{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "credits": [{"lang": "en", "value": "Thanks to Jonathan Looney of Netflix for reporting this vulnerability."}], "descriptions": [{"lang": "en", "value": "Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service. The attacker requests a large amount of data from a specified resource over multiple streams. They manipulate window size and stream priority to force the server to queue the data in 1-byte chunks. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both."}], "metrics": [{"cvssV3_0": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-400", "description": "CWE-400 Uncontrolled Resource Consumption", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-01-20T14:42:02", "orgId": "37e5125f-f79b-445b-8fad-9564f167944b", "shortName": "certcc"}, "references": [{"name": "VU#605641", "tags": ["third-party-advisory", "x_refsource_CERT-VN"], "url": "https://kb.cert.org/vuls/id/605641/"}, {"name": "USN-4099-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/4099-1/"}, {"name": "FEDORA-2019-befd924cfe", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TAZZEVTCN2B4WT6AIBJ7XGYJMBTORJU5/"}, {"name": "20190822 [SECURITY] [DSA 4505-1] nginx security update", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "https://seclists.org/bugtraq/2019/Aug/40"}, {"name": "FEDORA-2019-81985a8858", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZLUYPYY3RX4ZJDWZRJIKSULYRJ4PXW7/"}, {"name": "DSA-4505", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "https://www.debian.org/security/2019/dsa-4505"}, {"name": "FEDORA-2019-8a437d5c2f", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JUBYAF6ED3O4XCHQ5C2HYENJLXYXZC4M/"}, {"name": "FEDORA-2019-4427fd65be", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BP556LEG3WENHZI5TAQ6ZEBFTJB4E2IS/"}, {"name": "FEDORA-2019-63ba15cc83", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XHTKU7YQ5EEP2XNSAV4M4VJ7QCBOJMOD/"}, {"name": "20190902 [SECURITY] [DSA 4511-1] nghttp2 security update", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "https://seclists.org/bugtraq/2019/Sep/1"}, {"name": "DSA-4511", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "https://www.debian.org/security/2019/dsa-4511"}, {"name": "FEDORA-2019-7a0b45fdc4", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/POPAEC4FWL4UU4LDEGPY5NPALU24FFQD/"}, {"name": "RHSA-2019:2692", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2019:2692"}, {"name": "openSUSE-SU-2019:2120", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00035.html"}, {"name": "openSUSE-SU-2019:2114", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00032.html"}, {"name": "openSUSE-SU-2019:2115", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00031.html"}, {"name": "RHSA-2019:2745", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2019:2745"}, {"name": "RHSA-2019:2746", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2019:2746"}, {"name": "RHSA-2019:2775", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2019:2775"}, {"name": "RHSA-2019:2799", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2019:2799"}, {"name": "RHSA-2019:2925", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2019:2925"}, {"name": "RHSA-2019:2939", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2019:2939"}, {"name": "RHSA-2019:2949", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2019:2949"}, {"name": "openSUSE-SU-2019:2232", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00003.html"}, {"name": "openSUSE-SU-2019:2234", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00005.html"}, {"name": "RHSA-2019:2955", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2019:2955"}, {"name": "RHSA-2019:2966", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2019:2966"}, {"name": "openSUSE-SU-2019:2264", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00014.html"}, {"name": "RHSA-2019:3041", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2019:3041"}, {"name": "RHSA-2019:3933", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2019:3933"}, {"name": "RHSA-2019:3935", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2019:3935"}, {"name": "RHSA-2019:3932", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2019:3932"}, {"name": "RHSA-2019:4018", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2019:4018"}, {"name": "RHSA-2019:4019", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2019:4019"}, {"name": "RHSA-2019:4021", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2019:4021"}, {"name": "RHSA-2019:4020", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2019:4020"}, {"name": "DSA-4669", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "https://www.debian.org/security/2020/dsa-4669"}, {"tags": ["x_refsource_MISC"], "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"}, {"tags": ["x_refsource_MISC"], "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://www.synology.com/security/advisory/Synology_SA_19_33"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://support.f5.com/csp/article/K02591030"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://security.netapp.com/advisory/ntap-20190823-0002/"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://security.netapp.com/advisory/ntap-20190823-0005/"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10296"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://support.f5.com/csp/article/K02591030?utm_source=f5support&amp%3Butm_medium=RSS"}, {"tags": ["x_refsource_MISC"], "url": "https://www.oracle.com/security-alerts/cpujan2021.html"}], "source": {"discovery": "UNKNOWN"}, "title": "Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service", "x_generator": {"engine": "Vulnogram 0.0.7"}, "x_legacyV4Record": {"CVE_data_meta": {"AKA": "HTTP/2 Data Dribble", "ASSIGNER": "cert@cert.org", "ID": "CVE-2019-9511", "STATE": "PUBLIC", "TITLE": "Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "credit": [{"lang": "eng", "value": "Thanks to Jonathan Looney of Netflix for reporting this vulnerability."}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service. The attacker requests a large amount of data from a specified resource over multiple streams. They manipulate window size and stream priority to force the server to queue the data in 1-byte chunks. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both."}]}, "generator": {"engine": "Vulnogram 0.0.7"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-400 Uncontrolled Resource Consumption"}]}]}, "references": {"reference_data": [{"name": "VU#605641", "refsource": "CERT-VN", "url": "https://kb.cert.org/vuls/id/605641/"}, {"name": "USN-4099-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4099-1/"}, {"name": "FEDORA-2019-befd924cfe", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TAZZEVTCN2B4WT6AIBJ7XGYJMBTORJU5/"}, {"name": "20190822 [SECURITY] [DSA 4505-1] nginx security update", "refsource": "BUGTRAQ", "url": "https://seclists.org/bugtraq/2019/Aug/40"}, {"name": "FEDORA-2019-81985a8858", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LZLUYPYY3RX4ZJDWZRJIKSULYRJ4PXW7/"}, {"name": "DSA-4505", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2019/dsa-4505"}, {"name": "FEDORA-2019-8a437d5c2f", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JUBYAF6ED3O4XCHQ5C2HYENJLXYXZC4M/"}, {"name": "FEDORA-2019-4427fd65be", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BP556LEG3WENHZI5TAQ6ZEBFTJB4E2IS/"}, {"name": "FEDORA-2019-63ba15cc83", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XHTKU7YQ5EEP2XNSAV4M4VJ7QCBOJMOD/"}, {"name": "20190902 [SECURITY] [DSA 4511-1] nghttp2 security update", "refsource": "BUGTRAQ", "url": "https://seclists.org/bugtraq/2019/Sep/1"}, {"name": "DSA-4511", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2019/dsa-4511"}, {"name": "FEDORA-2019-7a0b45fdc4", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/POPAEC4FWL4UU4LDEGPY5NPALU24FFQD/"}, {"name": "RHSA-2019:2692", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:2692"}, {"name": "openSUSE-SU-2019:2120", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00035.html"}, {"name": "openSUSE-SU-2019:2114", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00032.html"}, {"name": "openSUSE-SU-2019:2115", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00031.html"}, {"name": "RHSA-2019:2745", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:2745"}, {"name": "RHSA-2019:2746", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:2746"}, {"name": "RHSA-2019:2775", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:2775"}, {"name": "RHSA-2019:2799", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:2799"}, {"name": "RHSA-2019:2925", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:2925"}, {"name": "RHSA-2019:2939", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:2939"}, {"name": "RHSA-2019:2949", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:2949"}, {"name": "openSUSE-SU-2019:2232", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00003.html"}, {"name": "openSUSE-SU-2019:2234", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00005.html"}, {"name": "RHSA-2019:2955", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:2955"}, {"name": "RHSA-2019:2966", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:2966"}, {"name": "openSUSE-SU-2019:2264", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00014.html"}, {"name": "RHSA-2019:3041", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:3041"}, {"name": "RHSA-2019:3933", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:3933"}, {"name": "RHSA-2019:3935", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:3935"}, {"name": "RHSA-2019:3932", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:3932"}, {"name": "RHSA-2019:4018", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:4018"}, {"name": "RHSA-2019:4019", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:4019"}, {"name": "RHSA-2019:4021", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:4021"}, {"name": "RHSA-2019:4020", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:4020"}, {"name": "DSA-4669", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2020/dsa-4669"}, {"name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", "refsource": "MISC", "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"}, {"name": "https://www.oracle.com/security-alerts/cpuoct2020.