CVE-2019-9518
Description
Some HTTP/2 implementations are vulnerable to a flood of empty frames, potentially leading to a denial of service. The attacker sends a stream of frames with an empty payload and without the end-of-stream flag. These frames can be DATA, HEADERS, CONTINUATION and/or PUSH_PROMISE. The peer spends time processing each frame disproportionate to attack bandwidth. This can consume excess CPU.
Risk Information
Base Score
7.5
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
EPSS Score
Exploitation Probability
3.674
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Windows Information Disclosure Vulnerability for Windows 10 Version 1607 for x86-based Systems (KB4512517) | Windows |
| Windows Information Disclosure Vulnerability for Windows 10 Version 1803 for x64-based Systems (KB4512501) | Windows |
| Windows Information Disclosure Vulnerability for Windows Server 2016 (1803) for x64-based Systems (KB4512501) | Windows |
| Windows Information Disclosure Vulnerability for Windows 10 Version 1803 for x86-based Systems (KB4512501) | Windows |
| Windows Information Disclosure Vulnerability for Windows 10 Version 1709 for x64-based Systems (KB4512516) | Windows |
| Windows Information Disclosure Vulnerability for Windows 10 Version 1709 for x86-based Systems (KB4512516) | Windows |
| Windows Information Disclosure Vulnerability for Windows 10 Version 1903 for x64-based Systems (KB4512508) | Windows |
| Windows Information Disclosure Vulnerability for Windows Server, version 1903 for x64-based Systems (KB4512508) | Windows |
| Windows Information Disclosure Vulnerability for Windows 10 Version 1903 for x86-based Systems (KB4512508) | Windows |
| Windows Information Disclosure Vulnerability for Windows 10 Version 1703 for x64-based Systems (KB4512507) | Windows |
| Windows Information Disclosure Vulnerability for Windows 10 Version 1703 for x86-based Systems (KB4512507) | Windows |
| Windows Information Disclosure Vulnerability for Windows 10 Version 1607 for x64-based Systems (KB4512517) | Windows |
| Windows Information Disclosure Vulnerability for Windows Server 2016 for x64-based Systems (KB4512517) | Windows |
| Windows Information Disclosure Vulnerability for Windows Server 2019 for x64-based Systems (KB4511553) | Windows |
| Windows Information Disclosure Vulnerability for Windows 10 Version 1809 for x64-based Systems (KB4511553) | Windows |
| Windows Information Disclosure Vulnerability for Windows 10 Version 1809 for x86-based Systems (KB4511553) | Windows |
| Windows Information Disclosure Vulnerability for Windows 10 Version 1507 for x86-based Systems (KB4512497) | Windows |
| Windows Information Disclosure Vulnerability for Windows 10 Version 1507 for x64-based Systems (KB4512497) | Windows |
| Windows Information Disclosure Vulnerability for Windows 10 Version 1703 for x64-based Systems (KB4512507) | Windows |
| Windows Information Disclosure Vulnerability for Windows 10 Version 1703 for x86-based Systems (KB4512507) | Windows |
| Windows Information Disclosure Vulnerability for Windows 10 Version 1703 for x64-based Systems (KB4512507) | Windows |
| Windows Information Disclosure Vulnerability for Windows 10 Version 1703 for x86-based Systems (KB4512507) | Windows |
| Multiple vulnerabilities are fixed in Node.js 12 (12.22.12) | Windows |
| Multiple vulnerabilities are fixed in Node.js 18 (x64) (18.16.1) | Windows |
| Multiple vulnerabilities are fixed in Node.js 18 (18.16.1) | Windows |
| Multiple vulnerabilities are fixed in Node.js (x64) (10.16.3) | Windows |
| Multiple vulnerabilities are fixed in Node.js (10.16.3) | Windows |
| Multiple vulnerabilities are fixed in Node.js 8 8.16.1 | Windows |
| Multiple vulnerabilities are fixed in Node.js 8 (x64) 8.16.1 | Windows |
| Multiple vulnerabilities are fixed in Node.js 12 12.8.1 | Windows |
| Multiple Vulnerabilities are affected in IBM Sterling B2B Integrator 6.0.3.1 | Windows |
| Multiple Vulnerabilities are affected in Red Hat JBoss Enterprise Application Platform 7 7.2.0 | Windows |
| Multiple Vulnerabilities are affected in IBM Sterling B2B Integrator 5.2.6.5 | Windows |
| Multiple Vulnerabilities are affected in Red Hat JBoss Enterprise Application Platform 7 7.3.0 | Windows |
| Multiple Vulnerabilities are affected in IBM MQ 9.1 | Windows |
| Multiple Vulnerabilities are affected in IBM Tivoli Application Dependency Discovery Manager 7.3.0.7 | Windows |
| trafficserver security update(DSA-4520-1) trafficserver_8.0.2+ds-1+deb10u1_amd64.deb | Linux |
| Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2019-9518) | NCM |
Patch Details
Click to see the patches provided by ManageEngine for this CVE
| Patch ID | Patch Description |
|---|---|
| PATCH-27214 | 2019-08 Cumulative Update for Windows 10 Version 1607 for x86-based Systems (KB4512517) |
| PATCH-27223 | 2019-08 Cumulative Update for Windows 10 Version 1803 for x64-based Systems (KB4512501) |
| PATCH-27224 | 2019-08 Cumulative Update for Windows Server 2016 (1803) for x64-based Systems (KB4512501) |
| PATCH-27225 | 2019-08 Cumulative Update for Windows 10 Version 1803 for x86-based Systems (KB4512501) |
| PATCH-27221 | 2019-08 Cumulative Update for Windows 10 Version 1709 for x64-based Systems (KB4512516) |
| PATCH-27222 | 2019-08 Cumulative Update for Windows 10 Version 1709 for x86-based Systems (KB4512516) |
| PATCH-27229 | 2019-08 Cumulative Update for Windows 10 Version 1903 for x64-based Systems (KB4512508) |
| PATCH-27230 | 2019-08 Cumulative Update for Windows Server, version 1903 for x64-based Systems (KB4512508) |
| PATCH-27231 | 2019-08 Cumulative Update for Windows 10 Version 1903 for x86-based Systems (KB4512508) |
| PATCH-27215 | 2019-08 Cumulative Update for Windows 10 Version 1607 for x64-based Systems (KB4512517) |
| PATCH-27216 | 2019-08 Cumulative Update for Windows Server 2016 for x64-based Systems (KB4512517) |
| PATCH-27226 | 2019-08 Cumulative Update for Windows Server 2019 for x64-based Systems (KB4511553) |
| PATCH-27227 | 2019-08 Cumulative Update for Windows 10 Version 1809 for x64-based Systems (KB4511553) |
| PATCH-27228 | 2019-08 Cumulative Update for Windows 10 Version 1809 for x86-based Systems (KB4511553) |
| PATCH-27217 | 2019-08 Cumulative Update for Windows 10 Version 1507 for x86-based Systems (KB4512497) |
| PATCH-27218 | 2019-08 Cumulative Update for Windows 10 Version 1507 for x64-based Systems (KB4512497) |
| PATCH-324370 | Node.js 12 (12.22.12) |
| PATCH-331763 | Node.js 18 (x64) (18.17.0) |
| PATCH-331762 | Node.js 18 (18.17.0) |
| PATCH-319043 | Node.js 10 (x64) (10.24.1) |
| PATCH-319042 | Node.js 10 (10.24.1) |
| PATCH-324370 | Node.js 12 (12.22.12) |
References
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234