Just wondering on expected release for signature for this Vulnerability?
CVE-2019-9511 till CVE-2019-9518 capable of DoS attack. Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service. The attacker requests a large amount of data from a specified resource over multiple streams. They manipulate window size and stream priority to force the server to queue the data in 1-byte chunks. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both.
Refer- https://www.kb.cert.org/vuls/id/605641/ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9511
Thanks and regards
... View more
Yes, if virtual system (vsys) configuration is not enabled on your firewall or appliance, you must upgarde to 7.0.1 or 7.0.2 first before moving to later versions.
To upgrade from 6.1.x to 7.0.x (e.g.7.0.5-h2) please follow the following procedure, 6.1.x -> 7.0.1/7.0.2 -> 7.0.x ( e.g.7.0.5-h2) Upgrade to 7.0.1 or 7.0.2 first and then only upgrade to 7.0.x ( e.g.7.0.5-h2) - Download the base image for 7.0 version. Either install the base image or download and install 7.0.2. After the install, reboot the device. - Download and install 7.0.x and then again perform reboot to bring the device up with the latest PAN-OS.
Hope this helps.
... View more