var-201908-0421
Vulnerability from variot

Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service. The attacker requests a large amount of data from a specified resource over multiple streams. They manipulate window size and stream priority to force the server to queue the data in 1-byte chunks. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both. Multiple HTTP/2 implementations are vulnerable to a variety of denial-of-service (DoS) attacks. HTTP/2 is the second version of the hypertext transfer protocol, which is mainly used to ensure the communication between the client and the server. A resource management error vulnerability exists in HTTP/2. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

====================================================================
Red Hat Security Advisory

Synopsis: Important: rh-nginx114-nginx security update Advisory ID: RHSA-2019:2775-01 Product: Red Hat Software Collections Advisory URL: https://access.redhat.com/errata/RHSA-2019:2775 Issue date: 2019-09-16 CVE Names: CVE-2019-9511 CVE-2019-9513 CVE-2019-9516 ==================================================================== 1. Summary:

An update for rh-nginx114-nginx is now available for Red Hat Software Collections.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

  1. Relevant releases/architectures:

Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - aarch64, ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4) - ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5) - ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6) - ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7) - ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - x86_64

  1. Description:

nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage.

Security Fix(es):

  • HTTP/2: large amount of data request leads to denial of service (CVE-2019-9511)

  • HTTP/2: flood using PRIORITY frames resulting in excessive resource consumption (CVE-2019-9513)

  • HTTP/2: 0-length headers leads to denial of service (CVE-2019-9516)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

  1. Solution:

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

The rh-nginx114-nginx service must be restarted for this update to take effect.

  1. Bugs fixed (https://bugzilla.redhat.com/):

1735741 - CVE-2019-9513 HTTP/2: flood using PRIORITY frames resulting in excessive resource consumption 1741860 - CVE-2019-9511 HTTP/2: large amount of data requests leads to denial of service 1741864 - CVE-2019-9516 HTTP/2: 0-length headers lead to denial of service

  1. Package List:

Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):

Source: rh-nginx114-nginx-1.14.1-1.el7.1.src.rpm

aarch64: rh-nginx114-nginx-1.14.1-1.el7.1.aarch64.rpm rh-nginx114-nginx-debuginfo-1.14.1-1.el7.1.aarch64.rpm rh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.1.aarch64.rpm rh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.1.aarch64.rpm rh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.1.aarch64.rpm rh-nginx114-nginx-mod-mail-1.14.1-1.el7.1.aarch64.rpm rh-nginx114-nginx-mod-stream-1.14.1-1.el7.1.aarch64.rpm

ppc64le: rh-nginx114-nginx-1.14.1-1.el7.1.ppc64le.rpm rh-nginx114-nginx-debuginfo-1.14.1-1.el7.1.ppc64le.rpm rh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.1.ppc64le.rpm rh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.1.ppc64le.rpm rh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.1.ppc64le.rpm rh-nginx114-nginx-mod-mail-1.14.1-1.el7.1.ppc64le.rpm rh-nginx114-nginx-mod-stream-1.14.1-1.el7.1.ppc64le.rpm

s390x: rh-nginx114-nginx-1.14.1-1.el7.1.s390x.rpm rh-nginx114-nginx-debuginfo-1.14.1-1.el7.1.s390x.rpm rh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.1.s390x.rpm rh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.1.s390x.rpm rh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.1.s390x.rpm rh-nginx114-nginx-mod-mail-1.14.1-1.el7.1.s390x.rpm rh-nginx114-nginx-mod-stream-1.14.1-1.el7.1.s390x.rpm

Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):

Source: rh-nginx114-nginx-1.14.1-1.el7.1.src.rpm

aarch64: rh-nginx114-nginx-1.14.1-1.el7.1.aarch64.rpm rh-nginx114-nginx-debuginfo-1.14.1-1.el7.1.aarch64.rpm rh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.1.aarch64.rpm rh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.1.aarch64.rpm rh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.1.aarch64.rpm rh-nginx114-nginx-mod-mail-1.14.1-1.el7.1.aarch64.rpm rh-nginx114-nginx-mod-stream-1.14.1-1.el7.1.aarch64.rpm

ppc64le: rh-nginx114-nginx-1.14.1-1.el7.1.ppc64le.rpm rh-nginx114-nginx-debuginfo-1.14.1-1.el7.1.ppc64le.rpm rh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.1.ppc64le.rpm rh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.1.ppc64le.rpm rh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.1.ppc64le.rpm rh-nginx114-nginx-mod-mail-1.14.1-1.el7.1.ppc64le.rpm rh-nginx114-nginx-mod-stream-1.14.1-1.el7.1.ppc64le.rpm

s390x: rh-nginx114-nginx-1.14.1-1.el7.1.s390x.rpm rh-nginx114-nginx-debuginfo-1.14.1-1.el7.1.s390x.rpm rh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.1.s390x.rpm rh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.1.s390x.rpm rh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.1.s390x.rpm rh-nginx114-nginx-mod-mail-1.14.1-1.el7.1.s390x.rpm rh-nginx114-nginx-mod-stream-1.14.1-1.el7.1.s390x.rpm

x86_64: rh-nginx114-nginx-1.14.1-1.el7.1.x86_64.rpm rh-nginx114-nginx-debuginfo-1.14.1-1.el7.1.x86_64.rpm rh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.1.x86_64.rpm rh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.1.x86_64.rpm rh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.1.x86_64.rpm rh-nginx114-nginx-mod-mail-1.14.1-1.el7.1.x86_64.rpm rh-nginx114-nginx-mod-stream-1.14.1-1.el7.1.x86_64.rpm

Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4):

Source: rh-nginx114-nginx-1.14.1-1.el7.1.src.rpm

ppc64le: rh-nginx114-nginx-1.14.1-1.el7.1.ppc64le.rpm rh-nginx114-nginx-debuginfo-1.14.1-1.el7.1.ppc64le.rpm rh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.1.ppc64le.rpm rh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.1.ppc64le.rpm rh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.1.ppc64le.rpm rh-nginx114-nginx-mod-mail-1.14.1-1.el7.1.ppc64le.rpm rh-nginx114-nginx-mod-stream-1.14.1-1.el7.1.ppc64le.rpm

s390x: rh-nginx114-nginx-1.14.1-1.el7.1.s390x.rpm rh-nginx114-nginx-debuginfo-1.14.1-1.el7.1.s390x.rpm rh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.1.s390x.rpm rh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.1.s390x.rpm rh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.1.s390x.rpm rh-nginx114-nginx-mod-mail-1.14.1-1.el7.1.s390x.rpm rh-nginx114-nginx-mod-stream-1.14.1-1.el7.1.s390x.rpm

x86_64: rh-nginx114-nginx-1.14.1-1.el7.1.x86_64.rpm rh-nginx114-nginx-debuginfo-1.14.1-1.el7.1.x86_64.rpm rh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.1.x86_64.rpm rh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.1.x86_64.rpm rh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.1.x86_64.rpm rh-nginx114-nginx-mod-mail-1.14.1-1.el7.1.x86_64.rpm rh-nginx114-nginx-mod-stream-1.14.1-1.el7.1.x86_64.rpm

Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5):

Source: rh-nginx114-nginx-1.14.1-1.el7.1.src.rpm

ppc64le: rh-nginx114-nginx-1.14.1-1.el7.1.ppc64le.rpm rh-nginx114-nginx-debuginfo-1.14.1-1.el7.1.ppc64le.rpm rh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.1.ppc64le.rpm rh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.1.ppc64le.rpm rh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.1.ppc64le.rpm rh-nginx114-nginx-mod-mail-1.14.1-1.el7.1.ppc64le.rpm rh-nginx114-nginx-mod-stream-1.14.1-1.el7.1.ppc64le.rpm

s390x: rh-nginx114-nginx-1.14.1-1.el7.1.s390x.rpm rh-nginx114-nginx-debuginfo-1.14.1-1.el7.1.s390x.rpm rh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.1.s390x.rpm rh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.1.s390x.rpm rh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.1.s390x.rpm rh-nginx114-nginx-mod-mail-1.14.1-1.el7.1.s390x.rpm rh-nginx114-nginx-mod-stream-1.14.1-1.el7.1.s390x.rpm

x86_64: rh-nginx114-nginx-1.14.1-1.el7.1.x86_64.rpm rh-nginx114-nginx-debuginfo-1.14.1-1.el7.1.x86_64.rpm rh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.1.x86_64.rpm rh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.1.x86_64.rpm rh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.1.x86_64.rpm rh-nginx114-nginx-mod-mail-1.14.1-1.el7.1.x86_64.rpm rh-nginx114-nginx-mod-stream-1.14.1-1.el7.1.x86_64.rpm

Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6):

Source: rh-nginx114-nginx-1.14.1-1.el7.1.src.rpm

ppc64le: rh-nginx114-nginx-1.14.1-1.el7.1.ppc64le.rpm rh-nginx114-nginx-debuginfo-1.14.1-1.el7.1.ppc64le.rpm rh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.1.ppc64le.rpm rh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.1.ppc64le.rpm rh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.1.ppc64le.rpm rh-nginx114-nginx-mod-mail-1.14.1-1.el7.1.ppc64le.rpm rh-nginx114-nginx-mod-stream-1.14.1-1.el7.1.ppc64le.rpm

s390x: rh-nginx114-nginx-1.14.1-1.el7.1.s390x.rpm rh-nginx114-nginx-debuginfo-1.14.1-1.el7.1.s390x.rpm rh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.1.s390x.rpm rh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.1.s390x.rpm rh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.1.s390x.rpm rh-nginx114-nginx-mod-mail-1.14.1-1.el7.1.s390x.rpm rh-nginx114-nginx-mod-stream-1.14.1-1.el7.1.s390x.rpm

x86_64: rh-nginx114-nginx-1.14.1-1.el7.1.x86_64.rpm rh-nginx114-nginx-debuginfo-1.14.1-1.el7.1.x86_64.rpm rh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.1.x86_64.rpm rh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.1.x86_64.rpm rh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.1.x86_64.rpm rh-nginx114-nginx-mod-mail-1.14.1-1.el7.1.x86_64.rpm rh-nginx114-nginx-mod-stream-1.14.1-1.el7.1.x86_64.rpm

Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7):

Source: rh-nginx114-nginx-1.14.1-1.el7.1.src.rpm

ppc64le: rh-nginx114-nginx-1.14.1-1.el7.1.ppc64le.rpm rh-nginx114-nginx-debuginfo-1.14.1-1.el7.1.ppc64le.rpm rh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.1.ppc64le.rpm rh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.1.ppc64le.rpm rh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.1.ppc64le.rpm rh-nginx114-nginx-mod-mail-1.14.1-1.el7.1.ppc64le.rpm rh-nginx114-nginx-mod-stream-1.14.1-1.el7.1.ppc64le.rpm

s390x: rh-nginx114-nginx-1.14.1-1.el7.1.s390x.rpm rh-nginx114-nginx-debuginfo-1.14.1-1.el7.1.s390x.rpm rh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.1.s390x.rpm rh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.1.s390x.rpm rh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.1.s390x.rpm rh-nginx114-nginx-mod-mail-1.14.1-1.el7.1.s390x.rpm rh-nginx114-nginx-mod-stream-1.14.1-1.el7.1.s390x.rpm

x86_64: rh-nginx114-nginx-1.14.1-1.el7.1.x86_64.rpm rh-nginx114-nginx-debuginfo-1.14.1-1.el7.1.x86_64.rpm rh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.1.x86_64.rpm rh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.1.x86_64.rpm rh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.1.x86_64.rpm rh-nginx114-nginx-mod-mail-1.14.1-1.el7.1.x86_64.rpm rh-nginx114-nginx-mod-stream-1.14.1-1.el7.1.x86_64.rpm

Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):

Source: rh-nginx114-nginx-1.14.1-1.el7.1.src.rpm

x86_64: rh-nginx114-nginx-1.14.1-1.el7.1.x86_64.rpm rh-nginx114-nginx-debuginfo-1.14.1-1.el7.1.x86_64.rpm rh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.1.x86_64.rpm rh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.1.x86_64.rpm rh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.1.x86_64.rpm rh-nginx114-nginx-mod-mail-1.14.1-1.el7.1.x86_64.rpm rh-nginx114-nginx-mod-stream-1.14.1-1.el7.1.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

  1. References:

https://access.redhat.com/security/cve/CVE-2019-9511 https://access.redhat.com/security/cve/CVE-2019-9513 https://access.redhat.com/security/cve/CVE-2019-9516 https://access.redhat.com/security/updates/classification/#important

  1. Contact:

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

Copyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

iQIVAwUBXYD0u9zjgjWX9erEAQh90w/7BWdh3Jxs9cP+P0kgwkv3Y0BLGblHx0B4 3BkFoa4B+/k2xrCOl+vy6cPip7PY7KVemOfv6g3BYlqAISOxU2lSjScEMwhdrh4g 2Ng7xkoUOoQ0KfXmVzMayVUkRwgam+utdacHnNgdGdYPwhCmticW0n5PfNakMOb6 CCmUZ91tfV7orMPiH+f1nBIulXok4zcOzdvZElSh97dmQcjoi+T5EoqbcFY8n5Ck Y+COohJ3X026oab73Tr2Kayju43TJGUdNR8lVmap4H8QkXqvbTrjd2YqXj8Zg7qr oNh7J2jnRec01+rYG8sL225+ZrdTtZ6c7kXQpUDh+jkjDImfJZz38HkI5/mRU+iS VSqP5PAhKvYlOXvIGIOoWtMXLDmnuzVEo/E/tScHc85Mp+6B5yM5r93dTGuRfjo1 yvSIftS3y7A8NtP7oJvpvVhcVAyc024X124PtojSoL+s5K60jzy06rky4WxIy0uh kqK1W/SowueKFreJjBo4N6ZZ6rjBZ8okZKqWjRCi56szhP3KJ4+563g5VfltLsd5 YqN9li8tUNzjrehVkZKEKfv6RkEQUuAbyAEVL6yFzVk3lTf1SgjlQhCNedWmD6N7 aeVU/tMNw4gMXXtmLPObL54HNUNgM799BLVzzna+wofr2iT7nnUZakCsfn+jHYk7 3Z3oFnpnL5o=L5z9 -----END PGP SIGNATURE-----

-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . Description:

Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. Solution:

Before applying this update, ensure all previously released errata relevant to your system have been applied. JIRA issues fixed (https://issues.jboss.org/):

JBEAP-17075 - (7.2.z) Upgrade yasson from 1.0.2.redhat-00001 to 1.0.5 JBEAP-17220 - (7.2.x) HHH-13504 Upgrade ByteBuddy to 1.9.11 JBEAP-17365 - GSS Upgrade RESTEasy from 3.6.1.SP6 to 3.6.1.SP7 JBEAP-17476 - GSS Upgrade Generic JMS RA 2.0.2.Final JBEAP-17478 - GSS Upgrade JBoss Remoting from 5.0.14.SP1 to 5.0.16.Final JBEAP-17483 - GSS Upgrade Apache CXF from 3.2.9 to 3.2.10 JBEAP-17495 - (7.2.z) Upgrade PicketLink from 2.5.5.SP12-redhat-00007 to 2.5.5.SP12-redhat-00009 JBEAP-17496 - (7.2.z) Upgrade PicketLink bindings from 2.5.5.SP12-redhat-00007 to 2.5.5.SP12-redhat-00009 JBEAP-17513 - GSS Upgrade Hibernate ORM from 5.3.11.SP1 to 5.3.13 JBEAP-17521 - (7.2.z) Upgrade picketbox from 5.0.3.Final-redhat-00004 to 5.0.3.Final-redhat-00005 JBEAP-17523 - GSS Upgrade wildfly-core from 6.0.16 to 6.0.17 JBEAP-17547 - GSS Upgrade Elytron-Tool from 1.4.3 to 1.4.4.Final JBEAP-17548 - GSS Upgrade Elytron from 1.6.4.Final-redhat-00001 to 1.6.5.Final-redhat-00001 JBEAP-17560 - GSS Upgrade HAL from 3.0.16 to 3.0.17 JBEAP-17579 - GSS Upgrade JBoss MSC from 1.4.8 to 1.4.11 JBEAP-17582 - GSS Upgrade JSF based on Mojarra 2.3.5.SP3-redhat-00002 to 2.3.5.SP3-redhat-00003 JBEAP-17605 - Tracker bug for the EAP 7.2.5 release for RHEL-8 JBEAP-17631 - GSS Upgrade Undertow from 2.0.25.SP1 to 2.0.26.SP3 JBEAP-17647 - GSS Upgrade IronJacamar from 1.4.17.Final to 1.4.18.Final JBEAP-17665 - GSS Upgrade XNIO from 3.7.3.Final-redhat-00001 to 3.7.6.Final JBEAP-17722 - GSS Upgrade wildfly-http-client from 1.0.15.Final-redhat-00001 to 1.0.17.Final JBEAP-17874 - (7.2.z) Upgrade to wildfly-openssl 1.0.8 JBEAP-17880 - (7.2.z) Upgrade XNIO from 3.7.6.Final-redhat-00001 to 3.7.6.SP1

For the oldstable distribution (stretch), these problems have been fixed in version 1.10.3-1+deb9u3.

For the stable distribution (buster), these problems have been fixed in version 1.14.2-2+deb10u1.

We recommend that you upgrade your nginx packages.

For the detailed security status of nginx please refer to its security tracker page at: https://security-tracker.debian.org/tracker/nginx

Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl1e7q4ACgkQEMKTtsN8 TjanPg/+JLLuKVdUDpVPFNkX1ckmT5gsoCwzGz3ybhcDMxbf7jD8jtmXFiGFn4fP MXsx6MgrRZn3hq+2VF6MKZjKh9n1hBX38PkqjHKEtV6Xzor97xxLH0rrMlBMEQ7y rz96YTffJfcj+ykI3Vlye1GGDEiKyu0vWgoutXH3i8GUYFyDk//HQdI0eJLQhkfo TMRdbAKmMGeMt/8tSz4G0wewdxc9xjNwE1lKkV22JbT6t656f5QtvOLxt2HvM5c4 gFtFFBv7e1ymh0CKz4VxOxjEH+4ogx5HfzcYP2LjaZJsCFOw8ZUbdieFhlF0R2jH vskBuYLPa/djYHoZ55KY/WTmTsn72y7ZEuQcAdiHRVjg6wRFaum/KkdwutBBCeEj odvrGUcgdLLx4uAC7JOt9HME77Rgu1wTnx3l9L3QCwxIXpHqL8zOuSrSKYDuntDT agQ/awapEYYK5IAgo7YGkhHHHbTSLQ2UX9KfmyoPXJ+H9Vl/XjGhPwdDSEYNqrE9 IKQ8gaFCVOgjJo8lTa5NBsvxa08Gh6jQGZo8Rgfjs4KvUS847Cpb086BvU9pMs36 46+cLbkJ2jkfMLd4slZ5Gf2wkagUJmeZD5O7bY90Szs/IUOJez0LWaN3l7VSMtvY a3a/Y53cX1QYt60eiE6x/ifraOHzcsJglrUNmK8VPfJ9tSTFhWY=+ZOE -----END PGP SIGNATURE----- . The purpose of this text-only errata is to inform you about the security issues fixed in this release.

