan Looney discovered that the HTTP/2 implementation in Apache did\n not properly limit the amount of buffering for client connections in\n some situations. A remote attacker could use this to cause a denial\n of service (unresponsive daemon). This issue only affected Ubuntu\n 18.04 LTS and Ubuntu 19.04. (CVE-2019-9517)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 19.04:\n  apache2                         2.4.38-2ubuntu2.3\n  apache2-bin                     2.4.38-2ubuntu2.3\n\nUbuntu 18.04 LTS:\n  apache2                         2.4.29-1ubuntu4.11\n  apache2-bin                     2.4.29-1ubuntu4.11\n\nUbuntu 16.04 LTS:\n  apache2                         2.4.18-2ubuntu3.13\n  apache2-bin                     2.4.18-2ubuntu3.13\n\nIn general, a standard system update will make all the necessary changes. JIRA issues fixed (https://issues.jboss.org/):\n\nJBCS-828 - Rebase nghttp2 to 1.39.2\n\n6. \n\nThis release serves as a replacement for Red Hat JBoss Core Services Pack\nApache Server 2.4.29 and includes bug fixes and enhancements. Refer to the\nRelease Notes for information on the most significant bug fixes and\nenhancements included in this release. Description:\n\nNode.js is a software development platform for building fast and scalable\nnetwork applications in the JavaScript programming language. \n\nThe following packages have been upgraded to a later upstream version:\nrh-nodejs10-nodejs (10.16.3)",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2019-9517"
          },
          {
            "db": "CERT/CC",
            "id": "VU#605641"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-008014"
          },
          {
            "db": "VULHUB",
            "id": "VHN-160952"
          },
          {
            "db": "PACKETSTORM",
            "id": "154590"
          },
          {
            "db": "PACKETSTORM",
            "id": "154258"
          },
          {
            "db": "PACKETSTORM",
            "id": "154699"
          },
          {
            "db": "PACKETSTORM",
            "id": "154506"
          },
          {
            "db": "PACKETSTORM",
            "id": "154698"
          },
          {
            "db": "PACKETSTORM",
            "id": "155416"
          },
          {
            "db": "PACKETSTORM",
            "id": "154693"
          },
          {
            "db": "PACKETSTORM",
            "id": "154663"
          }
        ],
        "trust": 3.15
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "CERT/CC",
            "id": "VU#605641",
            "trust": 3.3
          },
          {
            "db": "NVD",
            "id": "CVE-2019-9517",
            "trust": 3.3
          },
          {
            "db": "OPENWALL",
            "id": "OSS-SECURITY/2019/08/15/7",
            "trust": 1.7
          },
          {
            "db": "MCAFEE",
            "id": "SB10296",
            "trust": 1.7
          },
          {
            "db": "JVN",
            "id": "JVNVU98433488",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-008014",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201908-943",
            "trust": 0.7
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.4295",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2019.3243",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2019.4788",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2019.3301",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.1076",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2019.3597.3",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2019.4645",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2019.4665",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.0007",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2019.4403",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2019.4238",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.1335",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2019.3133",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2019.4596",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2019.3597.2",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.0643",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.0100",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.1030",
            "trust": 0.6
          },
          {
            "db": "PACKETSTORM",
            "id": "156941",
            "trust": 0.6
          },
          {
            "db": "PACKETSTORM",
            "id": "155414",
            "trust": 0.6
          },
          {
            "db": "PACKETSTORM",
            "id": "154227",
            "trust": 0.6
          },
          {
            "db": "PACKETSTORM",
            "id": "157214",
            "trust": 0.6
          },
          {
            "db": "PACKETSTORM",
            "id": "156852",
            "trust": 0.6
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-19-346-01",
            "trust": 0.6
          },
          {
            "db": "PACKETSTORM",
            "id": "154590",
            "trust": 0.2
          },
          {
            "db": "VULHUB",
