漏洞信息详情
HTTP/2 资源管理错误漏洞
- CNNVD编号:CNNVD-201908-932
- 危害等级: 高危
- CVE编号: CVE-2019-9515
- 漏洞类型: 资源管理错误
- 发布时间: 2019-08-13
- 威胁类型: 远程
- 更新时间: 2022-07-22
- 厂 商:
- 漏洞来源: Ubuntu,Debian,Red ...
漏洞简介
HTTP/2是超文本传输协议的第二版,主要用于保证客户机与服务器之间的通信。
HTTP/2中存在资源管理错误漏洞。攻击者可利用该漏洞导致拒绝服务。
漏洞公告
目前厂商已发布升级补丁以修复漏洞,详情请关注厂商主页:
https://http2.github.io/
参考网址
来源:MLIST
链接:https://lists.apache.org/thread.HTML/392108390cef48af647a2e47b7fd5380e050e35ae8d1aa2030254c04@%3Cusers.trafficserver.apache.org%3E
来源:BUGTRAQ
链接:https://seclists.org/bugtraq/2019/Aug/24
来源:BUGTRAQ
链接:https://seclists.org/bugtraq/2019/Sep/18
来源:CONFIRM
链接:https://support.f5.com/csp/article/K50233772?utm_source=f5support&utm_medium=RSS
来源:CONFIRM
链接:https://kc.mcafee.com/corporate/index?page=content&id=SB10296
来源:lists.apache.org
链接:https://lists.apache.org/thread.HTML/bde52309316ae798186d783a5e29f4ad1527f61c9219a289d0eee0a7@%3Cdev.trafficserver.apache.org%3E
来源:lists.apache.org
链接:https://lists.apache.org/thread.HTML/ad3d01e767199c1aed8033bb6b3f5bf98c011c7c536f07a5d34b3c19@%3Cannounce.trafficserver.apache.org%3E
来源:kb.cert.org
链接:https://kb.cert.org/vuls/id/605641/
来源:github.com
链接:https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md
来源:CONFIRM
链接:https://www.synology.com/security/advisory/Synology_SA_19_33
来源:FEDORA
链接:https://lists.fedoraproject.org/archives/list/[email protected]/message/4ZQGHE3WTYLYAYJEIDJVF2FIGQTAYPMC/
来源:REDHAT
链接:https://access.redhat.com/errata/RHSA-2019:2939
来源:REDHAT
链接:https://access.redhat.com/errata/RHSA-2020:0727
来源:REDHAT
链接:https://access.redhat.com/errata/RHSA-2019:2955
来源:REDHAT
链接:https://access.redhat.com/errata/RHSA-2019:4018
来源:REDHAT
链接:https://access.redhat.com/errata/RHSA-2019:4019
来源:BUGTRAQ
链接:https://seclists.org/bugtraq/2019/Aug/43
来源:REDHAT
链接:https://access.redhat.com/errata/RHSA-2019:2861
来源:REDHAT
链接:https://access.redhat.com/errata/RHSA-2019:4021
来源:REDHAT
链接:https://access.redhat.com/errata/RHSA-2019:4045
来源:FULLDISC
链接:http://seclists.org/fulldisclosure/2019/Aug/16
来源:REDHAT
链接:https://access.redhat.com/errata/RHSA-2019:3892
来源:REDHAT
链接:https://access.redhat.com/errata/RHSA-2019:4040
来源:SUSE
链接:http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00031.HTML
来源:REDHAT
链接:https://access.redhat.com/errata/RHSA-2019:4041
来源:REDHAT
链接:https://access.redhat.com/errata/RHSA-2019:4020
来源:REDHAT
链接:https://access.redhat.com/errata/RHSA-2019:4042
来源:UBUNTU
链接:https://usn.ubuntu.com/4308-1/
来源:SUSE
链接:http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00032.HTML
来源:DEBIAN
链接:https://www.debian.org/security/2019/dsa-4520
来源:FEDORA
链接:https://lists.fedoraproject.org/archives/list/[email protected]/message/CMNFX5MNYRWWIMO4BTKYQCGUDMHO3AXP/
来源:DEBIAN
链接:https://www.debian.org/security/2019/dsa-4508
来源:CONFIRM
链接:https://security.netapp.com/advisory/ntap-20190823-0005/
来源:REDHAT
链接:https://access.redhat.com/errata/RHSA-2019:2925
来源:REDHAT
链接:https://access.redhat.com/errata/RHSA-2019:2766
来源:REDHAT
链接:https://access.redhat.com/errata/RHSA-2019:2796
来源:REDHAT
链接:https://access.redhat.com/errata/RHSA-2019:4352
来源:http2-cves
链接:http2-cves/
来源:www.cloudfoundry.org
链接:https://www.cloudfoundry.org/blog/various-
来源:cve.mitre.org
链接:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9518
来源:cve.mitre.org
链接:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9517
来源:cve.mitre.org
链接:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9516
来源:cve.mitre.org
链接:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9515
来源:cve.mitre.org
链接:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9514
来源:cve.mitre.org
链接:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9513
来源:cve.mitre.org
链接:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9512
来源:cve.mitre.org
链接:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9511
来源:access.redhat.com
链接:https://access.redhat.com/errata/RHSA-2019:3892
来源:access.redhat.com
链接:https://access.redhat.com/errata/RHSA-2019:4045
来源:access.redhat.com
链接:https://access.redhat.com/errata/RHSA-2019:4042
来源:access.redhat.com
链接:https://access.redhat.com/errata/RHSA-2019:4041
来源:access.redhat.com
链接:https://access.redhat.com/errata/RHSA-2019:4040
来源:access.redhat.com
链接:https://access.redhat.com/errata/RHSA-2019:4021
来源:access.redhat.com
链接:https://access.redhat.com/errata/RHSA-2019:4020
来源:access.redhat.com
链接:https://access.redhat.com/errata/RHSA-2019:4018
