Vulnerability-Lookup

CVE-2019-10079 (GCVE-0-2019-10079)

Vulnerability from cvelistv5 – Published: 2019-10-22 15:42 – Updated: 2024-08-04 22:10

Summary

Apache Traffic Server is vulnerable to HTTP/2 setting flood attacks. Earlier versions of Apache Traffic Server didn't limit the number of setting frames sent from the client using the HTTP/2 protocol. Users should upgrade to Apache Traffic Server 7.1.7, 8.0.4, or later versions.

Severity

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE

DOS Attack

Assigner

apache

References

3 references

URL	Tags
https://lists.apache.org/thread.html/bde52309316a…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/392108390cef…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/ad3d01e76719…	mailing-listx_refsource_MLIST

Impacted products

1 product

Vendor	Product	Version
n/a	Apache Traffic Server	Affected: Apache Traffic Server 6.0.0 to 6.2.3, 7.0.0 to 7.1.6, and 8.0.0 to 8.0.3

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T22:10:09.532Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "[trafficserver-dev] 20190813 Apache Traffic Server is vulnerable to various HTTP/2 attacks",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/bde52309316ae798186d783a5e29f4ad1527f61c9219a289d0eee0a7%40%3Cdev.trafficserver.apache.org%3E"
          },
          {
            "name": "[trafficserver-users] 20190813 Apache Traffic Server is vulnerable to various HTTP/2 attacks",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/392108390cef48af647a2e47b7fd5380e050e35ae8d1aa2030254c04%40%3Cusers.trafficserver.apache.org%3E"
          },
          {
            "name": "[trafficserver-announce] 20190813 Apache Traffic Server is vulnerable to various HTTP/2 attacks",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/ad3d01e767199c1aed8033bb6b3f5bf98c011c7c536f07a5d34b3c19%40%3Cannounce.trafficserver.apache.org%3E"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Apache Traffic Server",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Apache Traffic Server 6.0.0 to 6.2.3, 7.0.0 to 7.1.6, and 8.0.0 to 8.0.3"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Apache Traffic Server is vulnerable to HTTP/2 setting flood attacks. Earlier versions of Apache Traffic Server didn\u0027t limit the number of setting frames sent from the client using the HTTP/2 protocol. Users should upgrade to Apache Traffic Server 7.1.7, 8.0.4, or later versions."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "DOS Attack",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-10-28T14:21:24.000Z",
        "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "shortName": "apache"
      },
      "references": [
        {
          "name": "[trafficserver-dev] 20190813 Apache Traffic Server is vulnerable to various HTTP/2 attacks",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/bde52309316ae798186d783a5e29f4ad1527f61c9219a289d0eee0a7%40%3Cdev.trafficserver.apache.org%3E"
        },
        {
          "name": "[trafficserver-users] 20190813 Apache Traffic Server is vulnerable to various HTTP/2 attacks",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/392108390cef48af647a2e47b7fd5380e050e35ae8d1aa2030254c04%40%3Cusers.trafficserver.apache.org%3E"
        },
        {
          "name": "[trafficserver-announce] 20190813 Apache Traffic Server is vulnerable to various HTTP/2 attacks",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/ad3d01e767199c1aed8033bb6b3f5bf98c011c7c536f07a5d34b3c19%40%3Cannounce.trafficserver.apache.org%3E"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@apache.org",
          "ID": "CVE-2019-10079",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Apache Traffic Server",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Apache Traffic Server 6.0.0 to 6.2.3, 7.0.0 to 7.1.6, and 8.0.0 to 8.0.3"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Apache Traffic Server is vulnerable to HTTP/2 setting flood attacks. Earlier versions of Apache Traffic Server didn\u0027t limit the number of setting frames sent from the client using the HTTP/2 protocol. Users should upgrade to Apache Traffic Server 7.1.7, 8.0.4, or later versions."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "DOS Attack"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "[trafficserver-dev] 20190813 Apache Traffic Server is vulnerable to various HTTP/2 attacks",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/bde52309316ae798186d783a5e29f4ad1527f61c9219a289d0eee0a7@%3Cdev.trafficserver.apache.org%3E"
            },
            {
              "name": "[trafficserver-users] 20190813 Apache Traffic Server is vulnerable to various HTTP/2 attacks",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/392108390cef48af647a2e47b7fd5380e050e35ae8d1aa2030254c04@%3Cusers.trafficserver.apache.org%3E"
            },
            {
              "name": "[trafficserver-announce] 20190813 Apache Traffic Server is vulnerable to various HTTP/2 attacks",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/ad3d01e767199c1aed8033bb6b3f5bf98c011c7c536f07a5d34b3c19@%3Cannounce.trafficserver.apache.org%3E"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
    "assignerShortName": "apache",
    "cveId": "CVE-2019-10079",
    "datePublished": "2019-10-22T15:42:35.000Z",
    "dateReserved": "2019-03-26T00:00:00.000Z",
    "dateUpdated": "2024-08-04T22:10:09.532Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2019-10079",
      "date": "2026-06-23",
      "epss": "0.04561",
      "percentile": "0.90372"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2019-10079\",\"sourceIdentifier\":\"security@apache.org\",\"published\":\"2019-10-22T16:15:10.610\",\"lastModified\":\"2024-11-21T04:18:21.293\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Apache Traffic Server is vulnerable to HTTP/2 setting flood attacks. Earlier versions of Apache Traffic Server didn\u0027t limit the number of setting frames sent from the client using the HTTP/2 protocol. Users should upgrade to Apache Traffic Server 7.1.7, 8.0.4, or later versions.\"},{\"lang\":\"es\",\"value\":\"Apache Traffic Server es vulnerable a los ataques de inundaci\u00f3n de la configuraci\u00f3n HTTP/2. Las versiones anteriores de Apache Traffic Server no limitaban el n\u00famero de tramas de configuraci\u00f3n enviadas desde el cliente utilizando el protocolo HTTP/2. Los usuarios deben actualizar a Apache Traffic Server versi\u00f3n 7.1.7, 8.0.4 o versiones posteriores.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:N/A:P\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-770\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"7.1.7\",\"matchCriteriaId\":\"ABD66321-C0B1-45E6-A5C0-3A9F866386BC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.0.0\",\"versionEndExcluding\":\"8.0.4\",\"matchCriteriaId\":\"A87A8D4E-7567-4698-8414-D171B7CE05DC\"}]}]}],\"references\":[{\"url\":\"https://lists.apache.org/thread.html/392108390cef48af647a2e47b7fd5380e050e35ae8d1aa2030254c04%40%3Cusers.trafficserver.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/ad3d01e767199c1aed8033bb6b3f5bf98c011c7c536f07a5d34b3c19%40%3Cannounce.trafficserver.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/bde52309316ae798186d783a5e29f4ad1527f61c9219a289d0eee0a7%40%3Cdev.trafficserver.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/392108390cef48af647a2e47b7fd5380e050e35ae8d1aa2030254c04%40%3Cusers.trafficserver.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/ad3d01e767199c1aed8033bb6b3f5bf98c011c7c536f07a5d34b3c19%40%3Cannounce.trafficserver.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/bde52309316ae798186d783a5e29f4ad1527f61c9219a289d0eee0a7%40%3Cdev.trafficserver.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