            "id": "VHN-160952",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "154258",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "154699",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "154506",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "154698",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "155416",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "154693",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "154663",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#605641"
          },
          {
            "db": "VULHUB",
            "id": "VHN-160952"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-008014"
          },
          {
            "db": "PACKETSTORM",
            "id": "154590"
          },
          {
            "db": "PACKETSTORM",
            "id": "154258"
          },
          {
            "db": "PACKETSTORM",
            "id": "154699"
          },
          {
            "db": "PACKETSTORM",
            "id": "154506"
          },
          {
            "db": "PACKETSTORM",
            "id": "154698"
          },
          {
            "db": "PACKETSTORM",
            "id": "155416"
          },
          {
            "db": "PACKETSTORM",
            "id": "154693"
          },
          {
            "db": "PACKETSTORM",
            "id": "154663"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201908-943"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-9517"
          }
        ]
      },
      "id": "VAR-201908-0260",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-160952"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2024-07-23T19:32:07.732000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "SwiftNIO",
            "trust": 0.8,
            "url": "https://github.com/apple/swift-nio"
          },
          {
            "title": "svn commit: r1048743 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
            "trust": 0.8,
            "url": "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba@%3ccvs.httpd.apache.org%3e"
          },
          {
            "title": "Re: CVE-2019-10097 vs. CHANGEs entry",
            "trust": 0.8,
            "url": "https://lists.apache.org/thread.html/d89f999e26dfb1d50f247ead1fe8538014eb412b2dbe5be4b1a9ef50@%3cdev.httpd.apache.org%3e"
          },
          {
            "title": "CVE-2019-10097 vs. CHANGEs entry",
            "trust": 0.8,
            "url": "https://lists.apache.org/thread.html/ec97fdfc1a859266e56fef084353a34e0a0b08901b3c1aa317a43c8c@%3cdev.httpd.apache.org%3e"
          },
          {
            "title": "CVE-2019-9517: mod_http2, DoS attack by exhausting h2 workers",
            "trust": 0.8,
            "url": "https://lists.apache.org/thread.html/4610762456644181b267c846423b3a990bd4aaea1886ecc7d51febdb@%3cannounce.httpd.apache.org%3e"
          },
          {
            "title": "HTTP/2 Remedial measures to achieve security vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=96626"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-008014"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201908-943"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-770",
            "trust": 1.1
          },
          {
            "problemtype": "CWE-400",
            "trust": 0.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-160952"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-008014"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-9517"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.5,
            "url": "https://github.com/netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md"
          },
          {
            "trust": 2.5,
            "url": "https://www.synology.com/security/advisory/synology_sa_19_33"
          },
          {
            "trust": 2.5,
            "url": "https://kb.cert.org/vuls/id/605641/"
          },
          {
            "trust": 2.4,
            "url": "https://access.redhat.com/errata/rhsa-2019:3933"
          },
          {
            "trust": 2.3,
            "url": "https://www.debian.org/security/2019/dsa-4509"
          },
          {
            "trust": 2.3,
            "url": "https://access.redhat.com/errata/rhsa-2019:3932"
          },
          {
            "trust": 2.3,
            "url": "https://access.redhat.com/errata/rhsa-2019:3935"
          },
          {
            "trust": 2.3,
            "url": "https://usn.ubuntu.com/4113-1/"
          },
          {
            "trust": 2.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9517"
          },
          {
            "trust": 1.8,
            "url": "https://access.redhat.com/errata/rhsa-2019:2893"
          },
          {
            "trust": 1.8,
            "url": "https://access.redhat.com/errata/rhsa-2019:2925"
          },
          {
            "trust": 1.8,
            "url": "https://access.redhat.com/errata/rhsa-2019:2939"
          },
          {
            "trust": 1.8,
            "url": "https://access.redhat.com/errata/rhsa-2019:2949"
          },
          {
            "trust": 1.8,
            "url": "https://access.redhat.com/errata/rhsa-2019:2950"
