CVE-2019-9515
CVSS 3.1 Score 7.5 of 10 (high)
Details
Published Aug 13, 2019
Updated: Jan 14, 2025
CWE ID 400
CWE ID 770
Summary
CVE-2019-9515 is a denial-of-service vulnerability affecting certain HTTP/2 implementations. malicious actors can exploit this weakness by flooding the targeted system with a high volume of SETTINGS frames. Since the recipient is required by the RFC to respond with an acknowledgement for each frame, an empty SETTINGS frame behaves similarly to a ping. This excessive data processing can lead to significant CPU and memory consumption, potentially causing a denial-of-service condition.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share
Affected Products
- F5 LTM
- Nodejs Node.js
- McAfee Web Gateway
- Apache Traffic Server
- Debian
Affected Vendors
- Debian
- Red Hat
- Fedora Project
- F5
- Apache Software Foundation