CVE-2019-9516

Some HTTP/2 implementations are vulnerable to a header leak, potentially leading to a denial of service. The attacker sends a stream of headers with a 0-length header name and 0-length header value, optionally Huffman encoded into 1-byte or greater headers. Some implementations allocate memory for these headers and keep the allocation alive until the session dies. This can consume excess memory.

CVSS v3.0 6.5 MEDIUM
CVSS v2.0 6.8 MEDIUM

6.5^/10

CVSS v3.0 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

6.8^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:S/C:N/I:N/A:C

Exploitability : 8.0 / Impact : 6.9

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact COMPLETE

References

Link	Resource
https://kb.cert.org/vuls/id/605641/	Third Party Advisory US Government Resource
https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md	Third Party Advisory
https://seclists.org/bugtraq/2019/Aug/24	Mailing List Third Party Advisory
https://usn.ubuntu.com/4099-1/	Third Party Advisory
http://seclists.org/fulldisclosure/2019/Aug/16	Mailing List Third Party Advisory
https://www.synology.com/security/advisory/Synology_SA_19_33	Third Party Advisory
https://support.f5.com/csp/article/K02591030	Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TAZZEVTCN2B4WT6AIBJ7XGYJMBTORJU5/	Third Party Advisory
https://seclists.org/bugtraq/2019/Aug/40	Mailing List Third Party Advisory
https://www.debian.org/security/2019/dsa-4505	Third Party Advisory
https://security.netapp.com/advisory/ntap-20190823-0005/	Third Party Advisory
https://security.netapp.com/advisory/ntap-20190823-0002/	Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CMNFX5MNYRWWIMO4BTKYQCGUDMHO3AXP/	Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4ZQGHE3WTYLYAYJEIDJVF2FIGQTAYPMC/	Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BP556LEG3WENHZI5TAQ6ZEBFTJB4E2IS/	Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XHTKU7YQ5EEP2XNSAV4M4VJ7QCBOJMOD/	Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/POPAEC4FWL4UU4LDEGPY5NPALU24FFQD/	Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00035.html	Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00032.html	Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00031.html	Mailing List Third Party Advisory
https://kc.mcafee.com/corporate/index?page=content&id=SB10296	Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:2746	Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:2745	Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:2775	Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:2799	Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:2925	Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:2939	Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:2946	Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:2950	Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:2955	Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:2966	Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00014.html	Mailing List Third Party Advisory
https://support.f5.com/csp/article/K02591030?utm_source=f5support&utm_medium=RSS	Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:3935	Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:3933	Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:3932	Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/H472D5HPXN6RRXCNFML3BK5OYC52CXF2/	Mailing List Third Party Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:a:apple:swiftnio:*:*:*:*:*:*:*:*

OR	cpe:2.3:o:canonical:ubuntu_linux::::::::
	cpe:2.3:o:apple:mac_os_x::::::::

Configuration 2 (hide)

OR	cpe:2.3:a:apache:traffic_server::::::::
	cpe:2.3:a:apache:traffic_server::::::::
	cpe:2.3:a:apache:traffic_server::::::::

Configuration 3 (hide)

OR	cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
	cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::
	cpe:2.3:o:canonical:ubuntu_linux:19.04:::::::*

Configuration 4 (hide)

OR	cpe:2.3:o:debian:debian_linux:9.0:::::::*
	cpe:2.3:o:debian:debian_linux:10.0:::::::*
	cpe:2.3:o:fedoraproject:fedora:30:::::::*

Configuration 5 (hide)

OR	cpe:2.3:a:synology:skynas:-:::::::*
	cpe:2.3:a:synology:diskstation_manager:6.2:::::::*

Configuration 6 (hide)

AND

cpe:2.3:o:synology:vs960hd_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:synology:vs960hd:-:*:*:*:*:*:*:*

Configuration 7 (hide)

OR	cpe:2.3:o:debian:debian_linux:9.0:::::::*
	cpe:2.3:o:debian:debian_linux:10.0:::::::*

Configuration 8 (hide)