          },
          {
            "trust": 1.7,
            "url": "https://seclists.org/bugtraq/2019/aug/47"
          },
          {
            "trust": 1.7,
            "url": "https://security.netapp.com/advisory/ntap-20190823-0003/"
          },
          {
            "trust": 1.7,
            "url": "https://security.netapp.com/advisory/ntap-20190823-0005/"
          },
          {
            "trust": 1.7,
            "url": "https://security.netapp.com/advisory/ntap-20190905-0003/"
          },
          {
            "trust": 1.7,
            "url": "https://security.gentoo.org/glsa/201909-04"
          },
          {
            "trust": 1.7,
            "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
          },
          {
            "trust": 1.7,
            "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
          },
          {
            "trust": 1.7,
            "url": "http://www.openwall.com/lists/oss-security/2019/08/15/7"
          },
          {
            "trust": 1.7,
            "url": "https://access.redhat.com/errata/rhsa-2019:2946"
          },
          {
            "trust": 1.7,
            "url": "https://access.redhat.com/errata/rhsa-2019:2955"
          },
          {
            "trust": 1.7,
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00004.html"
          },
          {
            "trust": 1.7,
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00032.html"
          },
          {
            "trust": 1.7,
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00031.html"
          },
          {
            "trust": 1.6,
            "url": "https://blogs.akamai.com/sitr/2019/08/http2-vulnerabilities.html"
          },
          {
            "trust": 1.6,
            "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10296"
          },
          {
            "trust": 1.4,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9517"
          },
          {
            "trust": 1.1,
            "url": "https://support.f5.com/csp/article/k02591030"
          },
          {
            "trust": 1.0,
            "url": "https://lists.apache.org/thread.html/4610762456644181b267c846423b3a990bd4aaea1886ecc7d51febdb%40%3cannounce.httpd.apache.org%3e"
          },
          {
            "trust": 1.0,
            "url": "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3ccvs.httpd.apache.org%3e"
          },
          {
            "trust": 1.0,
            "url": "https://lists.apache.org/thread.html/d89f999e26dfb1d50f247ead1fe8538014eb412b2dbe5be4b1a9ef50%40%3cdev.httpd.apache.org%3e"
          },
          {
            "trust": 1.0,
            "url": "https://lists.apache.org/thread.html/ec97fdfc1a859266e56fef084353a34e0a0b08901b3c1aa317a43c8c%40%3cdev.httpd.apache.org%3e"
          },
          {
            "trust": 1.0,
            "url": "https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d%40%3ccvs.httpd.apache.org%3e"
          },
          {
            "trust": 1.0,
            "url": "https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3ccvs.httpd.apache.org%3e"
          },
          {
            "trust": 1.0,
            "url": "https://lists.apache.org/thread.html/r3c5c3104813c1c5508b55564b66546933079250a46ce50eee90b2e36%40%3ccvs.httpd.apache.org%3e"
          },
          {
            "trust": 1.0,
            "url": "https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3ccvs.httpd.apache.org%3e"
          },
          {
            "trust": 1.0,
            "url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3ccvs.httpd.apache.org%3e"
          },
          {
            "trust": 1.0,
            "url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3ccvs.httpd.apache.org%3e"
          },
          {
            "trust": 1.0,
            "url": "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3ccvs.httpd.apache.org%3e"
          },
          {
            "trust": 1.0,
            "url": "https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538%40%3ccvs.httpd.apache.org%3e"
          },
          {
            "trust": 1.0,
            "url": "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3ccvs.httpd.apache.org%3e"
          },
          {
            "trust": 1.0,
            "url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3ccvs.httpd.apache.org%3e"
          },
          {
            "trust": 1.0,
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4zqghe3wtylyayjeidjvf2figqtaypmc/"
          },
          {
            "trust": 1.0,
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/bp556leg3wenhzi5taq6zebftjb4e2is/"
          },
          {
            "trust": 1.0,
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/cmnfx5mnyrwwimo4btkyqcgudmho3axp/"
          },
          {
            "trust": 1.0,
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/xhtku7yq5eep2xnsav4m4vj7qcbojmod/"
          },
          {
            "trust": 1.0,
            "url": "https://support.f5.com/csp/article/k02591030?utm_source=f5support\u0026amp%3butm_medium=rss"
          },