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"}, {"name": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md", "refsource": "MISC", "url": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md"}, {"name": "https://www.synology.com/security/advisory/Synology_SA_19_33", "refsource": "CONFIRM", "url": "https://www.synology.com/security/advisory/Synology_SA_19_33"}, {"name": "https://support.f5.com/csp/article/K02591030", "refsource": "CONFIRM", "url": "https://support.f5.com/csp/article/K02591030"}, {"name": "https://security.netapp.com/advisory/ntap-20190823-0002/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20190823-0002/"}, {"name": "https://security.netapp.com/advisory/ntap-20190823-0005/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20190823-0005/"}, {"name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10296", "refsource": "CONFIRM", "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10296"}, {"name": "https://support.f5.com/csp/article/K02591030?utm_source=f5support&utm_medium=RSS", "refsource": "CONFIRM", "url": "https://support.f5.com/csp/article/K02591030?utm_source=f5support&utm_medium=RSS"}, {"name": "https://www.oracle.com/security-alerts/cpujan2021.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpujan2021.html"}]}, "source": {"discovery": "UNKNOWN"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T21:54:44.157Z"}, "title": "CVE Program Container", "references": [{"name": "VU#605641", "tags": ["third-party-advisory", "x_refsource_CERT-VN", "x_transferred"], "url": "https://kb.cert.org/vuls/id/605641/"}, {"name": "USN-4099-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/4099-1/"}, {"name": "FEDORA-2019-befd924cfe", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TAZZEVTCN2B4WT6AIBJ7XGYJMBTORJU5/"}, {"name": "20190822 [SECURITY] [DSA 4505-1] nginx security update", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "https://seclists.org/bugtraq/2019/Aug/40"}, {"name": "FEDORA-2019-81985a8858", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZLUYPYY3RX4ZJDWZRJIKSULYRJ4PXW7/"}, {"name": "DSA-4505", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "https://www.debian.org/security/2019/dsa-4505"}, {"name": "FEDORA-2019-8a437d5c2f", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JUBYAF6ED3O4XCHQ5C2HYENJLXYXZC4M/"}, {"name": "FEDORA-2019-4427fd65be", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BP556LEG3WENHZI5TAQ6ZEBFTJB4E2IS/"}, {"name": "FEDORA-2019-63ba15cc83", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XHTKU7YQ5EEP2XNSAV4M4VJ7QCBOJMOD/"}, {"name": "20190902 [SECURITY] [DSA 4511-1] nghttp2 security update", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "https://seclists.org/bugtraq/2019/Sep/1"}, {"name": "DSA-4511", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "https://www.debian.org/security/2019/dsa-4511"}, {"name": "FEDORA-2019-7a0b45fdc4", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/POPAEC4FWL4UU4LDEGPY5NPALU24FFQD/"}, {"name": "RHSA-2019:2692", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2019:2692"}, {"name": "openSUSE-SU-2019:2120", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00035.html"}, {"name": "openSUSE-SU-2019:2114", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00032.html"}, {"name": "openSUSE-SU-2019:2115", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00031.html"}, {"name": "RHSA-2019:2745", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2019:2745"}, {"name": "RHSA-2019:2746", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2019:2746"}, {"name": "RHSA-2019:2775", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2019:2775"}, {"name": "RHSA-2019:2799", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2019:2799"}, {"name": "RHSA-2019:2925", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2019:2925"}, {"name": "RHSA-2019:2939", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2019:2939"}, {"name": "RHSA-2019:2949", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2019:2949"}, {"name": "openSUSE-SU-2019:2232", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00003.html"}, {"name": "openSUSE-SU-2019:2234", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00005.html"}, {"name": "RHSA-2019:2955", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2019:2955"}, {"name": "RHSA-2019:2966", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2019:2966"}, {"name": "openSUSE-SU-2019:2264", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00014.html"}, {"name": "RHSA-2019:3041", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2019:3041"}, {"name": "RHSA-2019:3933", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2019:3933"}, {"name": "RHSA-2019:3935", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2019:3935"}, {"name": "RHSA-2019:3932", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2019:3932"}, {"name": "RHSA-2019:4018", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2019:4018"}, {"name": "RHSA-2019:4019", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2019:4019"}, {"name": "RHSA-2019:4021", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2019:4021"}, {"name": "RHSA-2019:4020", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2019:4020"}, {"name": "DSA-4669", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "https://www.debian.org/security/2020/dsa-4669"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.synology.com/security/advisory/Synology_SA_19_33"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://support.f5.com/csp/article/K02591030"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://security.netapp.com/advisory/ntap-20190823-0002/"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://security.netapp.com/advisory/ntap-20190823-0005/"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10296"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://support.f5.com/csp/article/K02591030?utm_source=f5support&amp%3Butm_medium=RSS"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.oracle.com/security-alerts/cpujan2021.html"}]}]}, "cveMetadata": {"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b", "assignerShortName": "certcc", "cveId": "CVE-2019-9511", "datePublished": "2019-08-13T20:50:59", "dateReserved": "2019-03-01T00:00:00", "dateUpdated": "2024-08-04T21:54:44.157Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apple:swiftnio:*:*:*:*:*:*:*:*", "matchCriteriaId": "93988E60-006B-434D-AB16-1FA1D2FEBC2A", "versionEndIncluding": "1.4.0", "versionStartIncluding": "1.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", "matchCriteriaId": "1D294D56-E784-4DA8-9C2C-BC5A05C92C0C", "versionStartIncluding": "10.12", "vulnerable": false}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*", "matchCriteriaId": "65B1D2F6-BC1F-47AF-B4E6-4B50986AC622", "versionStartIncluding": "14.04", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "603BF43B-FC99-4039-A3C0-467F015A32FA", "versionEndIncluding": "6.2.3", "versionStartIncluding": "6.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "07BB02CE-D4F2-459C-B0C6-FF78BF7996AE", "versionEndIncluding": "7.1.6", "versionStartIncluding": "7.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "D875E0D8-D109-4F7F-A4C4-9EDD66CEE74E", "versionEndIncluding": "8.0.3", "versionStartIncluding": "8.