OR	cpe:2.3:o:fedoraproject:fedora:29:::::::*
	cpe:2.3:o:fedoraproject:fedora:30:::::::*
	cpe:2.3:o:fedoraproject:fedora:32:::::::*

Configuration 9 (hide)

OR	cpe:2.3:o:opensuse:leap:15.0:::::::*
	cpe:2.3:o:opensuse:leap:15.1:::::::*

Configuration 10 (hide)

OR	cpe:2.3:a:redhat:software_collections:1.0:::::::*
	cpe:2.3:a:redhat:jboss_core_services:1.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux:8.0:::::::*
	cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.2.0:::::::*
	cpe:2.3:a:redhat:quay:3.0.0:::::::*
	cpe:2.3:a:redhat:openshift_service_mesh:1.0:::::::*
	cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.3.0:::::::*

Configuration 11 (hide)

cpe:2.3:a:oracle:graalvm:19.2.0:*:*:*:enterprise:*:*:*

Configuration 12 (hide)

OR	cpe:2.3:a:mcafee:web_gateway::::::::
	cpe:2.3:a:mcafee:web_gateway::::::::
	cpe:2.3:a:mcafee:web_gateway::::::::

Configuration 13 (hide)

OR	cpe:2.3:a:f5:nginx::::::::
	cpe:2.3:a:f5:nginx::::::::

Configuration 14 (hide)

OR	cpe:2.3:a:nodejs:node.js:::::-:::*
	cpe:2.3:a:nodejs:node.js:::::lts:::*
	cpe:2.3:a:nodejs:node.js:::::lts:::*

Information

Published : 2019-08-13 14:15

Updated : 2022-08-05 07:52

NVD link : CVE-2019-9516

Mitre link : CVE-2019-9516

JSON object : View

CWE

CWE-770

Allocation of Resources Without Limits or Throttling

Products Affected

oracle

graalvm

nginx

redhat

jboss_enterprise_application_platform
quay
enterprise_linux
jboss_core_services
openshift_service_mesh
software_collections

