CVE-2019-9515
First published: Thu Aug 01 2019(Updated: )
Some HTTP/2 implementations are vulnerable to a settings flood, potentially leading to a denial of service. The attacker sends a stream of SETTINGS frames to the peer. Since the RFC requires that the peer reply with one acknowledgement per SETTINGS frame, an empty SETTINGS frame is almost equivalent in behavior to a ping. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both.
Credit: cret@cert.org cret@cert.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/eap7-apache-cxf | <0:3.2.10-1.redhat_00001.1.el6ea | 0:3.2.10-1.redhat_00001.1.el6ea |
| redhat/eap7-byte-buddy | <0:1.9.11-1.redhat_00002.1.el6ea | 0:1.9.11-1.redhat_00002.1.el6ea |
| redhat/eap7-glassfish-jsf | <0:2.3.5-5.SP3_redhat_00003.1.el6ea | 0:2.3.5-5.SP3_redhat_00003.1.el6ea |
| redhat/eap7-hal-console | <0:3.0.17-2.Final_redhat_00001.1.el6ea | 0:3.0.17-2.Final_redhat_00001.1.el6ea |
| redhat/eap7-hibernate | <0:5.3.13-1.Final_redhat_00001.1.el6ea | 0:5.3.13-1.Final_redhat_00001.1.el6ea |
| redhat/eap7-ironjacamar | <0:1.4.18-1.Final_redhat_00001.1.el6ea | 0:1.4.18-1.Final_redhat_00001.1.el6ea |
| redhat/eap7-jboss-genericjms | <0:2.0.2-1.Final_redhat_00001.1.el6ea | 0:2.0.2-1.Final_redhat_00001.1.el6ea |
| redhat/eap7-jboss-msc | <0:1.4.11-1.Final_redhat_00001.1.el6ea | 0:1.4.11-1.Final_redhat_00001.1.el6ea |
| redhat/eap7-jboss-remoting | <0:5.0.16-2.Final_redhat_00001.1.el6ea | 0:5.0.16-2.Final_redhat_00001.1.el6ea |
| redhat/eap7-jboss-server-migration | <0:1.3.1-6.Final_redhat_00006.1.el6ea | 0:1.3.1-6.Final_redhat_00006.1.el6ea |
| redhat/eap7-jboss-xnio-base | <0:3.7.6-2.SP1_redhat_00001.1.el6ea | 0:3.7.6-2.SP1_redhat_00001.1.el6ea |
| redhat/eap7-picketbox | <0:5.0.3-6.Final_redhat_00005.1.el6ea | 0:5.0.3-6.Final_redhat_00005.1.el6ea |
| redhat/eap7-picketlink-bindings | <0:2.5.5-20.SP12_redhat_00009.1.el6ea | 0:2.5.5-20.SP12_redhat_00009.1.el6ea |
| redhat/eap7-picketlink-federation | <0:2.5.5-20.SP12_redhat_00009.1.el6ea | 0:2.5.5-20.SP12_redhat_00009.1.el6ea |
| redhat/eap7-resteasy | <0:3.6.1-7.SP7_redhat_00001.1.el6ea | 0:3.6.1-7.SP7_redhat_00001.1.el6ea |
| redhat/eap7-undertow | <0:2.0.26-2.SP3_redhat_00001.1.el6ea | 0:2.0.26-2.SP3_redhat_00001.1.el6ea |
| redhat/eap7-wildfly | <0:7.2.5-4.GA_redhat_00002.1.el6ea | 0:7.2.5-4.GA_redhat_00002.1.el6ea |
| redhat/eap7-wildfly-elytron | <0:1.6.5-1.Final_redhat_00001.1.el6ea | 0:1.6.5-1.Final_redhat_00001.1.el6ea |
| redhat/eap7-wildfly-elytron-tool | <0:1.4.4-1.Final_redhat_00001.1.el6ea | 0:1.4.4-1.Final_redhat_00001.1.el6ea |
| redhat/eap7-wildfly-http-client | <0:1.0.17-1.Final_redhat_00001.1.el6ea | 0:1.0.17-1.Final_redhat_00001.1.el6ea |
| redhat/eap7-wildfly-openssl | <0:1.0.8-1.Final_redhat_00001.1.el6ea | 0:1.0.8-1.Final_redhat_00001.1.el6ea |
| redhat/eap7-yasson | <0:1.0.5-1.redhat_00001.1.el6ea | 0:1.0.5-1.redhat_00001.1.el6ea |
| redhat/eap7-apache-cxf | <0:3.2.10-1.redhat_00001.1.el7ea | 0:3.2.10-1.redhat_00001.1.el7ea |