          {
            "trust": 0.8,
            "url": "https://vuls.cert.org/confluence/pages/viewpage.action?pageid=56393752"
          },
          {
            "trust": 0.8,
            "url": "https://tools.ietf.org/html/rfc7540"
          },
          {
            "trust": 0.8,
            "url": "https://tools.ietf.org/html/rfc7541"
          },
          {
            "trust": 0.8,
            "url": "https://blog.cloudflare.com/on-the-recent-http-2-dos-attacks/"
          },
          {
            "trust": 0.8,
            "url": "https://blog.litespeedtech.com/2019/08/15/litespeed-addresses-http-2-dos-advisories/"
          },
          {
            "trust": 0.8,
            "url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-9511https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-9512https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-9513https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-9514https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-9518"
          },
          {
            "trust": 0.8,
            "url": "https://jvn.jp/vu/jvnvu98433488/"
          },
          {
            "trust": 0.7,
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/bp556leg3wenhzi5taq6zebftjb4e2is/"
          },
          {
            "trust": 0.7,
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/cmnfx5mnyrwwimo4btkyqcgudmho3axp/"
          },
          {
            "trust": 0.7,
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/xhtku7yq5eep2xnsav4m4vj7qcbojmod/"
          },
          {
            "trust": 0.7,
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4zqghe3wtylyayjeidjvf2figqtaypmc/"
          },
          {
            "trust": 0.6,
            "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
          },
          {
            "trust": 0.6,
            "url": "https://access.redhat.com/security/cve/cve-2019-9517"
          },
          {
            "trust": 0.6,
            "url": "https://bugzilla.redhat.com/):"
          },
          {
            "trust": 0.6,
            "url": "https://access.redhat.com/articles/11258"
          },
          {
            "trust": 0.6,
            "url": "https://access.redhat.com/security/team/contact/"
          },
          {
            "trust": 0.6,
            "url": "https://access.redhat.com/security/updates/classification/#important"
          },
          {
            "trust": 0.6,
            "url": "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234@%3ccvs."
          },
          {
            "trust": 0.6,
            "url": "https://lists.apache.org/thread.html/ec97fdfc1a859266e56fef084353a34e0a0b08901b3c1aa317a43c8c@%3cdev."
          },
          {
            "trust": 0.6,
            "url": "https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d@%3ccvs."
          },
          {
            "trust": 0.6,
            "url": "https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d@%3ccvs."
          },
          {
            "trust": 0.6,
            "url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3ccvs."
          },
          {
            "trust": 0.6,
            "url": "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba@%3ccvs."
          },
          {
            "trust": 0.6,
            "url": "https://lists.apache.org/thread.html/d89f999e26dfb1d50f247ead1fe8538014eb412b2dbe5be4b1a9ef50@%3cdev."
          },
          {
            "trust": 0.6,
            "url": "http2-cves/"
          },
          {
            "trust": 0.6,
            "url": "https://www.cloudfoundry.org/blog/various-"
          },
          {
            "trust": 0.6,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9518"
          },
          {
            "trust": 0.6,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9516"
          },
          {
            "trust": 0.6,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9515"
          },
          {
            "trust": 0.6,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9514"
          },
          {
            "trust": 0.6,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9513"
          },
          {
            "trust": 0.6,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9512"
          },
          {
            "trust": 0.6,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9511"
          },
          {
            "trust": 0.6,
            "url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a@%3ccvs."
          },
          {
            "trust": 0.6,
            "url": "https://support.f5.com/csp/article/k02591030?utm_source=f5support\u0026utm_medium=rss"
          },
          {
            "trust": 0.6,
            "url": "https://lists.apache.org/thread.html/r3c5c3104813c1c5508b55564b66546933079250a46ce50eee90b2e36@%3ccvs."
          },
          {
            "trust": 0.6,
            "url": "https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf@%3ccvs."
          },
          {
            "trust": 0.6,
            "url": "https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538@%3ccvs."
