CVE-2019-9517

7.8

HIGH CVSS 2.0

Apache HTTP/2 Unconstrained Internal Data Buffering Denial of Service Vulnerability

Description

Some HTTP/2 implementations are vulnerable to unconstrained interal data buffering, potentially leading to a denial of service. The attacker opens the HTTP/2 window so the peer can send without constraint; however, they leave the TCP window closed so the peer cannot actually write (many of) the bytes on the wire. The attacker then sends a stream of requests for a large response object. Depending on how the servers queue the responses, this can consume excess memory, CPU, or both.

INFO

Published Date :

Aug. 13, 2019, 9:15 p.m.

Last Modified :

Jan. 14, 2025, 7:29 p.m.

Remotely Exploit :

Yes !

Source :

[email protected]

Affected Products

The following products are affected by CVE-2019-9517 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

ID	Vendor	Product
1	Redhat	enterprise_linux
2	Redhat	software_collections
3	Redhat	jboss_enterprise_application_platform
4	Redhat	jboss_core_services
5	Redhat	openshift_service_mesh
6	Redhat	quay
1	Synology	diskstation_manager
2	Synology	vs960hd_firmware
3	Synology	skynas
4	Synology	diskstation_manager
5	Synology	vs960hd
1	Oracle	retail_xstore_point_of_service
2	Oracle	communications_element_manager
3	Oracle	instantis_enterprisetrack
4	Oracle	graalvm
1	Apache	traffic_server
2	Apache	http_server
1	Apple	mac_os_x
2	Apple	swiftnio
1	Canonical	ubuntu_linux
1	Fedoraproject	fedora
1	Debian	debian_linux
1	Opensuse	leap
1	Netapp	clustered_data_ontap
1	Nodejs	node.js
1	Mcafee	web_gateway

: Total Affected Vendor : 12 | Products : 26

CVSS Scores

The Common Vulnerability Scoring System is a standardized framework for assessing the severity of vulnerabilities in software and systems. We collect and displays CVSS scores from various sources for each CVE.

Version	Severity	Source
CVSS 2.0	HIGH	[email protected]
CVSS 3.0	HIGH	[email protected]
CVSS 3.1	HIGH	[email protected]

Solution

This vulnerability allows for a denial of service. To remediate, update the affected packages and upgrade Apache.

Update the affected packages.
Update Apache to version 2.4.41 or later.

Public PoC/Exploit Available at Github

CVE-2019-9517 has a 2 public PoC/Exploit available at Github. Go to the Public Exploits tab to see the list.

References to Advisories, Solutions, and Tools

Here, you will find a curated list of external links that provide in-depth information, practical solutions, and valuable tools related to CVE-2019-9517.

