Alert GCSA-19084 - Vulnerabilita' multiple in alcune implementazioni di HTTP/2
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
******************************************************************
Alert ID : GCSA-19084
Data : 16 Agosto 2019
Titolo : Vulnerabilita' multiple in alcune implementazioni di HTTP/2
******************************************************************
:: Descrizione del problema
Sono state riscontrate vulnerabilita' multiple in alcune implementazioni del protocollo HTTP/2
che potrebbero essere sfruttate da un attaccante per causare condizioni di Denial of Service.
:: Software interessato
I software dei web server piu' popolari (inclusi Apache, Microsoft IIS e NGINX) risultano affetti da queste vulnerabilita'.
:: Impatto
Denial of service
:: Soluzioni
Installare gli ultimi aggiornamenti delle implementazioni di HTTP/2.
:: Riferimenti
VU#605641: HTTP/2 implementations do not robustly handle abnormal traffic and resource exhaustion.
https://www.kb.cert.org/vuls/id/605641/
Threatpost: HTTP Bugs Open Websites to DoS Attacks
https://threatpost.com/http-bugs/147405/
Mitre's CVE ID
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9511
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9512
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9513
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9514
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9515
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9516
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9517
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9518
GARR CERT Newsletter subscribe/unsubscribe:
http://www.cert.garr.it/alert/ricevi-gli-alert-di-cert
-----BEGIN PGP SIGNATURE-----
iD8DBQFdVpO2wZxMk2USYEIRAuVOAJ44FTmZcSOTFeWNcYlutbprXMvU8ACgs8S7
IBHqicoVfMENcgfOnY3fG18=
=ydXC
-----END PGP SIGNATURE-----