CVE-2019-9511 Multiple HTTP/2 implementations are vulnerable to a variety of denial-of-service (DoS)

Reply
L2 Linker

CVE-2019-9511 Multiple HTTP/2 implementations are vulnerable to a variety of denial-of-service (DoS)

Hi,

Just wondering on expected release for signature for this Vulnerability?

 

CVE-2019-9511 till CVE-2019-9518 capable of DoS attack. Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service. The attacker requests a large amount of data from a specified resource over multiple streams. They manipulate window size and stream priority to force the server to queue the data in 1-byte chunks. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both.

 

Refer-
https://www.kb.cert.org/vuls/id/605641/
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9511

 

Thanks and regards

Apoorva

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!