Resolution for HTTP/2 Denial of Service vulnerability from CVE-2019-9511 to 9518
Issue
- HTTP/2: large amount of data request leads to denial of service (CVE-2019-9511)
- HTTP/2: flood using PING frames results in unbounded memory growth (CVE-2019-9512)
- HTTP/2: flood using PRIORITY frames resulting in excessive resource consumption (CVE-2019-9513)
- HTTP/2: flood using HEADERS frames results in unbounded memory growth (CVE-2019-9514)
- HTTP/2: flood using SETTINGS frames results in unbounded memory growth (CVE-2019-9515)
- HTTP/2: 0-length headers leads to denial of service (CVE-2019-9516)
- HTTP/2: request for large response leads to denial of service (CVE-2019-9517)
- HTTP/2: flood using empty frames results in excessive resources consumption (CVE-2019-9518)
Environment
- Red Hat Ansible Tower 3 for RHEL 7
- Red Hat Ceph Storage 2
- Red Hat Ceph Storage 3
- Red Hat Enterprise Linux 7
- Red Hat Enterprise Linux 8
- Red Hat Gluster Storage 3
- Red Hat JBoss A-MQ 7
- Red Hat JBoss Core Services 1
- Red Hat JBoss Data Grid 7
- Red Hat JBoss Data Virtualization 6
- Red Hat JBoss Fuse 6
- Red Hat JBoss Fuse 7
- Red Hat JBoss Web Server 3.0
- Red Hat JBoss Web Server 5
- Red Hat OpenShift Application Runtimes 1.0
- Red Hat OpenShift Container Platform 3.10
- Red Hat OpenShift Container Platform 3.11
- Red Hat OpenShift Container Platform 3.9
- Red Hat OpenShift Container Platform 4.1
- Red Hat OpenStack Platform 9.0 Operational Tools for RHEL 7
- Red Hat Single Sign-On 7
- Red Hat Software Collections for Red Hat Enterprise Linux
- atomic-openshift, golang, grafana, heketi, httpd, httpd24-httpd, httpd24-nghttp2, httpd:2.4/httpd, httpd:2.4/mod_http2, netty, nghttp2, nginx, nginx:1.14/nginx, nodejs, nodejs:10/nodejs, openshift, rh-nginx110-nginx, rh-nginx112-nginx, rh-nginx114-nginx, rh-nodejs10-nodejs, rh-nodejs8-nodejs, rhoar-nodejs
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.