URL	Resource
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00004.html	Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00031.html	Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00032.html	Mailing List Third Party Advisory
http://www.openwall.com/lists/oss-security/2019/08/15/7	Mailing List Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:2893	Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:2925	Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:2939	Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:2946	Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:2949	Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:2950	Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:2955	Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:3932	Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:3933	Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:3935	Third Party Advisory
https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md	Third Party Advisory
https://kb.cert.org/vuls/id/605641/	Third Party Advisory US Government Resource
https://kc.mcafee.com/corporate/index?page=content&id=SB10296	Third Party Advisory
https://lists.apache.org/thread.html/4610762456644181b267c846423b3a990bd4aaea1886ecc7d51febdb%40%3Cannounce.httpd.apache.org%3E
https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/d89f999e26dfb1d50f247ead1fe8538014eb412b2dbe5be4b1a9ef50%40%3Cdev.httpd.apache.org%3E
https://lists.apache.org/thread.html/ec97fdfc1a859266e56fef084353a34e0a0b08901b3c1aa317a43c8c%40%3Cdev.httpd.apache.org%3E
https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r3c5c3104813c1c5508b55564b66546933079250a46ce50eee90b2e36%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4ZQGHE3WTYLYAYJEIDJVF2FIGQTAYPMC/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BP556LEG3WENHZI5TAQ6ZEBFTJB4E2IS/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CMNFX5MNYRWWIMO4BTKYQCGUDMHO3AXP/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XHTKU7YQ5EEP2XNSAV4M4VJ7QCBOJMOD/
https://seclists.org/bugtraq/2019/Aug/47	Mailing List Third Party Advisory
https://security.gentoo.org/glsa/201909-04	Third Party Advisory
https://security.netapp.com/advisory/ntap-20190823-0003/	Third Party Advisory
https://security.netapp.com/advisory/ntap-20190823-0005/	Third Party Advisory
https://security.netapp.com/advisory/ntap-20190905-0003/	Third Party Advisory
https://support.f5.com/csp/article/K02591030	Third Party Advisory
https://support.f5.com/csp/article/K02591030?utm_source=f5support&amp%3Butm_medium=RSS
https://usn.ubuntu.com/4113-1/	Third Party Advisory
https://www.debian.org/security/2019/dsa-4509	Third Party Advisory
https://www.oracle.com/security-alerts/cpuapr2020.html	Third Party Advisory
https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html	Patch Third Party Advisory
https://www.synology.com/security/advisory/Synology_SA_19_33	Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00004.html	Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00031.html	Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00032.html	Mailing List Third Party Advisory
http://www.openwall.com/lists/oss-security/2019/08/15/7	Mailing List Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:2893	Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:2925	Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:2939	Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:2946	Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:2949	Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:2950	Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:2955	Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:3932	Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:3933	Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:3935	Third Party Advisory
https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md	Third Party Advisory
https://kb.cert.org/vuls/id/605641/	Third Party Advisory US Government Resource
https://kc.mcafee.com/corporate/index?page=content&id=SB10296	Third Party Advisory
https://lists.apache.org/thread.html/4610762456644181b267c846423b3a990bd4aaea1886ecc7d51febdb%40%3Cannounce.httpd.apache.org%3E
https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/d89f999e26dfb1d50f247ead1fe8538014eb412b2dbe5be4b1a9ef50%40%3Cdev.httpd.apache.org%3E
https://lists.apache.org/thread.html/ec97fdfc1a859266e56fef084353a34e0a0b08901b3c1aa317a43c8c%40%3Cdev.httpd.apache.org%3E
https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r3c5c3104813c1c5508b55564b66546933079250a46ce50eee90b2e36%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4ZQGHE3WTYLYAYJEIDJVF2FIGQTAYPMC/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BP556LEG3WENHZI5TAQ6ZEBFTJB4E2IS/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CMNFX5MNYRWWIMO4BTKYQCGUDMHO3AXP/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XHTKU7YQ5EEP2XNSAV4M4VJ7QCBOJMOD/
https://seclists.org/bugtraq/2019/Aug/47	Mailing List Third Party Advisory
https://security.gentoo.org/glsa/201909-04	Third Party Advisory
https://security.netapp.com/advisory/ntap-20190823-0003/	Third Party Advisory
https://security.netapp.com/advisory/ntap-20190823-0005/	Third Party Advisory
https://security.netapp.com/advisory/ntap-20190905-0003/	Third Party Advisory
https://support.f5.com/csp/article/K02591030	Third Party Advisory
https://support.f5.com/csp/article/K02591030?utm_source=f5support&amp%3Butm_medium=RSS
https://usn.ubuntu.com/4113-1/	Third Party Advisory
https://www.debian.org/security/2019/dsa-4509	Third Party Advisory
https://www.oracle.com/security-alerts/cpuapr2020.html	Third Party Advisory
https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html	Patch Third Party Advisory
https://www.synology.com/security/advisory/Synology_SA_19_33	Third Party Advisory

CWE - Common Weakness Enumeration

While CVE identifies specific instances of vulnerabilities, CWE categorizes the common flaws or weaknesses that can lead to vulnerabilities. CVE-2019-9517 is associated with the following CWEs:

CWE-400: Uncontrolled Resource Consumption

CWE-770: Allocation of Resources Without Limits or Throttling

Common Attack Pattern Enumeration and Classification (CAPEC)

Common Attack Pattern Enumeration and Classification (CAPEC) stores attack patterns, which are descriptions of the common attributes and approaches employed by adversaries to exploit the CVE-2019-9517 weaknesses.

CAPEC-147: XML Ping of the Death XML Ping of the Death CAPEC-227: Sustained Client Engagement Sustained Client Engagement CAPEC-492: Regular Expression Exponential Blowup Regular Expression Exponential Blowup CAPEC-125: Flooding Flooding CAPEC-130: Excessive Allocation Excessive Allocation CAPEC-147: XML Ping of the Death XML Ping of the Death CAPEC-197: Exponential Data Expansion Exponential Data Expansion CAPEC-229: Serialized Data Parameter Blowup Serialized Data Parameter Blowup CAPEC-230: Serialized Data with Nested Payloads Serialized Data with Nested Payloads CAPEC-231: Oversized Serialized Data Payloads Oversized Serialized Data Payloads CAPEC-469: HTTP DoS HTTP DoS CAPEC-482: TCP Flood TCP Flood CAPEC-486: UDP Flood UDP Flood CAPEC-487: ICMP Flood ICMP Flood CAPEC-488: HTTP Flood HTTP Flood CAPEC-489: SSL Flood SSL Flood CAPEC-490: Amplification Amplification CAPEC-491: Quadratic Data Expansion Quadratic Data Expansion CAPEC-493: SOAP Array Blowup SOAP Array Blowup CAPEC-494: TCP Fragmentation TCP Fragmentation CAPEC-495: UDP Fragmentation UDP Fragmentation CAPEC-496: ICMP Fragmentation ICMP Fragmentation CAPEC-528: XML Flood XML Flood