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*", "matchCriteriaId": "CD783B0C-9246-47D9-A937-6144FE8BFF0F", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:synology:diskstation_manager:6.2:*:*:*:*:*:*:*", "matchCriteriaId": "022A0BC6-2C70-406D-8D60-EC6F9F6A90CA", "vulnerable": true}, {"criteria": "cpe:2.3:a:synology:skynas:-:*:*:*:*:*:*:*", "matchCriteriaId": "7C997777-BE79-4F77-90D7-E1A71D474D88", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:synology:vs960hd_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "3D0C5120-B961-440F-B454-584BC54B549C", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:synology:vs960hd:-:*:*:*:*:*:*:*", "matchCriteriaId": "1CCBDFF9-AF42-4681-879B-CF789EBAD130", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*", "matchCriteriaId": "D100F7CE-FC64-4CC6-852A-6136D72DA419", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*", "matchCriteriaId": "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*", "matchCriteriaId": "F1E78106-58E6-4D59-990F-75DA575BFAD9", "vulnerable": true}, {"criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", "matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:jboss_core_services:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "A2466282-51AB-478D-9FF4-FA524265ED2E", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "0952BA1A-5DF9-400F-B01F-C3A398A8A2D4", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "8B157A2D-3422-4224-82D9-15AB3B989075", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:openshift_service_mesh:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "732F14CE-7994-4DD2-A28B-AE9E79826C01", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:quay:3.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "B1987BDA-0113-4603-B9BE-76647EB043F2", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:software_collections:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "9D7EE4B6-A6EC-4B9B-91DF-79615796673F", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:oracle:graalvm:19.2.0:*:*:*:enterprise:*:*:*", "matchCriteriaId": "C120C2F1-D50D-49CC-8E96-207ACCA49674", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mcafee:web_gateway:*:*:*:*:*:*:*:*", "matchCriteriaId": "765E9856-2748-4A8B-91F5-A4DB3C8C547A", "versionEndExcluding": "7.7.2.24", "versionStartIncluding": "7.7.2.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:mcafee:web_gateway:*:*:*:*:*:*:*:*", "matchCriteriaId": "EE6E66B1-3291-4E8E-93D6-30E9FDCF983E", "versionEndExcluding": "7.8.2.13", "versionStartIncluding": "7.8.2.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:mcafee:web_gateway:*:*:*:*:*:*:*:*", "matchCriteriaId": "227104AD-396D-4ADD-87C7-C4CD5583DA04", "versionEndExcluding": "8.2.0", "versionStartIncluding": "8.1.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*", "matchCriteriaId": "68DD813A-1BC4-45FB-A3C4-E1BCE5F82EC1", "versionEndExcluding": "1.16.1", "versionStartIncluding": "1.9.5", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*", "matchCriteriaId": "DF1705D3-ABAB-477E-9572-7D4DBAB4E38B", "versionEndIncluding": "1.17.2", "versionStartIncluding": "1.17.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:oracle:enterprise_communications_broker:3.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "E11C65C3-1B17-4362-A99C-59583081A24D", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:enterprise_communications_broker:3.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "348EEE70-E114-4720-AAAF-E77DE5C9A2D1", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*", "matchCriteriaId": "74FB695D-2C76-47AB-988E-5629D2E695E5", "versionEndIncluding": "8.8.1", "versionStartIncluding": "8.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*", "matchCriteriaId": "CFC0252A-DF1D-4CF4-B450-27267227B599", "versionEndExcluding": "8.16.1", "versionStartIncluding": "8.9.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*", "matchCriteriaId": "25A3180B-21AF-4010-9DAB-41ADFD2D8031", "versionEndIncluding": "10.12.0", "versionStartIncluding": "10.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*", "matchCriteriaId": "2EC65858-FF7B-4171-82EA-80942D426F40", "versionEndExcluding": "10.16.3", "versionStartIncluding": "10.13.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*", "matchCriteriaId": "F522C500-AA33-4029-865F-F27FB00A354E", "versionEndExcluding": "12.8.1", "versionStartIncluding": "12.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service. The attacker requests a large amount of data from a specified resource over multiple streams. They manipulate window size and stream priority to force the server to queue the data in 1-byte chunks. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both."}, {"lang": "es", "value": "Algunas implementaciones de HTTP / 2 son vulnerables a la manipulaci\u00f3n del tama\u00f1o de la ventana y la manipulaci\u00f3n de priorizaci\u00f3n de flujo, lo que puede conducir a una denegaci\u00f3n de servicio. El atacante solicita una gran cantidad de datos de un recurso especificado a trav\u00e9s de m\u00faltiples flujos. Manipulan el tama\u00f1o de la ventana y la prioridad de transmisi\u00f3n para obligar al servidor a poner en cola los datos en fragmentos de 1 byte. Dependiendo de cu\u00e1n eficientemente se pongan en cola estos datos, esto puede consumir un exceso de CPU, memoria o ambos."}], "id": "CVE-2019-9511", "lastModified": "2023-11-07T03:13:41.610", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.8, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "cret@cert.org", "type": "Secondary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-08-13T21:15:12.223", "references": [{"source": "cret@cert.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00031.html"}, {"source": "cret@cert.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00032.html"}, {"source": "cret@cert.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00035.html"}, {"source": "cret@cert.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00003.html"}, {"source": "cret@cert.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00005.html"}, {"source": "cret@cert.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00014.html"}, {"source": "cret@cert.org", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2019:2692"}, {"source": "cret@cert.org", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2019:2745"}, {"source": "cret@cert.org", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2019:2746"}, {"source": "cret@cert.org", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2019:2775"}, {"source": "cret@cert.org", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2019:2799"}, {"source": "cret@cert.org", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2019:2925"}, {"source": "cret@cert.org", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2019:2939"}, {"source": "cret@cert.org", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2019:2949"}, {"source": "cret@cert.org", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2019:2955"}, {"source": "cret@cert.org", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2019:2966"}, {"source": "cret@cert.org", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2019:3041"}, {"source": "cret@cert.org", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2019:3932"}, {"source": "cret@cert.org", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2019:3933"}, {"source": "cret@cert.org", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2019:3935"}, {"source": "cret@cert.org", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2019:4018"}, {"source": "cret@cert.org", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2019:4019"}, {"source": "cret@cert.org", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2019:4020"}, {"source": "cret@cert.org", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2019:4021"}, {"source": "cret@cert.org", "tags": ["Third Party Advisory"], "url": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md"}, {"source": "cret@cert.org", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://kb.cert.org/vuls/id/605641/"}, {"source": "cret@cert.org", "tags": ["Third Party Advisory"], "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10296"}, {"source": "cret@cert.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BP556LEG3WENHZI5TAQ6ZEBFTJB4E2IS/"}, {"source": "cret@cert.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JUBYAF6ED3O4XCHQ5C2HYENJLXYXZC4M/"}, {"source": "cret@cert.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZLUYPYY3RX4ZJDWZRJIKSULYRJ4PXW7/"}, {"source": "cret@cert.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/POPAEC4FWL4UU4LDEGPY5NPALU24FFQD/"}, {"source": "cret@cert.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TAZZEVTCN2B4WT6AIBJ7XGYJMBTORJU5/"}, {"source": "cret@cert.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XHTKU7YQ5EEP2XNSAV4M4VJ7QCBOJMOD/"}, {"source": "cret@cert.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://seclists.org/bugtraq/2019/Aug/40"}, {"source": "cret@cert.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://seclists.org/bugtraq/2019/Sep/1"}, {"source": "cret@cert.org", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20190823-0002/"}, {"source": "cret@cert.org", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20190823-0005/"}, {"source": "cret@cert.org", "tags": ["Third Party Advisory"], "url": "https://support.f5.com/csp/article/K02591030"}, {"source": "cret@cert.org", "url": "https://support.f5.com/csp/article/K02591030?utm_source=f5support&amp%3Butm_medium=RSS"}, {"source": "cret@cert.org", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/4099-1/"}, {"source": "cret@cert.org", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2019/dsa-4505"}, {"source": "cret@cert.org", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2019/dsa-4511"}, {"source": "cret@cert.org", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2020/dsa-4669"}, {"source": "cret@cert.org", "tags": ["Third Party Advisory"], "url": "https://www.oracle.com/security-alerts/cpujan2021.html"}, {"source": "cret@cert.org", "tags": ["Third Party Advisory"], "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"}, {"source": "cret@cert.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"}, {"source": "cret@cert.org", "tags": ["Third Party Advisory"], "url": "https://www.synology.com/security/advisory/Synology_SA_19_33"}], "sourceIdentifier": "cret@cert.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-770"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-400"}], "source": "cret@cert.org", "type": "Secondary"}]}