BDU:2020-01370

Vulnerability from fstec - Published: 22.10.2019

Title

Уязвимость модуля HTTP/2 веб-сервера Apache Traffic Server, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность данных

Description

Уязвимость модуля HTTP/2 веб-сервера Apache Traffic Server существует из-за некорректной обработки запросов HTTP/2. Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, оказать воздействие на конфиденциальность, целостность и доступность данных

Severity


                    
                      AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Vendor

Apache Software Foundation

Software Name

Traffic Server

Software Version

до 7.1.7 (Traffic Server), до 8.0.0 включительно (Traffic Server)

Possible Mitigations

Использование рекомендаций: https://lists.apache.org/thread.html/392108390cef48af647a2e47b7fd5380e050e35ae8d1aa2030254c04@%3Cusers.trafficserver.apache.org%3E

Reference

https://www.us-cert.gov/ncas/bulletins/SB19301 https://lists.apache.org/thread.html/392108390cef48af647a2e47b7fd5380e050e35ae8d1aa2030254c04@%3Cusers.trafficserver.apache.org%3E https://lists.apache.org/thread.html/ad3d01e767199c1aed8033bb6b3f5bf98c011c7c536f07a5d34b3c19@%3Cannounce.trafficserver.apache.org%3E https://lists.apache.org/thread.html/bde52309316ae798186d783a5e29f4ad1527f61c9219a289d0eee0a7@%3Cdev.trafficserver.apache.org%3E

CWE

CWE-20

JSON

To clipboard

{
  "CVSS 2.0": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
  "CVSS 3.0": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Apache Software Foundation",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "\u0434\u043e 7.1.7 (Traffic Server), \u0434\u043e 8.0.0 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Traffic Server)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\nhttps://lists.apache.org/thread.html/392108390cef48af647a2e47b7fd5380e050e35ae8d1aa2030254c04@%3Cusers.trafficserver.apache.org%3E",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "22.10.2019",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "10.04.2020",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "10.04.2020",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2020-01370",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2019-10079",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Traffic Server",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "Apache Software Foundation Traffic Server \u0434\u043e 7.1.7 , Apache Software Foundation Traffic Server \u0434\u043e 8.0.0 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e ",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043c\u043e\u0434\u0443\u043b\u044f HTTP/2 \u0432\u0435\u0431-\u0441\u0435\u0440\u0432\u0435\u0440\u0430 Apache Traffic Server, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043e\u043a\u0430\u0437\u0430\u0442\u044c \u0432\u043e\u0437\u0434\u0435\u0439\u0441\u0442\u0432\u0438\u0435 \u043d\u0430 \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u043e\u0441\u0442\u044c, \u0446\u0435\u043b\u043e\u0441\u0442\u043d\u043e\u0441\u0442\u044c \u0438 \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u043e\u0441\u0442\u044c \u0434\u0430\u043d\u043d\u044b\u0445",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u0430\u044f \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0430 \u0432\u0432\u043e\u0434\u0438\u043c\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445 (CWE-20)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043c\u043e\u0434\u0443\u043b\u044f HTTP/2 \u0432\u0435\u0431-\u0441\u0435\u0440\u0432\u0435\u0440\u0430 Apache Traffic Server \u0441\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u0435\u0442 \u0438\u0437-\u0437\u0430 \u043d\u0435\u043a\u043e\u0440\u0440\u0435\u043a\u0442\u043d\u043e\u0439 \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u043a\u0438 \u0437\u0430\u043f\u0440\u043e\u0441\u043e\u0432 HTTP/2. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e, \u043e\u043a\u0430\u0437\u0430\u0442\u044c \u0432\u043e\u0437\u0434\u0435\u0439\u0441\u0442\u0432\u0438\u0435 \u043d\u0430 \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u043e\u0441\u0442\u044c, \u0446\u0435\u043b\u043e\u0441\u0442\u043d\u043e\u0441\u0442\u044c \u0438 \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u043e\u0441\u0442\u044c \u0434\u0430\u043d\u043d\u044b\u0445",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u0441\u0443\u0440\u0441\u0430\u043c\u0438",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://www.us-cert.gov/ncas/bulletins/SB19301\nhttps://lists.apache.org/thread.html/392108390cef48af647a2e47b7fd5380e050e35ae8d1aa2030254c04@%3Cusers.trafficserver.apache.org%3E\nhttps://lists.apache.org/thread.html/ad3d01e767199c1aed8033bb6b3f5bf98c011c7c536f07a5d34b3c19@%3Cannounce.trafficserver.apache.org%3E\nhttps://lists.apache.org/thread.html/bde52309316ae798186d783a5e29f4ad1527f61c9219a289d0eee0a7@%3Cdev.trafficserver.apache.org%3E",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u0421\u0435\u0442\u0435\u0432\u043e\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-20",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,8)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,5)"
}