Installation instructions are available from the Fuse 7.7.0 product documentation page: https://access.redhat.com/documentation/en-us/red_hat_fuse/7.7/

  1. Bugs fixed (https://bugzilla.redhat.com/):

1343616 - CVE-2016-4970 netty: Infinite loop vulnerability when handling renegotiation using SslProvider.OpenSsl 1620529 - CVE-2018-1000632 dom4j: XML Injection in Class: Element. Methods: addElement, addAttribute which can impact the integrity of XML documents 1632452 - CVE-2018-3831 elasticsearch: Information exposure via _cluster/settings API 1637492 - CVE-2018-11797 pdfbox: unbounded computation in parser resulting in a denial of service 1638391 - CVE-2018-12541 vertx: WebSocket HTTP upgrade implementation holds the entire http request in memory before the handshake 1697598 - CVE-2019-3797 spring-data-jpa: Additional information exposure with Spring Data JPA derived queries 1700016 - CVE-2019-0231 mina-core: Retaining an open socket in close_notify SSL-TLS leading to Information disclosure. 1713468 - CVE-2019-12086 jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server. 1715075 - CVE-2019-10172 jackson-mapper-asl: XML external entity similar to CVE-2016-3720 1728604 - CVE-2019-9827 hawtio: server side request forgery via initial /proxy/ substring of a URI 1741860 - CVE-2019-9511 HTTP/2: large amount of data requests leads to denial of service 1752770 - CVE-2020-1757 undertow: servletPath is normalized incorrectly leading to dangerous application mapping which could result in security bypass 1755831 - CVE-2019-16335 jackson-databind: Serialization gadgets in com.zaxxer.hikari.HikariDataSource 1755849 - CVE-2019-14540 jackson-databind: Serialization gadgets in com.zaxxer.hikari.HikariConfig 1758167 - CVE-2019-17267 jackson-databind: Serialization gadgets in classes of the ehcache package 1758171 - CVE-2019-14892 jackson-databind: Serialization gadgets in classes of the commons-configuration package 1758182 - CVE-2019-14893 jackson-databind: Serialization gadgets in classes of the xalan package 1758187 - CVE-2019-16942 jackson-databind: Serialization gadgets in org.apache.commons.dbcp.datasources. 1758191 - CVE-2019-16943 jackson-databind: Serialization gadgets in com.p6spy.engine.spy.P6DataSource 1764658 - CVE-2019-12400 xml-security: Apache Santuario potentially loads XML parsing code from an untrusted source 1767483 - CVE-2019-10086 apache-commons-beanutils: does not suppresses the class property in PropertyUtilsBean by default 1772464 - CVE-2019-14888 undertow: possible Denial Of Service (DOS) in Undertow HTTP server listening on HTTPS 1775293 - CVE-2019-17531 jackson-databind: Serialization gadgets in org.apache.log4j.receivers.db. 1793154 - CVE-2019-20330 jackson-databind: lacks certain net.sf.ehcache blocking 1796225 - CVE-2020-7238 netty: HTTP Request Smuggling due to Transfer-Encoding whitespace mishandling 1797011 - CVE-2019-17573 cxf: reflected XSS in the services listing page 1798509 - CVE-2019-20445 netty: HttpObjectDecoder.java allows Content-Length header to accompanied by second Content-Length header 1798524 - CVE-2019-20444 netty: HTTP request smuggling 1807305 - CVE-2020-1745 undertow: AJP File Read/Inclusion Vulnerability 1815212 - CVE-2020-1953 apache-commons-configuration: uncontrolled class instantiation when loading YAML files 1815470 - CVE-2020-10673 jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution 1815495 - CVE-2020-10672 jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution 1816330 - CVE-2020-8840 jackson-databind: Lacks certain xbean-reflect/JNDI blocking 1816332 - CVE-2020-9546 jackson-databind: Serialization gadgets in shaded-hikari-config 1816337 - CVE-2020-9547 jackson-databind: Serialization gadgets in ibatis-sqlmap 1816340 - CVE-2020-9548 jackson-databind: Serialization gadgets in anteros-core 1819208 - CVE-2020-10968 jackson-databind: Serialization gadgets in org.aoju.bus.proxy.provider.*.RmiProvider 1819212 - CVE-2020-10969 jackson-databind: Serialization gadgets in javax.swing.JEditorPane 1821304 - CVE-2020-11111 jackson-databind: Serialization gadgets in org.apache.activemq.jms.pool.XaPooledConnectionFactory 1821311 - CVE-2020-11112 jackson-databind: Serialization gadgets in org.apache.commons.proxy.provider.remoting.RmiProvider 1821315 - CVE-2020-11113 jackson-databind: Serialization gadgets in org.apache.openjpa.ee.WASRegistryManagedRuntime 1826798 - CVE-2020-11620 jackson-databind: Serialization gadgets in commons-jelly:commons-jelly 1826805 - CVE-2020-11619 jackson-databind: Serialization gadgets in org.springframework:spring-aop 1848958 - CVE-2020-14195 jackson-databind: serialization in org.jsecurity.realm.jndi.JndiRealmFactory 1848960 - CVE-2020-14060 jackson-databind: serialization in oadd.org.apache.xalan.lib.sql.JNDIConnectionPool 1848962 - CVE-2020-14062 jackson-databind: serialization in com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool 1848966 - CVE-2020-14061 jackson-databind: serialization in weblogic/oracle-aqjms

  1. Description:

AMQ Broker is a high-performance messaging implementation based on ActiveMQ Artemis. It uses an asynchronous journal for fast message persistence, and supports multiple languages, protocols, and platforms. Solution:

Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.

The References section of this erratum contains a download link (you must log in to download the update). Description:

This release adds the new Apache HTTP Server 2.4.37 packages that are part of the JBoss Core Services offering.

This release serves as a replacement for Red Hat JBoss Core Services Pack Apache Server 2.4.29 and includes bug fixes and enhancements. Refer to the Release Notes for information on the most significant bug fixes and enhancements included in this release. After installing the updated packages, the httpd daemon will be restarted automatically. 7) - noarch, x86_64

  1. Description:

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language.

The following packages have been upgraded to a later upstream version: rh-nodejs10-nodejs (10.16.3). ========================================================================== Ubuntu Security Notice USN-6754-1 April 25, 2024

nghttp2 vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 23.10
  • Ubuntu 22.04 LTS
  • Ubuntu 20.04 LTS
  • Ubuntu 18.04 LTS (Available with Ubuntu Pro)
  • Ubuntu 16.04 LTS (Available with Ubuntu Pro)

Summary:

Several security issues were fixed in nghttp2.

Software Description: - nghttp2: HTTP/2 C Library and tools

Details:

It was discovered that nghttp2 incorrectly handled the HTTP/2 implementation. A remote attacker could possibly use this issue to cause nghttp2 to consume resources, leading to a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2019-9511, CVE-2019-9513)

It was discovered that nghttp2 incorrectly handled request cancellation. A remote attacker could possibly use this issue to cause nghttp2 to consume resources, leading to a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2023-44487)

It was discovered that nghttp2 could be made to process an unlimited number of HTTP/2 CONTINUATION frames. A remote attacker could possibly use this issue to cause nghttp2 to consume resources, leading to a denial of service. (CVE-2024-28182)

Update instructions:

The problem can be corrected by updating your system to the following package versions:

Ubuntu 23.10: libnghttp2-14 1.55.1-1ubuntu0.2 nghttp2 1.55.1-1ubuntu0.2 nghttp2-client 1.55.1-1ubuntu0.2 nghttp2-proxy 1.55.1-1ubuntu0.2 nghttp2-server 1.55.1-1ubuntu0.2

Ubuntu 22.04 LTS: libnghttp2-14 1.43.0-1ubuntu0.2 nghttp2 1.43.0-1ubuntu0.2 nghttp2-client 1.43.0-1ubuntu0.2 nghttp2-proxy 1.43.0-1ubuntu0.2 nghttp2-server 1.43.0-1ubuntu0.2

Ubuntu 20.04 LTS: libnghttp2-14 1.40.0-1ubuntu0.3 nghttp2 1.40.0-1ubuntu0.3 nghttp2-client 1.40.0-1ubuntu0.3 nghttp2-proxy 1.40.0-1ubuntu0.3 nghttp2-server 1.40.0-1ubuntu0.3

Ubuntu 18.04 LTS (Available with Ubuntu Pro): libnghttp2-14 1.30.0-1ubuntu1+esm2 nghttp2 1.30.0-1ubuntu1+esm2 nghttp2-client 1.30.0-1ubuntu1+esm2 nghttp2-proxy 1.30.0-1ubuntu1+esm2 nghttp2-server 1.30.0-1ubuntu1+esm2

Ubuntu 16.04 LTS (Available with Ubuntu Pro): libnghttp2-14 1.7.1-1ubuntu0.1~esm2 nghttp2 1.7.1-1ubuntu0.1~esm2 nghttp2-client 1.7.1-1ubuntu0.1~esm2 nghttp2-proxy 1.7.1-1ubuntu0.1~esm2 nghttp2-server 1.7.1-1ubuntu0.1~esm2