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

M0rPH3U53/Massap

Accélération de la vitesse de scan de ports en combinant Nmap & Masscan

Shell

Updated: 6 months, 2 weeks ago

0 stars 0 fork 0 watcher

Born at : Feb. 3, 2025, 9:11 p.m. This repo has been linked 67 different CVEs too.

florentvinai/CompteRendu-CTF-Mordor

Compte rendu ctf mordor fait dans le cadre de INF805

Updated: 1 year, 5 months ago

0 stars 0 fork 0 watcher

Born at : March 16, 2024, 8:05 p.m. This repo has been linked 3 different CVEs too.

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2019-9517 vulnerability anywhere in the article.

Results are limited to the first 20 news articles due to potential performance issues.

The following table lists the changes that have been made to the CVE-2019-9517 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

CPE Deprecation Remap by [email protected]

Jan. 14, 2025

Action	Type	Old Value	New Value
Changed	CPE Configuration	OR cpe:2.3:a:synology:diskstation_manager:6.2:::::::	OR cpe:2.3:o:synology:diskstation_manager:6.2:::::::

CVE Modified by af854a3a-2127-422b-91ae-364da2661108

Nov. 21, 2024

Action	Type	New Value
Added	Reference	http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00004.html
Added	Reference	http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00031.html
Added	Reference	http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00032.html
Added	Reference	http://www.openwall.com/lists/oss-security/2019/08/15/7
Added	Reference	https://access.redhat.com/errata/RHSA-2019:2893
Added	Reference	https://access.redhat.com/errata/RHSA-2019:2925
Added	Reference	https://access.redhat.com/errata/RHSA-2019:2939
Added	Reference	https://access.redhat.com/errata/RHSA-2019:2946
Added	Reference	https://access.redhat.com/errata/RHSA-2019:2949
Added	Reference	https://access.redhat.com/errata/RHSA-2019:2950
Added	Reference	https://access.redhat.com/errata/RHSA-2019:2955
Added	Reference	https://access.redhat.com/errata/RHSA-2019:3932
Added	Reference	https://access.redhat.com/errata/RHSA-2019:3933
Added	Reference	https://access.redhat.com/errata/RHSA-2019:3935
Added	Reference	https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md
Added	Reference	https://kb.cert.org/vuls/id/605641/
Added	Reference	https://kc.mcafee.com/corporate/index?page=content&id=SB10296
Added	Reference	https://lists.apache.org/thread.html/4610762456644181b267c846423b3a990bd4aaea1886ecc7d51febdb%40%3Cannounce.httpd.apache.org%3E
Added	Reference	https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E
Added	Reference	https://lists.apache.org/thread.html/d89f999e26dfb1d50f247ead1fe8538014eb412b2dbe5be4b1a9ef50%40%3Cdev.httpd.apache.org%3E
Added	Reference	https://lists.apache.org/thread.html/ec97fdfc1a859266e56fef084353a34e0a0b08901b3c1aa317a43c8c%40%3Cdev.httpd.apache.org%3E
Added	Reference	https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d%40%3Ccvs.httpd.apache.org%3E
Added	Reference	https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E
Added	Reference	https://lists.apache.org/thread.html/r3c5c3104813c1c5508b55564b66546933079250a46ce50eee90b2e36%40%3Ccvs.httpd.apache.org%3E
Added	Reference	https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E
Added	Reference	https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E
Added	Reference	https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E
Added	Reference	https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E
Added	Reference	https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538%40%3Ccvs.httpd.apache.org%3E
Added	Reference	https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E
Added	Reference	https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E
Added	Reference	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4ZQGHE3WTYLYAYJEIDJVF2FIGQTAYPMC/
Added	Reference	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BP556LEG3WENHZI5TAQ6ZEBFTJB4E2IS/
Added	Reference	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CMNFX5MNYRWWIMO4BTKYQCGUDMHO3AXP/
Added	Reference	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XHTKU7YQ5EEP2XNSAV4M4VJ7QCBOJMOD/
Added	Reference	https://seclists.org/bugtraq/2019/Aug/47
Added	Reference	https://security.gentoo.org/glsa/201909-04
Added	Reference	https://security.netapp.com/advisory/ntap-20190823-0003/
Added	Reference	https://security.netapp.com/advisory/ntap-20190823-0005/
Added	Reference	https://security.netapp.com/advisory/ntap-20190905-0003/
Added	Reference	https://support.f5.com/csp/article/K02591030
Added	Reference	https://support.f5.com/csp/article/K02591030?utm_source=f5support&amp%3Butm_medium=RSS
Added	Reference	https://usn.ubuntu.com/4113-1/
Added	Reference	https://www.debian.org/security/2019/dsa-4509
Added	Reference	https://www.oracle.com/security-alerts/cpuapr2020.html
Added	Reference	https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
Added	Reference	https://www.synology.com/security/advisory/Synology_SA_19_33