CNVD-2019-41286

Vulnerability from cnvd - Published: 2019-11-19

Title

Apache Traffic Server HTTP/2输入验证错误漏洞

Description

Apache Traffic Server（ATS）是美国阿帕奇（Apache）软件基金会的一套可扩展的HTTP代理和缓存服务器。 Apache Traffic Server 7.1.7和8.0.4之前版本存在安全漏洞。该漏洞源于Apache Traffic Server不限制使用HTTP/2协议从客户端发送的设置帧的数量。攻击者可利用该漏洞导致拒绝服务。

Severity

中

Patch Name

Apache Traffic Server HTTP/2输入验证错误漏洞的补丁

Patch Description

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： http://trafficserver.apache.org/downloads

Reference

https://nvd.nist.gov/vuln/detail/CVE-2019-10079

Impacted products

Name
['Apache Traffic Server <7.1.7', 'Apache Traffic Server <8.0.4']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2019-10079",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2019-10079"
    }
  },
  "description": "Apache Traffic Server\uff08ATS\uff09\u662f\u7f8e\u56fd\u963f\u5e15\u5947\uff08Apache\uff09\u8f6f\u4ef6\u57fa\u91d1\u4f1a\u7684\u4e00\u5957\u53ef\u6269\u5c55\u7684HTTP\u4ee3\u7406\u548c\u7f13\u5b58\u670d\u52a1\u5668\u3002\n\nApache Traffic Server 7.1.7\u548c8.0.4\u4e4b\u524d\u7248\u672c\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u6e90\u4e8eApache Traffic Server\u4e0d\u9650\u5236\u4f7f\u7528HTTP/2\u534f\u8bae\u4ece\u5ba2\u6237\u7aef\u53d1\u9001\u7684\u8bbe\u7f6e\u5e27\u7684\u6570\u91cf\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4\u62d2\u7edd\u670d\u52a1\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttp://trafficserver.apache.org/downloads",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2019-41286",
  "openTime": "2019-11-19",
  "patchDescription": "Apache Traffic Server\uff08ATS\uff09\u662f\u7f8e\u56fd\u963f\u5e15\u5947\uff08Apache\uff09\u8f6f\u4ef6\u57fa\u91d1\u4f1a\u7684\u4e00\u5957\u53ef\u6269\u5c55\u7684HTTP\u4ee3\u7406\u548c\u7f13\u5b58\u670d\u52a1\u5668\u3002\r\n\r\nApache Traffic Server 7.1.7\u548c8.0.4\u4e4b\u524d\u7248\u672c\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u6e90\u4e8eApache Traffic Server\u4e0d\u9650\u5236\u4f7f\u7528HTTP/2\u534f\u8bae\u4ece\u5ba2\u6237\u7aef\u53d1\u9001\u7684\u8bbe\u7f6e\u5e27\u7684\u6570\u91cf\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4\u62d2\u7edd\u670d\u52a1\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Apache Traffic Server HTTP/2\u8f93\u5165\u9a8c\u8bc1\u9519\u8bef\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Apache Traffic Server \u003c7.1.7",
      "Apache Traffic Server \u003c8.0.4"
    ]
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2019-10079",
  "serverity": "\u4e2d",
  "submitTime": "2019-10-23",
  "title": "Apache Traffic Server HTTP/2\u8f93\u5165\u9a8c\u8bc1\u9519\u8bef\u6f0f\u6d1e"
}

FKIE_CVE-2019-10079

Vulnerability from fkie_nvd - Published: 2019-10-22 16:15 - Updated: 2026-06-17 02:10

Severity

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

References

	URL	Tags
	security@apache.org	https://lists.apache.org/thread.html/392108390cef48af647a2e47b7fd5380e050e35ae8d1aa2030254c04%40%3Cusers.trafficserver.apache.org%3E
	security@apache.org	https://lists.apache.org/thread.html/ad3d01e767199c1aed8033bb6b3f5bf98c011c7c536f07a5d34b3c19%40%3Cannounce.trafficserver.apache.org%3E
	security@apache.org	https://lists.apache.org/thread.html/bde52309316ae798186d783a5e29f4ad1527f61c9219a289d0eee0a7%40%3Cdev.trafficserver.apache.org%3E
	af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/392108390cef48af647a2e47b7fd5380e050e35ae8d1aa2030254c04%40%3Cusers.trafficserver.apache.org%3E
	af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/ad3d01e767199c1aed8033bb6b3f5bf98c011c7c536f07a5d34b3c19%40%3Cannounce.trafficserver.apache.org%3E
	af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/bde52309316ae798186d783a5e29f4ad1527f61c9219a289d0eee0a7%40%3Cdev.trafficserver.apache.org%3E

