First published: Thu Aug 01 2019(Updated: )
Some HTTP/2 implementations are vulnerable to a settings flood, potentially leading to a denial of service. The attacker sends a stream of SETTINGS frames to the peer. Since the RFC requires that the peer reply with one acknowledgement per SETTINGS frame, an empty SETTINGS frame is almost equivalent in behavior to a ping. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both.
Credit: cret@cert.org cret@cert.org
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/eap7-apache-cxf | <0:3.2.10-1.redhat_00001.1.el6ea | 0:3.2.10-1.redhat_00001.1.el6ea |
redhat/eap7-byte-buddy | <0:1.9.11-1.redhat_00002.1.el6ea | 0:1.9.11-1.redhat_00002.1.el6ea |
redhat/eap7-glassfish-jsf | <0:2.3.5-5.SP3_redhat_00003.1.el6ea | 0:2.3.5-5.SP3_redhat_00003.1.el6ea |
redhat/eap7-hal-console | <0:3.0.17-2.Final_redhat_00001.1.el6ea | 0:3.0.17-2.Final_redhat_00001.1.el6ea |
redhat/eap7-hibernate | <0:5.3.13-1.Final_redhat_00001.1.el6ea | 0:5.3.13-1.Final_redhat_00001.1.el6ea |
redhat/eap7-ironjacamar | <0:1.4.18-1.Final_redhat_00001.1.el6ea | 0:1.4.18-1.Final_redhat_00001.1.el6ea |
redhat/eap7-jboss-genericjms | <0:2.0.2-1.Final_redhat_00001.1.el6ea | 0:2.0.2-1.Final_redhat_00001.1.el6ea |
redhat/eap7-jboss-msc | <0:1.4.11-1.Final_redhat_00001.1.el6ea | 0:1.4.11-1.Final_redhat_00001.1.el6ea |
redhat/eap7-jboss-remoting | <0:5.0.16-2.Final_redhat_00001.1.el6ea | 0:5.0.16-2.Final_redhat_00001.1.el6ea |
redhat/eap7-jboss-server-migration | <0:1.3.1-6.Final_redhat_00006.1.el6ea | 0:1.3.1-6.Final_redhat_00006.1.el6ea |
redhat/eap7-jboss-xnio-base | <0:3.7.6-2.SP1_redhat_00001.1.el6ea | 0:3.7.6-2.SP1_redhat_00001.1.el6ea |
redhat/eap7-picketbox | <0:5.0.3-6.Final_redhat_00005.1.el6ea | 0:5.0.3-6.Final_redhat_00005.1.el6ea |
redhat/eap7-picketlink-bindings | <0:2.5.5-20.SP12_redhat_00009.1.el6ea | 0:2.5.5-20.SP12_redhat_00009.1.el6ea |
redhat/eap7-picketlink-federation | <0:2.5.5-20.SP12_redhat_00009.1.el6ea | 0:2.5.5-20.SP12_redhat_00009.1.el6ea |
redhat/eap7-resteasy | <0:3.6.1-7.SP7_redhat_00001.1.el6ea | 0:3.6.1-7.SP7_redhat_00001.1.el6ea |
redhat/eap7-undertow | <0:2.0.26-2.SP3_redhat_00001.1.el6ea | 0:2.0.26-2.SP3_redhat_00001.1.el6ea |
redhat/eap7-wildfly | <0:7.2.5-4.GA_redhat_00002.1.el6ea | 0:7.2.5-4.GA_redhat_00002.1.el6ea |
redhat/eap7-wildfly-elytron | <0:1.6.5-1.Final_redhat_00001.1.el6ea | 0:1.6.5-1.Final_redhat_00001.1.el6ea |
redhat/eap7-wildfly-elytron-tool | <0:1.4.4-1.Final_redhat_00001.1.el6ea | 0:1.4.4-1.Final_redhat_00001.1.el6ea |
redhat/eap7-wildfly-http-client | <0:1.0.17-1.Final_redhat_00001.1.el6ea | 0:1.0.17-1.Final_redhat_00001.1.el6ea |
redhat/eap7-wildfly-openssl | <0:1.0.8-1.Final_redhat_00001.1.el6ea | 0:1.0.8-1.Final_redhat_00001.1.el6ea |
redhat/eap7-yasson | <0:1.0.5-1.redhat_00001.1.el6ea | 0:1.0.5-1.redhat_00001.1.el6ea |