来源:access.redhat.com
链接:https://access.redhat.com/errata/RHSA-2019:4019
来源:www.suse.com
链接:https://www.suse.com/support/update/announcement/2019/suse-su-20192260-1.HTML
来源:support.CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple.com
链接:https://support.CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple.com/en-au/HT210436
来源:www.suse.com
链接:https://www.suse.com/support/update/announcement/2019/suse-su-20192254-1.HTML
来源:www.debian.org
链接:https://www.debian.org/security/2019/dsa-4508
来源:support.f5.com
链接:https://support.f5.com/csp/article/K50233772
来源:www.ibm.com
链接:https://www.ibm.com/support/pages/node/1126605
来源:www.suse.com
链接:https://www.suse.com/support/update/announcement/2019/suse-su-201914246-1.HTML
来源:www.ibm.com
链接:https://www.ibm.com/support/pages/node/1104951
来源:www.us-cert.gov
链接:https://www.us-cert.gov/ics/advisories/icsa-19-346-01
来源:www.ibm.com
链接:https://www.ibm.com/support/pages/node/1109787
来源:www.ibm.com
链接:https://www.ibm.com/support/pages/node/1109781
来源:www.ibm.com
链接:https://www.ibm.com/support/pages/node/1108515
来源:www.ibm.com
链接:https://www.ibm.com/support/pages/node/1109775
来源:www.ibm.com
链接:https://www.ibm.com/support/pages/node/1165894
来源:www.ibm.com
链接:https://www.ibm.com/support/pages/node/1165906
来源:www.ibm.com
链接:https://www.ibm.com/support/pages/node/1135167
来源:www.ibm.com
链接:https://www.ibm.com/support/pages/node/1164346
来源:www.ibm.com
链接:https://www.ibm.com/support/pages/node/1164364
来源:www.suse.com
链接:https://www.suse.com/support/update/announcement/2020/suse-su-20200059-1.HTML
来源:access.redhat.com
链接:https://access.redhat.com/errata/RHSA-2019:4352
来源:www.ibm.com
链接:https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-dependent-libraries-affect-ibm-db2-leading-to-denial-of-service-or-privilege-escalation/
来源:www.ibm.com
链接:https://www.ibm.com/support/pages/node/1128387
来源:packetstormsecurity.com
链接:https://packetstormsecurity.com/files/157214/Red-Hat-Security-Advisory-2020-1445-01.HTML
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2019.4788/
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2019.4586/
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2020.0994/
来源:www.ibm.com
链接:https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-node-js-affect-ibm-spectrum-protect-plus-cve-2019-15606-cve-2019-15604-cve-2019-15605-cve-2019-9511-cve-2019-9516-cve-2019-9512-cve-2019-9517-cve-2019-951/
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2019.4332/
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2020.0643/
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2019.4484/
来源:www.ibm.com
链接:https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-have-been-identified-in-db2-that-affect-the-ibm-performance-management-product/
来源:www.ibm.com
链接:https://www.ibm.com/support/pages/node/1143454
来源:http2-implementation-vulnerablility
链接:http2-implementation-vulnerablility/
来源:www.ibm.com
链接:https://www.ibm.com/blogs/psirt/security-bulletin-websphere-liberty-susceptible-to-
来源:packetstormsecurity.com
链接:https://packetstormsecurity.com/files/155728/Red-Hat-Security-Advisory-2019-4352-01.HTML
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2020.2619/
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2019.3227/
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2019.3114/
来源:www.ibm.com
链接:https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-kubernetes-affect-ibm-infosphere-information-server/
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2019.3299/
来源:www.ibm.com
链接:https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-websphere-application-server-liberty-affect-ibm-spectrum-protect-operations-center-and-client-management-service/
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2020.1335/
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2019.3597.3/
来源:packetstormsecurity.com
链接:https://packetstormsecurity.com/files/158095/Red-Hat-Security-Advisory-2020-2565-01.HTML
来源:www.ibm.com
链接:https://www.ibm.com/support/pages/node/1071852
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2019.4737/
来源:packetstormsecurity.com
链接:https://packetstormsecurity.com/files/156830/Ubuntu-Security-Notice-USN-4308-1.HTML
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2020.0832/
来源:www.ibm.com
链接:https://www.ibm.com/support/pages/node/1137466
来源:vigilance.fr