Impacted products

	Vendor	Product	Version
	apache	traffic_server	*
	apache	traffic_server	*

JSON

To clipboard

{
  "affected": [
    {
      "affectedData": [
        {
          "product": "Apache Traffic Server",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Apache Traffic Server 6.0.0 to 6.2.3, 7.0.0 to 7.1.6, and 8.0.0 to 8.0.3"
            }
          ]
        }
      ],
      "source": "security@apache.org"
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "ABD66321-C0B1-45E6-A5C0-3A9F866386BC",
              "versionEndExcluding": "7.1.7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A87A8D4E-7567-4698-8414-D171B7CE05DC",
              "versionEndExcluding": "8.0.4",
              "versionStartIncluding": "8.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Apache Traffic Server is vulnerable to HTTP/2 setting flood attacks. Earlier versions of Apache Traffic Server didn\u0027t limit the number of setting frames sent from the client using the HTTP/2 protocol. Users should upgrade to Apache Traffic Server 7.1.7, 8.0.4, or later versions."
    },
    {
      "lang": "es",
      "value": "Apache Traffic Server es vulnerable a los ataques de inundaci\u00f3n de la configuraci\u00f3n HTTP/2. Las versiones anteriores de Apache Traffic Server no limitaban el n\u00famero de tramas de configuraci\u00f3n enviadas desde el cliente utilizando el protocolo HTTP/2. Los usuarios deben actualizar a Apache Traffic Server versi\u00f3n 7.1.7, 8.0.4 o versiones posteriores."
    }
  ],
  "id": "CVE-2019-10079",
  "lastModified": "2026-06-17T02:10:10.470",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-10-22T16:15:10.610",
  "references": [
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/392108390cef48af647a2e47b7fd5380e050e35ae8d1aa2030254c04%40%3Cusers.trafficserver.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/ad3d01e767199c1aed8033bb6b3f5bf98c011c7c536f07a5d34b3c19%40%3Cannounce.trafficserver.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/bde52309316ae798186d783a5e29f4ad1527f61c9219a289d0eee0a7%40%3Cdev.trafficserver.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/392108390cef48af647a2e47b7fd5380e050e35ae8d1aa2030254c04%40%3Cusers.trafficserver.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/ad3d01e767199c1aed8033bb6b3f5bf98c011c7c536f07a5d34b3c19%40%3Cannounce.trafficserver.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/bde52309316ae798186d783a5e29f4ad1527f61c9219a289d0eee0a7%40%3Cdev.trafficserver.apache.org%3E"
    }
  ],
  "sourceIdentifier": "security@apache.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-770"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-GF9C-JVMP-J8CG

Vulnerability from github – Published: 2022-05-24 16:59 – Updated: 2024-04-04 02:32

Details

Severity

7.5 (High)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2019-10079"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-20",
      "CWE-770"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-10-22T16:15:00Z",
    "severity": "HIGH"
  },
  "details": "Apache Traffic Server is vulnerable to HTTP/2 setting flood attacks. Earlier versions of Apache Traffic Server didn\u0027t limit the number of setting frames sent from the client using the HTTP/2 protocol. Users should upgrade to Apache Traffic Server 7.1.7, 8.0.4, or later versions.",
  "id": "GHSA-gf9c-jvmp-j8cg",
  "modified": "2024-04-04T02:32:24Z",
  "published": "2022-05-24T16:59:34Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10079"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/392108390cef48af647a2e47b7fd5380e050e35ae8d1aa2030254c04%40%3Cusers.trafficserver.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/392108390cef48af647a2e47b7fd5380e050e35ae8d1aa2030254c04@%3Cusers.trafficserver.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/ad3d01e767199c1aed8033bb6b3f5bf98c011c7c536f07a5d34b3c19%40%3Cannounce.trafficserver.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/ad3d01e767199c1aed8033bb6b3f5bf98c011c7c536f07a5d34b3c19@%3Cannounce.trafficserver.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/bde52309316ae798186d783a5e29f4ad1527f61c9219a289d0eee0a7%40%3Cdev.trafficserver.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/bde52309316ae798186d783a5e29f4ad1527f61c9219a289d0eee0a7@%3Cdev.trafficserver.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/d0e00f2e147a9e9b13a6829133092f349b2882bf6860397368a52600@%3Cannounce.tomcat.apache.org%3E"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GSD-2019-10079

Vulnerability from gsd - Updated: 2023-12-13 01:23

Details

Aliases

CVE-2019-10079

Aliases

CVE-2019-10079

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2019-10079",
    "description": "Apache Traffic Server is vulnerable to HTTP/2 setting flood attacks. Earlier versions of Apache Traffic Server didn\u0027t limit the number of setting frames sent from the client using the HTTP/2 protocol. Users should upgrade to Apache Traffic Server 7.1.7, 8.0.4, or later versions.",
    "id": "GSD-2019-10079"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2019-10079"
      ],
      "details": "Apache Traffic Server is vulnerable to HTTP/2 setting flood attacks. Earlier versions of Apache Traffic Server didn\u0027t limit the number of setting frames sent from the client using the HTTP/2 protocol. Users should upgrade to Apache Traffic Server 7.1.7, 8.0.4, or later versions.",
      "id": "GSD-2019-10079",
      "modified": "2023-12-13T01:23:59.141367Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security@apache.org",
        "ID": "CVE-2019-10079",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Apache Traffic Server",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "Apache Traffic Server 6.0.0 to 6.2.3, 7.0.0 to 7.1.6, and 8.0.0 to 8.0.3"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Apache Traffic Server is vulnerable to HTTP/2 setting flood attacks. Earlier versions of Apache Traffic Server didn\u0027t limit the number of setting frames sent from the client using the HTTP/2 protocol. Users should upgrade to Apache Traffic Server 7.1.7, 8.0.4, or later versions."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "DOS Attack"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "[trafficserver-dev] 20190813 Apache Traffic Server is vulnerable to various HTTP/2 attacks",
            "refsource": "MLIST",
            "url": "https://lists.apache.org/thread.html/bde52309316ae798186d783a5e29f4ad1527f61c9219a289d0eee0a7@%3Cdev.trafficserver.apache.org%3E"
          },
          {
            "name": "[trafficserver-users] 20190813 Apache Traffic Server is vulnerable to various HTTP/2 attacks",
            "refsource": "MLIST",
            "url": "https://lists.apache.org/thread.html/392108390cef48af647a2e47b7fd5380e050e35ae8d1aa2030254c04@%3Cusers.trafficserver.apache.org%3E"
          },
          {
            "name": "[trafficserver-announce] 20190813 Apache Traffic Server is vulnerable to various HTTP/2 attacks",
            "refsource": "MLIST",
            "url": "https://lists.apache.org/thread.html/ad3d01e767199c1aed8033bb6b3f5bf98c011c7c536f07a5d34b3c19@%3Cannounce.trafficserver.apache.org%3E"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "7.1.7",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "8.0.4",
                "versionStartIncluding": "8.0.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "security@apache.org",
          "ID": "CVE-2019-10079"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Apache Traffic Server is vulnerable to HTTP/2 setting flood attacks. Earlier versions of Apache Traffic Server didn\u0027t limit the number of setting frames sent from the client using the HTTP/2 protocol. Users should upgrade to Apache Traffic Server 7.1.7, 8.0.4, or later versions."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-770"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "[trafficserver-announce] 20190813 Apache Traffic Server is vulnerable to various HTTP/2 attacks",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Patch",
                "Third Party Advisory"
              ],
              "url": "https://lists.apache.org/thread.html/ad3d01e767199c1aed8033bb6b3f5bf98c011c7c536f07a5d34b3c19@%3Cannounce.trafficserver.apache.org%3E"
            },
            {
              "name": "[trafficserver-users] 20190813 Apache Traffic Server is vulnerable to various HTTP/2 attacks",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Patch",
                "Third Party Advisory"
              ],
              "url": "https://lists.apache.org/thread.html/392108390cef48af647a2e47b7fd5380e050e35ae8d1aa2030254c04@%3Cusers.trafficserver.apache.org%3E"
            },
            {
              "name": "[trafficserver-dev] 20190813 Apache Traffic Server is vulnerable to various HTTP/2 attacks",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Patch",
                "Third Party Advisory"
              ],
              "url": "https://lists.apache.org/thread.html/bde52309316ae798186d783a5e29f4ad1527f61c9219a289d0eee0a7@%3Cdev.trafficserver.apache.org%3E"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2022-01-01T20:11Z",
      "publishedDate": "2019-10-22T16:15Z"
    }
  }
}