In general, a standard system update will make all the necessary changes

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201908-0421",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "leap",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "opensuse",
        "version": "15.1"
      },
      {
        "model": "enterprise communications broker",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "3.1.0"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "debian",
        "version": "10.0"
      },
      {
        "model": "web gateway",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "mcafee",
        "version": "7.7.2.0"
      },
      {
        "model": "web gateway",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "mcafee",
        "version": "7.7.2.24"
      },
      {
        "model": "vs960hd",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "synology",
        "version": null
      },
      {
        "model": "node.js",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "nodejs",
        "version": "8.16.1"
      },
      {
        "model": "node.js",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "nodejs",
        "version": "10.12.0"
      },
      {
        "model": "openshift service mesh",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "1.0"
      },
      {
        "model": "software collections",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "1.0"
      },
      {
        "model": "node.js",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "nodejs",
        "version": "8.9.0"
      },
      {
        "model": "fedora",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fedoraproject",
        "version": "29"
      },
      {
        "model": "graalvm",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "19.2.0"
      },
      {
        "model": "node.js",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "nodejs",
        "version": "10.0.0"
      },
      {
        "model": "jboss enterprise application platform",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.2.0"
      },
      {
        "model": "web gateway",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "mcafee",
        "version": "8.2.0"
      },
      {
        "model": "nginx",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "1.17.0"
      },
      {
        "model": "jboss enterprise application platform",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.3.0"
      },
      {
        "model": "node.js",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "nodejs",
        "version": "12.0.0"
      },
      {
        "model": "node.js",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "nodejs",
        "version": "10.13.0"
      },
      {
        "model": "nginx",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "1.17.2"
      },
      {
        "model": "traffic server",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "apache",
        "version": "8.0.0"
      },
      {
        "model": "node.js",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "nodejs",
        "version": "8.0.0"
      },
      {
        "model": "enterprise communications broker",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "3.2.0"
      },
      {
        "model": "diskstation manager",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "synology",
        "version": "6.2"
      },
      {
        "model": "node.js",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "nodejs",
        "version": "12.8.1"
      },
      {
        "model": "swiftnio",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "apple",
        "version": "1.4.0"
      },
      {
        "model": "traffic server",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "apache",
        "version": "7.0.0"
      },
      {
        "model": "quay",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "3.0.0"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "debian",
        "version": "9.0"
      },
      {
        "model": "jboss core services",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "1.0"
      },
      {
        "model": "traffic server",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "apache",
        "version": "7.1.6"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "8.0"
      },
      {
        "model": "web gateway",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "mcafee",
        "version": "8.1.0"
      },
      {
        "model": "node.js",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "nodejs",
        "version": "10.16.3"
      },
      {
        "model": "nginx",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "1.9.5"
      },
      {
        "model": "leap",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "opensuse",
        "version": "15.0"
      },
      {
        "model": "ubuntu linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "canonical",
        "version": "16.04"
      },
      {
        "model": "traffic server",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "apache",
        "version": "8.0.3"
      },
      {
        "model": "fedora",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fedoraproject",
        "version": "30"
      },
      {
        "model": "web gateway",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "mcafee",
        "version": "7.8.2.13"
      },
      {
        "model": "ubuntu linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "canonical",
        "version": "18.04"
      },
      {
        "model": "skynas",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "synology",
        "version": null
      },
      {
        "model": "nginx",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "f5",
        "version": "1.16.1"
      },
      {
        "model": "swiftnio",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "apple",
        "version": "1.0.0"
      },
      {
        "model": "web gateway",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "mcafee",
        "version": "7.8.2.0"
      },
      {
        "model": "node.js",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "nodejs",
        "version": "8.8.1"
      },
      {
        "model": "ubuntu linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "canonical",
        "version": "19.04"
      },
      {
        "model": "traffic server",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "apache",
        "version": "6.0.0"
      },
      {
        "model": "traffic server",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "apache",
        "version": "6.2.3"
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "akamai",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "amazon",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "apache traffic server",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "apple",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "cloudflare",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "envoy",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "facebook",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "go programming language",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "litespeed",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "microsoft",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "netty",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "node js",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "synology",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "twisted",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "ubuntu",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "grpc",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "nghttp2",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "nginx",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#605641"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-9511"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:swiftnio:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "1.4.0",
                    "versionStartIncluding": "1.0.0",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionStartIncluding": "10.12",
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionStartIncluding": "14.04",
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "8.0.3",
                "versionStartIncluding": "8.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "7.1.6",
                "versionStartIncluding": "7.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "6.2.3",
                "versionStartIncluding": "6.0.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:synology:skynas:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:synology:diskstation_manager:6.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:synology:vs960hd_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:synology:vs960hd:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:redhat:software_collections:1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:redhat:jboss_core_services:1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.2.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:redhat:quay:3.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:redhat:openshift_service_mesh:1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.3.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:oracle:graalvm:19.2.0:*:*:*:enterprise:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:mcafee:web_gateway:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "7.7.2.24",
                "versionStartIncluding": "7.7.2.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mcafee:web_gateway:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "7.8.2.13",
                "versionStartIncluding": "7.8.2.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mcafee:web_gateway:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "8.2.0",
                "versionStartIncluding": "8.1.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "1.16.1",
                "versionStartIncluding": "1.9.5",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "1.17.2",
                "versionStartIncluding": "1.17.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:oracle:enterprise_communications_broker:3.1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:enterprise_communications_broker:3.2.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "8.8.1",
                "versionStartIncluding": "8.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "10.12.0",
                "versionStartIncluding": "10.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "12.8.1",
                "versionStartIncluding": "12.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "10.16.3",
                "versionStartIncluding": "10.13.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "8.16.1",
                "versionStartIncluding": "8.9.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2019-9511"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Red Hat",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "154510"
      },
      {
        "db": "PACKETSTORM",
        "id": "155479"
      },
      {
        "db": "PACKETSTORM",
        "id": "158636"
      },
      {
        "db": "PACKETSTORM",
        "id": "157214"
      },
      {
        "db": "PACKETSTORM",
        "id": "155416"
      },
      {
        "db": "PACKETSTORM",
        "id": "154693"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2019-9511",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.8,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.8,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "VHN-160946",
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 3.9,
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "cret@cert.org",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 3.9,
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2019-9511",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "cret@cert.org",