{"affected_release": [{"advisory": "RHSA-2019:2946", "cpe": "cpe:/a:redhat:jboss_core_services:1::el6", "package": "jbcs-httpd24-httpd-0:2.4.29-41.jbcs.el6", "product_name": "JBoss Core Services on RHEL 6", "release_date": "2019-10-01T00:00:00Z"}, {"advisory": "RHSA-2019:2946", "cpe": "cpe:/a:redhat:jboss_core_services:1::el6", "package": "jbcs-httpd24-nghttp2-0:1.39.2-1.jbcs.el6", "product_name": "JBoss Core Services on RHEL 6", "release_date": "2019-10-01T00:00:00Z"}, {"advisory": "RHSA-2019:3932", "cpe": "cpe:/a:redhat:jboss_core_services:1::el6", "package": "jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6", "product_name": "JBoss Core Services on RHEL 6", "release_date": "2019-11-20T00:00:00Z"}, {"advisory": "RHSA-2019:3932", "cpe": "cpe:/a:redhat:jboss_core_services:1::el6", "package": "jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6", "product_name": "JBoss Core Services on RHEL 6", "release_date": "2019-11-20T00:00:00Z"}, {"advisory": "RHSA-2019:3932", "cpe": "cpe:/a:redhat:jboss_core_services:1::el6", "package": "jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6", "product_name": "JBoss Core Services on RHEL 6", "release_date": "2019-11-20T00:00:00Z"}, {"advisory": "RHSA-2019:3932", "cpe": "cpe:/a:redhat:jboss_core_services:1::el6", "package": "jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6", "product_name": "JBoss Core Services on RHEL 6", "release_date": "2019-11-20T00:00:00Z"}, {"advisory": "RHSA-2019:3932", "cpe": "cpe:/a:redhat:jboss_core_services:1::el6", "package": "jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6", "product_name": "JBoss Core Services on RHEL 6", "release_date": "2019-11-20T00:00:00Z"}, {"advisory": "RHSA-2019:3932", "cpe": "cpe:/a:redhat:jboss_core_services:1::el6", "package": "jbcs-httpd24-jansson-0:2.11-20.jbcs.el6", "product_name": "JBoss Core Services on RHEL 6", "release_date": "2019-11-20T00:00:00Z"}, {"advisory": "RHSA-2019:3932", "cpe": "cpe:/a:redhat:jboss_core_services:1::el6", "package": "jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6", "product_name": "JBoss Core Services on RHEL 6", "release_date": "2019-11-20T00:00:00Z"}, {"advisory": "RHSA-2019:3932", "cpe": "cpe:/a:redhat:jboss_core_services:1::el6", "package": "jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el6", "product_name": "JBoss Core Services on RHEL 6", "release_date": "2019-11-20T00:00:00Z"}, {"advisory": "RHSA-2019:3932", "cpe": "cpe:/a:redhat:jboss_core_services:1::el6", "package": "jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6", "product_name": "JBoss Core Services on RHEL 6", "release_date": "2019-11-20T00:00:00Z"}, {"advisory": "RHSA-2019:3932", "cpe": "cpe:/a:redhat:jboss_core_services:1::el6", "package": "jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6", "product_name": "JBoss Core Services on RHEL 6", "release_date": "2019-11-20T00:00:00Z"}, {"advisory": "RHSA-2019:3932", "cpe": "cpe:/a:redhat:jboss_core_services:1::el6", "package": "jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6", "product_name": "JBoss Core Services on RHEL 6", "release_date": "2019-11-20T00:00:00Z"}, {"advisory": "RHSA-2019:2946", "cpe": "cpe:/a:redhat:jboss_core_services:1::el7", "package": "jbcs-httpd24-httpd-0:2.4.29-41.jbcs.el7", "product_name": "JBoss Core Services on RHEL 7", "release_date": "2019-10-01T00:00:00Z"}, {"advisory": "RHSA-2019:2946", "cpe": "cpe:/a:redhat:jboss_core_services:1::el7", "package": "jbcs-httpd24-nghttp2-0:1.39.2-1.jbcs.el7", "product_name": "JBoss Core Services on RHEL 7", "release_date": "2019-10-01T00:00:00Z"}, {"advisory": "RHSA-2019:3933", "cpe": "cpe:/a:redhat:jboss_core_services:1::el7", "package": "jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7", "product_name": "JBoss Core Services on RHEL 7", "release_date": "2019-11-20T00:00:00Z"}, {"advisory": "RHSA-2019:3933", "cpe": "cpe:/a:redhat:jboss_core_services:1::el7", "package": "jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7", "product_name": "JBoss Core Services on RHEL 7", "release_date": "2019-11-20T00:00:00Z"}, {"advisory": "RHSA-2019:3933", "cpe": "cpe:/a:redhat:jboss_core_services:1::el7", "package": "jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7", "product_name": "JBoss Core Services on RHEL 7", "release_date": "2019-11-20T00:00:00Z"}, {"advisory": "RHSA-2019:3933", "cpe": "cpe:/a:redhat:jboss_core_services:1::el7", "package": "jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7", "product_name": "JBoss Core Services on RHEL 7", "release_date": "2019-11-20T00:00:00Z"}, {"advisory": "RHSA-2019:3933", "cpe": "cpe:/a:redhat:jboss_core_services:1::el7", "package": "jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7", "product_name": "JBoss Core Services on RHEL 7", "release_date": "2019-11-20T00:00:00Z"}, {"advisory": "RHSA-2019:3933", "cpe": "cpe:/a:redhat:jboss_core_services:1::el7", "package": "jbcs-httpd24-jansson-0:2.11-20.jbcs.el7", "product_name": "JBoss Core Services on RHEL 7", "release_date": "2019-11-20T00:00:00Z"}, {"advisory": "RHSA-2019:3933", "cpe": "cpe:/a:redhat:jboss_core_services:1::el7", "package": "jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7", "product_name": "JBoss Core Services on RHEL 7", "release_date": "2019-11-20T00:00:00Z"}, {"advisory": "RHSA-2019:3933", "cpe": "cpe:/a:redhat:jboss_core_services:1::el7", "package": "jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el7", "product_name": "JBoss Core Services on RHEL 7", "release_date": "2019-11-20T00:00:00Z"}, {"advisory": "RHSA-2019:3933", "cpe": "cpe:/a:redhat:jboss_core_services:1::el7", "package": "jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7", "product_name": "JBoss Core Services on RHEL 7", "release_date": "2019-11-20T00:00:00Z"}, {"advisory": "RHSA-2019:3933", "cpe": "cpe:/a:redhat:jboss_core_services:1::el7", "package": "jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7", "product_name": "JBoss Core Services on RHEL 7", "release_date": "2019-11-20T00:00:00Z"}, {"advisory": "RHSA-2019:3933", "cpe": "cpe:/a:redhat:jboss_core_services:1::el7", "package": "jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7", "product_name": "JBoss Core Services on RHEL 7", "release_date": "2019-11-20T00:00:00Z"}, {"advisory": "RHSA-2019:3041", "cpe": "cpe:/a:redhat:service_mesh:1.0::el7", "package": "kiali-0:v1.0.6.redhat1-1.el7", "product_name": "Openshift Service Mesh 1.0", "release_date": "2019-10-14T00:00:00Z"}, {"advisory": "RHSA-2019:3041", "cpe": "cpe:/a:redhat:service_mesh:1.0::el8", "package": "servicemesh-0:1.0.1-8.el8", "product_name": "OpenShift Service Mesh 1.0", "release_date": "2019-10-14T00:00:00Z"}, {"advisory": "RHSA-2019:3041", "cpe": "cpe:/a:redhat:service_mesh:1.0::el8", "package": "servicemesh-cni-0:1.0.1-8.el8", "product_name": "OpenShift Service Mesh 1.0", "release_date": "2019-10-14T00:00:00Z"}, {"advisory": "RHSA-2019:3041", "cpe": "cpe:/a:redhat:service_mesh:1.0::el8", "package": "servicemesh-grafana-0:6.2.2-21.el8", "product_name": "OpenShift Service Mesh 1.0", "release_date": "2019-10-14T00:00:00Z"}, {"advisory": "RHSA-2019:3041", "cpe": "cpe:/a:redhat:service_mesh:1.0::el8", "package": "servicemesh-operator-0:1.0.1-8.el8", "product_name": "OpenShift Service Mesh 1.0", "release_date": "2019-10-14T00:00:00Z"}, {"advisory": "RHSA-2019:3041", "cpe": "cpe:/a:redhat:service_mesh:1.0::el8", "package": "servicemesh-prometheus-0:2.7.2-22.el8", "product_name": "OpenShift Service Mesh 1.0", "release_date": "2019-10-14T00:00:00Z"}, {"advisory": "RHSA-2019:3041", "cpe": "cpe:/a:redhat:service_mesh:1.0::el8", "package": "servicemesh-proxy-0:1.0.1-7.el8", "product_name": "OpenShift Service Mesh 1.0", "release_date": "2019-10-14T00:00:00Z"}, {"advisory": "RHSA-2020:0922", "cpe": "cpe:/a:redhat:amq_broker:7", "impact": "moderate", "package": "jetty", "product_name": "Red Hat AMQ", "release_date": "2020-03-23T00:00:00Z"}, {"advisory": "RHSA-2020:1445", "cpe": "cpe:/a:redhat:amq_broker:7", "impact": "moderate", "package": "jetty", "product_name": "Red