Resolution for HTTP/2 Denial of Service vulnerability from CVE-2019-9511 to 9518

Solution In Progress - Updated -

Issue

  • HTTP/2: large amount of data request leads to denial of service (CVE-2019-9511)
  • HTTP/2: flood using PING frames results in unbounded memory growth (CVE-2019-9512)
  • HTTP/2: flood using PRIORITY frames resulting in excessive resource consumption (CVE-2019-9513)
  • HTTP/2: flood using HEADERS frames results in unbounded memory growth (CVE-2019-9514)
  • HTTP/2: flood using SETTINGS frames results in unbounded memory growth (CVE-2019-9515)
  • HTTP/2: 0-length headers leads to denial of service (CVE-2019-9516)
  • HTTP/2: request for large response leads to denial of service (CVE-2019-9517)
  • HTTP/2: flood using empty frames results in excessive resources consumption (CVE-2019-9518)

Environment

  • Red Hat Ansible Tower 3 for RHEL 7
  • Red Hat Ceph Storage 2
  • Red Hat Ceph Storage 3
  • Red Hat Enterprise Linux 7
  • Red Hat Enterprise Linux 8
  • Red Hat Gluster Storage 3
  • Red Hat JBoss A-MQ 7
  • Red Hat JBoss Core Services 1
  • Red Hat JBoss Data Grid 7
  • Red Hat JBoss Data Virtualization 6
  • Red Hat JBoss Fuse 6
  • Red Hat JBoss Fuse 7
  • Red Hat JBoss Web Server 3.0
  • Red Hat JBoss Web Server 5
  • Red Hat OpenShift Application Runtimes 1.0
  • Red Hat OpenShift Container Platform 3.10
  • Red Hat OpenShift Container Platform 3.11
  • Red Hat OpenShift Container Platform 3.9
  • Red Hat OpenShift Container Platform 4.1
  • Red Hat OpenStack Platform 9.0 Operational Tools for RHEL 7
  • Red Hat Single Sign-On 7
  • Red Hat Software Collections for Red Hat Enterprise Linux
  • atomic-openshift, golang, grafana, heketi, httpd, httpd24-httpd, httpd24-nghttp2, httpd:2.4/httpd, httpd:2.4/mod_http2, netty, nghttp2, nginx, nginx:1.14/nginx, nodejs, nodejs:10/nodejs, openshift, rh-nginx110-nginx, rh-nginx112-nginx, rh-nginx114-nginx, rh-nodejs10-nodejs, rh-nodejs8-nodejs, rhoar-nodejs

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content