WID-SEC-W-2026-0426

Vulnerability from csaf_certbund - Published: 2019-08-14 22:00 - Updated: 2026-02-16 23:00

Summary

Apache Traffic Server: Mehrere Schwachstellen ermöglichen Denial of Service

Severity

Mittel

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung: Apache Traffic Server ist ein skalier- und erweiterbarer, mit HTTP/1.1 kompatibler "caching proxy server".

Angriff: Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Apache Traffic Server ausnutzen, um einen Denial of Service Angriff durchzuführen.

Betroffene Betriebssysteme: - Linux - MacOS X - UNIX

CVE-2019-10079

Affected products

Known affected 11 products

Product	Identifier	Version
Apache Traffic Server <8.0.4 Apache / Traffic Server		<8.0.4
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Open Source Arch Linux Open Source	`cpe:/o:archlinux:archlinux:-`	—
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—
Apache Traffic Server <7.1.7 Apache / Traffic Server		<7.1.7
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
Arista EOS Arista	`cpe:/o:arista:arista_eos:-`	—
A10 Networks ACOS <4.1.4-GR1-P3 A10 Networks / ACOS		<4.1.4-GR1-P3
A10 Networks ACOS <5.0.0-P1 A10 Networks / ACOS		<5.0.0-P1

CVE-2019-9512

Affected products

Known affected 11 products

Product	Identifier	Version
Apache Traffic Server <8.0.4 Apache / Traffic Server		<8.0.4
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Open Source Arch Linux Open Source	`cpe:/o:archlinux:archlinux:-`	—
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—
Apache Traffic Server <7.1.7 Apache / Traffic Server		<7.1.7
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
Arista EOS Arista	`cpe:/o:arista:arista_eos:-`	—
A10 Networks ACOS <4.1.4-GR1-P3 A10 Networks / ACOS		<4.1.4-GR1-P3
A10 Networks ACOS <5.0.0-P1 A10 Networks / ACOS		<5.0.0-P1

CVE-2019-9514

Affected products

Known affected 11 products

Product	Identifier	Version
Apache Traffic Server <8.0.4 Apache / Traffic Server		<8.0.4
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Open Source Arch Linux Open Source	`cpe:/o:archlinux:archlinux:-`	—
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—
Apache Traffic Server <7.1.7 Apache / Traffic Server		<7.1.7
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
Arista EOS Arista	`cpe:/o:arista:arista_eos:-`	—
A10 Networks ACOS <4.1.4-GR1-P3 A10 Networks / ACOS		<4.1.4-GR1-P3
A10 Networks ACOS <5.0.0-P1 A10 Networks / ACOS		<5.0.0-P1

CVE-2019-9515

Affected products

Known affected 11 products

Product	Identifier	Version
Apache Traffic Server <8.0.4 Apache / Traffic Server		<8.0.4
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Open Source Arch Linux Open Source	`cpe:/o:archlinux:archlinux:-`	—
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—
Apache Traffic Server <7.1.7 Apache / Traffic Server		<7.1.7
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
Arista EOS Arista	`cpe:/o:arista:arista_eos:-`	—
A10 Networks ACOS <4.1.4-GR1-P3 A10 Networks / ACOS		<4.1.4-GR1-P3
A10 Networks ACOS <5.0.0-P1 A10 Networks / ACOS		<5.0.0-P1