Hat AMQ 7.4.3", "release_date": "2020-04-14T00:00:00Z"}, {"advisory": "RHSA-2019:2799", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "nginx:1.14-8000020190830002848.f8e95b4e", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2019-09-19T00:00:00Z"}, {"advisory": "RHSA-2019:2925", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "nodejs:10-8000020190911085529.f8e95b4e", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2019-09-30T00:00:00Z"}, {"advisory": "RHSA-2019:2692", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "nghttp2-0:1.33.0-1.el8_0.1", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2019-09-09T00:00:00Z"}, {"advisory": "RHSA-2020:3192", "cpe": "cpe:/a:redhat:jboss_fuse:7", "package": "undertow", "product_name": "Red Hat Fuse 7.7.0", "release_date": "2020-07-28T00:00:00Z"}, {"advisory": "RHSA-2019:3935", "cpe": "cpe:/a:redhat:jboss_core_services:1", "package": "nghttp2", "product_name": "Red Hat JBoss Core Services 1", "release_date": "2019-11-20T00:00:00Z"}, {"advisory": "RHSA-2019:4021", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2", "package": "undertow", "product_name": "Red Hat JBoss EAP 7.2", "release_date": "2019-11-26T00:00:00Z"}, {"advisory": "RHSA-2024:5856", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7", "package": "eap7-apache-commons-beanutils-0:1.9.4-1.redhat_00002.1.ep7.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7", "release_date": "2024-08-26T00:00:00Z"}, {"advisory": "RHSA-2024:5856", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7", "package": "eap7-infinispan-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7", "release_date": "2024-08-26T00:00:00Z"}, {"advisory": "RHSA-2024:5856", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7", "package": "eap7-jackson-databind-0:2.8.11.5-1.redhat_00001.1.ep7.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7", "release_date": "2024-08-26T00:00:00Z"}, {"advisory": "RHSA-2024:5856", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7", "package": "eap7-log4j-jboss-logmanager-0:1.2.2-1.Final_redhat_00002.1.ep7.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7", "release_date": "2024-08-26T00:00:00Z"}, {"advisory": "RHSA-2024:5856", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7", "package": "eap7-netty-0:4.1.45-1.Final_redhat_00001.1.ep7.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7", "release_date": "2024-08-26T00:00:00Z"}, {"advisory": "RHSA-2024:5856", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7", "package": "eap7-undertow-0:1.4.18-12.SP12_redhat_00001.1.ep7.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7", "release_date": "2024-08-26T00:00:00Z"}, {"advisory": "RHSA-2024:5856", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7", "package": "eap7-wildfly-0:7.1.7-2.GA_redhat_00002.1.ep7.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7", "release_date": "2024-08-26T00:00:00Z"}, {"advisory": "RHSA-2024:5856", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7", "package": "eap7-wildfly-elytron-0:1.1.13-1.Final_redhat_00001.1.ep7.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7", "release_date": "2024-08-26T00:00:00Z"}, {"advisory": "RHSA-2019:4018", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6", "package": "eap7-apache-cxf-0:3.2.10-1.redhat_00001.1.el6eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6", "release_date": "2019-11-26T00:00:00Z"}, {"advisory": "RHSA-2019:4018", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6", "package": "eap7-byte-buddy-0:1.9.11-1.redhat_00002.1.el6eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6", "release_date": "2019-11-26T00:00:00Z"}, {"advisory": "RHSA-2019:4018", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6", "package": "eap7-glassfish-jsf-0:2.3.5-5.SP3_redhat_00003.1.el6eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6", "release_date": "2019-11-26T00:00:00Z"}, {"advisory": "RHSA-2019:4018", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6", "package": "eap7-hal-console-0:3.0.17-2.Final_redhat_00001.1.el6eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6", "release_date": "2019-11-26T00:00:00Z"}, {"advisory": "RHSA-2019:4018", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6", "package": "eap7-hibernate-0:5.3.13-1.Final_redhat_00001.1.el6eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6", "release_date": "2019-11-26T00:00:00Z"}, {"advisory": "RHSA-2019:4018", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6", "package": "eap7-ironjacamar-0:1.4.18-1.Final_redhat_00001.1.el6eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6", "release_date": "2019-11-26T00:00:00Z"}, {"advisory": "RHSA-2019:4018", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6", "package": "eap7-jboss-genericjms-0:2.0.2-1.Final_redhat_00001.1.el6eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6", "release_date": "2019-11-26T00:00:00Z"}, {"advisory": "RHSA-2019:4018", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6", "package": "eap7-jboss-msc-0:1.4.11-1.Final_redhat_00001.1.el6eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6", "release_date": "2019-11-26T00:00:00Z"}, {"advisory": "RHSA-2019:4018", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6", "package": "eap7-jboss-remoting-0:5.0.16-2.Final_redhat_00001.1.el6eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6", "release_date": "2019-11-26T00:00:00Z"}, {"advisory": "RHSA-2019:4018", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6", "package": "eap7-jboss-server-migration-0:1.3.1-6.Final_redhat_00006.1.el6eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6", "release_date": "2019-11-26T00:00:00Z"}, {"advisory": "RHSA-2019:4018", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6", "package": "eap7-jboss-xnio-base-0:3.7.6-2.SP1_redhat_00001.1.el6eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6", "release_date": "2019-11-26T00:00:00Z"}, {"advisory": "RHSA-2019:4018", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6", "package": "eap7-picketbox-0:5.0.3-6.Final_redhat_00005.1.el6eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6", "release_date": "2019-11-26T00:00:00Z"}, {"advisory": "RHSA-2019:4018", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6", "package": "eap7-picketlink-bindings-0:2.5.5-20.SP12_redhat_00009.1.el6eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6", "release_date": "2019-11-26T00:00:00Z"}, {"advisory": "RHSA-2019:4018", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6", "package": "eap7-picketlink-federation-0:2.5.5-20.SP12_redhat_00009.1.el6eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6", "release_date": "2019-11-26T00:00:00Z"}, {"advisory": "RHSA-2019:4018", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6", "package": "eap7-resteasy-0:3.6.1-7.SP7_redhat_00001.1.el6eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6", "release_date": "2019-11-26T00:00:00Z"}, {"advisory": "RHSA-2019:4018", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6", "package": "eap7-undertow-0:2.0.26-2.SP3_redhat_00001.1.el6eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6", "release_date": "2019-11-26T00:00:00Z"}, {"advisory": "RHSA-2019:4018", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6", "package": "eap7-wildfly-0:7.2.5-4.GA_redhat_00002.1.el6eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6", "release_date": "2019-11-26T00:00:00Z"}, {"advisory": "RHSA-2019:4018", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6", "package": "eap7-wildfly-elytron-0:1.6.5-1.Final_redhat_00001.1.el6eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6", "release_date": "2019-11-26T00:00:00Z"}, {"advisory": "RHSA-2019:4018", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6", "package": "eap7-wildfly-elytron-tool-0:1.4.4-1.Final_redhat_00001.1.el6eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6", "release_date": "2019-11-26T00:00:00Z"}, {"advisory": "RHSA-2019:4018", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6", "package": "eap7-wildfly-http-client-0:1.0.17-1.Final_redhat_00001.1.el6eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6", "release_date": "2019-11-26T00:00:00Z"}, {"advisory": "RHSA-2019:4018", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6", "package": "eap7-wildfly-openssl-0:1.0.8-1.Final_redhat_00001.1.el6eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6", "release_date": "2019-11-26T00:00:00Z"}, {"advisory": "RHSA-2019:4018", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6", "package": "eap7-wildfly-openssl-linux-x86_64-0:1.0.8-5.Final_redhat_00001.1.el6eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6", "release_date": "2019-11-26T00:00:00Z"}, {"advisory": "RHSA-2019:4018", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6", "package": "eap7-yasson-0:1.0.5-1.redhat_00001.1.el6eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6", "release_date": "2019-11-26T00:00:00Z"}, {"advisory": "RHSA-2019:4019", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7", "package": "eap7-apache-cxf-0:3.2.10-1.redhat_00001.