| redhat/eap7-byte-buddy | <0:1.9.11-1.redhat_00002.1.el7ea | 0:1.9.11-1.redhat_00002.1.el7ea |
| redhat/eap7-glassfish-jsf | <0:2.3.5-5.SP3_redhat_00003.1.el7ea | 0:2.3.5-5.SP3_redhat_00003.1.el7ea |
| redhat/eap7-hal-console | <0:3.0.17-2.Final_redhat_00001.1.el7ea | 0:3.0.17-2.Final_redhat_00001.1.el7ea |
| redhat/eap7-hibernate | <0:5.3.13-1.Final_redhat_00001.1.el7ea | 0:5.3.13-1.Final_redhat_00001.1.el7ea |
| redhat/eap7-ironjacamar | <0:1.4.18-1.Final_redhat_00001.1.el7ea | 0:1.4.18-1.Final_redhat_00001.1.el7ea |
| redhat/eap7-jboss-genericjms | <0:2.0.2-1.Final_redhat_00001.1.el7ea | 0:2.0.2-1.Final_redhat_00001.1.el7ea |
| redhat/eap7-jboss-msc | <0:1.4.11-1.Final_redhat_00001.1.el7ea | 0:1.4.11-1.Final_redhat_00001.1.el7ea |
| redhat/eap7-jboss-remoting | <0:5.0.16-2.Final_redhat_00001.1.el7ea | 0:5.0.16-2.Final_redhat_00001.1.el7ea |
| redhat/eap7-jboss-server-migration | <0:1.3.1-6.Final_redhat_00006.1.el7ea | 0:1.3.1-6.Final_redhat_00006.1.el7ea |
| redhat/eap7-jboss-xnio-base | <0:3.7.6-2.SP1_redhat_00001.1.el7ea | 0:3.7.6-2.SP1_redhat_00001.1.el7ea |
| redhat/eap7-picketbox | <0:5.0.3-6.Final_redhat_00005.1.el7ea | 0:5.0.3-6.Final_redhat_00005.1.el7ea |
| redhat/eap7-picketlink-bindings | <0:2.5.5-20.SP12_redhat_00009.1.el7ea | 0:2.5.5-20.SP12_redhat_00009.1.el7ea |
| redhat/eap7-picketlink-federation | <0:2.5.5-20.SP12_redhat_00009.1.el7ea | 0:2.5.5-20.SP12_redhat_00009.1.el7ea |
| redhat/eap7-resteasy | <0:3.6.1-7.SP7_redhat_00001.1.el7ea | 0:3.6.1-7.SP7_redhat_00001.1.el7ea |
| redhat/eap7-undertow | <0:2.0.26-2.SP3_redhat_00001.1.el7ea | 0:2.0.26-2.SP3_redhat_00001.1.el7ea |
| redhat/eap7-wildfly | <0:7.2.5-4.GA_redhat_00002.1.el7ea | 0:7.2.5-4.GA_redhat_00002.1.el7ea |
| redhat/eap7-wildfly-elytron | <0:1.6.5-1.Final_redhat_00001.1.el7ea | 0:1.6.5-1.Final_redhat_00001.1.el7ea |
| redhat/eap7-wildfly-elytron-tool | <0:1.4.4-1.Final_redhat_00001.1.el7ea | 0:1.4.4-1.Final_redhat_00001.1.el7ea |
| redhat/eap7-wildfly-http-client | <0:1.0.17-1.Final_redhat_00001.1.el7ea | 0:1.0.17-1.Final_redhat_00001.1.el7ea |
| redhat/eap7-wildfly-openssl | <0:1.0.8-1.Final_redhat_00001.1.el7ea | 0:1.0.8-1.Final_redhat_00001.1.el7ea |
| redhat/eap7-yasson | <0:1.0.5-1.redhat_00001.1.el7ea | 0:1.0.5-1.redhat_00001.1.el7ea |
| redhat/eap7-apache-cxf | <0:3.2.10-1.redhat_00001.1.el8ea | 0:3.2.10-1.redhat_00001.1.el8ea |
| redhat/eap7-byte-buddy | <0:1.9.11-1.redhat_00002.1.el8ea | 0:1.9.11-1.redhat_00002.1.el8ea |
| redhat/eap7-glassfish-jsf | <0:2.3.5-5.SP3_redhat_00003.1.el8ea | 0:2.3.5-5.SP3_redhat_00003.1.el8ea |
| redhat/eap7-hal-console | <0:3.0.17-2.Final_redhat_00001.1.el8ea | 0:3.0.17-2.Final_redhat_00001.1.el8ea |
| redhat/eap7-hibernate | <0:5.3.13-1.Final_redhat_00001.1.el8ea | 0:5.3.13-1.Final_redhat_00001.1.el8ea |
| redhat/eap7-ironjacamar | <0:1.4.18-1.Final_redhat_00001.1.el8ea | 0:1.4.18-1.Final_redhat_00001.1.el8ea |
| redhat/eap7-jboss-genericjms | <0:2.0.2-1.Final_redhat_00001.1.el8ea | 0:2.0.2-1.Final_redhat_00001.1.el8ea |