References

50 references

URL	Category
https://wid.cert-bund.de/.well-known/csaf/white/2…	self
https://wid.cert-bund.de/portal/wid/securityadvis…	self
https://lists.apache.org/thread.html/ad3d01e76719…	external
https://security.archlinux.org/ASA-201908-16	external
https://security.archlinux.org/ASA-201908-15	external
https://www.suse.com/support/update/announcement/…	external
https://www.suse.com/support/update/announcement/…	external
https://access.redhat.com/errata/RHSA-2019:2682	external
http://www.auscert.org.au/bulletins/ESB-2019.3412/	external
https://access.redhat.com/errata/RHSA-2019:2594	external
https://access.redhat.com/errata/RHSA-2019:2661	external
https://access.redhat.com/errata/RHSA-2019:2726	external
https://access.redhat.com/errata/RHSA-2019:2690	external
https://access.redhat.com/errata/RHSA-2019:2766	external
https://access.redhat.com/errata/RHSA-2019:2796	external
https://support.f5.com/csp/article/K01988340	external
https://support.f5.com/csp/article/K50233772	external
https://support.f5.com/csp/article/K98053339	external
https://access.redhat.com/errata/RHSA-2019:2861	external
https://access.redhat.com/errata/RHSA-2019:2925	external
https://access.redhat.com/errata/RHSA-2019:2939	external
https://access.redhat.com/errata/RHSA-2019:2966	external
https://access.redhat.com/errata/RHSA-2019:2955	external
https://support.a10networks.com/support/security-…	external
https://www.arista.com/en/support/advisories-noti…	external
https://access.redhat.com/errata/RHSA-2019:3892	external
https://access.redhat.com/errata/RHSA-2019:4019	external
https://access.redhat.com/errata/RHSA-2019:4021	external
https://access.redhat.com/errata/RHSA-2019:4018	external
https://access.redhat.com/errata/RHSA-2019:4020	external
https://access.redhat.com/errata/RHSA-2019:4041	external
https://access.redhat.com/errata/RHSA-2019:4040	external
https://access.redhat.com/errata/RHSA-2019:4042	external
https://access.redhat.com/errata/RHSA-2019:4045	external
https://access.redhat.com/errata/RHSA-2019:4273	external
https://access.redhat.com/errata/RHSA-2019:4269	external
https://access.redhat.com/errata/RHSA-2019:4352	external
https://access.redhat.com/errata/RHSA-2020:0727	external
https://access.redhat.com/errata/RHSA-2020:0922	external
https://access.redhat.com/errata/RHSA-2020:0983	external
https://access.redhat.com/errata/RHSA-2020:1445	external
https://oss.oracle.com/pipermail/el-errata/2020-M…	external
https://access.redhat.com/errata/RHSA-2020:2067	external
https://access.redhat.com/errata/RHSA-2020:2565	external
https://access.redhat.com/errata/RHSA-2020:3196	external
https://access.redhat.com/errata/RHSA-2020:3197	external
https://lists.debian.org/debian-lts-announce/2020…	external
https://linux.oracle.com/errata/ELSA-2021-0705.html	external
https://kb.juniper.net/InfoCenter/index?page=cont…	external
https://linux.oracle.com/errata/ELSA-2019-2726.html	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "mittel"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Apache Traffic Server ist ein skalier- und erweiterbarer, mit HTTP/1.1 kompatibler \"caching proxy server\".",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Apache Traffic Server ausnutzen, um einen Denial of Service Angriff durchzuf\u00fchren.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Linux\n- MacOS X\n- UNIX",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2026-0426 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2019/wid-sec-w-2026-0426.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2026-0426 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-0426"
      },
      {
        "category": "external",
        "summary": "Meldung auf der Apache Mailing Liste vom 2019-08-14",
        "url": "https://lists.apache.org/thread.html/ad3d01e767199c1aed8033bb6b3f5bf98c011c7c536f07a5d34b3c19@%3Cannounce.trafficserver.apache.org%3E"
      },
      {
        "category": "external",
        "summary": "Arch Linux Security Advisory ASA-201908-16 vom 2019-08-25",
        "url": "https://security.archlinux.org/ASA-201908-16"
      },
      {
        "category": "external",
        "summary": "Arch Linux Security Advisory ASA-201908-15 vom 2019-08-25",
        "url": "https://security.archlinux.org/ASA-201908-15"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2019:2214-1 vom 2019-08-24",
        "url": "https://www.suse.com/support/update/announcement/2019/suse-su-20192214-1.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2019:2213-1 vom 2019-08-24",
        "url": "https://www.suse.com/support/update/announcement/2019/suse-su-20192213-1.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2019:2682 vom 2019-09-10",
        "url": "https://access.redhat.com/errata/RHSA-2019:2682"
      },
      {
        "category": "external",
        "summary": "Debian Security Advisory DSA-4520 vom 2019-09-10",
        "url": "http://www.auscert.org.au/bulletins/ESB-2019.3412/"
      },
      {
        "category": "external",
        "summary": "RedHat Security Advisory",
        "url": "https://access.redhat.com/errata/RHSA-2019:2594"
      },
      {
        "category": "external",
        "summary": "RedHat Security Advisory",
        "url": "https://access.redhat.com/errata/RHSA-2019:2661"
      },
      {
        "category": "external",
        "summary": "RedHat Security Advisory",
        "url": "https://access.redhat.com/errata/RHSA-2019:2726"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2019:2690 vom 2019-09-11",
        "url": "https://access.redhat.com/errata/RHSA-2019:2690"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2019:2766 vom 2019-09-13",
        "url": "https://access.redhat.com/errata/RHSA-2019:2766"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2019:2796 vom 2019-09-19",
        "url": "https://access.redhat.com/errata/RHSA-2019:2796"
      },
      {
        "category": "external",
        "summary": "F5 Security Advisory",
        "url": "https://support.f5.com/csp/article/K01988340"
      },
      {
        "category": "external",
        "summary": "F5 Security Advisory",
        "url": "https://support.f5.com/csp/article/K50233772"
      },
      {
        "category": "external",
        "summary": "F5 Security Advisory",
        "url": "https://support.f5.com/csp/article/K98053339"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2019:2861 vom 2019-09-26",
        "url": "https://access.redhat.com/errata/RHSA-2019:2861"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2019:2925 vom 2019-09-30",
        "url": "https://access.redhat.com/errata/RHSA-2019:2925"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2019:2939 vom 2019-10-01",
        "url": "https://access.redhat.com/errata/RHSA-2019:2939"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2019:2966 vom 2019-10-03",
        "url": "https://access.redhat.com/errata/RHSA-2019:2966"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2019:2955 vom 2019-10-02",
        "url": "https://access.redhat.com/errata/RHSA-2019:2955"
      },
      {
        "category": "external",
        "summary": "A10 Security Advisory",
        "url": "https://support.a10networks.com/support/security-advisories/http2-multiple-dos-vulnerabilities"
      },
      {
        "category": "external",
        "summary": "Arista Security Advisory 0043 vom 2019-11-06",
        "url": "https://www.arista.com/en/support/advisories-notices/security-advisories/8762-security-advisory-43"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2019:3892 vom 2019-11-14",