Action	Type	Old Value	New Value
Added	Reference		CERT/CC https://lists.apache.org/thread.html/4610762456644181b267c846423b3a990bd4aaea1886ecc7d51febdb%40%3Cannounce.httpd.apache.org%3E [No types assigned]
Added	Reference		CERT/CC https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E [No types assigned]
Added	Reference		CERT/CC https://lists.apache.org/thread.html/ec97fdfc1a859266e56fef084353a34e0a0b08901b3c1aa317a43c8c%40%3Cdev.httpd.apache.org%3E [No types assigned]
Added	Reference		CERT/CC https://lists.apache.org/thread.html/d89f999e26dfb1d50f247ead1fe8538014eb412b2dbe5be4b1a9ef50%40%3Cdev.httpd.apache.org%3E [No types assigned]
Added	Reference		CERT/CC https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CMNFX5MNYRWWIMO4BTKYQCGUDMHO3AXP/ [No types assigned]
Added	Reference		CERT/CC https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4ZQGHE3WTYLYAYJEIDJVF2FIGQTAYPMC/ [No types assigned]
Added	Reference		CERT/CC https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BP556LEG3WENHZI5TAQ6ZEBFTJB4E2IS/ [No types assigned]
Added	Reference		CERT/CC https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XHTKU7YQ5EEP2XNSAV4M4VJ7QCBOJMOD/ [No types assigned]
Added	Reference		CERT/CC https://support.f5.com/csp/article/K02591030?utm_source=f5support&amp%3Butm_medium=RSS [No types assigned]
Added	Reference		CERT/CC https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E [No types assigned]
Added	Reference		CERT/CC https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E [No types assigned]
Added	Reference		CERT/CC https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E [No types assigned]
Added	Reference		CERT/CC https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E [No types assigned]
Added	Reference		CERT/CC https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E [No types assigned]
Added	Reference		CERT/CC https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d%40%3Ccvs.httpd.apache.org%3E [No types assigned]
Added	Reference		CERT/CC https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538%40%3Ccvs.httpd.apache.org%3E [No types assigned]
Added	Reference		CERT/CC https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E [No types assigned]
Added	Reference		CERT/CC https://lists.apache.org/thread.html/r3c5c3104813c1c5508b55564b66546933079250a46ce50eee90b2e36%40%3Ccvs.httpd.apache.org%3E [No types assigned]
Added	Reference		CERT/CC https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E [No types assigned]
Removed	Reference	CERT/CC https://lists.apache.org/thread.html/4610762456644181b267c846423b3a990bd4aaea1886ecc7d51febdb@%3Cannounce.httpd.apache.org%3E
Removed	Reference	CERT/CC https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba@%3Ccvs.httpd.apache.org%3E
Removed	Reference	CERT/CC https://lists.apache.org/thread.html/d89f999e26dfb1d50f247ead1fe8538014eb412b2dbe5be4b1a9ef50@%3Cdev.httpd.apache.org%3E
Removed	Reference	CERT/CC https://lists.apache.org/thread.html/ec97fdfc1a859266e56fef084353a34e0a0b08901b3c1aa317a43c8c@%3Cdev.httpd.apache.org%3E
Removed	Reference	CERT/CC https://lists.fedoraproject.org/archives/list/[email protected]/message/CMNFX5MNYRWWIMO4BTKYQCGUDMHO3AXP/
Removed	Reference	CERT/CC https://lists.fedoraproject.org/archives/list/[email protected]/message/4ZQGHE3WTYLYAYJEIDJVF2FIGQTAYPMC/
Removed	Reference	CERT/CC https://lists.fedoraproject.org/archives/list/[email protected]/message/BP556LEG3WENHZI5TAQ6ZEBFTJB4E2IS/
Removed	Reference	CERT/CC https://lists.fedoraproject.org/archives/list/[email protected]/message/XHTKU7YQ5EEP2XNSAV4M4VJ7QCBOJMOD/
Removed	Reference	CERT/CC https://support.f5.com/csp/article/K02591030?utm_source=f5support&utm_medium=RSS
Removed	Reference	CERT/CC https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f@%3Ccvs.httpd.apache.org%3E
Removed	Reference	CERT/CC https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234@%3Ccvs.httpd.apache.org%3E
Removed	Reference	CERT/CC https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E
Removed	Reference	CERT/CC https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538@%3Ccvs.httpd.apache.org%3E
Removed	Reference	CERT/CC https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf@%3Ccvs.httpd.apache.org%3E
Removed	Reference	CERT/CC https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d@%3Ccvs.httpd.apache.org%3E
Removed	Reference	CERT/CC https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a@%3Ccvs.httpd.apache.org%3E
Removed	Reference	CERT/CC https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E
Removed	Reference	CERT/CC https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d@%3Ccvs.httpd.apache.org%3E
Removed	Reference	CERT/CC https://lists.apache.org/thread.html/r3c5c3104813c1c5508b55564b66546933079250a46ce50eee90b2e36@%3Ccvs.httpd.apache.org%3E

