CVE-2019-9516 -- nginxID: oval:org.secpod.oval:def:58064 | Date: (C)2019-10-10 (M)2024-04-17 |
Class: VULNERABILITY | Family: unix |
This sends a stream of headers with a 0-length header name and 0-length header value, optionally Huffman encoded into 1-byte or greater headers. Some implementations allocate memory for these headers and keep the allocation alive until the session dies. This can consume excess memory, potentially leading to a Denial-of-Service. Also known as "HTTP/20-Length Headers Leak".
Platform: |
Ubuntu 16.04 |
Ubuntu 18.04 |