| redhat/eap7-jboss-msc | <0:1.4.11-1.Final_redhat_00001.1.el8ea | 0:1.4.11-1.Final_redhat_00001.1.el8ea |
| redhat/eap7-jboss-remoting | <0:5.0.16-2.Final_redhat_00001.1.el8ea | 0:5.0.16-2.Final_redhat_00001.1.el8ea |
| redhat/eap7-jboss-server-migration | <0:1.3.1-6.Final_redhat_00006.1.el8ea | 0:1.3.1-6.Final_redhat_00006.1.el8ea |
| redhat/eap7-jboss-xnio-base | <0:3.7.6-2.SP1_redhat_00001.1.el8ea | 0:3.7.6-2.SP1_redhat_00001.1.el8ea |
| redhat/eap7-picketbox | <0:5.0.3-6.Final_redhat_00005.1.el8ea | 0:5.0.3-6.Final_redhat_00005.1.el8ea |
| redhat/eap7-picketlink-bindings | <0:2.5.5-20.SP12_redhat_00009.1.el8ea | 0:2.5.5-20.SP12_redhat_00009.1.el8ea |
| redhat/eap7-picketlink-federation | <0:2.5.5-20.SP12_redhat_00009.1.el8ea | 0:2.5.5-20.SP12_redhat_00009.1.el8ea |
| redhat/eap7-resteasy | <0:3.6.1-7.SP7_redhat_00001.1.el8ea | 0:3.6.1-7.SP7_redhat_00001.1.el8ea |
| redhat/eap7-undertow | <0:2.0.26-2.SP3_redhat_00001.1.el8ea | 0:2.0.26-2.SP3_redhat_00001.1.el8ea |
| redhat/eap7-wildfly | <0:7.2.5-4.GA_redhat_00002.1.el8ea | 0:7.2.5-4.GA_redhat_00002.1.el8ea |
| redhat/eap7-wildfly-elytron | <0:1.6.5-1.Final_redhat_00001.1.el8ea | 0:1.6.5-1.Final_redhat_00001.1.el8ea |
| redhat/eap7-wildfly-elytron-tool | <0:1.4.4-1.Final_redhat_00001.1.el8ea | 0:1.4.4-1.Final_redhat_00001.1.el8ea |
| redhat/eap7-wildfly-http-client | <0:1.0.17-1.Final_redhat_00001.1.el8ea | 0:1.0.17-1.Final_redhat_00001.1.el8ea |
| redhat/eap7-wildfly-openssl | <0:1.0.8-1.Final_redhat_00001.1.el8ea | 0:1.0.8-1.Final_redhat_00001.1.el8ea |
| redhat/eap7-yasson | <0:1.0.5-1.redhat_00001.1.el8ea | 0:1.0.5-1.redhat_00001.1.el8ea |
| redhat/skydive | <0:0.20.5-2.el7 | 0:0.20.5-2.el7 |
| redhat/rh-sso7-keycloak | <0:4.8.15-1.Final_redhat_00001.1.el6 | 0:4.8.15-1.Final_redhat_00001.1.el6 |
| redhat/rh-sso7-keycloak | <0:4.8.15-1.Final_redhat_00001.1.el7 | 0:4.8.15-1.Final_redhat_00001.1.el7 |
| redhat/rh-sso7-keycloak | <0:4.8.15-1.Final_redhat_00001.1.el8 | 0:4.8.15-1.Final_redhat_00001.1.el8 |
| redhat/rh-nodejs10 | <0:3.2-3.el7 | 0:3.2-3.el7 |
| redhat/rh-nodejs10-nodejs | <0:10.16.3-3.el7 | 0:10.16.3-3.el7 |
| redhat/rh-nodejs8 | <0:3.0-5.el7 | 0:3.0-5.el7 |
| redhat/rh-nodejs8-nodejs | <0:8.16.1-2.el7 | 0:8.16.1-2.el7 |
| redhat/envoy | <1.11.1 | 1.11.1 |
| redhat/Nodejs | <8.16.1 | 8.16.1 |
| redhat/Nodejs | <10.16.3 | 10.16.3 |
| redhat/Nodejs | <12.8.1 | 12.8.1 |
| redhat/gRPC-Go | <1.21.3 | 1.21.3 |
| redhat/gRPC-Go | <1.22.2 | 1.22.2 |
| redhat/gRPC-Go | <1.23.0 | 1.23.0 |
| All of | ||
| Apple Swiftnio | >=1.0.0<=1.4.0 | |
| Any of | ||
| Apple Mac OS X | >=10.12 | |
| Canonical Ubuntu Linux | >=14.04 | |
| Apache Traffic Server | >=6.0.0<=6.2.3 | |
| Apache Traffic Server | >=7.0.0<=7.1.6 | |
| Apache Traffic Server | >=8.0.0<=8.0.3 | |
| Canonical Ubuntu Linux | =16.04 | |
| Canonical Ubuntu Linux | =18.04 | |
| Canonical Ubuntu Linux | =19.04 | |
| Debian Debian Linux | =9.0 | |