        "url": "https://access.redhat.com/errata/RHSA-2019:3892"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2019:4019 vom 2019-11-26",
        "url": "https://access.redhat.com/errata/RHSA-2019:4019"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2019:4021 vom 2019-11-26",
        "url": "https://access.redhat.com/errata/RHSA-2019:4021"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2019:4018 vom 2019-11-26",
        "url": "https://access.redhat.com/errata/RHSA-2019:4018"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2019:4020 vom 2019-11-28",
        "url": "https://access.redhat.com/errata/RHSA-2019:4020"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2019:4041 vom 2019-12-02",
        "url": "https://access.redhat.com/errata/RHSA-2019:4041"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2019:4040 vom 2019-12-02",
        "url": "https://access.redhat.com/errata/RHSA-2019:4040"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2019:4042 vom 2019-12-02",
        "url": "https://access.redhat.com/errata/RHSA-2019:4042"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2019:4045 vom 2019-12-02",
        "url": "https://access.redhat.com/errata/RHSA-2019:4045"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2019:4273 vom 2019-12-17",
        "url": "https://access.redhat.com/errata/RHSA-2019:4273"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2019:4269 vom 2019-12-17",
        "url": "https://access.redhat.com/errata/RHSA-2019:4269"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2019:4352 vom 2019-12-19",
        "url": "https://access.redhat.com/errata/RHSA-2019:4352"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2020:0727 vom 2020-03-05",
        "url": "https://access.redhat.com/errata/RHSA-2020:0727"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2020:0922 vom 2020-03-23",
        "url": "https://access.redhat.com/errata/RHSA-2020:0922"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2020:0983 vom 2020-03-26",
        "url": "https://access.redhat.com/errata/RHSA-2020:0983"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2020:1445 vom 2020-04-14",
        "url": "https://access.redhat.com/errata/RHSA-2020:1445"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2020-1926 vom 2020-05-14",
        "url": "https://oss.oracle.com/pipermail/el-errata/2020-May/009920.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2020:2067 vom 2020-05-18",
        "url": "https://access.redhat.com/errata/RHSA-2020:2067"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2020:2565 vom 2020-06-15",
        "url": "https://access.redhat.com/errata/RHSA-2020:2565"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2020:3196 vom 2020-07-29",
        "url": "https://access.redhat.com/errata/RHSA-2020:3196"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2020:3197 vom 2020-07-29",
        "url": "https://access.redhat.com/errata/RHSA-2020:3197"
      },
      {
        "category": "external",
        "summary": "Debian Security Advisory DLA-2485 vom 2020-12-08",
        "url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00011.html"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2021-0705 vom 2021-03-05",
        "url": "https://linux.oracle.com/errata/ELSA-2021-0705.html"
      },
      {
        "category": "external",
        "summary": "Juniper Security Advisory JSA11167 vom 2021-04-16",
        "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11167"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2019-2726 vom 2026-02-16",
        "url": "https://linux.oracle.com/errata/ELSA-2019-2726.html"
      }
    ],
    "source_lang": "en-US",
    "title": "Apache Traffic Server: Mehrere Schwachstellen erm\u00f6glichen Denial of Service",
    "tracking": {
      "current_release_date": "2026-02-16T23:00:00.000+00:00",
      "generator": {
        "date": "2026-02-17T09:25:26.012+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.5.0"
        }
      },
      "id": "WID-SEC-W-2026-0426",
      "initial_release_date": "2019-08-14T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2019-08-14T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2019-08-18T22:00:00.000+00:00",
          "number": "2",
          "summary": "Referenz(en) aufgenommen: FEDORA-2019-5A6A7BC12C, FEDORA-2019-6A2980DE56"
        },
        {
          "date": "2019-08-25T22:00:00.000+00:00",
          "number": "3",
          "summary": "Neue Updates von Arch Linux und SUSE aufgenommen"
        },
        {
          "date": "2019-08-29T22:00:00.000+00:00",
          "number": "4",
          "summary": "Referenz(en) aufgenommen: FEDORA-2019-65DB7AD6C7, FEDORA-2019-55D101A740"
        },
        {
          "date": "2019-09-09T22:00:00.000+00:00",
          "number": "5",
          "summary": "Neue Updates von Red Hat und Debian aufgenommen"
        },
        {
          "date": "2019-09-10T22:00:00.000+00:00",
          "number": "6",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2019-09-11T22:00:00.000+00:00",
          "number": "7",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2019-09-12T22:00:00.000+00:00",
          "number": "8",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2019-09-18T22:00:00.000+00:00",
          "number": "9",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2019-09-24T22:00:00.000+00:00",
          "number": "10",
          "summary": "Neue Updates von F5 aufgenommen"
        },
        {
          "date": "2019-09-26T22:00:00.000+00:00",
          "number": "11",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2019-09-29T22:00:00.000+00:00",
          "number": "12",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2019-09-30T22:00:00.000+00:00",
          "number": "13",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2019-10-03T22:00:00.000+00:00",
          "number": "14",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2019-10-21T22:00:00.000+00:00",
          "number": "15",
          "summary": "Neue Updates aufgenommen"
        },
        {
          "date": "2019-11-06T23:00:00.000+00:00",
          "number": "16",
          "summary": "Neue Updates von Arista"
        },
        {
          "date": "2019-11-14T23:00:00.000+00:00",
          "number": "17",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2019-11-26T23:00:00.000+00:00",
          "number": "18",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2019-11-27T23:00:00.000+00:00",
          "number": "19",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2019-12-02T23:00:00.000+00:00",
          "number": "20",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2019-12-16T23:00:00.000+00:00",
          "number": "21",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2019-12-19T23:00:00.000+00:00",
          "number": "22",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2020-03-05T23:00:00.000+00:00",
          "number": "23",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2020-03-22T23:00:00.000+00:00",
          "number": "24",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2020-03-26T23:00:00.000+00:00",
          "number": "25",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2020-04-14T22:00:00.000+00:00",
          "number": "26",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2020-05-14T22:00:00.000+00:00",
          "number": "27",
          "summary": "Neue Updates von Oracle Linux aufgenommen"
        },
        {
          "date": "2020-05-17T22:00:00.000+00:00",