redhat/eap7-apache-cxf | <0:3.2.10-1.redhat_00001.1.el7ea | 0:3.2.10-1.redhat_00001.1.el7ea |
redhat/eap7-byte-buddy | <0:1.9.11-1.redhat_00002.1.el7ea | 0:1.9.11-1.redhat_00002.1.el7ea |
redhat/eap7-glassfish-jsf | <0:2.3.5-5.SP3_redhat_00003.1.el7ea | 0:2.3.5-5.SP3_redhat_00003.1.el7ea |
redhat/eap7-hal-console | <0:3.0.17-2.Final_redhat_00001.1.el7ea | 0:3.0.17-2.Final_redhat_00001.1.el7ea |
redhat/eap7-hibernate | <0:5.3.13-1.Final_redhat_00001.1.el7ea | 0:5.3.13-1.Final_redhat_00001.1.el7ea |
redhat/eap7-ironjacamar | <0:1.4.18-1.Final_redhat_00001.1.el7ea | 0:1.4.18-1.Final_redhat_00001.1.el7ea |
redhat/eap7-jboss-genericjms | <0:2.0.2-1.Final_redhat_00001.1.el7ea | 0:2.0.2-1.Final_redhat_00001.1.el7ea |
redhat/eap7-jboss-msc | <0:1.4.11-1.Final_redhat_00001.1.el7ea | 0:1.4.11-1.Final_redhat_00001.1.el7ea |
redhat/eap7-jboss-remoting | <0:5.0.16-2.Final_redhat_00001.1.el7ea | 0:5.0.16-2.Final_redhat_00001.1.el7ea |
redhat/eap7-jboss-server-migration | <0:1.3.1-6.Final_redhat_00006.1.el7ea | 0:1.3.1-6.Final_redhat_00006.1.el7ea |
redhat/eap7-jboss-xnio-base | <0:3.7.6-2.SP1_redhat_00001.1.el7ea | 0:3.7.6-2.SP1_redhat_00001.1.el7ea |
redhat/eap7-picketbox | <0:5.0.3-6.Final_redhat_00005.1.el7ea | 0:5.0.3-6.Final_redhat_00005.1.el7ea |
redhat/eap7-picketlink-bindings | <0:2.5.5-20.SP12_redhat_00009.1.el7ea | 0:2.5.5-20.SP12_redhat_00009.1.el7ea |
redhat/eap7-picketlink-federation | <0:2.5.5-20.SP12_redhat_00009.1.el7ea | 0:2.5.5-20.SP12_redhat_00009.1.el7ea |
redhat/eap7-resteasy | <0:3.6.1-7.SP7_redhat_00001.1.el7ea | 0:3.6.1-7.SP7_redhat_00001.1.el7ea |
redhat/eap7-undertow | <0:2.0.26-2.SP3_redhat_00001.1.el7ea | 0:2.0.26-2.SP3_redhat_00001.1.el7ea |
redhat/eap7-wildfly | <0:7.2.5-4.GA_redhat_00002.1.el7ea | 0:7.2.5-4.GA_redhat_00002.1.el7ea |
redhat/eap7-wildfly-elytron | <0:1.6.5-1.Final_redhat_00001.1.el7ea | 0:1.6.5-1.Final_redhat_00001.1.el7ea |
redhat/eap7-wildfly-elytron-tool | <0:1.4.4-1.Final_redhat_00001.1.el7ea | 0:1.4.4-1.Final_redhat_00001.1.el7ea |
redhat/eap7-wildfly-http-client | <0:1.0.17-1.Final_redhat_00001.1.el7ea | 0:1.0.17-1.Final_redhat_00001.1.el7ea |
redhat/eap7-wildfly-openssl | <0:1.0.8-1.Final_redhat_00001.1.el7ea | 0:1.0.8-1.Final_redhat_00001.1.el7ea |
redhat/eap7-yasson | <0:1.0.5-1.redhat_00001.1.el7ea | 0:1.0.5-1.redhat_00001.1.el7ea |
redhat/eap7-apache-cxf | <0:3.2.10-1.redhat_00001.1.el8ea | 0:3.2.10-1.redhat_00001.1.el8ea |
redhat/eap7-byte-buddy | <0:1.9.11-1.redhat_00002.1.el8ea | 0:1.9.11-1.redhat_00002.1.el8ea |
redhat/eap7-glassfish-jsf | <0:2.3.5-5.SP3_redhat_00003.1.el8ea | 0:2.3.5-5.SP3_redhat_00003.1.el8ea |
redhat/eap7-hal-console | <0:3.0.17-2.Final_redhat_00001.1.el8ea | 0:3.0.17-2.Final_redhat_00001.1.el8ea |
redhat/eap7-hibernate | <0:5.3.13-1.Final_redhat_00001.1.el8ea | 0:5.3.13-1.Final_redhat_00001.1.el8ea |