          },
          {
            "trust": 0.6,
            "url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3ccvs."
          },
          {
            "trust": 0.6,
            "url": "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f@%3ccvs."
          },
          {
            "trust": 0.6,
            "url": "https://lists.apache.org/thread.html/4610762456644181b267c846423b3a990bd4aaea1886ecc7d51febdb@%3cannounce."
          },
          {
            "trust": 0.6,
            "url": "https://support.f5.com/csp/article/k50233772"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/support/pages/node/1126605"
          },
          {
            "trust": 0.6,
            "url": "https://www.suse.com/support/update/announcement/2019/suse-su-201914246-1.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/support/pages/node/1104951"
          },
          {
            "trust": 0.6,
            "url": "https://www.us-cert.gov/ics/advisories/icsa-19-346-01"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/support/pages/node/1165894"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/support/pages/node/1165906"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/support/pages/node/1135167"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/support/pages/node/1164346"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/support/pages/node/1164364"
          },
          {
            "trust": 0.6,
            "url": "https://www.suse.com/support/update/announcement/2020/suse-su-20200059-1.html"
          },
          {
            "trust": 0.6,
            "url": "httpd.apache.org/security/vulnerabilities_24.html"
          },
          {
            "trust": 0.6,
            "url": "httpd.apache.org%3e"
          },
          {
            "trust": 0.6,
            "url": "https://lists.apache.org/thread.html/be1e153d17bb9e32d43a38f176d93bf8a9f7568f5c8f3f5e5ebf76cd@%3cannounce."
          },
          {
            "trust": 0.6,
            "url": "httpd-six-vulnerabilities-30057"
          },
          {
            "trust": 0.6,
            "url": "https://vigilance.fr/vulnerability/apache-"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/support/pages/node/1127397"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/support/pages/node/1128387"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/157214/red-hat-security-advisory-2020-1445-01.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2019.4645/"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2019.4403/"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2019.3597.2/"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2019.4665/"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2019.4788/"
          },
          {
            "trust": 0.6,
            "url": "https://pivotal.io/security/cve-2019-9517"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-node-js-affect-ibm-spectrum-protect-plus-cve-2019-15606-cve-2019-15604-cve-2019-15605-cve-2019-9511-cve-2019-9516-cve-2019-9512-cve-2019-9517-cve-2019-951/"
          },
          {
            "trust": 0.6,
            "url": "http-2-cve-2019-9515-cve-2019-9518-cve-2019-9517-cve-2019-9514-cve-2019-9512-cve-2019/"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-console-and-rest-api-are-vulnerable-to-multiple-denial-of-service-attacks-within-"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-transformation-advisor-is-affected-by-vulnerabilities-in-websphere-application-server-liberty-cve-2019-9515-cve-2019-9518-cve-2019-9517-cve-2019-9512-cve-2019-9514-c/"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2019.4596/"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.0643/"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/support/pages/node/1143454"
          },
          {
            "trust": 0.6,
            "url": "http2-implementation-vulnerablility/"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/blogs/psirt/security-bulletin-websphere-liberty-susceptible-to-"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-in-ibm-websphere-application-server-affect-ibm-sterling-b2b-integrator/"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/156852/red-hat-security-advisory-2020-0922-01.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-kubernetes-affect-ibm-infosphere-information-server/"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/156941/red-hat-security-advisory-2020-0983-01.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-websphere-application-server-liberty-affect-ibm-spectrum-protect-operations-center-and-client-management-service/"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2019.3243/"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.4295/"
          },
          {
            "trust": 0.6,
            "url": "http-2-implementation-used-by-watson-knowledge-catalog-for-ibm-cloud-pak-for-data/"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.1335/"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-infosphere-information-server-is-affected-by-multiple-vulnerabilities-in-websphere-application-server-liberty/"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2019.3597.3/"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/155414/red-hat-security-advisory-2019-3935-01.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/support/pages/node/1150960"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/support/pages/node/1137466"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.0100/"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/support/pages/node/1167160"
          },
          {
            "trust": 0.6,