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7", "release_date": "2019-11-26T00:00:00Z"}, {"advisory": "RHSA-2019:4019", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7", "package": "eap7-byte-buddy-0:1.9.11-1.redhat_00002.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7", "release_date": "2019-11-26T00:00:00Z"}, {"advisory": "RHSA-2019:4019", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7", "package": "eap7-glassfish-jsf-0:2.3.5-5.SP3_redhat_00003.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7", "release_date": "2019-11-26T00:00:00Z"}, {"advisory": "RHSA-2019:4019", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7", "package": "eap7-hal-console-0:3.0.17-2.Final_redhat_00001.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7", "release_date": "2019-11-26T00:00:00Z"}, {"advisory": "RHSA-2019:4019", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7", "package": "eap7-hibernate-0:5.3.13-1.Final_redhat_00001.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7", "release_date": "2019-11-26T00:00:00Z"}, {"advisory": "RHSA-2019:4019", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7", "package": "eap7-ironjacamar-0:1.4.18-1.Final_redhat_00001.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7", "release_date": "2019-11-26T00:00:00Z"}, {"advisory": "RHSA-2019:4019", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7", "package": "eap7-jboss-genericjms-0:2.0.2-1.Final_redhat_00001.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7", "release_date": "2019-11-26T00:00:00Z"}, {"advisory": "RHSA-2019:4019", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7", "package": "eap7-jboss-msc-0:1.4.11-1.Final_redhat_00001.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7", "release_date": "2019-11-26T00:00:00Z"}, {"advisory": "RHSA-2019:4019", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7", "package": "eap7-jboss-remoting-0:5.0.16-2.Final_redhat_00001.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7", "release_date": "2019-11-26T00:00:00Z"}, {"advisory": "RHSA-2019:4019", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7", "package": "eap7-jboss-server-migration-0:1.3.1-6.Final_redhat_00006.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7", "release_date": "2019-11-26T00:00:00Z"}, {"advisory": "RHSA-2019:4019", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7", "package": "eap7-jboss-xnio-base-0:3.7.6-2.SP1_redhat_00001.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7", "release_date": "2019-11-26T00:00:00Z"}, {"advisory": "RHSA-2019:4019", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7", "package": "eap7-picketbox-0:5.0.3-6.Final_redhat_00005.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7", "release_date": "2019-11-26T00:00:00Z"}, {"advisory": "RHSA-2019:4019", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7", "package": "eap7-picketlink-bindings-0:2.5.5-20.SP12_redhat_00009.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7", "release_date": "2019-11-26T00:00:00Z"}, {"advisory": "RHSA-2019:4019", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7", "package": "eap7-picketlink-federation-0:2.5.5-20.SP12_redhat_00009.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7", "release_date": "2019-11-26T00:00:00Z"}, {"advisory": "RHSA-2019:4019", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7", "package": "eap7-resteasy-0:3.6.1-7.SP7_redhat_00001.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7", "release_date": "2019-11-26T00:00:00Z"}, {"advisory": "RHSA-2019:4019", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7", "package": "eap7-undertow-0:2.0.26-2.SP3_redhat_00001.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7", "release_date": "2019-11-26T00:00:00Z"}, {"advisory": "RHSA-2019:4019", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7", "package": "eap7-wildfly-0:7.2.5-4.GA_redhat_00002.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7", "release_date": "2019-11-26T00:00:00Z"}, {"advisory": "RHSA-2019:4019", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7", "package": "eap7-wildfly-elytron-0:1.6.5-1.Final_redhat_00001.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7", "release_date": "2019-11-26T00:00:00Z"}, {"advisory": "RHSA-2019:4019", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7", "package": "eap7-wildfly-elytron-tool-0:1.4.4-1.Final_redhat_00001.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7", "release_date": "2019-11-26T00:00:00Z"}, {"advisory": "RHSA-2019:4019", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7", "package": "eap7-wildfly-http-client-0:1.0.17-1.Final_redhat_00001.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7", "release_date": "2019-11-26T00:00:00Z"}, {"advisory": "RHSA-2019:4019", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7", "package": "eap7-wildfly-openssl-0:1.0.8-1.Final_redhat_00001.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7", "release_date": "2019-11-26T00:00:00Z"}, {"advisory": "RHSA-2019:4019", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7", "package": "eap7-wildfly-openssl-linux-x86_64-0:1.0.8-5.Final_redhat_00001.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7", "release_date": "2019-11-26T00:00:00Z"}, {"advisory": "RHSA-2019:4019", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7", "package": "eap7-yasson-0:1.0.5-1.redhat_00001.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7", "release_date": "2019-11-26T00:00:00Z"}, {"advisory": "RHSA-2019:4020", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8", "package": "eap7-apache-cxf-0:3.2.10-1.redhat_00001.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 8", "release_date": "2019-11-26T00:00:00Z"}, {"advisory": "RHSA-2019:4020", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8", "package": "eap7-byte-buddy-0:1.9.11-1.redhat_00002.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 8", "release_date": "2019-11-26T00:00:00Z"}, {"advisory": "RHSA-2019:4020", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8", "package": "eap7-glassfish-jsf-0:2.3.5-5.SP3_redhat_00003.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 8", "release_date": "2019-11-26T00:00:00Z"}, {"advisory": "RHSA-2019:4020", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8", "package": "eap7-hal-console-0:3.0.17-2.Final_redhat_00001.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 8", "release_date": "2019-11-26T00:00:00Z"}, {"advisory": "RHSA-2019:4020", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8", "package": "eap7-hibernate-0:5.3.13-1.Final_redhat_00001.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 8", "release_date": "2019-11-26T00:00:00Z"}, {"advisory": "RHSA-2019:4020", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8", "package": "eap7-ironjacamar-0:1.4.18-1.Final_redhat_00001.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 8", "release_date": "2019-11-26T00:00:00Z"}, {"advisory": "RHSA-2019:4020", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8", "package": "eap7-jboss-genericjms-0:2.0.2-1.Final_redhat_00001.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 8", "release_date": "2019-11-26T00:00:00Z"}, {"advisory": "RHSA-2019:4020", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8", "package": "eap7-jboss-msc-0:1.4.11-1.Final_redhat_00001.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 8", "release_date": "2019-11-26T00:00:00Z"}, {"advisory": "RHSA-2019:4020", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8", "package": "eap7-jboss-remoting-0:5.0.16-2.Final_redhat_00001.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 8", "release_date": "2019-11-26T00:00:00Z"}, {"advisory": "RHSA-2019:4020", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8", "package": "eap7-jboss-server-migration-0:1.3.1-6.Final_redhat_00006.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 8", "release_date": "2019-11-26T00:00:00Z"}, {"advisory": "RHSA-2019:4020", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8", "package": "eap7-jboss-xnio-base-0:3.7.6-2.SP1_redhat_00001.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 8", "release_date": "2019-11-26T00:00:00Z"}, {"advisory": "RHSA-2019:4020", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8", "package": "eap7-picketbox-0:5.0.3-6.Final_redhat_00005.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 8", "release_date": "2019-11-26T00:00:00Z"}, {"advisory": "RHSA-2019:4020", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8", "package": "eap7-picketlink-bindings-0:2.5.5-20.SP12_redhat_00009.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 8", "release_date": "2019-11-26T00:00:00Z"}, {"advisory": "RHSA-2019:4020", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8", "package": "eap7-picketlink-federation-0:2.5.5-20.SP12_redhat_00009.