          "number": "28",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2020-06-15T22:00:00.000+00:00",
          "number": "29",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2020-07-28T22:00:00.000+00:00",
          "number": "30",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2020-12-08T23:00:00.000+00:00",
          "number": "31",
          "summary": "Neue Updates von Debian aufgenommen"
        },
        {
          "date": "2021-03-07T23:00:00.000+00:00",
          "number": "32",
          "summary": "Neue Updates von Oracle Linux aufgenommen"
        },
        {
          "date": "2021-04-15T22:00:00.000+00:00",
          "number": "33",
          "summary": "Neue Updates von Juniper aufgenommen"
        },
        {
          "date": "2026-02-16T23:00:00.000+00:00",
          "number": "34",
          "summary": "Neue Updates von Oracle Linux aufgenommen"
        }
      ],
      "status": "final",
      "version": "34"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c5.0.0-P1",
                "product": {
                  "name": "A10 Networks ACOS \u003c5.0.0-P1",
                  "product_id": "T015231"
                }
              },
              {
                "category": "product_version",
                "name": "5.0.0-P1",
                "product": {
                  "name": "A10 Networks ACOS 5.0.0-P1",
                  "product_id": "T015231-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:a10networks:advanced_core_operating_system:5.0.0-p1"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c4.1.4-GR1-P3",
                "product": {
                  "name": "A10 Networks ACOS \u003c4.1.4-GR1-P3",
                  "product_id": "T015232"
                }
              },
              {
                "category": "product_version",
                "name": "4.1.4-GR1-P3",
                "product": {
                  "name": "A10 Networks ACOS 4.1.4-GR1-P3",
                  "product_id": "T015232-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:a10networks:advanced_core_operating_system:4.1.4-gr1-p3"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "ACOS"
          }
        ],
        "category": "vendor",
        "name": "A10 Networks"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c8.0.4",
                "product": {
                  "name": "Apache Traffic Server \u003c8.0.4",
                  "product_id": "T014849"
                }
              },
              {
                "category": "product_version",
                "name": "8.0.4",
                "product": {
                  "name": "Apache Traffic Server 8.0.4",
                  "product_id": "T014849-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:apache:traffic_server:8.0.4"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c7.1.7",
                "product": {
                  "name": "Apache Traffic Server \u003c7.1.7",
                  "product_id": "T014850"
                }
              },
              {
                "category": "product_version",
                "name": "7.1.7",
                "product": {
                  "name": "Apache Traffic Server 7.1.7",
                  "product_id": "T014850-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:apache:traffic_server:7.1.7"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Traffic Server"
          }
        ],
        "category": "vendor",
        "name": "Apache"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Arista EOS",
            "product": {
              "name": "Arista EOS",
              "product_id": "T007065",
              "product_identification_helper": {
                "cpe": "cpe:/o:arista:arista_eos:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Arista"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Debian Linux",
            "product": {
              "name": "Debian Linux",
              "product_id": "2951",
              "product_identification_helper": {
                "cpe": "cpe:/o:debian:debian_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Debian"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Juniper JUNOS",
            "product": {
              "name": "Juniper JUNOS",
              "product_id": "5930",
              "product_identification_helper": {
                "cpe": "cpe:/o:juniper:junos:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Juniper"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Open Source Arch Linux",
            "product": {
              "name": "Open Source Arch Linux",
              "product_id": "T013312",
              "product_identification_helper": {
                "cpe": "cpe:/o:archlinux:archlinux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Open Source"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Oracle Linux",
            "product": {
              "name": "Oracle Linux",
              "product_id": "T004914",
              "product_identification_helper": {
                "cpe": "cpe:/o:oracle:linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Oracle"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Red Hat Enterprise Linux",
            "product": {
              "name": "Red Hat Enterprise Linux",
              "product_id": "67646",
              "product_identification_helper": {
                "cpe": "cpe:/o:redhat:enterprise_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "SUSE Linux",
            "product": {
              "name": "SUSE Linux",
              "product_id": "T002207",
              "product_identification_helper": {
                "cpe": "cpe:/o:suse:suse_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2019-10079",
      "product_status": {
        "known_affected": [
          "T014849",
          "2951",
          "T002207",
          "67646",
          "T013312",
          "5930",
          "T014850",
          "T004914",
          "T007065",
          "T015232",
          "T015231"
        ]
      },
      "release_date": "2019-08-14T22:00:00.000+00:00",
      "title": "CVE-2019-10079"
    },
    {
      "cve": "CVE-2019-9512",
      "product_status": {
        "known_affected": [
          "T014849",
          "2951",
          "T002207",
          "67646",
          "T013312",
          "5930",
          "T014850",
          "T004914",
          "T007065",
          "T015232",
          "T015231"
        ]
      },
      "release_date": "2019-08-14T22:00:00.000+00:00",
      "title": "CVE-2019-9512"
    },
    {
      "cve": "CVE-2019-9514",
      "product_status": {
        "known_affected": [
          "T014849",
          "2951",
          "T002207",
          "67646",
          "T013312",
          "5930",
          "T014850",
          "T004914",
          "T007065",
          "T015232",
          "T015231"
        ]
      },
      "release_date": "2019-08-14T22:00:00.000+00:00",
      "title": "CVE-2019-9514"
    },
    {
      "cve": "CVE-2019-9515",
      "product_status": {
        "known_affected": [
          "T014849",
          "2951",
          "T002207",
          "67646",
          "T013312",
          "5930",
          "T014850",
          "T004914",
          "T007065",
          "T015232",
          "T015231"
        ]
      },
      "release_date": "2019-08-14T22:00:00.000+00:00",
      "title": "CVE-2019-9515"
    }
  ]
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2019-10079 (GCVE-0-2019-10079)

BDU:2020-01370

CNVD-2019-41286

FKIE_CVE-2019-10079

GHSA-GF9C-JVMP-J8CG

GSD-2019-10079

WID-SEC-W-2026-0426

Tags

Sightings

Nomenclature