            "id": "CVE-2019-9511",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-160946",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-160946"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-9511"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-9511"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service. The attacker requests a large amount of data from a specified resource over multiple streams. They manipulate window size and stream priority to force the server to queue the data in 1-byte chunks. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both. Multiple HTTP/2 implementations are vulnerable to a variety of denial-of-service (DoS) attacks. HTTP/2 is the second version of the hypertext transfer protocol, which is mainly used to ensure the communication between the client and the server. A resource management error vulnerability exists in HTTP/2. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n====================================================================                   \nRed Hat Security Advisory\n\nSynopsis:          Important: rh-nginx114-nginx security update\nAdvisory ID:       RHSA-2019:2775-01\nProduct:           Red Hat Software Collections\nAdvisory URL:      https://access.redhat.com/errata/RHSA-2019:2775\nIssue date:        2019-09-16\nCVE Names:         CVE-2019-9511 CVE-2019-9513 CVE-2019-9516\n====================================================================\n1. Summary:\n\nAn update for rh-nginx114-nginx is now available for Red Hat Software\nCollections. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - aarch64, ppc64le, s390x, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4) - ppc64le, s390x, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5) - ppc64le, s390x, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6) - ppc64le, s390x, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7) - ppc64le, s390x, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - x86_64\n\n3. Description:\n\nnginx is a web and proxy server supporting HTTP and other protocols, with a\nfocus on high concurrency, performance, and low memory usage. \n\nSecurity Fix(es):\n\n* HTTP/2: large amount of data request leads to denial of service\n(CVE-2019-9511)\n\n* HTTP/2: flood using PRIORITY frames resulting in excessive resource\nconsumption (CVE-2019-9513)\n\n* HTTP/2: 0-length headers leads to denial of service (CVE-2019-9516)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe rh-nginx114-nginx service must be restarted for this update to take\neffect. \n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1735741 - CVE-2019-9513 HTTP/2: flood using PRIORITY frames resulting in excessive resource consumption\n1741860 - CVE-2019-9511 HTTP/2: large amount of data requests leads to denial of service\n1741864 - CVE-2019-9516 HTTP/2: 0-length headers lead to denial of service\n\n6. Package List:\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-nginx114-nginx-1.14.1-1.el7.1.src.rpm\n\naarch64:\nrh-nginx114-nginx-1.14.1-1.el7.1.aarch64.rpm\nrh-nginx114-nginx-debuginfo-1.14.1-1.el7.1.aarch64.rpm\nrh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.1.aarch64.rpm\nrh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.1.aarch64.rpm\nrh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.1.aarch64.rpm\nrh-nginx114-nginx-mod-mail-1.14.1-1.el7.1.aarch64.rpm\nrh-nginx114-nginx-mod-stream-1.14.1-1.el7.1.aarch64.rpm\n\nppc64le:\nrh-nginx114-nginx-1.14.1-1.el7.1.ppc64le.rpm\nrh-nginx114-nginx-debuginfo-1.14.1-1.el7.1.ppc64le.rpm\nrh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.1.ppc64le.rpm\nrh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.1.ppc64le.rpm\nrh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.1.ppc64le.rpm\nrh-nginx114-nginx-mod-mail-1.14.1-1.el7.1.ppc64le.rpm\nrh-nginx114-nginx-mod-stream-1.14.1-1.el7.1.ppc64le.rpm\n\ns390x:\nrh-nginx114-nginx-1.14.1-1.el7.1.s390x.rpm\nrh-nginx114-nginx-debuginfo-1.14.1-1.el7.1.s390x.rpm\nrh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.1.s390x.rpm\nrh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.1.s390x.rpm\nrh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.1.s390x.rpm\nrh-nginx114-nginx-mod-mail-1.14.1-1.el7.1.s390x.rpm\nrh-nginx114-nginx-mod-stream-1.14.1-1.el7.1.s390x.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-nginx114-nginx-1.14.1-1.el7.1.src.rpm\n\naarch64:\nrh-nginx114-nginx-1.14.1-1.el7.1.aarch64.rpm\nrh-nginx114-nginx-debuginfo-1.14.1-1.el7.1.aarch64.rpm\nrh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.1.aarch64.rpm\nrh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.1.aarch64.rpm\nrh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.1.aarch64.rpm\nrh-nginx114-nginx-mod-mail-1.14.1-1.el7.1.aarch64.rpm\nrh-nginx114-nginx-mod-stream-1.14.1-1.el7.1.aarch64.rpm\n\nppc64le:\nrh-nginx114-nginx-1.14.1-1.el7.1.ppc64le.rpm\nrh-nginx114-nginx-debuginfo-1.14.1-1.el7.1.ppc64le.rpm\nrh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.1.ppc64le.rpm\nrh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.1.ppc64le.rpm\nrh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.1.ppc64le.rpm\nrh-nginx114-nginx-mod-mail-1.14.1-1.el7.1.ppc64le.rpm\nrh-nginx114-nginx-mod-stream-1.14.1-1.el7.1.ppc64le.rpm\n\ns390x:\nrh-nginx114-nginx-1.14.1-1.el7.1.s390x.rpm\nrh-nginx114-nginx-debuginfo-1.14.1-1.el7.1.s390x.rpm\nrh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.1.s390x.rpm\nrh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.1.s390x.rpm\nrh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.1.s390x.rpm\nrh-nginx114-nginx-mod-mail-1.14.1-1.el7.1.s390x.rpm\nrh-nginx114-nginx-mod-stream-1.14.1-1.el7.1.s390x.rpm\n\nx86_64:\nrh-nginx114-nginx-1.14.1-1.el7.1.x86_64.rpm\nrh-nginx114-nginx-debuginfo-1.14.1-1.el7.1.x86_64.rpm\nrh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.1.x86_64.rpm\nrh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.1.x86_64.rpm\nrh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.1.x86_64.rpm\nrh-nginx114-nginx-mod-mail-1.14.1-1.el7.1.x86_64.rpm\nrh-nginx114-nginx-mod-stream-1.14.1-1.el7.1.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4):\n\nSource:\nrh-nginx114-nginx-1.14.1-1.el7.1.src.rpm\n\nppc64le:\nrh-nginx114-nginx-1.14.1-1.el7.1.ppc64le.rpm\nrh-nginx114-nginx-debuginfo-1.14.1-1.el7.1.ppc64le.rpm\nrh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.1.ppc64le.rpm\nrh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.1.ppc64le.rpm\nrh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.1.ppc64le.rpm\nrh-nginx114-nginx-mod-mail-1.14.1-1.el7.1.ppc64le.rpm\nrh-nginx114-nginx-mod-stream-1.14.1-1.el7.1.ppc64le.rpm\n\ns390x:\nrh-nginx114-nginx-1.14.1-1.el7.1.s390x.rpm\nrh-nginx114-nginx-debuginfo-1.14.1-1.el7.1.s390x.rpm\nrh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.1.s390x.rpm\nrh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.1.s390x.rpm\nrh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.1.s390x.rpm\nrh-nginx114-nginx-mod-mail-1.14.1-1.el7.1.s390x.rpm\nrh-nginx114-nginx-mod-stream-1.14.1-1.el7.1.s390x.rpm\n\nx86_64:\nrh-nginx114-nginx-1.14.1-1.el7.1.x86_64.rpm\nrh-nginx114-nginx-debuginfo-1.14.1-1.el7.1.x86_64.rpm\nrh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.1.x86_64.rpm\nrh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.1.x86_64.rpm\nrh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.1.x86_64.rpm\nrh-nginx114-nginx-mod-mail-1.14.1-1.el7.1.x86_64.rpm\nrh-nginx114-nginx-mod-stream-1.14.1-1.el7.1.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5):\n\nSource:\nrh-nginx114-nginx-1.14.1-1.el7.1.src.rpm\n\nppc64le:\nrh-nginx114-nginx-1.14.1-1.el7.1.ppc64le.rpm\nrh-nginx114-nginx-debuginfo-1.14.1-1.el7.1.ppc64le.rpm\nrh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.1.ppc64le.rpm\nrh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.1.ppc64le.rpm\nrh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.1.ppc64le.rpm\nrh-nginx114-nginx-mod-mail-1.14.1-1.el7.1.ppc64le.rpm\nrh-nginx114-nginx-mod-stream-1.14.1-1.el7.1.ppc64le.rpm\n\ns390x:\nrh-nginx114-nginx-1.14.1-1.el7.1.s390x.rpm\nrh-nginx114-nginx-debuginfo-1.14.1-1.el7.1.s390x.rpm\nrh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.1.s390x.rpm\nrh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.1.s390x.rpm\nrh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.1.s390x.rpm\nrh-nginx114-nginx-mod-mail-1.14.1-1.el7.1.s390x.rpm\nrh-nginx114-nginx-mod-stream-1.14.1-1.el7.1.s390x.rpm\n\nx86_64:\nrh-nginx114-nginx-1.14.1-1.el7.1.x86_64.rpm\nrh-nginx114-nginx-debuginfo-1.14.1-1.el7.1.x86_64.rpm\nrh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.1.x86_64.rpm\nrh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.1.x86_64.rpm\nrh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.1.x86_64.rpm\nrh-nginx114-nginx-mod-mail-1.14.1-1.el7.1.x86_64.rpm\nrh-nginx114-nginx-mod-stream-1.14.1-1.el7.1.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6):\n\nSource:\nrh-nginx114-nginx-1.14.1-1.el7.1.src.rpm\n\nppc64le:\nrh-nginx114-nginx-1.14.1-1.el7.1.ppc64le.rpm\nrh-nginx114-nginx-debuginfo-1.14.1-1.el7.1.ppc64le.rpm\nrh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.1.ppc64le.rpm\nrh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.1.ppc64le.rpm\nrh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.1.ppc64le.rpm\nrh-nginx114-nginx-mod-mail-1.14.1-1.el7.1.ppc64le.rpm\nrh-nginx114-nginx-mod-stream-1.14.1-1.el7.1.ppc64le.rpm\n\ns390x:\nrh-nginx114-nginx-1.14.1-1.el7.1.s390x.rpm\nrh-nginx114-nginx-debuginfo-1.14.1-1.el7.1.s390x.rpm\nrh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.1.s390x.rpm\nrh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.1.s390x.rpm\nrh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.1.s390x.rpm\nrh-nginx114-nginx-mod-mail-1.14.1-1.el7.1.s390x.rpm\nrh-nginx114-nginx-mod-stream-1.14.1-1.el7.1.s390x.rpm\n\nx86_64:\nrh-nginx114-nginx-1.14.1-1.el7.1.x86_64.rpm\nrh-nginx114-nginx-debuginfo-1.14.1-1.el7.1.x86_64.rpm\nrh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.1.x86_64.rpm\nrh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.1.x86_64.rpm\nrh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.1.x86_64.rpm\nrh-nginx114-nginx-mod-mail-1.14.1-1.el7.1.x86_64.rpm\nrh-nginx114-nginx-mod-stream-1.14.1-1.el7.1.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7):\n\nSource:\nrh-nginx114-nginx-1.14.1-1.el7.1.src.rpm\n\nppc64le:\nrh-nginx114-nginx-1.14.1-1.el7.1.ppc64le.rpm\nrh-nginx114-nginx-debuginfo-1.14.1-1.el7.1.ppc64le.rpm\nrh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.1.ppc64le.rpm\nrh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.1.ppc64le.rpm\nrh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.1.ppc64le.rpm\nrh-nginx114-nginx-mod-mail-1.14.1-1.el7.1.ppc64le.rpm\nrh-nginx114-nginx-mod-stream-1.14.1-1.el7.1.ppc64le.rpm\n\ns390x:\nrh-nginx114-nginx-1.14.1-1.el7.1.s390x.rpm\nrh-nginx114-nginx-debuginfo-1.14.1-1.el7.1.s390x.rpm\nrh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.1.s390x.rpm\nrh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.1.s390x.rpm\nrh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.1.s390x.rpm\nrh-nginx114-nginx-mod-mail-1.14.1-1.el7.1.s390x.rpm\nrh-nginx114-nginx-mod-stream-1.14.1-1.el7.1.s390x.rpm\n\nx86_64:\nrh-nginx114-nginx-1.14.1-1.el7.1.x86_64.rpm\nrh-nginx114-nginx-debuginfo-1.14.1-1.el7.1.x86_64.rpm\nrh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.1.x86_64.rpm\nrh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.1.x86_64.rpm\nrh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.1.x86_64.rpm\nrh-nginx114-nginx-mod-mail-1.14.1-1.el7.1.x86_64.rpm\nrh-nginx114-nginx-mod-stream-1.14.1-1.el7.1.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-nginx114-nginx-1.14.1-1.el7.1.src.rpm\n\nx86_64:\nrh-nginx114-nginx-1.14.1-1.el7.1.x86_64.rpm\nrh-nginx114-nginx-debuginfo-1.14.1-1.el7.1.x86_64.rpm\nrh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.1.x86_64.rpm\nrh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.1.x86_64.rpm\nrh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.1.x86_64.rpm\nrh-nginx114-nginx-mod-mail-1.14.1-1.el7.1.x86_64.rpm\nrh-nginx114-nginx-mod-stream-1.14.1-1.el7.1.