Action	Type	Old Value	New Value
Changed	Reference Type	https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d@%3Ccvs.httpd.apache.org%3E No Types Assigned	https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d@%3Ccvs.httpd.apache.org%3E Mailing List, Third Party Advisory
Changed	Reference Type	https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf@%3Ccvs.httpd.apache.org%3E No Types Assigned	https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf@%3Ccvs.httpd.apache.org%3E Mailing List, Third Party Advisory
Changed	Reference Type	https://lists.apache.org/thread.html/r3c5c3104813c1c5508b55564b66546933079250a46ce50eee90b2e36@%3Ccvs.httpd.apache.org%3E No Types Assigned	https://lists.apache.org/thread.html/r3c5c3104813c1c5508b55564b66546933079250a46ce50eee90b2e36@%3Ccvs.httpd.apache.org%3E Mailing List, Third Party Advisory
Changed	Reference Type	https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d@%3Ccvs.httpd.apache.org%3E No Types Assigned	https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d@%3Ccvs.httpd.apache.org%3E Mailing List, Third Party Advisory
Changed	Reference Type	https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E No Types Assigned	https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E Mailing List, Third Party Advisory
Changed	Reference Type	https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a@%3Ccvs.httpd.apache.org%3E No Types Assigned	https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a@%3Ccvs.httpd.apache.org%3E Mailing List, Third Party Advisory
Changed	Reference Type	https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538@%3Ccvs.httpd.apache.org%3E No Types Assigned	https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538@%3Ccvs.httpd.apache.org%3E Mailing List, Third Party Advisory
Changed	Reference Type	https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E No Types Assigned	https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E Mailing List, Third Party Advisory
Added	CPE Configuration		OR cpe:2.3:a:nodejs:node.js:::::-::: versions from (including) 8.0.0 up to (including) 8.8.1 cpe:2.3:a:nodejs:node.js:::::lts::: versions from (including) 8.9.0 up to (excluding) 8.16.1 cpe:2.3:a:nodejs:node.js:::::-::: versions from (including) 10.0.0 up to (including) 10.12.0 cpe:2.3:a:nodejs:node.js:::::lts::: versions from (including) 10.13.0 up to (excluding) 10.16.3 cpe:2.3:a:nodejs:node.js:::::-::: versions from (including) 12.0.0 up to (excluding) 12.8.1