链接:https://vigilance.fr/vulnerability/HTTP-2-multiple-vulnerabilities-30040
来源:packetstormsecurity.com
链接:https://packetstormsecurity.com/files/155484/Red-Hat-Security-Advisory-2019-4019-01.HTML
来源:www.ibm.com
链接:https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-netty-affect-ibm-operations-analytics-predictive-insights-cve-2019-9514-cve-2019-9512-cve-2019-9518-cve-2019-9515/
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2020.1076/
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2019.3325/
来源:packetstormsecurity.com
链接:https://packetstormsecurity.com/files/156628/Red-Hat-Security-Advisory-2020-0727-01.HTML
来源:www.ibm.com
链接:https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-dependent-libraries-affect-ibm-db2-leading-to-denial-of-service-or-privilege-escalation-3/
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2020.2071/
来源:www.ibm.com
链接:https://www.ibm.com/support/pages/node/1127397
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2020.1427/
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2019.4645/
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2019.3597.2/
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2019.4665/
来源:www.ibm.com
链接:https://www.ibm.com/blogs/psirt/security-bulletin-ibm-watson-discovery-for-ibm-cloud-pak-for-data-affected-by-vulnerability-in-netty/
来源:www.ibm.com
链接:https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-netty-affect-ibm-netcool-agile-service-manager/
来源:pivotal.io
链接:https://pivotal.io/security/cve-2019-9517
来源:www.ibm.com
链接:https://www.ibm.com/blogs/psirt/security-bulletin-ibm-db2-warehouse-has-released-a-fix-in-response-to-multiple-vulnerabilities-found-in-ibm-db2/
来源:www.ibm.com
链接:https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-transformation-advisor-is-affected-by-vulnerabilities-in-websphere-application-server-liberty-cve-2019-9515-cve-2019-9518-cve-2019-9517-cve-2019-9512-cve-2019-9514-c/
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2019.4596/
来源:support.CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple.com
链接:https://support.CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple.com/en-us/HT210436
来源:packetstormsecurity.com
链接:https://packetstormsecurity.com/files/155520/Red-Hat-Security-Advisory-2019-4045-01.HTML
来源:www.ibm.com
链接:https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-ibm-db2-and-ibm-java-runtime-affect-ibm-spectrum-protect-server/
来源:www.ibm.com
链接:https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-in-ibm-websphere-application-server-affect-ibm-sterling-b2b-integrator/
来源:packetstormsecurity.com
链接:https://packetstormsecurity.com/files/156852/Red-Hat-Security-Advisory-2020-0922-01.HTML
来源:nvd.nist.gov
链接:https://nvd.nist.gov/vuln/detail/CVE-2019-9515
来源:packetstormsecurity.com
链接:https://packetstormsecurity.com/files/156941/Red-Hat-Security-Advisory-2020-0983-01.HTML
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2020.1766/
来源:www.cybersecurity-help.cz
链接:https://www.cybersecurity-help.cz/vdb/SB2022072128
来源:www.ibm.com
链接:https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-dependent-libraries-affect-ibm-db2-leading-to-denial-of-service-or-privilege-escalation-2/
来源:packetstormsecurity.com
链接:https://packetstormsecurity.com/files/154222/Debian-Security-Advisory-4508-1.HTML
来源:www.ibm.com
链接:https://www.ibm.com/blogs/psirt/security-bulletin-ibm-infosphere-information-server-is-affected-by-multiple-vulnerabilities-in-websphere-application-server-liberty/
来源:packetstormsecurity.com
链接:https://packetstormsecurity.com/files/158651/Red-Hat-Security-Advisory-2020-3197-01.HTML
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2019.4533/
来源:www.ibm.com
链接:https://www.ibm.com/support/pages/node/1150960
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2020.0100/
来源:www.ibm.com
链接:https://www.ibm.com/support/pages/node/1167160
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2020.0007/
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2019.4238/
来源:packetstormsecurity.com
链接:https://packetstormsecurity.com/files/155352/Red-Hat-Security-Advisory-2019-3892-01.HTML
来源:www.ibm.com
链接:https://www.ibm.com/support/pages/node/1165852
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2020.1030/
来源:www.ibm.com
链接:https://www.ibm.com/support/pages/node/1127853
受影响实体
暂无
补丁
- HTTP/2实现安全漏洞的修复措施
评论