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2019-9511\nhttps://access.redhat.com/security/cve/CVE-2019-9513\nhttps://access.redhat.com/security/cve/CVE-2019-9516\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2019 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBXYD0u9zjgjWX9erEAQh90w/7BWdh3Jxs9cP+P0kgwkv3Y0BLGblHx0B4\n3BkFoa4B+/k2xrCOl+vy6cPip7PY7KVemOfv6g3BYlqAISOxU2lSjScEMwhdrh4g\n2Ng7xkoUOoQ0KfXmVzMayVUkRwgam+utdacHnNgdGdYPwhCmticW0n5PfNakMOb6\nCCmUZ91tfV7orMPiH+f1nBIulXok4zcOzdvZElSh97dmQcjoi+T5EoqbcFY8n5Ck\nY+COohJ3X026oab73Tr2Kayju43TJGUdNR8lVmap4H8QkXqvbTrjd2YqXj8Zg7qr\noNh7J2jnRec01+rYG8sL225+ZrdTtZ6c7kXQpUDh+jkjDImfJZz38HkI5/mRU+iS\nVSqP5PAhKvYlOXvIGIOoWtMXLDmnuzVEo/E/tScHc85Mp+6B5yM5r93dTGuRfjo1\nyvSIftS3y7A8NtP7oJvpvVhcVAyc024X124PtojSoL+s5K60jzy06rky4WxIy0uh\nkqK1W/SowueKFreJjBo4N6ZZ6rjBZ8okZKqWjRCi56szhP3KJ4+563g5VfltLsd5\nYqN9li8tUNzjrehVkZKEKfv6RkEQUuAbyAEVL6yFzVk3lTf1SgjlQhCNedWmD6N7\naeVU/tMNw4gMXXtmLPObL54HNUNgM799BLVzzna+wofr2iT7nnUZakCsfn+jHYk7\n3Z3oFnpnL5o=L5z9\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. Description:\n\nRed Hat JBoss Enterprise Application Platform 7 is a platform for Java\napplications based on the WildFly application runtime. Solution:\n\nBefore applying this update, ensure all previously released errata relevant\nto your system have been applied. JIRA issues fixed (https://issues.jboss.org/):\n\nJBEAP-17075 - (7.2.z) Upgrade yasson from 1.0.2.redhat-00001 to 1.0.5\nJBEAP-17220 - (7.2.x) HHH-13504 Upgrade ByteBuddy to 1.9.11\nJBEAP-17365 - [GSS](7.2.z) Upgrade RESTEasy from 3.6.1.SP6 to 3.6.1.SP7\nJBEAP-17476 - [GSS](7.2.z) Upgrade Generic JMS RA 2.0.2.Final\nJBEAP-17478 - [GSS](7.2.z) Upgrade JBoss Remoting from 5.0.14.SP1 to 5.0.16.Final\nJBEAP-17483 - [GSS](7.2.z) Upgrade Apache CXF from 3.2.9 to 3.2.10\nJBEAP-17495 - (7.2.z) Upgrade PicketLink from 2.5.5.SP12-redhat-00007 to 2.5.5.SP12-redhat-00009\nJBEAP-17496 - (7.2.z) Upgrade PicketLink bindings from 2.5.5.SP12-redhat-00007 to 2.5.5.SP12-redhat-00009\nJBEAP-17513 - [GSS](7.2.z) Upgrade Hibernate ORM from 5.3.11.SP1 to 5.3.13\nJBEAP-17521 - (7.2.z) Upgrade picketbox from 5.0.3.Final-redhat-00004 to 5.0.3.Final-redhat-00005\nJBEAP-17523 - [GSS](7.2.z) Upgrade wildfly-core from 6.0.16 to 6.0.17\nJBEAP-17547 - [GSS](7.2.z) Upgrade Elytron-Tool from 1.4.3 to 1.4.4.Final\nJBEAP-17548 - [GSS](7.2.z) Upgrade Elytron from 1.6.4.Final-redhat-00001 to 1.6.5.Final-redhat-00001\nJBEAP-17560 - [GSS](7.2.z) Upgrade HAL from 3.0.16 to 3.0.17\nJBEAP-17579 - [GSS](7.2.z) Upgrade JBoss MSC from 1.4.8 to 1.4.11\nJBEAP-17582 - [GSS](7.2.z) Upgrade JSF based on Mojarra 2.3.5.SP3-redhat-00002 to 2.3.5.SP3-redhat-00003\nJBEAP-17605 - Tracker bug for the EAP 7.2.5 release for RHEL-8\nJBEAP-17631 - [GSS](7.2.z) Upgrade Undertow from 2.0.25.SP1 to 2.0.26.SP3\nJBEAP-17647 - [GSS](7.2.z) Upgrade IronJacamar from 1.4.17.Final to 1.4.18.Final\nJBEAP-17665 - [GSS](7.2.z) Upgrade XNIO from 3.7.3.Final-redhat-00001 to 3.7.6.Final\nJBEAP-17722 - [GSS](7.2.z) Upgrade wildfly-http-client from 1.0.15.Final-redhat-00001 to 1.0.17.Final\nJBEAP-17874 - (7.2.z) Upgrade to wildfly-openssl 1.0.8\nJBEAP-17880 - (7.2.z) Upgrade XNIO from 3.7.6.Final-redhat-00001 to 3.7.6.SP1\n\n7. \n\nFor the oldstable distribution (stretch), these problems have been fixed\nin version 1.10.3-1+deb9u3. \n\nFor the stable distribution (buster), these problems have been fixed in\nversion 1.14.2-2+deb10u1. \n\nWe recommend that you upgrade your nginx packages. \n\nFor the detailed security status of nginx please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/nginx\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl1e7q4ACgkQEMKTtsN8\nTjanPg/+JLLuKVdUDpVPFNkX1ckmT5gsoCwzGz3ybhcDMxbf7jD8jtmXFiGFn4fP\nMXsx6MgrRZn3hq+2VF6MKZjKh9n1hBX38PkqjHKEtV6Xzor97xxLH0rrMlBMEQ7y\nrz96YTffJfcj+ykI3Vlye1GGDEiKyu0vWgoutXH3i8GUYFyDk//HQdI0eJLQhkfo\nTMRdbAKmMGeMt/8tSz4G0wewdxc9xjNwE1lKkV22JbT6t656f5QtvOLxt2HvM5c4\ngFtFFBv7e1ymh0CKz4VxOxjEH+4ogx5HfzcYP2LjaZJsCFOw8ZUbdieFhlF0R2jH\nvskBuYLPa/djYHoZ55KY/WTmTsn72y7ZEuQcAdiHRVjg6wRFaum/KkdwutBBCeEj\nodvrGUcgdLLx4uAC7JOt9HME77Rgu1wTnx3l9L3QCwxIXpHqL8zOuSrSKYDuntDT\nagQ/awapEYYK5IAgo7YGkhHHHbTSLQ2UX9KfmyoPXJ+H9Vl/XjGhPwdDSEYNqrE9\nIKQ8gaFCVOgjJo8lTa5NBsvxa08Gh6jQGZo8Rgfjs4KvUS847Cpb086BvU9pMs36\n46+cLbkJ2jkfMLd4slZ5Gf2wkagUJmeZD5O7bY90Szs/IUOJez0LWaN3l7VSMtvY\na3a/Y53cX1QYt60eiE6x/ifraOHzcsJglrUNmK8VPfJ9tSTFhWY=+ZOE\n-----END PGP SIGNATURE-----\n. \nThe purpose of this text-only errata is to inform you about the security\nissues fixed in this release. \n\nInstallation instructions are available from the Fuse 7.7.0 product\ndocumentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.7/\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1343616 - CVE-2016-4970 netty: Infinite loop vulnerability when handling renegotiation using SslProvider.OpenSsl\n1620529 - CVE-2018-1000632 dom4j: XML Injection in Class: Element. Methods: addElement, addAttribute which can impact the integrity of XML documents\n1632452 - CVE-2018-3831 elasticsearch: Information exposure via _cluster/settings API\n1637492 - CVE-2018-11797 pdfbox: unbounded computation in parser resulting in a denial of service\n1638391 - CVE-2018-12541 vertx: WebSocket HTTP upgrade implementation holds the entire http request in memory before the handshake\n1697598 - CVE-2019-3797 spring-data-jpa: Additional information exposure with Spring Data JPA derived queries\n1700016 - CVE-2019-0231 mina-core: Retaining an open socket in close_notify SSL-TLS leading to Information disclosure. \n1713468 - CVE-2019-12086 jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server. \n1715075 - CVE-2019-10172 jackson-mapper-asl: XML external entity similar to CVE-2016-3720\n1728604 - CVE-2019-9827 hawtio: server side request forgery via initial /proxy/ substring of a URI\n1741860 - CVE-2019-9511 HTTP/2: large amount of data requests leads to denial of service\n1752770 - CVE-2020-1757 undertow: servletPath is normalized incorrectly leading to dangerous application mapping which could result in security bypass\n1755831 - CVE-2019-16335 jackson-databind: Serialization gadgets in com.zaxxer.hikari.HikariDataSource\n1755849 - CVE-2019-14540 jackson-databind: Serialization gadgets in com.zaxxer.hikari.HikariConfig\n1758167 - CVE-2019-17267 jackson-databind: Serialization gadgets in classes of the ehcache package\n1758171 - CVE-2019-14892 jackson-databind: Serialization gadgets in classes of the commons-configuration package\n1758182 - CVE-2019-14893 jackson-databind: Serialization gadgets in classes of the xalan package\n1758187 - CVE-2019-16942 jackson-databind: Serialization gadgets in org.apache.commons.dbcp.datasources.*\n1758191 - CVE-2019-16943 jackson-databind: Serialization gadgets in com.p6spy.engine.spy.P6DataSource\n1764658 - CVE-2019-12400 xml-security: Apache Santuario potentially loads XML parsing code from an untrusted source\n1767483 - CVE-2019-10086 apache-commons-beanutils: does not suppresses the class property in PropertyUtilsBean by default\n1772464 - CVE-2019-14888 undertow: possible Denial Of Service (DOS) in Undertow HTTP server listening on HTTPS\n1775293 - CVE-2019-17531 jackson-databind: Serialization gadgets in org.apache.log4j.receivers.db.*\n1793154 - CVE-2019-20330 jackson-databind: lacks certain net.sf.ehcache blocking\n1796225 - CVE-2020-7238 netty: HTTP Request Smuggling due to Transfer-Encoding whitespace mishandling\n1797011 - CVE-2019-17573 cxf: reflected XSS in the services listing page\n1798509 - CVE-2019-20445 netty: HttpObjectDecoder.java allows Content-Length header to accompanied by second Content-Length header\n1798524 - CVE-2019-20444 netty: HTTP request smuggling\n1807305 - CVE-2020-1745 undertow: AJP File Read/Inclusion Vulnerability\n1815212 - CVE-2020-1953 apache-commons-configuration: uncontrolled class instantiation when loading YAML files\n1815470 - CVE-2020-10673 jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution\n1815495 - CVE-2020-10672 jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution\n1816330 - CVE-2020-8840 jackson-databind: Lacks certain xbean-reflect/JNDI blocking\n1816332 - CVE-2020-9546 jackson-databind: Serialization gadgets in shaded-hikari-config\n1816337 - CVE-2020-9547 jackson-databind: Serialization gadgets in ibatis-sqlmap\n1816340 - CVE-2020-9548 jackson-databind: Serialization gadgets in anteros-core\n1819208 - CVE-2020-10968 jackson-databind: Serialization gadgets in org.aoju.bus.proxy.provider.*.RmiProvider\n1819212 - CVE-2020-10969 jackson-databind: Serialization gadgets in javax.swing.JEditorPane\n1821304 - CVE-2020-11111 jackson-databind: Serialization gadgets in org.apache.activemq.jms.pool.XaPooledConnectionFactory\n1821311 - CVE-2020-11112 jackson-databind: Serialization gadgets in org.apache.commons.proxy.provider.remoting.RmiProvider\n1821315 - CVE-2020-11113 jackson-databind: Serialization gadgets in org.apache.openjpa.ee.WASRegistryManagedRuntime\n1826798 - CVE-2020-11620 jackson-databind: Serialization gadgets in commons-jelly:commons-jelly\n1826805 - CVE-2020-11619 jackson-databind: Serialization gadgets in org.springframework:spring-aop\n1848958 - CVE-2020-14195 jackson-databind: serialization in org.jsecurity.realm.jndi.JndiRealmFactory\n1848960 - CVE-2020-14060 jackson-databind: serialization in oadd.org.apache.xalan.lib.sql.JNDIConnectionPool\n1848962 - CVE-2020-14062 jackson-databind: serialization in com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool\n1848966 - CVE-2020-14061 jackson-databind: serialization in weblogic/oracle-aqjms\n\n5. Description:\n\nAMQ Broker is a high-performance messaging implementation based on ActiveMQ\nArtemis. It uses an asynchronous journal for fast message persistence, and\nsupports multiple languages, protocols, and platforms. Solution:\n\nBefore applying the update, back up your existing installation, including\nall applications, configuration files, databases and database settings, and\nso on. \n\nThe References section of this erratum contains a download link (you must\nlog in to download the update). Description:\n\nThis release adds the new Apache HTTP Server 2.4.37 packages that are part\nof the JBoss Core Services offering. \n\nThis release serves as a replacement for Red Hat JBoss Core Services Pack\nApache Server 2.4.29 and includes bug fixes and enhancements. Refer to the\nRelease Notes for information on the most significant bug fixes and\nenhancements included in this release. After installing the updated\npackages, the httpd daemon will be restarted automatically. 7) - noarch, x86_64\n\n3. Description:\n\nNode.js is a software development platform for building fast and scalable\nnetwork applications in the JavaScript programming language. \n\nThe following packages have been upgraded to a later upstream version:\nrh-nodejs10-nodejs (10.16.3). ==========================================================================\nUbuntu Security Notice USN-6754-1\nApril 25, 2024\n\nnghttp2 vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 23.10\n- Ubuntu 22.04 LTS\n- Ubuntu 20.04 LTS\n- Ubuntu 18.04 LTS (Available with Ubuntu Pro)\n- Ubuntu 16.04 LTS (Available with Ubuntu Pro)\n\nSummary:\n\nSeveral security issues were fixed in nghttp2. \n\nSoftware Description:\n- nghttp2: HTTP/2 C Library and tools\n\nDetails:\n\nIt was discovered that nghttp2 incorrectly handled the HTTP/2\nimplementation. A remote attacker could possibly use this issue to cause\nnghttp2 to consume resources, leading to a denial of service. This issue\nonly affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2019-9511,\nCVE-2019-9513)\n\nIt was discovered that nghttp2 incorrectly handled request cancellation. A\nremote attacker could possibly use this issue to cause nghttp2 to consume\nresources, leading to a denial of service. This issue only affected Ubuntu\n16.04 LTS and Ubuntu 18.04 LTS. (CVE-2023-44487)\n\nIt was discovered that nghttp2 could be made to process an unlimited number\nof HTTP/2 CONTINUATION frames. A remote attacker could possibly use this\nissue to cause nghttp2 to consume resources, leading to a denial of\nservice. (CVE-2024-28182)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 23.10:\n   libnghttp2-14                   1.55.1-1ubuntu0.2\n   nghttp2                         1.55.1-1ubuntu0.2\n   nghttp2-client                  1.55.1-1ubuntu0.2\n   nghttp2-proxy                   1.55.1-1ubuntu0.2\n   nghttp2-server                  1.55.1-1ubuntu0.2\n\nUbuntu 22.04 LTS:\n   libnghttp2-14                   1.43.0-1ubuntu0.2\n   nghttp2                         1.43.0-1ubuntu0.2\n   nghttp2-client                  1.43.0-1ubuntu0.2\n   nghttp2-proxy                   1.43.0-1ubuntu0.2\n   nghttp2-server                  1.43.0-1ubuntu0.2\n\nUbuntu 20.04 LTS:\n   libnghttp2-14                   1.40.0-1ubuntu0.3\n   nghttp2                         1.40.0-1ubuntu0.3\n   nghttp2-client                  1.40.0-1ubuntu0.3\n   nghttp2-proxy                   1.40.0-1ubuntu0.3\n   nghttp2-server                  1.40.0-1ubuntu0.3\n\nUbuntu 18.04 LTS (Available with Ubuntu Pro):\n   libnghttp2-14                   1.30.0-1ubuntu1+esm2\n   nghttp2                         1.30.0-1ubuntu1+esm2\n   nghttp2-client                  1.30.0-1ubuntu1+esm2\n   nghttp2-proxy                   1.30.0-1ubuntu1+esm2\n   nghttp2-server                  1.30.0-1ubuntu1+esm2\n\nUbuntu 16.04 LTS (Available with Ubuntu Pro):\n   libnghttp2-14                   1.7.1-1ubuntu0.1~esm2\n   nghttp2                         1.7.1-1ubuntu0.1~esm2\n   nghttp2-client                  1.7.1-1ubuntu0.1~esm2\n   nghttp2-proxy                   1.7.1-1ubuntu0.1~esm2\n   nghttp2-server                  1.7.1-1ubuntu0.1~esm2\n\nIn general, a standard system update will make all the necessary changes",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2019-9511"