Action	Type	Old Value	New Value
Removed	CVSS V3	NIST AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Added	CVSS V3.1		NIST AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Changed	Reference Type	http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00004.html No Types Assigned	http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00004.html Mailing List, Third Party Advisory
Changed	Reference Type	http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00031.html No Types Assigned	http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00031.html Mailing List, Third Party Advisory
Changed	Reference Type	http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00032.html No Types Assigned	http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00032.html Mailing List, Third Party Advisory
Changed	Reference Type	https://access.redhat.com/errata/RHSA-2019:2893 No Types Assigned	https://access.redhat.com/errata/RHSA-2019:2893 Third Party Advisory
Changed	Reference Type	https://access.redhat.com/errata/RHSA-2019:2925 No Types Assigned	https://access.redhat.com/errata/RHSA-2019:2925 Third Party Advisory
Changed	Reference Type	https://access.redhat.com/errata/RHSA-2019:2939 No Types Assigned	https://access.redhat.com/errata/RHSA-2019:2939 Third Party Advisory
Changed	Reference Type	https://access.redhat.com/errata/RHSA-2019:2946 No Types Assigned	https://access.redhat.com/errata/RHSA-2019:2946 Third Party Advisory
Changed	Reference Type	https://access.redhat.com/errata/RHSA-2019:2949 No Types Assigned	https://access.redhat.com/errata/RHSA-2019:2949 Third Party Advisory
Changed	Reference Type	https://access.redhat.com/errata/RHSA-2019:2950 No Types Assigned	https://access.redhat.com/errata/RHSA-2019:2950 Third Party Advisory
Changed	Reference Type	https://access.redhat.com/errata/RHSA-2019:2955 No Types Assigned	https://access.redhat.com/errata/RHSA-2019:2955 Third Party Advisory
Changed	Reference Type	https://access.redhat.com/errata/RHSA-2019:3932 No Types Assigned	https://access.redhat.com/errata/RHSA-2019:3932 Third Party Advisory
Changed	Reference Type	https://access.redhat.com/errata/RHSA-2019:3933 No Types Assigned	https://access.redhat.com/errata/RHSA-2019:3933 Third Party Advisory
Changed	Reference Type	https://access.redhat.com/errata/RHSA-2019:3935 No Types Assigned	https://access.redhat.com/errata/RHSA-2019:3935 Third Party Advisory
Changed	Reference Type	https://kc.mcafee.com/corporate/index?page=content&id=SB10296 No Types Assigned	https://kc.mcafee.com/corporate/index?page=content&id=SB10296 Third Party Advisory
Changed	Reference Type	https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f@%3Ccvs.httpd.apache.org%3E No Types Assigned	https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f@%3Ccvs.httpd.apache.org%3E Mailing List, Third Party Advisory
Changed	Reference Type	https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234@%3Ccvs.httpd.apache.org%3E No Types Assigned	https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234@%3Ccvs.httpd.apache.org%3E Mailing List, Third Party Advisory
Changed	Reference Type	https://lists.fedoraproject.org/archives/list/[email protected]/message/4ZQGHE3WTYLYAYJEIDJVF2FIGQTAYPMC/ No Types Assigned	https://lists.fedoraproject.org/archives/list/[email protected]/message/4ZQGHE3WTYLYAYJEIDJVF2FIGQTAYPMC/ Mailing List, Third Party Advisory
Changed	Reference Type	https://lists.fedoraproject.org/archives/list/[email protected]/message/BP556LEG3WENHZI5TAQ6ZEBFTJB4E2IS/ No Types Assigned	https://lists.fedoraproject.org/archives/list/[email protected]/message/BP556LEG3WENHZI5TAQ6ZEBFTJB4E2IS/ Mailing List, Third Party Advisory
Changed	Reference Type	https://lists.fedoraproject.org/archives/list/[email protected]/message/CMNFX5MNYRWWIMO4BTKYQCGUDMHO3AXP/ No Types Assigned	https://lists.fedoraproject.org/archives/list/[email protected]/message/CMNFX5MNYRWWIMO4BTKYQCGUDMHO3AXP/ Mailing List, Third Party Advisory