            "url": "https://vigilance.fr/vulnerability/http-2-multiple-vulnerabilities-30040"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.0007/"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2019.4238/"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/support/pages/node/1165852"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/154227/debian-security-advisory-4509-1.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2019.3301/"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.1076/"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.1030/"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/support/pages/node/1127853"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2019.3133/"
          },
          {
            "trust": 0.5,
            "url": "https://access.redhat.com/security/team/key/"
          },
          {
            "trust": 0.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9513"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2019-9511"
          },
          {
            "trust": 0.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9511"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2019-9513"
          },
          {
            "trust": 0.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9516"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2019-9516"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-0197"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-10082"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-10081"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-10097"
          },
          {
            "trust": 0.2,
            "url": "https://usn.ubuntu.com/4113-1"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-10098"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-10092"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9514"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9515"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2019-9512"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2019-9514"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2019-9515"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2019-9518"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9512"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9518"
          },
          {
            "trust": 0.1,
            "url": "https://kc.mcafee.com/corporate/index?page=content\u0026amp;id=sb10296"
          },
          {
            "trust": 0.1,
            "url": "https://support.f5.com/csp/article/k02591030?utm_source=f5support\u0026amp;amp;utm_medium=rss"
          },
          {
            "trust": 0.1,
            "url": "https://lists.apache.org/thread.html/4610762456644181b267c846423b3a990bd4aaea1886ecc7d51febdb@%3cannounce.httpd.apache.org%3e"
          },
          {
            "trust": 0.1,
            "url": "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba@%3ccvs.httpd.apache.org%3e"
          },
          {
            "trust": 0.1,
            "url": "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f@%3ccvs.httpd.apache.org%3e"
          },
          {
            "trust": 0.1,
            "url": "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234@%3ccvs.httpd.apache.org%3e"
          },
          {
            "trust": 0.1,
            "url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3ccvs.httpd.apache.org%3e"
          },
          {
            "trust": 0.1,
            "url": "https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d@%3ccvs.httpd.apache.org%3e"
          },
          {
            "trust": 0.1,
            "url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a@%3ccvs.httpd.apache.org%3e"
          },
          {
            "trust": 0.1,
            "url": "https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf@%3ccvs.httpd.apache.org%3e"
          },
          {
            "trust": 0.1,
            "url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3ccvs.httpd.apache.org%3e"
          },
          {
            "trust": 0.1,
            "url": "https://lists.apache.org/thread.html/r3c5c3104813c1c5508b55564b66546933079250a46ce50eee90b2e36@%3ccvs.httpd.apache.org%3e"
          },
          {
            "trust": 0.1,
            "url": "https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538@%3ccvs.httpd.apache.org%3e"
          },
          {
            "trust": 0.1,
            "url": "https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d@%3ccvs.httpd.apache.org%3e"
          },
          {
            "trust": 0.1,
            "url": "https://lists.apache.org/thread.html/ec97fdfc1a859266e56fef084353a34e0a0b08901b3c1aa317a43c8c@%3cdev.httpd.apache.org%3e"
          },
          {
            "trust": 0.1,
            "url": "https://lists.apache.org/thread.html/d89f999e26dfb1d50f247ead1fe8538014eb412b2dbe5be4b1a9ef50@%3cdev.httpd.apache.org%3e"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/apache2/2.4.18-2ubuntu3.12"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/apache2/2.4.38-2ubuntu2.2"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/apache2/2.4.29-1ubuntu4.10"
          },
          {
            "trust": 0.1,
            "url": "https://usn.ubuntu.com/4113-2"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/apache2/2.4.18-2ubuntu3.13"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/bugs/1842701"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/apache2/2.4.38-2ubuntu2.3"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/apache2/2.4.29-1ubuntu4.11"
          },
          {
            "trust": 0.1,