canonical

ubuntu_linux

mcafee

web_gateway

synology

vs960hd
vs960hd_firmware
skynas
diskstation_manager

fedoraproject

fedora

apple

swiftnio
mac_os_x

debian

debian_linux

nodejs

node.js

apache

traffic_server

opensuse

leap

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://kb.cert.org/vuls/id/605641/", "name": "VU#605641", "tags": ["Third Party Advisory", "US Government Resource"], "refsource": "CERT-VN"}, {"url": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md", "name": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md", "tags": ["Third Party Advisory"], "refsource": "MISC"}, {"url": "https://seclists.org/bugtraq/2019/Aug/24", "name": "20190814 APPLE-SA-2019-08-13-5 SwiftNIO HTTP/2 1.5.0", "tags": ["Mailing List", "Third Party Advisory"], "refsource": "BUGTRAQ"}, {"url": "https://usn.ubuntu.com/4099-1/", "name": "USN-4099-1", "tags": ["Third Party Advisory"], "refsource": "UBUNTU"}, {"url": "http://seclists.org/fulldisclosure/2019/Aug/16", "name": "20190816 APPLE-SA-2019-08-13-5 SwiftNIO HTTP/2 1.5.0", "tags": ["Mailing List", "Third Party Advisory"], "refsource": "FULLDISC"}, {"url": "https://www.synology.com/security/advisory/Synology_SA_19_33", "name": "https://www.synology.com/security/advisory/Synology_SA_19_33", "tags": ["Third Party Advisory"], "refsource": "CONFIRM"}, {"url": "https://support.f5.com/csp/article/K02591030", "name": "https://support.f5.com/csp/article/K02591030", "tags": ["Third Party Advisory"], "refsource": "CONFIRM"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TAZZEVTCN2B4WT6AIBJ7XGYJMBTORJU5/", "name": "FEDORA-2019-befd924cfe", "tags": ["Third Party Advisory"], "refsource": "FEDORA"}, {"url": "https://seclists.org/bugtraq/2019/Aug/40", "name": "20190822 [SECURITY] [DSA 4505-1] nginx security update", "tags": ["Mailing List", "Third Party Advisory"], "refsource": "BUGTRAQ"}, {"url": "https://www.debian.org/security/2019/dsa-4505", "name": "DSA-4505", "tags": ["Third Party Advisory"], "refsource": "DEBIAN"}, {"url": "https://security.netapp.com/advisory/ntap-20190823-0005/", "name": "https://security.netapp.com/advisory/ntap-20190823-0005/", "tags": ["Third Party Advisory"], "refsource": "CONFIRM"}, {"url": "https://security.netapp.com/advisory/ntap-20190823-0002/", "name": "https://security.netapp.com/advisory/ntap-20190823-0002/", "tags": ["Third Party Advisory"], "refsource": "CONFIRM"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CMNFX5MNYRWWIMO4BTKYQCGUDMHO3AXP/", "name": "FEDORA-2019-5a6a7bc12c", "tags": ["Mailing List", "Third Party Advisory"], "refsource": "FEDORA"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4ZQGHE3WTYLYAYJEIDJVF2FIGQTAYPMC/", "name": "FEDORA-2019-6a2980de56", "tags": ["Mailing List", "Third Party Advisory"], "refsource": "FEDORA"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BP556LEG3WENHZI5TAQ6ZEBFTJB4E2IS/", "name": "FEDORA-2019-4427fd65be", "tags": ["Mailing List", "Third Party Advisory"], "refsource": "FEDORA"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XHTKU7YQ5EEP2XNSAV4M4VJ7QCBOJMOD/", "name": "FEDORA-2019-63ba15cc83", "tags": ["Mailing List", "Third Party Advisory"], "refsource": "FEDORA"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/POPAEC4FWL4UU4LDEGPY5NPALU24FFQD/", "name": "FEDORA-2019-7a0b45fdc4", "tags": ["Mailing List", "Third Party Advisory"], "refsource": "FEDORA"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00035.html", "name": "openSUSE-SU-2019:2120", "tags": ["Mailing List", "Third Party Advisory"], "refsource": "SUSE"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00032.html", "name": "openSUSE-SU-2019:2114", "tags": ["Mailing List", "Third Party Advisory"], "refsource": "SUSE"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00031.html", "name": "openSUSE-SU-2019:2115", "tags": ["Mailing List", "Third Party Advisory"], "refsource": "SUSE"}, {"url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10296", "name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10296", "tags": ["Third Party Advisory"], "refsource": "CONFIRM"}, {"url": "https://access.redhat.com/errata/RHSA-2019:2746", "name": "RHSA-2019:2746", "tags": ["Third Party Advisory"], "refsource": "REDHAT"}, {"url": "https://access.redhat.com/errata/RHSA-2019:2745", "name": "RHSA-2019:2745", "tags": ["Third Party Advisory"], "refsource": "REDHAT"}, {"url": "https://access.redhat.com/errata/RHSA-2019:2775", "name": "RHSA-2019:2775", "tags": ["Third Party Advisory"], "refsource": "REDHAT"}, {"url": "https://access.redhat.com/errata/RHSA-2019:2799", "name": "RHSA-2019:2799", "tags": ["Third Party Advisory"], "refsource": "REDHAT"}, {"url": "https://access.redhat.com/errata/RHSA-2019:2925", "name": "RHSA-2019:2925", "tags": ["Third Party Advisory"], "refsource": "REDHAT"}, {"url": "https://access.redhat.com/errata/RHSA-2019:2939", "name": "RHSA-2019:2939", "tags": ["Third Party Advisory"], "refsource": "REDHAT"}, {"url": "https://access.redhat.com/errata/RHSA-2019:2946", "name": "RHSA-2019:2946", "tags": ["Third Party Advisory"], "refsource": "REDHAT"}, {"url": "https://access.redhat.com/errata/RHSA-2019:2950", "name": "RHSA-2019:2950", "tags": ["Third Party