| Debian Debian Linux | =10.0 | |
| Synology DiskStation Manager | =6.2 | |
| Synology Skynas | ||
| All of | ||
| Synology Vs960hd Firmware | ||
| Synology Vs960hd | ||
| Fedoraproject Fedora | =29 | |
| Fedoraproject Fedora | =30 | |
| openSUSE Leap | =15.0 | |
| openSUSE Leap | =15.1 | |
| Redhat Jboss Core Services | =1.0 | |
| Redhat Jboss Enterprise Application Platform | =7.2.0 | |
| Redhat Jboss Enterprise Application Platform | =7.3.0 | |
| Redhat Openshift Container Platform | =4.1 | |
| Redhat Openshift Service Mesh | =1.0 | |
| Redhat Openstack | =14 | |
| Redhat Quay | =3.0.0 | |
| Redhat Single Sign-on | =7.3 | |
| Redhat Software Collections | =1.0 | |
| Redhat Enterprise Linux | =8.0 | |
| Oracle GraalVM | =19.2.0 | |
| McAfee Web Gateway | >=7.7.2.0<7.7.2.24 | |
| McAfee Web Gateway | >=7.8.2.0<7.8.2.13 | |
| McAfee Web Gateway | >=8.1.0<8.2.0 | |
| F5 Big-ip Local Traffic Manager | >=11.6.1<11.6.5.1 | |
| F5 Big-ip Local Traffic Manager | >=12.1.0<12.1.5.1 | |
| F5 Big-ip Local Traffic Manager | >=13.1.0<13.1.3.2 | |
| F5 Big-ip Local Traffic Manager | >=14.0.0<14.0.1.1 | |
| F5 Big-ip Local Traffic Manager | >=14.1.0<14.1.2.1 | |
| F5 Big-ip Local Traffic Manager | >=15.0.0<15.0.1.1 | |
| Nodejs Node.js | >=8.0.0<=8.8.1 | |
| Nodejs Node.js | >=8.9.0<8.16.1 | |
| Nodejs Node.js | >=10.0.0<=10.12.0 | |
| Nodejs Node.js | >=10.13.0<10.16.3 | |
| Nodejs Node.js | >=12.0.0<12.8.1 | |
| Apple Swiftnio | >=1.0.0<=1.4.0 | |
| Apple Mac OS X | >=10.12 | |
| Canonical Ubuntu Linux | >=14.04 | |
| Synology Vs960hd Firmware | ||
| Synology Vs960hd | ||
| debian/h2o | 2.2.5+dfsg2-2+deb10u1 2.2.5+dfsg2-2+deb10u2 2.2.5+dfsg2-6 2.2.5+dfsg2-7 2.2.5+dfsg2-8 2.2.5+dfsg2-8.1 | |
| debian/trafficserver | 8.0.2+ds-1+deb10u6 8.1.7-0+deb10u4 8.1.9+ds-1~deb11u1 8.1.10+ds-1~deb11u1 9.2.3+ds-1+deb12u1 9.2.4+ds-0+deb12u1 9.2.4+ds-2 | |
| ubuntu/h2o | <2.2.5+dfsg2-2+ | 2.2.5+dfsg2-2+ |
| ubuntu/h2o | <2.2.5+dfsg2-3 | 2.2.5+dfsg2-3 |
| ubuntu/netty | <1:4.1.7-4ubuntu0.1+ | 1:4.1.7-4ubuntu0.1+ |
| ubuntu/twisted | <17.9.0-2ubuntu0.1 | 17.9.0-2ubuntu0.1 |
| ubuntu/twisted | <18.9.0-3ubuntu1.1 | 18.9.0-3ubuntu1.1 |
| ubuntu/twisted | <18.9.0-6ubuntu1 | 18.9.0-6ubuntu1 |
| ubuntu/twisted | <18.9.0-6ubuntu1 | 18.9.0-6ubuntu1 |
| ubuntu/twisted | <18.9.0-6ubuntu1 | 18.9.0-6ubuntu1 |
| ubuntu/twisted | <18.9.0-6ubuntu1 | 18.9.0-6ubuntu1 |
| ubuntu/twisted | <18.9.0-6ubuntu1 | 18.9.0-6ubuntu1 |
| ubuntu/twisted | <18.9.0-6ubuntu1 | 18.9.0-6ubuntu1 |
| ubuntu/twisted | <18.9.0-6ubuntu1 | 18.9.0-6ubuntu1 |
| ubuntu/twisted | <18.9.0-6ubuntu1 | 18.9.0-6ubuntu1 |
| ubuntu/twisted | <18.9.0-6ubuntu1 | 18.9.0-6ubuntu1 |
| ubuntu/twisted | <19.10.0 | 19.10.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://www.cve.org/CVERecord?id=CVE-2019-9515 https://nvd.nist.gov/vuln/detail/CVE-2019-9515 https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/ https://www.mail-archive.com/grpc-io@googlegroups.com/msg06408.html