      },
      {
        "db": "CERT/CC",
        "id": "VU#605641"
      },
      {
        "db": "VULHUB",
        "id": "VHN-160946"
      },
      {
        "db": "PACKETSTORM",
        "id": "154510"
      },
      {
        "db": "PACKETSTORM",
        "id": "155479"
      },
      {
        "db": "PACKETSTORM",
        "id": "154190"
      },
      {
        "db": "PACKETSTORM",
        "id": "158636"
      },
      {
        "db": "PACKETSTORM",
        "id": "157214"
      },
      {
        "db": "PACKETSTORM",
        "id": "155416"
      },
      {
        "db": "PACKETSTORM",
        "id": "154693"
      },
      {
        "db": "PACKETSTORM",
        "id": "168812"
      },
      {
        "db": "PACKETSTORM",
        "id": "178284"
      }
    ],
    "trust": 2.52
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2019-9511",
        "trust": 2.0
      },
      {
        "db": "CERT/CC",
        "id": "VU#605641",
        "trust": 1.9
      },
      {
        "db": "MCAFEE",
        "id": "SB10296",
        "trust": 1.1
      },
      {
        "db": "PACKETSTORM",
        "id": "158636",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "154693",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "154510",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "154190",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "154725",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "154284",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "154401",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "154712",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "154117",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "154663",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "154471",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "154699",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "154533",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "154470",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "154848",
        "trust": 0.1
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201908-924",
        "trust": 0.1
      },
      {
        "db": "VULHUB",
        "id": "VHN-160946",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "155479",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "157214",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "155416",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "168812",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "178284",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#605641"
      },
      {
        "db": "VULHUB",
        "id": "VHN-160946"
      },
      {
        "db": "PACKETSTORM",
        "id": "154510"
      },
      {
        "db": "PACKETSTORM",
        "id": "155479"
      },
      {
        "db": "PACKETSTORM",
        "id": "154190"
      },
      {
        "db": "PACKETSTORM",
        "id": "158636"
      },
      {
        "db": "PACKETSTORM",
        "id": "157214"
      },
      {
        "db": "PACKETSTORM",
        "id": "155416"
      },
      {
        "db": "PACKETSTORM",
        "id": "154693"
      },
      {
        "db": "PACKETSTORM",
        "id": "168812"
      },
      {
        "db": "PACKETSTORM",
        "id": "178284"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-9511"
      }
    ]
  },
  "id": "VAR-201908-0421",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-160946"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2024-07-23T19:49:30.261000Z",
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-770",
        "trust": 1.1
      },
      {
        "problemtype": "CWE-400",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-160946"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-9511"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.9,
        "url": "https://github.com/netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md"
      },
      {
        "trust": 1.9,
        "url": "https://www.synology.com/security/advisory/synology_sa_19_33"
      },
      {
        "trust": 1.6,
        "url": "https://blogs.akamai.com/sitr/2019/08/http2-vulnerabilities.html"
      },
      {
        "trust": 1.2,
        "url": "https://access.redhat.com/errata/rhsa-2019:2775"
      },
      {
        "trust": 1.2,
        "url": "https://access.redhat.com/errata/rhsa-2019:2939"
      },
      {
        "trust": 1.2,
        "url": "https://access.redhat.com/errata/rhsa-2019:3933"
      },
      {
        "trust": 1.2,
        "url": "https://access.redhat.com/errata/rhsa-2019:4020"
      },
      {
        "trust": 1.1,
        "url": "https://seclists.org/bugtraq/2019/aug/40"
      },
      {
        "trust": 1.1,
        "url": "https://seclists.org/bugtraq/2019/sep/1"
      },
      {
        "trust": 1.1,
        "url": "https://kb.cert.org/vuls/id/605641/"
      },
      {
        "trust": 1.1,
        "url": "https://security.netapp.com/advisory/ntap-20190823-0002/"
      },
      {
        "trust": 1.1,
        "url": "https://security.netapp.com/advisory/ntap-20190823-0005/"
      },
      {
        "trust": 1.1,
        "url": "https://support.f5.com/csp/article/k02591030"
      },
      {
        "trust": 1.1,
        "url": "https://www.debian.org/security/2019/dsa-4505"
      },
      {
        "trust": 1.1,
        "url": "https://www.debian.org/security/2019/dsa-4511"
      },
      {
        "trust": 1.1,
        "url": "https://www.debian.org/security/2020/dsa-4669"
      },
      {
        "trust": 1.1,
        "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
      },
      {
        "trust": 1.1,
        "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
      },
      {
        "trust": 1.1,
        "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
      },
      {
        "trust": 1.1,
        "url": "https://access.redhat.com/errata/rhsa-2019:2692"
      },
      {
        "trust": 1.1,
        "url": "https://access.redhat.com/errata/rhsa-2019:2745"
      },
      {
        "trust": 1.1,
        "url": "https://access.redhat.com/errata/rhsa-2019:2746"
      },
      {
        "trust": 1.1,
        "url": "https://access.redhat.com/errata/rhsa-2019:2799"
      },
      {
        "trust": 1.1,
        "url": "https://access.redhat.com/errata/rhsa-2019:2925"
      },
      {
        "trust": 1.1,
        "url": "https://access.redhat.com/errata/rhsa-2019:2949"
      },
      {
        "trust": 1.1,
        "url": "https://access.redhat.com/errata/rhsa-2019:2955"
      },
      {
        "trust": 1.1,
        "url": "https://access.redhat.com/errata/rhsa-2019:2966"
      },
      {
        "trust": 1.1,
        "url": "https://access.redhat.com/errata/rhsa-2019:3041"
      },
      {
        "trust": 1.1,
        "url": "https://access.redhat.com/errata/rhsa-2019:3932"
      },
      {
        "trust": 1.1,
        "url": "https://access.redhat.com/errata/rhsa-2019:3935"
      },
      {
        "trust": 1.1,
        "url": "https://access.redhat.com/errata/rhsa-2019:4018"
      },
      {
        "trust": 1.1,
        "url": "https://access.redhat.com/errata/rhsa-2019:4019"
      },
      {
        "trust": 1.1,
        "url": "https://access.redhat.com/errata/rhsa-2019:4021"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00032.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00031.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00035.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00003.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00005.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00014.html"
      },
      {
        "trust": 1.1,
        "url": "https://usn.ubuntu.com/4099-1/"
      },
      {
        "trust": 1.0,
        "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10296"
      },
      {
        "trust": 1.0,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/bp556leg3wenhzi5taq6zebftjb4e2is/"
      },
      {
        "trust": 1.0,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/jubyaf6ed3o4xchq5c2hyenjlxyxzc4m/"
      },
      {
        "trust": 1.0,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/lzluypyy3rx4zjdwzrjiksulyrj4pxw7/"
      },
      {
        "trust": 1.0,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/popaec4fwl4uu4ldegpy5npalu24ffqd/"
      },
      {
        "trust": 1.0,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/tazzevtcn2b4wt6aibj7xgyjmbtorju5/"
      },
      {
        "trust": 1.0,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/xhtku7yq5eep2xnsav4m4vj7qcbojmod/"
      },
      {
        "trust": 1.0,
        "url": "https://support.f5.com/csp/article/k02591030?utm_source=f5support\u0026amp%3butm_medium=rss"
      },
      {
        "trust": 0.9,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9511"
      },
      {
        "trust": 0.8,
        "url": "https://vuls.cert.org/confluence/pages/viewpage.action?pageid=56393752"
      },
      {
        "trust": 0.8,
        "url": "https://tools.ietf.org/html/rfc7540"
      },
      {
        "trust": 0.8,
        "url": "https://tools.ietf.org/html/rfc7541"
      },
      {
        "trust": 0.8,
        "url": "https://blog.cloudflare.com/on-the-recent-http-2-dos-attacks/"
      },
      {
        "trust": 0.8,
        "url": "https://blog.litespeedtech.com/2019/08/15/litespeed-addresses-http-2-dos-advisories/"
      },
      {
        "trust": 0.8,
        "url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-9511https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-9512https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-9513https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-9514https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-9518"
      },
      {
        "trust": 0.6,
        "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9513"
      },
      {
        "trust": 0.6,
        "url": "https://access.redhat.com/security/cve/cve-2019-9511"
      },
      {
        "trust": 0.6,
        "url": "https://bugzilla.redhat.com/):"
      },
      {
        "trust": 0.6,
        "url": "https://access.redhat.com/security/team/contact/"
      },
      {
        "trust": 0.6,
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9516"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/team/key/"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2019-9516"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/articles/11258"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9514"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2019-9513"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9515"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2019-9512"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2019-9514"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2019-9515"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9512"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9517"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2019-9517"
      },
      {
        "trust": 0.2,
        "url": "https://www.debian.org/security/faq"
      },
      {
        "trust": 0.2,
        "url": "https://www.debian.org/security/"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2019-20444"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20445"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20444"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2019-20445"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-7238"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2019-9518"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9518"