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 8", "release_date": "2019-11-26T00:00:00Z"}, {"advisory": "RHSA-2019:4020", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8", "package": "eap7-resteasy-0:3.6.1-7.SP7_redhat_00001.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 8", "release_date": "2019-11-26T00:00:00Z"}, {"advisory": "RHSA-2019:4020", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8", "package": "eap7-undertow-0:2.0.26-2.SP3_redhat_00001.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 8", "release_date": "2019-11-26T00:00:00Z"}, {"advisory": "RHSA-2019:4020", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8", "package": "eap7-wildfly-0:7.2.5-4.GA_redhat_00002.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 8", "release_date": "2019-11-26T00:00:00Z"}, {"advisory": "RHSA-2019:4020", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8", "package": "eap7-wildfly-elytron-0:1.6.5-1.Final_redhat_00001.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 8", "release_date": "2019-11-26T00:00:00Z"}, {"advisory": "RHSA-2019:4020", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8", "package": "eap7-wildfly-elytron-tool-0:1.4.4-1.Final_redhat_00001.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 8", "release_date": "2019-11-26T00:00:00Z"}, {"advisory": "RHSA-2019:4020", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8", "package": "eap7-wildfly-http-client-0:1.0.17-1.Final_redhat_00001.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 8", "release_date": "2019-11-26T00:00:00Z"}, {"advisory": "RHSA-2019:4020", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8", "package": "eap7-wildfly-openssl-0:1.0.8-1.Final_redhat_00001.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 8", "release_date": "2019-11-26T00:00:00Z"}, {"advisory": "RHSA-2019:4020", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8", "package": "eap7-wildfly-openssl-linux-x86_64-0:1.0.8-5.Final_redhat_00001.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 8", "release_date": "2019-11-26T00:00:00Z"}, {"advisory": "RHSA-2019:4020", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8", "package": "eap7-yasson-0:1.0.5-1.redhat_00001.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 8", "release_date": "2019-11-26T00:00:00Z"}, {"advisory": "RHSA-2020:2565", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform_cd:18", "product_name": "Red Hat JBoss Enterprise Application Platform Continuous Delivery", "release_date": "2020-06-15T00:00:00Z"}, {"advisory": "RHSA-2019:2966", "cpe": "cpe:/a:redhat:quay:3::el7", "package": "quay3/clair-jwt:v2.0.9-7", "product_name": "Red Hat Quay 3", "release_date": "2019-10-03T00:00:00Z"}, {"advisory": "RHSA-2019:2745", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el6", "package": "rh-nginx110-nginx-1:1.10.2-9.el6.1", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 6", "release_date": "2019-09-13T00:00:00Z"}, {"advisory": "RHSA-2019:2949", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el6", "package": "httpd24-httpd-0:2.4.34-8.el6.1", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 6", "release_date": "2019-10-01T00:00:00Z"}, {"advisory": "RHSA-2019:2949", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el6", "package": "httpd24-nghttp2-0:1.7.1-7.el6.1", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 6", "release_date": "2019-10-01T00:00:00Z"}, {"advisory": "RHSA-2019:2745", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "rh-nginx110-nginx-1:1.10.2-9.el7.1", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7", "release_date": "2019-09-13T00:00:00Z"}, {"advisory": "RHSA-2019:2746", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "rh-nginx112-nginx-1:1.12.1-3.el7.1", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7", "release_date": "2019-09-13T00:00:00Z"}, {"advisory": "RHSA-2019:2775", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "rh-nginx114-nginx-1:1.14.1-1.el7.1", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7", "release_date": "2019-09-17T00:00:00Z"}, {"advisory": "RHSA-2019:2939", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "rh-nodejs10-0:3.2-3.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7", "release_date": "2019-10-01T00:00:00Z"}, {"advisory": "RHSA-2019:2939", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "rh-nodejs10-nodejs-0:10.16.3-3.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7", "release_date": "2019-10-01T00:00:00Z"}, {"advisory": "RHSA-2019:2949", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "httpd24-httpd-0:2.4.34-8.el7.1", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7", "release_date": "2019-10-01T00:00:00Z"}, {"advisory": "RHSA-2019:2949", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "httpd24-nghttp2-0:1.7.1-7.el7.1", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7", "release_date": "2019-10-01T00:00:00Z"}, {"advisory": "RHSA-2019:2955", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "rh-nodejs8-0:3.0-5.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7", "release_date": "2019-10-02T00:00:00Z"}, {"advisory": "RHSA-2019:2955", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "rh-nodejs8-nodejs-0:8.16.1-2.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7", "release_date": "2019-10-02T00:00:00Z"}, {"advisory": "RHSA-2019:2745", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "rh-nginx110-nginx-1:1.10.2-9.el7.1", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.4 EUS", "release_date": "2019-09-13T00:00:00Z"}, {"advisory": "RHSA-2019:2746", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "rh-nginx112-nginx-1:1.12.1-3.el7.1", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.4 EUS", "release_date": "2019-09-13T00:00:00Z"}, {"advisory": "RHSA-2019:2775", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "rh-nginx114-nginx-1:1.14.1-1.el7.1", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.4 EUS", "release_date": "2019-09-17T00:00:00Z"}, {"advisory": "RHSA-2019:2745", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "rh-nginx110-nginx-1:1.10.2-9.el7.1", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.5 EUS", "release_date": "2019-09-13T00:00:00Z"}, {"advisory": "RHSA-2019:2746", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "rh-nginx112-nginx-1:1.12.1-3.el7.1", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.5 EUS", "release_date": "2019-09-13T00:00:00Z"}, {"advisory": "RHSA-2019:2775", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "rh-nginx114-nginx-1:1.14.1-1.el7.1", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.5 EUS", "release_date": "2019-09-17T00:00:00Z"}, {"advisory": "RHSA-2019:2939", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "rh-nodejs10-0:3.2-3.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.5 EUS", "release_date": "2019-10-01T00:00:00Z"}, {"advisory": "RHSA-2019:2939", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "rh-nodejs10-nodejs-0:10.16.3-3.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.5 EUS", "release_date": "2019-10-01T00:00:00Z"}, {"advisory": "RHSA-2019:2949", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "httpd24-httpd-0:2.4.34-8.el7.1", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.5 EUS", "release_date": "2019-10-01T00:00:00Z"}, {"advisory": "RHSA-2019:2949", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "httpd24-nghttp2-0:1.7.1-7.el7.1", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.5 EUS", "release_date": "2019-10-01T00:00:00Z"}, {"advisory": "RHSA-2019:2955", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "rh-nodejs8-0:3.0-5.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.5 EUS", "release_date": "2019-10-02T00:00:00Z"}, {"advisory": "RHSA-2019:2955", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "rh-nodejs8-nodejs-0:8.16.1-2.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.5 EUS", "release_date": "2019-10-02T00:00:00Z"}, {"advisory": "RHSA-2019:2745", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "rh-nginx110-nginx-1:1.10.2-9.el7.1", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.6 EUS", "release_date": "2019-09-13T00:00:00Z"}, {"advisory": "RHSA-2019:2746", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "rh-nginx112-nginx-1:1.12.1-3.el7.1", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.6 EUS", "release_date": "2019-09-13T00:00:00Z"}, {"advisory": "RHSA-2019:2775", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "rh-nginx114-nginx-1:1.14.1-1.el7.1", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.6 EUS", "release_date": "2019-09-17T00:00:00Z"}, {"advisory": "RHSA-2019:2939", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "rh-nodejs10-0:3.2-3.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.6 EUS", "release_date": "2019-10-01T00:00:00Z"}, {"advisory": "RHSA-2019:2939", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "rh-nodejs10-nodejs-0:10.16.3-3.