redhat/eap7-ironjacamar | <0:1.4.18-1.Final_redhat_00001.1.el8ea | 0:1.4.18-1.Final_redhat_00001.1.el8ea |
redhat/eap7-jboss-genericjms | <0:2.0.2-1.Final_redhat_00001.1.el8ea | 0:2.0.2-1.Final_redhat_00001.1.el8ea |
redhat/eap7-jboss-msc | <0:1.4.11-1.Final_redhat_00001.1.el8ea | 0:1.4.11-1.Final_redhat_00001.1.el8ea |
redhat/eap7-jboss-remoting | <0:5.0.16-2.Final_redhat_00001.1.el8ea | 0:5.0.16-2.Final_redhat_00001.1.el8ea |
redhat/eap7-jboss-server-migration | <0:1.3.1-6.Final_redhat_00006.1.el8ea | 0:1.3.1-6.Final_redhat_00006.1.el8ea |
redhat/eap7-jboss-xnio-base | <0:3.7.6-2.SP1_redhat_00001.1.el8ea | 0:3.7.6-2.SP1_redhat_00001.1.el8ea |
redhat/eap7-picketbox | <0:5.0.3-6.Final_redhat_00005.1.el8ea | 0:5.0.3-6.Final_redhat_00005.1.el8ea |
redhat/eap7-picketlink-bindings | <0:2.5.5-20.SP12_redhat_00009.1.el8ea | 0:2.5.5-20.SP12_redhat_00009.1.el8ea |
redhat/eap7-picketlink-federation | <0:2.5.5-20.SP12_redhat_00009.1.el8ea | 0:2.5.5-20.SP12_redhat_00009.1.el8ea |
redhat/eap7-resteasy | <0:3.6.1-7.SP7_redhat_00001.1.el8ea | 0:3.6.1-7.SP7_redhat_00001.1.el8ea |
redhat/eap7-undertow | <0:2.0.26-2.SP3_redhat_00001.1.el8ea | 0:2.0.26-2.SP3_redhat_00001.1.el8ea |
redhat/eap7-wildfly | <0:7.2.5-4.GA_redhat_00002.1.el8ea | 0:7.2.5-4.GA_redhat_00002.1.el8ea |
redhat/eap7-wildfly-elytron | <0:1.6.5-1.Final_redhat_00001.1.el8ea | 0:1.6.5-1.Final_redhat_00001.1.el8ea |
redhat/eap7-wildfly-elytron-tool | <0:1.4.4-1.Final_redhat_00001.1.el8ea | 0:1.4.4-1.Final_redhat_00001.1.el8ea |
redhat/eap7-wildfly-http-client | <0:1.0.17-1.Final_redhat_00001.1.el8ea | 0:1.0.17-1.Final_redhat_00001.1.el8ea |
redhat/eap7-wildfly-openssl | <0:1.0.8-1.Final_redhat_00001.1.el8ea | 0:1.0.8-1.Final_redhat_00001.1.el8ea |
redhat/eap7-yasson | <0:1.0.5-1.redhat_00001.1.el8ea | 0:1.0.5-1.redhat_00001.1.el8ea |
redhat/skydive | <0:0.20.5-2.el7 | 0:0.20.5-2.el7 |
redhat/rh-sso7-keycloak | <0:4.8.15-1.Final_redhat_00001.1.el6 | 0:4.8.15-1.Final_redhat_00001.1.el6 |
redhat/rh-sso7-keycloak | <0:4.8.15-1.Final_redhat_00001.1.el7 | 0:4.8.15-1.Final_redhat_00001.1.el7 |
redhat/rh-sso7-keycloak | <0:4.8.15-1.Final_redhat_00001.1.el8 | 0:4.8.15-1.Final_redhat_00001.1.el8 |
redhat/rh-nodejs10 | <0:3.2-3.el7 | 0:3.2-3.el7 |
redhat/rh-nodejs10-nodejs | <0:10.16.3-3.el7 | 0:10.16.3-3.el7 |
redhat/rh-nodejs8 | <0:3.0-5.el7 | 0:3.0-5.el7 |
redhat/rh-nodejs8-nodejs | <0:8.16.1-2.el7 | 0:8.16.1-2.el7 |
redhat/envoy | <1.11.1 | 1.11.1 |
redhat/Nodejs | <8.16.1 | 8.16.1 |
redhat/Nodejs | <10.16.3 | 10.16.3 |
redhat/Nodejs | <12.8.1 | 12.8.1 |
redhat/gRPC-Go | <1.21.3 | 1.21.3 |
redhat/gRPC-Go | <1.22.2 | 1.22.2 |
redhat/gRPC-Go | <1.23.0 | 1.23.0 |
All of | ||
Apple Swiftnio | >=1.0.0<=1.4.0 | |
Any of | ||
Apple Mac OS X | >=10.12 | |
Canonical Ubuntu Linux | >=14.04 | |
Apache Traffic Server | >=6.0.0<=6.2.3 | |
Apache Traffic Server | >=7.0.0<=7.1.6 | |