Changed	Reference Type	https://lists.fedoraproject.org/archives/list/[email protected]/message/XHTKU7YQ5EEP2XNSAV4M4VJ7QCBOJMOD/ No Types Assigned	https://lists.fedoraproject.org/archives/list/[email protected]/message/XHTKU7YQ5EEP2XNSAV4M4VJ7QCBOJMOD/ Mailing List, Third Party Advisory
Changed	Reference Type	https://seclists.org/bugtraq/2019/Aug/47 No Types Assigned	https://seclists.org/bugtraq/2019/Aug/47 Mailing List, Third Party Advisory
Changed	Reference Type	https://security.gentoo.org/glsa/201909-04 No Types Assigned	https://security.gentoo.org/glsa/201909-04 Third Party Advisory
Changed	Reference Type	https://security.netapp.com/advisory/ntap-20190823-0003/ No Types Assigned	https://security.netapp.com/advisory/ntap-20190823-0003/ Third Party Advisory
Changed	Reference Type	https://security.netapp.com/advisory/ntap-20190823-0005/ No Types Assigned	https://security.netapp.com/advisory/ntap-20190823-0005/ Third Party Advisory
Changed	Reference Type	https://security.netapp.com/advisory/ntap-20190905-0003/ No Types Assigned	https://security.netapp.com/advisory/ntap-20190905-0003/ Third Party Advisory
Changed	Reference Type	https://support.f5.com/csp/article/K02591030 Issue Tracking, Third Party Advisory	https://support.f5.com/csp/article/K02591030 Third Party Advisory
Changed	Reference Type	https://support.f5.com/csp/article/K02591030?utm_source=f5support&utm_medium=RSS No Types Assigned	https://support.f5.com/csp/article/K02591030?utm_source=f5support&utm_medium=RSS Third Party Advisory
Changed	Reference Type	https://usn.ubuntu.com/4113-1/ No Types Assigned	https://usn.ubuntu.com/4113-1/ Third Party Advisory
Changed	Reference Type	https://www.debian.org/security/2019/dsa-4509 No Types Assigned	https://www.debian.org/security/2019/dsa-4509 Third Party Advisory
Changed	Reference Type	https://www.oracle.com/security-alerts/cpuapr2020.html No Types Assigned	https://www.oracle.com/security-alerts/cpuapr2020.html Third Party Advisory
Changed	Reference Type	https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html No Types Assigned	https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html Patch, Third Party Advisory
Removed	CWE	NIST CWE-400
Added	CWE		NIST CWE-770
Added	CPE Configuration		OR cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::* cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::* cpe:2.3:o:canonical:ubuntu_linux:19.04:::::::
Added	CPE Configuration		OR cpe:2.3:o:debian:debian_linux:9.0::::::: cpe:2.3:o:debian:debian_linux:10.0:::::::
Added	CPE Configuration		OR cpe:2.3:a:synology:diskstation_manager:6.2::::::: cpe:2.3:a:synology:skynas:-:::::::
Added	CPE Configuration		AND OR cpe:2.3:o:synology:vs960hd_firmware:-::::::: OR cpe:2.3:h:synology:vs960hd:-:::::::*
Added	CPE Configuration		OR cpe:2.3:o:fedoraproject:fedora:29::::::: cpe:2.3:o:fedoraproject:fedora:30:::::::
Added	CPE Configuration		OR cpe:2.3:o:opensuse:leap:15.0::::::: cpe:2.3:o:opensuse:leap:15.1:::::::
Added	CPE Configuration		OR cpe:2.3:a:redhat:jboss_core_services:1.0::::::: cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.2.0::::::: cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.3.0::::::: cpe:2.3:a:redhat:openshift_service_mesh:1.0::::::: cpe:2.3:a:redhat:quay:3.0.0::::::: cpe:2.3:a:redhat:software_collections:1.0::::::: cpe:2.3:o:redhat:enterprise_linux:8.0:::::::
Added	CPE Configuration		OR cpe:2.3:a:oracle:communications_element_manager:8.0.0::::::: cpe:2.3:a:oracle:communications_element_manager:8.1.0::::::: cpe:2.3:a:oracle:communications_element_manager:8.1.1::::::: cpe:2.3:a:oracle:communications_element_manager:8.2.0::::::: cpe:2.3:a:oracle:graalvm:19.2.0::::enterprise:::* cpe:2.3:a:oracle:instantis_enterprisetrack::::::::* versions from (including) 17.1 up to (including) 17.3 cpe:2.3:a:oracle:retail_xstore_point_of_service:7.1:::::::
Added	CPE Configuration		OR cpe:2.3:a:mcafee:web_gateway::::::::* versions from (including) 7.7.2.0 up to (excluding) 7.7.2.24 cpe:2.3:a:mcafee:web_gateway::::::::* versions from (including) 7.8.2.0 up to (excluding) 7.8.2.13 cpe:2.3:a:mcafee:web_gateway::::::::* versions from (including) 8.1.0 up to (excluding) 8.2.0
Added	CPE Configuration		OR cpe:2.3:a:netapp:clustered_data_ontap:-:::::::

