Resolution for HTTP/2 Denial of Service vulnerability from CVE-2019-9511 to 9518

Solution In Progress - Updated -

Issue

  • HTTP/2: large amount of data request leads to denial of service (CVE-2019-9511)
  • HTTP/2: flood using PING frames results in unbounded memory growth (CVE-2019-9512)
  • HTTP/2: flood using PRIORITY frames resulting in excessive resource consumption (CVE-2019-9513)
  • HTTP/2: flood using HEADERS frames results in unbounded memory growth (CVE-2019-9514)
  • HTTP/2: flood using SETTINGS frames results in unbounded memory growth (CVE-2019-9515)
  • HTTP/2: 0-length headers leads to denial of service (CVE-2019-9516)
  • HTTP/2: request for large response leads to denial of service (CVE-2019-9517)
  • HTTP/2: flood using empty frames results in excessive resources consumption (CVE-2019-9518)

Environment

  • Red Hat Ansible Tower 3 for RHEL 7
  • Red Hat Ceph Storage 2
  • Red Hat Ceph Storage 3
  • Red Hat Enterprise Linux 7
  • Red Hat Enterprise Linux 8
  • Red Hat Gluster Storage 3
  • Red Hat JBoss A-MQ 7
  • Red Hat JBoss Core Services 1
  • Red Hat JBoss Data Grid 7
  • Red Hat JBoss Data Virtualization 6
  • Red Hat JBoss Fuse 6
  • Red Hat JBoss Fuse 7
  • Red Hat JBoss Web Server 3.0
  • Red Hat JBoss Web Server 5
  • Red Hat OpenShift Application Runtimes 1.0
  • Red Hat OpenShift Container Platform 3.10
  • Red Hat OpenShift Container Platform 3.11
  • Red Hat OpenShift Container Platform 3.9
  • Red Hat OpenShift Container Platform 4.1
  • Red Hat OpenStack Platform 9.0 Operational Tools for RHEL 7
  • Red Hat Single Sign-On 7
  • Red Hat Software Collections for Red Hat Enterprise Linux
  • atomic-openshift, golang, grafana, heketi, httpd, httpd24-httpd, httpd24-nghttp2, httpd:2.4/httpd, httpd:2.4/mod_http2, netty, nghttp2, nginx, nginx:1.14/nginx, nodejs, nodejs:10/nodejs, openshift, rh-nginx110-nginx, rh-nginx112-nginx, rh-nginx114-nginx, rh-nodejs10-nodejs, rh-nodejs8-nodejs, rhoar-nodejs

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.

Current Customers and Partners

Log in for full access

Log In