[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244625

 
 

909

 
 

193379

 
 

277

Paid content will be excluded from the download.


Download | Alert*
OVAL

CVE-2019-9517 -- apache2

ID: oval:org.secpod.oval:def:58065Date: (C)2019-10-11   (M)2023-12-07
Class: VULNERABILITYFamily: unix




This opens the HTTP/2 window so the server can send without constraint; however, it leaves the TCP window closed so the server cannot actually write (many of) the bytes on the wire. The client could then send a stream of requests for a large response object. Depending on how the servers queue the responses, this can consume excess memory, CPU, or both, potentially leading to a Denial-of-Service. Also known as "HTTP2 Internal Data Buffering / Queue Filler".

Platform:
Ubuntu 18.04
Product:
apache2
Reference:
CVE-2019-9517
CVE    1
CVE-2019-9517
CPE    4
cpe:/o:ubuntu:ubuntu_linux:16.04
cpe:/a:apache:apache2
cpe:/o:ubuntu:ubuntu_linux:18.04
cpe:/o:ubuntu:ubuntu_linux:19.04
...

© SecPod Technologies