Action	Type	New Value
Added	CVSS V3	CERT/CC AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Added	Reference	https://support.f5.com/csp/article/K02591030?utm_source=f5support&utm_medium=RSS [No Types Assigned]
Added	CWE	CERT/CC CWE-400

Action	Type	Old Value	New Value
Added	CVSS V2		(AV:N/AC:L/Au:N/C:N/I:N/A:C)
Added	CVSS V3		AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Changed	Reference Type	http://www.openwall.com/lists/oss-security/2019/08/15/7 No Types Assigned	http://www.openwall.com/lists/oss-security/2019/08/15/7 Mailing List, Third Party Advisory
Changed	Reference Type	https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md No Types Assigned	https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md Third Party Advisory
Changed	Reference Type	https://kb.cert.org/vuls/id/605641/ No Types Assigned	https://kb.cert.org/vuls/id/605641/ Third Party Advisory, US Government Resource
Changed	Reference Type	https://lists.apache.org/thread.html/4610762456644181b267c846423b3a990bd4aaea1886ecc7d51febdb@%3Cannounce.httpd.apache.org%3E No Types Assigned	https://lists.apache.org/thread.html/4610762456644181b267c846423b3a990bd4aaea1886ecc7d51febdb@%3Cannounce.httpd.apache.org%3E Issue Tracking, Third Party Advisory
Changed	Reference Type	https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba@%3Ccvs.httpd.apache.org%3E No Types Assigned	https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba@%3Ccvs.httpd.apache.org%3E Issue Tracking, Third Party Advisory
Changed	Reference Type	https://lists.apache.org/thread.html/d89f999e26dfb1d50f247ead1fe8538014eb412b2dbe5be4b1a9ef50@%3Cdev.httpd.apache.org%3E No Types Assigned	https://lists.apache.org/thread.html/d89f999e26dfb1d50f247ead1fe8538014eb412b2dbe5be4b1a9ef50@%3Cdev.httpd.apache.org%3E Issue Tracking, Third Party Advisory
Changed	Reference Type	https://lists.apache.org/thread.html/ec97fdfc1a859266e56fef084353a34e0a0b08901b3c1aa317a43c8c@%3Cdev.httpd.apache.org%3E No Types Assigned	https://lists.apache.org/thread.html/ec97fdfc1a859266e56fef084353a34e0a0b08901b3c1aa317a43c8c@%3Cdev.httpd.apache.org%3E Issue Tracking, Third Party Advisory
Changed	Reference Type	https://support.f5.com/csp/article/K02591030 No Types Assigned	https://support.f5.com/csp/article/K02591030 Issue Tracking, Third Party Advisory
Changed	Reference Type	https://www.synology.com/security/advisory/Synology_SA_19_33 No Types Assigned	https://www.synology.com/security/advisory/Synology_SA_19_33 Third Party Advisory
Added	CWE		CWE-400
Added	CPE Configuration		AND OR cpe:2.3:a:apple:swiftnio::::::::* versions from (including) 1.0.0 up to (including) 1.4.0 OR cpe:2.3:o:apple:mac_os_x:::::::: versions from (including) 10.12 cpe:2.3:o:canonical:ubuntu_linux:::::::: versions from (including) 14.04
Added	CPE Configuration		OR cpe:2.3:a:apache:traffic_server::::::::* versions from (including) 6.0.0 up to (including) 6.2.3 cpe:2.3:a:apache:traffic_server::::::::* versions from (including) 7.0.0 up to (including) 7.1.6 cpe:2.3:a:apache:traffic_server::::::::* versions from (including) 8.0.0 up to (including) 8.0.3

CVE-2019-9517

Apache HTTP/2 Unconstrained Internal Data Buffering Denial of Service Vulnerability

Description

INFO

Aug. 13, 2019, 9:15 p.m.

Jan. 14, 2025, 7:29 p.m.

Yes !

[email protected]

Affected Products

CVSS Scores

Solution

Public PoC/Exploit Available at Github

References to Advisories, Solutions, and Tools

CWE - Common Weakness Enumeration

Common Attack Pattern Enumeration and Classification (CAPEC)

M0rPH3U53/Massap

florentvinai/CompteRendu-CTF-Mordor

CPE Deprecation Remap by [email protected]

CVE Modified by af854a3a-2127-422b-91ae-364da2661108

CVE Modified by [email protected]

CVE Modified by [email protected]

Reanalysis by [email protected]

Modified Analysis by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]

Modified Analysis by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]

Initial Analysis by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]

Vulnerability Scoring Details

Base CVSS Score: 7.5

Base CVSS Score: 7.5

Base CVSS Score: 7.8

Exploit Prediction

4.50 }} 2.91%

0.88694

Theme Customizer

Layout

Vertical

Horizontal

Two Column

Color Scheme

Light

Dark

Layout Width

Fluid

Boxed

Layout Position

Topbar Color

Light