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.6 EUS", "release_date": "2019-10-01T00:00:00Z"}, {"advisory": "RHSA-2019:2949", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "httpd24-httpd-0:2.4.34-8.el7.1", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.6 EUS", "release_date": "2019-10-01T00:00:00Z"}, {"advisory": "RHSA-2019:2949", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "httpd24-nghttp2-0:1.7.1-7.el7.1", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.6 EUS", "release_date": "2019-10-01T00:00:00Z"}, {"advisory": "RHSA-2019:2955", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "rh-nodejs8-0:3.0-5.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.6 EUS", "release_date": "2019-10-02T00:00:00Z"}, {"advisory": "RHSA-2019:2955", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "rh-nodejs8-nodejs-0:8.16.1-2.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.6 EUS", "release_date": "2019-10-02T00:00:00Z"}, {"advisory": "RHSA-2019:2745", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "rh-nginx110-nginx-1:1.10.2-9.el7.1", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.7 EUS", "release_date": "2019-09-13T00:00:00Z"}, {"advisory": "RHSA-2019:2746", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "rh-nginx112-nginx-1:1.12.1-3.el7.1", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.7 EUS", "release_date": "2019-09-13T00:00:00Z"}, {"advisory": "RHSA-2019:2775", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "rh-nginx114-nginx-1:1.14.1-1.el7.1", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.7 EUS", "release_date": "2019-09-17T00:00:00Z"}, {"advisory": "RHSA-2019:2939", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "rh-nodejs10-0:3.2-3.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.7 EUS", "release_date": "2019-10-01T00:00:00Z"}, {"advisory": "RHSA-2019:2939", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "rh-nodejs10-nodejs-0:10.16.3-3.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.7 EUS", "release_date": "2019-10-01T00:00:00Z"}, {"advisory": "RHSA-2019:2949", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "httpd24-httpd-0:2.4.34-8.el7.1", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.7 EUS", "release_date": "2019-10-01T00:00:00Z"}, {"advisory": "RHSA-2019:2949", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "httpd24-nghttp2-0:1.7.1-7.el7.1", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.7 EUS", "release_date": "2019-10-01T00:00:00Z"}, {"advisory": "RHSA-2019:2955", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "rh-nodejs8-0:3.0-5.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.7 EUS", "release_date": "2019-10-02T00:00:00Z"}, {"advisory": "RHSA-2019:2955", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "rh-nodejs8-nodejs-0:8.16.1-2.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.7 EUS", "release_date": "2019-10-02T00:00:00Z"}, {"advisory": "RHSA-2020:2067", "cpe": "cpe:/a:redhat:openshift_application_runtimes:1.0", "product_name": "Text-Only RHOAR", "release_date": "2020-05-18T00:00:00Z"}], "bugzilla": {"description": "HTTP/2: large amount of data requests leads to denial of service", "id": "1741860", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1741860"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified"}, "cwe": "CWE-400", "details": ["Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service. The attacker requests a large amount of data from a specified resource over multiple streams. They manipulate window size and stream priority to force the server to queue the data in 1-byte chunks. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both.", "A flaw was found in HTTP/2. An attacker can request a large amount of data by manipulating window size and stream priority to force the server to queue the data in 1-byte chunks. Depending on how efficiently this data is queued, this queue can consume excess CPU, memory, or both, leading to a denial of service. The highest threat from this vulnerability is to system availability."], "mitigation": {"lang": "en:us", "value": "Red Hat Quay 3.0 uses Nginx 1.12 from Red Hat Software Collections. It will be updated once a fixed is released for Software Collections. In the meantime users of Quay can disable http/2 support in Nginx by following these instructions:\n1. Copy the Nginx configuration from the quay container to the host\n$ docker cp 3aadf1421ba3:/quay-registry/conf/nginx/ /mnt/quay/nginx\n2. Edit the Nginx configuration, removing http/2 support\n$ sed -i 's/http2 //g' /mnt/quay/nginx/nginx.conf\n3. Restart Nginx with the new configuration mounted into the container, eg:\n$ docker run --restart=always -p 443:8443 -p 80:8080 --sysctl net.core.somaxconn=4096 -v /mnt/quay/config:/conf/stack:Z -v /mnt/quay/storage:/datastorage -v /mnt/quay/nginx:/quay-registry/config/nginx:Z -d quay.io/redhat/quay:v3.0.3"}, "name": "CVE-2019-9511", "package_state": [{"cpe": "cpe:/a:redhat:cloudforms_managementengine:5", "fix_state": "Not affected", "package_name": "nginx", "product_name": "CloudForms Management Engine 5"}, {"cpe": "cpe:/a:redhat:red_hat_3scale_amp:2", "fix_state": "Affected", "impact": "moderate", "package_name": "nginx", "product_name": "Red Hat 3scale API Management Platform 2"}, {"cpe": "cpe:/a:redhat:ansible_tower:3", "fix_state": "Not affected", "package_name": "nginx", "product_name": "Red Hat Ansible Tower 3"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "httpd:2.4/mod_http2", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "nginx:1.16/nginx", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/a:redhat:jboss_data_grid:7", "fix_state": "Not affected", "package_name": "undertow", "product_name": "Red Hat JBoss Data Grid 7"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6", "fix_state": "Not affected", "package_name": "jbossweb", "product_name": "Red Hat JBoss Enterprise Application Platform 6"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform_cd", "fix_state": "Affected", "package_name": "undertow", "product_name": "Red Hat JBoss Enterprise Application Platform Continuous Delivery"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_web_server:3", "fix_state": "Out of support scope", "package_name": "httpd", "product_name": "Red Hat JBoss Enterprise Web Server 3"}, {"cpe": "cpe:/a:redhat:jboss_fuse:6", "fix_state": "Not affected", "package_name": "undertow", "product_name": "Red Hat JBoss Fuse 6"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_web_server:5", "fix_state": "Not affected", "package_name": "nghttp2", "product_name": "Red Hat JBoss Web Server 5"}, {"cpe": "cpe:/a:redhat:openshift_application_runtimes:1.0", "fix_state": "Out of support scope", "package_name": "rhoar-nodejs", "product_name": "Red Hat OpenShift Application Runtimes"}, {"cpe": "cpe:/a:redhat:openshift_application_runtimes:1.0", "fix_state": "Affected", "package_name": "undertow", "product_name": "Red Hat OpenShift Application Runtimes"}, {"cpe": "cpe:/a:redhat:openshift:3.10", "fix_state": "Not affected", "package_name": "atomic-openshift", "product_name": "Red Hat OpenShift Container Platform 3.10"}, {"cpe": "cpe:/a:redhat:openshift:3.10", "fix_state": "Not affected", "package_name": "nodejs", "product_name": "Red Hat OpenShift Container Platform 3.10"}, {"cpe": "cpe:/a:redhat:openshift:3.11", "fix_state": "Not affected", "package_name": "atomic-openshift", "product_name": "Red Hat OpenShift Container Platform 3.11"}, {"cpe": "cpe:/a:redhat:openshift:3.9", "fix_state": "Not affected", "package_name": "atomic-openshift", "product_name": "Red Hat OpenShift Container Platform 3.9"}, {"cpe": "cpe:/a:redhat:openshift:3.9", "fix_state": "Not affected", "package_name": "nodejs", "product_name": "Red Hat OpenShift Container Platform 3.9"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_bpms_platform:7", "fix_state": "Not affected", "package_name": "undertow", "product_name": "Red Hat Process Automation 7"}, {"cpe": "cpe:/a:redhat:quay:3", "fix_state": "Not affected", "package_name": "nodejs", "product_name": "Red Hat Quay 3"}, {"cpe": "cpe:/a:redhat:red_hat_single_sign_on:7", "fix_state": "Not affected", "package_name": "undertow", "product_name": "Red Hat Single Sign-On 7"}, {"cpe": "cpe:/a:redhat:rhel_software_collections:3", "fix_state": "Not affected", "package_name": "rh-nginx116-nginx", "product_name": "Red Hat Software Collections"}], "public_date": "2019-08-13T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2019-9511\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-9511\nhttps://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md\nhttps://kb.cert.org/vuls/id/605641/\nhttps://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/\nhttps://www.nginx.com/blog/nginx-updates-mitigate-august-2019-http-2-vulnerabilities/"], "statement": "There are no mitigations available for nghttp2 and nodejs. Both packages will be updated once the available fixes are released for Red Hat Enterprise Linux and Red Hat Software Collections.\nThe nodejs RPM shipped in OpenShift Container Platform 3.9 and 3.10 is not affected by this flaw as it does not contain the vulnerable code.", "threat_severity": "Important", "upstream_fix": "nginx 1.16.1, nginx 1.17.3, Nodejs 8.16.1, Nodejs 10.16.3, Nodejs 12.8.1"}