      },
      {
        "trust": 0.1,
        "url": "https://kc.mcafee.com/corporate/index?page=content\u0026amp;id=sb10296"
      },
      {
        "trust": 0.1,
        "url": "https://support.f5.com/csp/article/k02591030?utm_source=f5support\u0026amp;amp;utm_medium=rss"
      },
      {
        "trust": 0.1,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/bp556leg3wenhzi5taq6zebftjb4e2is/"
      },
      {
        "trust": 0.1,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/xhtku7yq5eep2xnsav4m4vj7qcbojmod/"
      },
      {
        "trust": 0.1,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/popaec4fwl4uu4ldegpy5npalu24ffqd/"
      },
      {
        "trust": 0.1,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/lzluypyy3rx4zjdwzrjiksulyrj4pxw7/"
      },
      {
        "trust": 0.1,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/jubyaf6ed3o4xchq5c2hyenjlxyxzc4m/"
      },
      {
        "trust": 0.1,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/tazzevtcn2b4wt6aibj7xgyjmbtorju5/"
      },
      {
        "trust": 0.1,
        "url": "https://issues.jboss.org/):"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14843"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-14838"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.2/html-single/installation_guide/"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.2/"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-14843"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14838"
      },
      {
        "trust": 0.1,
        "url": "https://security-tracker.debian.org/tracker/nginx"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-16335"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-11797"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-11112"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-11113"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-10968"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-9546"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-14060"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-16943"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-10672"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-17573"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-11619"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-10172"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-10672"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-20330"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-12086"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2018-1000632"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-1000632"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-12400"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2018-3831"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-0231"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20330"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2018-11797"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-10673"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=jboss.fuse\u0026version=7.7.0"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-17531"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-16335"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-10086"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-14062"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2018-12541"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-3797"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-4970"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-17531"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-9827"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-14540"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-17267"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-1745"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/documentation/en-us/red_hat_fuse/7.7/"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-10172"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-12086"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-16942"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14892"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4970"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-9548"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-1953"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-1757"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-16943"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-10969"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-11620"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-0231"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-17267"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-14893"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-11111"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9827"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-9547"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-17573"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-16942"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14893"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-3831"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-14888"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-12400"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-14892"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-14061"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-10086"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-12541"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14540"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-8840"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2020:3192"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-14195"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-3797"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14888"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-0222"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-10247"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=jboss.amq.broker\u0026version=7.4.3"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-16869"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-0222"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-7238"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2020:1445"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-10241"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-10247"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-16869"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-10241"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/documentation/en-us/red_hat_amq/7.4/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-0197"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-5407"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-17199"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-17189"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2018-0737"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2018-17199"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-0737"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-0217"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-0734"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-0217"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-0197"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2018-17189"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2018-5407"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-0196"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-0196"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2018-0734"
      },
      {
        "trust": 0.1,
        "url": "https://security-tracker.debian.org/tracker/nodejs"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-15606"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-15604"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-15605"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/nghttp2/1.40.0-1ubuntu0.3"
      },
      {
        "trust": 0.1,
        "url": "https://ubuntu.com/security/notices/usn-6754-1"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2023-44487"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/nghttp2/1.43.0-1ubuntu0.2"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/nghttp2/1.55.1-1ubuntu0.2"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2024-28182"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#605641"
      },
      {
        "db": "VULHUB",
        "id": "VHN-160946"
      },
      {
        "db": "PACKETSTORM",
        "id": "154510"
      },
      {
        "db": "PACKETSTORM",
        "id": "155479"
      },
      {
        "db": "PACKETSTORM",
        "id": "154190"
      },
      {
        "db": "PACKETSTORM",
        "id": "158636"
      },
      {
        "db": "PACKETSTORM",
        "id": "157214"
      },
      {
        "db": "PACKETSTORM",
        "id": "155416"
      },
      {
        "db": "PACKETSTORM",
        "id": "154693"
      },
      {
        "db": "PACKETSTORM",
        "id": "168812"
      },
      {
        "db": "PACKETSTORM",
        "id": "178284"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-9511"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CERT/CC",
        "id": "VU#605641"
      },
      {
        "db": "VULHUB",
        "id": "VHN-160946"
      },
      {
        "db": "PACKETSTORM",
        "id": "154510"
      },
      {
        "db": "PACKETSTORM",
        "id": "155479"
      },
      {
        "db": "PACKETSTORM",
        "id": "154190"
      },
      {
        "db": "PACKETSTORM",
        "id": "158636"
      },
      {
        "db": "PACKETSTORM",
        "id": "157214"
      },
      {
        "db": "PACKETSTORM",
        "id": "155416"
      },
      {
        "db": "PACKETSTORM",
        "id": "154693"
      },
      {
        "db": "PACKETSTORM",
        "id": "168812"
      },
      {
        "db": "PACKETSTORM",
        "id": "178284"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-9511"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-08-13T00:00:00",
        "db": "CERT/CC",
        "id": "VU#605641"
      },
      {
        "date": "2019-08-13T00:00:00",
        "db": "VULHUB",
        "id": "VHN-160946"
      },
      {
        "date": "2019-09-17T20:58:22",
        "db": "PACKETSTORM",
        "id": "154510"
      },
      {
        "date": "2019-11-27T15:37:53",
        "db": "PACKETSTORM",
        "id": "155479"
      },
      {
        "date": "2019-08-22T20:20:23",
        "db": "PACKETSTORM",
        "id": "154190"
      },
      {
        "date": "2020-07-29T00:05:59",
        "db": "PACKETSTORM",
        "id": "158636"
      },
      {
        "date": "2020-04-14T15:39:41",
        "db": "PACKETSTORM",
        "id": "157214"
      },
      {
        "date": "2019-11-20T20:55:55",
        "db": "PACKETSTORM",
        "id": "155416"
      },
      {
        "date": "2019-09-30T22:22:22",
        "db": "PACKETSTORM",
        "id": "154693"
      },
      {
        "date": "2020-04-28T19:12:00",
        "db": "PACKETSTORM",
        "id": "168812"
      },
      {
        "date": "2024-04-26T15:13:40",
        "db": "PACKETSTORM",
        "id": "178284"
      },
      {
        "date": "2019-08-13T21:15:12.223000",
        "db": "NVD",
        "id": "CVE-2019-9511"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-11-19T00:00:00",
        "db": "CERT/CC",
        "id": "VU#605641"
      },
      {
        "date": "2020-10-22T00:00:00",
        "db": "VULHUB",
        "id": "VHN-160946"
      },
      {
        "date": "2023-11-07T03:13:41.610000",
        "db": "NVD",
        "id": "CVE-2019-9511"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "178284"
      }
    ],
    "trust": 0.1
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "HTTP/2 implementations do not robustly handle abnormal traffic and resource exhaustion",
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#605641"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "xss",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "158636"
      },
      {
        "db": "PACKETSTORM",
        "id": "157214"
      }
    ],
    "trust": 0.2
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading...

Loading...

Loading...

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.