HTTP/2 Multiple DoS Attacks (VU#605641)
Fortinet PSIRT Advisories
Fortinet PSIRT Contact:
Website: https://fortiguard.fortinet.com/faq/psirt-contact
FG-IR-19-225
Final
1
1
2019-09-03T00:00:00
Current version
2019-09-03T00:00:00
2019-09-03T00:00:00
Improper implementations of the HTTP/2 protocol can lead to a variety denial-of-service (DoS) attacks.The related CVEs are:CVE-2019-9511, also known as Data DribbleCVE-2019-9512, also known as Ping FloodCVE-2019-9513, also known as Resource LoopCVE-2019-9514, also known as Reset FloodCVE-2019-9515, also known as Settings FloodCVE-2019-9516, also known as 0-Length Headers LeakCVE-2019-9517, also known as Internal Data BufferingCVE-2019-9518, also known as Empty Frame Flooding
Denial of Service (DoS)
The following products have been confirmed to NOT be vulnerable to any of the above:FortiOSFortiAPFortiSwitchFortiAnalyzerFortiWebFortiManagerFortiMail
https://fortiguard.fortinet.com/psirt/FG-IR-19-225
HTTP/2 Multiple DoS Attacks (VU#605641)
https://kb.cert.org/vuls/id/605641/
https://kb.cert.org/vuls/id/605641/
HTTP/2 Multiple DoS Attacks (VU#605641)
CVE-2019-9511
CVE-2019-9512
CVE-2019-9513
CVE-2019-9514
CVE-2019-9515
CVE-2019-9516
CVE-2019-9517
CVE-2019-9518
0
https://fortiguard.fortinet.com/psirt/FG-IR-19-225
HTTP/2 Multiple DoS Attacks (VU#605641)
Reference>
https://kb.cert.org/vuls/id/605641/
https://kb.cert.org/vuls/id/605641/