- https://bugzilla.redhat.com/show_bug.cgi?id=1735745
- https://access.redhat.com/errata/RHSA-2020:0922
- https://access.redhat.com/errata/RHSA-2020:1445
- https://access.redhat.com/errata/RHSA-2020:3196
- https://access.redhat.com/errata/RHSA-2019:2925
- https://access.redhat.com/errata/RHSA-2019:4352
- https://access.redhat.com/errata/RHSA-2020:0727
- https://access.redhat.com/errata/RHSA-2019:4021
- https://access.redhat.com/errata/RHSA-2019:4018
- https://access.redhat.com/errata/RHSA-2019:4019
- https://access.redhat.com/errata/RHSA-2019:4020
- https://access.redhat.com/errata/RHSA-2020:2565
- https://access.redhat.com/errata/RHSA-2019:3892
- https://access.redhat.com/errata/RHSA-2020:0983
- https://access.redhat.com/errata/RHSA-2019:2766
- https://access.redhat.com/errata/RHSA-2019:2861
- https://access.redhat.com/errata/RHSA-2019:2796
- https://access.redhat.com/errata/RHSA-2020:3197
- https://access.redhat.com/errata/RHSA-2019:4045
- https://access.redhat.com/errata/RHSA-2019:4040
- https://access.redhat.com/errata/RHSA-2019:4041
- https://access.redhat.com/errata/RHSA-2019:4042
- https://access.redhat.com/errata/RHSA-2019:2939
- https://access.redhat.com/errata/RHSA-2019:2955
- https://access.redhat.com/errata/RHSA-2020:2067
- https://access.redhat.com/security/cve/cve-2019-9515
- http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00031.html
- http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00032.html
- http://seclists.org/fulldisclosure/2019/Aug/16
- https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md
- https://kb.cert.org/vuls/id/605641/
- https://kc.mcafee.com/corporate/index?page=content&id=SB10296
- https://lists.apache.org/thread.html/392108390cef48af647a2e47b7fd5380e050e35ae8d1aa2030254c04@%3Cusers.trafficserver.apache.org%3E
- https://lists.apache.org/thread.html/ad3d01e767199c1aed8033bb6b3f5bf98c011c7c536f07a5d34b3c19@%3Cannounce.trafficserver.apache.org%3E
- https://lists.apache.org/thread.html/bde52309316ae798186d783a5e29f4ad1527f61c9219a289d0eee0a7@%3Cdev.trafficserver.apache.org%3E
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4ZQGHE3WTYLYAYJEIDJVF2FIGQTAYPMC/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CMNFX5MNYRWWIMO4BTKYQCGUDMHO3AXP/
- https://seclists.org/bugtraq/2019/Aug/24
- https://seclists.org/bugtraq/2019/Aug/43
- https://seclists.org/bugtraq/2019/Sep/18
- https://security.netapp.com/advisory/ntap-20190823-0005/
- https://support.f5.com/csp/article/K50233772
- https://support.f5.com/csp/article/K50233772?utm_source=f5support&utm_medium=RSS
- https://usn.ubuntu.com/4308-1/
- https://www.debian.org/security/2019/dsa-4508
- https://www.debian.org/security/2019/dsa-4520
- https://www.synology.com/security/advisory/Synology_SA_19_33
- https://kc.mcafee.com/corporate/index?page=content&id=SB10296
- https://support.f5.com/csp/article/K50233772?utm_source=f5support&amp;utm_medium=RSS
- https://launchpad.net/bugs/cve/CVE-2019-9515
