CVE-2019-9515

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Aug 13, 2019

Updated: Jan 14, 2025

CWE ID 400

CWE ID 770

Summary

CVE-2019-9515 is a denial-of-service vulnerability affecting certain HTTP/2 implementations. malicious actors can exploit this weakness by flooding the targeted system with a high volume of SETTINGS frames. Since the recipient is required by the RFC to respond with an acknowledgement for each frame, an empty SETTINGS frame behaves similarly to a ping. This excessive data processing can lead to significant CPU and memory consumption, potentially causing a denial-of-service condition.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

F5 LTM
Nodejs Node.js
McAfee Web Gateway
Apache Traffic Server
Debian

Affected Vendors

Debian
Red Hat
Fedora Project
F5
Apache Software Foundation

Advisories, Assessments, and Mitigations

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Threats to the 2025 NATO Summit

Artificial Eyes: Generative AI in China’s Military Intelligence

GrayAlpha Uses Diverse Infection Vectors to Deploy PowerNet Loader and NetSupport RAT

Know What Matters

For Customers

For Partners