Rapid7 Vulnerability & Exploit Database

Red Hat: CVE-2019-9511: CVE-2019-9511 HTTP/2: large amount of data requests leads to denial of service (Multiple Advisories)

Free InsightVM Trial No Credit Card Necessary
2024 Attack Intel Report Latest research by Rapid7 Labs
Back to Search

Red Hat: CVE-2019-9511: CVE-2019-9511 HTTP/2: large amount of data requests leads to denial of service (Multiple Advisories)

Severity
8
CVSS
(AV:N/AC:L/Au:N/C:N/I:N/A:C)
Published
08/13/2019
Created
09/12/2019
Added
09/11/2019
Modified
12/15/2023

Description

Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service. The attacker requests a large amount of data from a specified resource over multiple streams. They manipulate window size and stream priority to force the server to queue the data in 1-byte chunks. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both.

Solution(s)

  • redhat-upgrade-libnghttp2
  • redhat-upgrade-libnghttp2-debuginfo
  • redhat-upgrade-libnghttp2-devel
  • redhat-upgrade-nghttp2
  • redhat-upgrade-nghttp2-debuginfo
  • redhat-upgrade-nghttp2-debugsource
  • redhat-upgrade-nginx
  • redhat-upgrade-nginx-all-modules
  • redhat-upgrade-nginx-debuginfo
  • redhat-upgrade-nginx-debugsource
  • redhat-upgrade-nginx-filesystem
  • redhat-upgrade-nginx-mod-http-image-filter
  • redhat-upgrade-nginx-mod-http-image-filter-debuginfo
  • redhat-upgrade-nginx-mod-http-perl
  • redhat-upgrade-nginx-mod-http-perl-debuginfo
  • redhat-upgrade-nginx-mod-http-xslt-filter
  • redhat-upgrade-nginx-mod-http-xslt-filter-debuginfo
  • redhat-upgrade-nginx-mod-mail
  • redhat-upgrade-nginx-mod-mail-debuginfo
  • redhat-upgrade-nginx-mod-stream
  • redhat-upgrade-nginx-mod-stream-debuginfo
  • redhat-upgrade-nodejs
  • redhat-upgrade-nodejs-debuginfo
  • redhat-upgrade-nodejs-debugsource
  • redhat-upgrade-nodejs-devel
  • redhat-upgrade-nodejs-devel-debuginfo
  • redhat-upgrade-nodejs-docs
  • redhat-upgrade-nodejs-nodemon
  • redhat-upgrade-nodejs-packaging
  • redhat-upgrade-npm

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;