- https://lists.apache.org/thread.html/392108390cef48af647a2e47b7fd5380e050e35ae8d1aa2030254c04%40%3Cusers.trafficserver.apache.org%3E
- https://lists.apache.org/thread.html/ad3d01e767199c1aed8033bb6b3f5bf98c011c7c536f07a5d34b3c19%40%3Cannounce.trafficserver.apache.org%3E
- https://lists.apache.org/thread.html/bde52309316ae798186d783a5e29f4ad1527f61c9219a289d0eee0a7%40%3Cdev.trafficserver.apache.org%3E
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4ZQGHE3WTYLYAYJEIDJVF2FIGQTAYPMC/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CMNFX5MNYRWWIMO4BTKYQCGUDMHO3AXP/
- https://support.f5.com/csp/article/K50233772?utm_source=f5support&%3Butm_medium=RSS
- https://istio.io/blog/2019/announcing-1.2.4/
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1742333
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1742332
- https://github.com/nodejs/node/commit/74507fae34
- https://github.com/nodejs/node/commit/0acbe05ee2
- https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/
- https://www.mail-archive.com/grpc-io@googlegroups.com/msg06408.html
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1748604
- https://netty.io/news/2019/08/13/4-1-39-Final.html
- https://raw.githubusercontent.com/apache/trafficserver/8.0.x/CHANGELOG-8.0.4
- https://github.com/h2o/h2o/issues/2090
- https://github.com/h2o/h2o/commit/743d6b6118c29b75d0b84ef7950a2721c32dfe3f
- https://security-tracker.debian.org/tracker/CVE-2019-9515
- http://blog.kazuhooku.com/2019/08/h2o-version-226-230-beta2-released.html
- https://github.com/netty/netty/pull/9460
- https://labs.twistedmatrix.com/2019/11/twisted-19100-released.html
- https://ubuntu.com/security/notices/USN-4308-1
- https://ubuntu.com/security/notices/USN-4866-1
- https://www.cve.org/CVERecord?id=CVE-2019-9515
- https://nvd.nist.gov/vuln/detail/CVE-2019-9515
- https://github.com/twisted/twisted/commit/1595d9adc21c580065d1d6036c9611c411990816
- https://ubuntu.com/security/CVE-2019-9515
Parent vulnerabilities
(Appears in the following advisories)
- RHSA-2020:0922
- RHSA-2020:1445
- RHSA-2020:3196
- RHSA-2019:2925
- RHSA-2019:4352
- RHSA-2020:0727
- RHSA-2019:4021
- RHSA-2019:4018
- RHSA-2019:4019
- RHSA-2019:4020
- RHSA-2020:2565
- RHSA-2019:3892
- RHSA-2020:0983
- RHSA-2019:2766
- RHSA-2019:2861
- RHSA-2019:2796
- RHSA-2020:3197
- RHSA-2019:4045
- RHSA-2019:4040
- RHSA-2019:4041
- RHSA-2019:4042
- RHSA-2019:2939
- RHSA-2019:2955
- RHSA-2020:2067
- USN-4308-1
- USN-4866-1
- collector/redhat-cve
- agent/type
- agent/last-modified-date
- collector/launchpad-cve
- source/Launchpad
- agent/author
- agent/weakness
- agent/first-publish-date
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2019-9515
- agent/software-canonical-lookup
- agent/remedy
- agent/severity
- agent/description
- agent/event
- collector/usn-cve
- source/Ubuntu
- agent/references
- agent/tags
- collector/security-tracker-debian
- source/Debian
- agent/softwarecombine
- collector/nvd-cve
- source/NVD