            "url": "https://issues.jboss.org/):"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=core.service.apachehttp\u0026downloadtype=securitypatches\u0026version=2.4.29"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_core_services/2.4.29/html/red_hat_jboss_core_services_apache_http_server_2.4.29_service_pack_3_release_notes/index"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-5407"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-17199"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-17189"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2018-0737"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2018-17199"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-0737"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-0217"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-0734"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-0217"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-0197"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2018-17189"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2018-5407"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-0196"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-0196"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2018-0734"
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#605641"
          },
          {
            "db": "VULHUB",
            "id": "VHN-160952"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-008014"
          },
          {
            "db": "PACKETSTORM",
            "id": "154590"
          },
          {
            "db": "PACKETSTORM",
            "id": "154258"
          },
          {
            "db": "PACKETSTORM",
            "id": "154699"
          },
          {
            "db": "PACKETSTORM",
            "id": "154506"
          },
          {
            "db": "PACKETSTORM",
            "id": "154698"
          },
          {
            "db": "PACKETSTORM",
            "id": "155416"
          },
          {
            "db": "PACKETSTORM",
            "id": "154693"
          },
          {
            "db": "PACKETSTORM",
            "id": "154663"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201908-943"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-9517"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CERT/CC",
            "id": "VU#605641"
          },
          {
            "db": "VULHUB",
            "id": "VHN-160952"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-008014"
          },
          {
            "db": "PACKETSTORM",
            "id": "154590"
          },
          {
            "db": "PACKETSTORM",
            "id": "154258"
          },
          {
            "db": "PACKETSTORM",
            "id": "154699"
          },
          {
            "db": "PACKETSTORM",
            "id": "154506"
          },
          {
            "db": "PACKETSTORM",
            "id": "154698"
          },
          {
            "db": "PACKETSTORM",
            "id": "155416"
          },
          {
            "db": "PACKETSTORM",
            "id": "154693"
          },
          {
            "db": "PACKETSTORM",
            "id": "154663"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201908-943"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-9517"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-08-13T00:00:00",
            "db": "CERT/CC",
            "id": "VU#605641"
          },
          {
            "date": "2019-08-13T00:00:00",
            "db": "VULHUB",
            "id": "VHN-160952"
          },
          {
            "date": "2019-08-23T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-008014"
          },
          {
            "date": "2019-09-24T17:17:32",
            "db": "PACKETSTORM",
            "id": "154590"
          },
          {
            "date": "2019-08-30T01:44:51",
            "db": "PACKETSTORM",
            "id": "154258"
          },
          {
            "date": "2019-10-01T20:46:00",
            "db": "PACKETSTORM",
            "id": "154699"
          },
          {
            "date": "2019-09-17T16:48:23",
            "db": "PACKETSTORM",
            "id": "154506"
          },
          {
            "date": "2019-10-01T20:45:48",
            "db": "PACKETSTORM",
            "id": "154698"
          },
          {
            "date": "2019-11-20T20:55:55",
            "db": "PACKETSTORM",
            "id": "155416"
          },
          {
            "date": "2019-09-30T22:22:22",
            "db": "PACKETSTORM",
            "id": "154693"
          },
          {
            "date": "2019-09-30T13:33:33",
            "db": "PACKETSTORM",
            "id": "154663"
          },
          {
            "date": "2019-08-13T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201908-943"
          },
          {
            "date": "2019-08-13T21:15:12.647000",
            "db": "NVD",
            "id": "CVE-2019-9517"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-11-19T00:00:00",
            "db": "CERT/CC",
            "id": "VU#605641"
          },
          {
            "date": "2023-01-19T00:00:00",
            "db": "VULHUB",
            "id": "VHN-160952"
          },
          {
            "date": "2019-08-23T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-008014"
          },
          {
            "date": "2021-06-07T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201908-943"
          },
          {
            "date": "2023-11-07T03:13:43.113000",
            "db": "NVD",
            "id": "CVE-2019-9517"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "PACKETSTORM",
            "id": "154258"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201908-943"
          }
        ],
        "trust": 0.7
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "HTTP/2 implementations do not robustly handle abnormal traffic and resource exhaustion",
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#605641"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "resource management error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201908-943"
          }
        ],
        "trust": 0.6
      }
    }