Advisory"], "refsource": "REDHAT"}, {"url": "https://access.redhat.com/errata/RHSA-2019:2955", "name": "RHSA-2019:2955", "tags": ["Third Party Advisory"], "refsource": "REDHAT"}, {"url": "https://access.redhat.com/errata/RHSA-2019:2966", "name": "RHSA-2019:2966", "tags": ["Third Party Advisory"], "refsource": "REDHAT"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00014.html", "name": "openSUSE-SU-2019:2264", "tags": ["Mailing List", "Third Party Advisory"], "refsource": "SUSE"}, {"url": "https://support.f5.com/csp/article/K02591030?utm_source=f5support&utm_medium=RSS", "name": "https://support.f5.com/csp/article/K02591030?utm_source=f5support&utm_medium=RSS", "tags": ["Third Party Advisory"], "refsource": "CONFIRM"}, {"url": "https://access.redhat.com/errata/RHSA-2019:3935", "name": "RHSA-2019:3935", "tags": ["Third Party Advisory"], "refsource": "REDHAT"}, {"url": "https://access.redhat.com/errata/RHSA-2019:3933", "name": "RHSA-2019:3933", "tags": ["Third Party Advisory"], "refsource": "REDHAT"}, {"url": "https://access.redhat.com/errata/RHSA-2019:3932", "name": "RHSA-2019:3932", "tags": ["Third Party Advisory"], "refsource": "REDHAT"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/H472D5HPXN6RRXCNFML3BK5OYC52CXF2/", "name": "FEDORA-2021-d5b2c18fe6", "tags": ["Mailing List", "Third Party Advisory"], "refsource": "FEDORA"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Some HTTP/2 implementations are vulnerable to a header leak, potentially leading to a denial of service. The attacker sends a stream of headers with a 0-length header name and 0-length header value, optionally Huffman encoded into 1-byte or greater headers. Some implementations allocate memory for these headers and keep the allocation alive until the session dies. This can consume excess memory."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-770"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2019-9516", "ASSIGNER": "cert@cert.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:C", "authentication": "SINGLE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "NONE"}, "severity": "MEDIUM", "acInsufInfo": false, "impactScore": 6.9, "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "baseMetricV3": {"cvssV3": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.8}}, "publishedDate": "2019-08-13T21:15Z", "configurations": {"nodes": [{"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:apple:swiftnio:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "1.4.0", "versionStartIncluding": "1.0.0"}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false, "versionStartIncluding": "14.04"}, {"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false, "versionStartIncluding": "10.12"}]}], "operator": "AND", "cpe_match": []}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "8.0.3", "versionStartIncluding": "8.0.0"}, {"cpe23Uri": "cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "7.1.6", "versionStartIncluding": "7.0.0"}, {"cpe23Uri": "cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "6.2.3", "versionStartIncluding": "6.0.0"}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:synology:skynas:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:synology:diskstation_manager:6.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:synology:vs960hd_firmware:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:h:synology:vs960hd:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}], "operator": "AND", "cpe_match": []}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:redhat:software_collections:1.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:redhat:jboss_core_services:1.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.2.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:redhat:quay:3.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:redhat:openshift_service_mesh:1.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.3.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:oracle:graalvm:19.2.0:*:*:*:enterprise:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:mcafee:web_gateway:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "7.7.2.24", "versionStartIncluding": "7.7.2.0"}, {"cpe23Uri": "cpe:2.3:a:mcafee:web_gateway:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "7.8.2.13", "versionStartIncluding": "7.8.2.0"}, {"cpe23Uri": "cpe:2.3:a:mcafee:web_gateway:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "8.2.0", "versionStartIncluding": "8.1.0"}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "1.16.1", "versionStartIncluding": "1.9.5"}, {"cpe23Uri": "cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "1.17.2", "versionStartIncluding": "1.17.0"}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "12.8.1", "versionStartIncluding": "12.0.0"}, {"cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "8.16.1", "versionStartIncluding": "8.0.0"}, {"cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "10.16.3", "versionStartIncluding": "10.0.0"}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2022-08-05T14:52Z"}

6.5 /10

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

6.8 /10

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact COMPLETE

JSON object

Attach tags to CVE-2019-9516

6.5^/10

6.8^/10

Attach tags to `CVE-2019-9516`