- agent/software-canonical-lookup-request
- collector/nvd-index
- package-manager/redhat
- package-manager/ubuntu
- package-manager/debian
- vendor/apple
- canonical/apple swiftnio
- version/apple swiftnio/1.0.0
- version/apple swiftnio/1.4.0
- canonical/apple mac os x
- version/apple mac os x/10.12
- vendor/canonical
- canonical/canonical ubuntu linux
- version/canonical ubuntu linux/14.04
- vendor/apache
- canonical/apache traffic server
- version/apache traffic server/6.0.0
- version/apache traffic server/6.2.3
- version/apache traffic server/7.0.0
- version/apache traffic server/7.1.6
- version/apache traffic server/8.0.0
- version/apache traffic server/8.0.3
- version/canonical ubuntu linux/16.04
- version/canonical ubuntu linux/18.04
- version/canonical ubuntu linux/19.04
- vendor/debian
- canonical/debian debian linux
- version/debian debian linux/9.0
- version/debian debian linux/10.0
- vendor/synology
- canonical/synology diskstation manager
- version/synology diskstation manager/6.2
- canonical/synology skynas
- canonical/synology vs960hd firmware
- canonical/synology vs960hd
- vendor/fedoraproject
- canonical/fedoraproject fedora
- version/fedoraproject fedora/29
- version/fedoraproject fedora/30
- vendor/opensuse
- canonical/opensuse leap
- version/opensuse leap/15.0
- version/opensuse leap/15.1
- vendor/redhat
- canonical/redhat jboss core services
- version/redhat jboss core services/1.0
- canonical/redhat jboss enterprise application platform
- version/redhat jboss enterprise application platform/7.2.0
- version/redhat jboss enterprise application platform/7.3.0
- canonical/redhat openshift container platform
- version/redhat openshift container platform/4.1
- canonical/redhat openshift service mesh
- version/redhat openshift service mesh/1.0
- canonical/redhat openstack
- version/redhat openstack/14
- canonical/redhat quay
- version/redhat quay/3.0.0
- canonical/redhat single sign-on
- version/redhat single sign-on/7.3
- canonical/redhat software collections
- version/redhat software collections/1.0
- canonical/redhat enterprise linux
- version/redhat enterprise linux/8.0
- vendor/oracle
- canonical/oracle graalvm
- version/oracle graalvm/19.2.0
- vendor/mcafee
- canonical/mcafee web gateway
- version/mcafee web gateway/7.7.2.0
- version/mcafee web gateway/7.8.2.0
- version/mcafee web gateway/8.1.0
- vendor/f5
- canonical/f5 big-ip local traffic manager
- version/f5 big-ip local traffic manager/11.6.1
- version/f5 big-ip local traffic manager/12.1.0
- version/f5 big-ip local traffic manager/13.1.0
- version/f5 big-ip local traffic manager/14.0.0
- version/f5 big-ip local traffic manager/14.1.0
- version/f5 big-ip local traffic manager/15.0.0
- vendor/nodejs
- canonical/nodejs node.js
- version/nodejs node.js/8.0.0
- version/nodejs node.js/8.8.1
- version/nodejs node.js/8.9.0
- version/nodejs node.js/10.0.0
- version/nodejs node.js/10.12.0
- version/nodejs node.js/10.13.0
- version/nodejs node.js/12.0.0