Apache Traffic Server | >=8.0.0<=8.0.3 | |
Canonical Ubuntu Linux | =16.04 | |
Canonical Ubuntu Linux | =18.04 | |
Canonical Ubuntu Linux | =19.04 | |
Debian Debian Linux | =9.0 | |
Debian Debian Linux | =10.0 | |
Synology DiskStation Manager | =6.2 | |
Synology Skynas | ||
All of | ||
Synology Vs960hd Firmware | ||
Synology Vs960hd | ||
Fedoraproject Fedora | =29 | |
Fedoraproject Fedora | =30 | |
openSUSE Leap | =15.0 | |
openSUSE Leap | =15.1 | |
Redhat Jboss Core Services | =1.0 | |
Redhat Jboss Enterprise Application Platform | =7.2.0 | |
Redhat Jboss Enterprise Application Platform | =7.3.0 | |
Redhat Openshift Container Platform | =4.1 | |
Redhat Openshift Service Mesh | =1.0 | |
Redhat Openstack | =14 | |
Redhat Quay | =3.0.0 | |
Redhat Single Sign-on | =7.3 | |
Redhat Software Collections | =1.0 | |
Redhat Enterprise Linux | =8.0 | |
Oracle GraalVM | =19.2.0 | |
McAfee Web Gateway | >=7.7.2.0<7.7.2.24 | |
McAfee Web Gateway | >=7.8.2.0<7.8.2.13 | |
McAfee Web Gateway | >=8.1.0<8.2.0 | |
F5 Big-ip Local Traffic Manager | >=11.6.1<11.6.5.1 | |
F5 Big-ip Local Traffic Manager | >=12.1.0<12.1.5.1 | |
F5 Big-ip Local Traffic Manager | >=13.1.0<13.1.3.2 | |
F5 Big-ip Local Traffic Manager | >=14.0.0<14.0.1.1 | |
F5 Big-ip Local Traffic Manager | >=14.1.0<14.1.2.1 | |
F5 Big-ip Local Traffic Manager | >=15.0.0<15.0.1.1 | |
Nodejs Node.js | >=8.0.0<=8.8.1 | |
Nodejs Node.js | >=8.9.0<8.16.1 | |
Nodejs Node.js | >=10.0.0<=10.12.0 | |
Nodejs Node.js | >=10.13.0<10.16.3 | |
Nodejs Node.js | >=12.0.0<12.8.1 | |
Apple Swiftnio | >=1.0.0<=1.4.0 | |
Apple Mac OS X | >=10.12 | |
Canonical Ubuntu Linux | >=14.04 | |
Synology Vs960hd Firmware | ||
Synology Vs960hd | ||
debian/h2o | 2.2.5+dfsg2-2+deb10u1 2.2.5+dfsg2-2+deb10u2 2.2.5+dfsg2-6 2.2.5+dfsg2-7 2.2.5+dfsg2-8 2.2.5+dfsg2-8.1 | |
debian/trafficserver | 8.0.2+ds-1+deb10u6 8.1.7-0+deb10u4 8.1.9+ds-1~deb11u1 8.1.10+ds-1~deb11u1 9.2.3+ds-1+deb12u1 9.2.4+ds-0+deb12u1 9.2.4+ds-2 | |
ubuntu/h2o | <2.2.5+dfsg2-2+ | 2.2.5+dfsg2-2+ |
ubuntu/h2o | <2.2.5+dfsg2-3 | 2.2.5+dfsg2-3 |
ubuntu/netty | <1:4.1.7-4ubuntu0.1+ | 1:4.1.7-4ubuntu0.1+ |
ubuntu/twisted | <17.9.0-2ubuntu0.1 | 17.9.0-2ubuntu0.1 |
ubuntu/twisted | <18.9.0-3ubuntu1.1 | 18.9.0-3ubuntu1.1 |
ubuntu/twisted | <18.9.0-6ubuntu1 | 18.9.0-6ubuntu1 |
ubuntu/twisted | <18.9.0-6ubuntu1 | 18.9.0-6ubuntu1 |
ubuntu/twisted | <18.9.0-6ubuntu1 | 18.9.0-6ubuntu1 |
ubuntu/twisted | <18.9.0-6ubuntu1 | 18.9.0-6ubuntu1 |
ubuntu/twisted | <18.9.0-6ubuntu1 | 18.9.0-6ubuntu1 |
ubuntu/twisted | <18.9.0-6ubuntu1 | 18.9.0-6ubuntu1 |
ubuntu/twisted | <18.9.0-6ubuntu1 | 18.9.0-6ubuntu1 |
ubuntu/twisted | <18.9.0-6ubuntu1 | 18.9.0-6ubuntu1 |
ubuntu/twisted | <18.9.0-6ubuntu1 | 18.9.0-6ubuntu1 |
ubuntu/twisted | <19.10.0 | 19.10.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Appears in the following advisories)