Vulnerabilities > CVE-2019-9515 - Allocation of Resources Without Limits or Throttling vulnerability in multiple products

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
HIGH

Summary

Some HTTP/2 implementations are vulnerable to a settings flood, potentially leading to a denial of service. The attacker sends a stream of SETTINGS frames to the peer. Since the RFC requires that the peer reply with one acknowledgement per SETTINGS frame, an empty SETTINGS frame is almost equivalent in behavior to a ping. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both.

Vulnerable Configurations

Part Description Count
Application
Apple
11
Application
Apache
49
Application
Synology
2
Application
Redhat
9
Application
Oracle
1
Application
Mcafee
43
Application
F5
82
Application
Nodejs
68
OS
Apple
1
OS
Canonical
4
OS
Debian
2
OS
Synology
1
OS
Fedoraproject
2
OS
Opensuse
2
OS
Redhat
1
Hardware
Synology
1

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Locate and Exploit Test APIs
    An attacker exploits a sample, demonstration, or test API that is insecure by default and should not be resident on production systems. Some applications include APIs that are intended to allow an administrator to test and refine their domain. These APIs should usually be disabled once a system enters a production environment. Testing APIs may expose a great deal of diagnostic information intended to aid an administrator, but which can also be used by an attacker to further refine their attack. Moreover, testing APIs may not have adequate security controls or may not have undergone rigorous testing since they were not intended for use in production environments. As such, they may have many flaws and vulnerabilities that would allow an attacker to severely disrupt a target.
  • Flooding
    An attacker consumes the resources of a target by rapidly engaging in a large number of interactions with the target. This type of attack generally exposes a weakness in rate limiting or flow control in management of interactions. Since each request consumes some of the target's resources, if a sufficiently large number of requests must be processed at the same time then the target's resources can be exhausted. The degree to which the attack is successful depends upon the volume of requests in relation to the amount of the resource the target has access to, and other mitigating circumstances such as the target's ability to shift load or acquired additional resources to deal with the depletion. The more protected the resource and the greater the quantity of it that must be consumed, the more resources the attacker may need to have at their disposal. A typical TCP/IP flooding attack is a Distributed Denial-of-Service attack where many machines simultaneously make a large number of requests to a target. Against a target with strong defenses and a large pool of resources, many tens of thousands of attacking machines may be required. When successful this attack prevents legitimate users from accessing the service and can cause the target to crash. This attack differs from resource depletion through leaks or allocations in that the latter attacks do not rely on the volume of requests made to the target but instead focus on manipulation of the target's operations. The key factor in a flooding attack is the number of requests the attacker can make in a given period of time. The greater this number, the more likely an attack is to succeed against a given target.
  • Excessive Allocation
    An attacker causes the target to allocate excessive resources to servicing the attackers' request, thereby reducing the resources available for legitimate services and degrading or denying services. Usually, this attack focuses on memory allocation, but any finite resource on the target could be the attacked, including bandwidth, processing cycles, or other resources. This attack does not attempt to force this allocation through a large number of requests (that would be Resource Depletion through Flooding) but instead uses one or a small number of requests that are carefully formatted to force the target to allocate excessive resources to service this request(s). Often this attack takes advantage of a bug in the target to cause the target to allocate resources vastly beyond what would be needed for a normal request. For example, using an Integer Attack, the attacker could cause a variable that controls allocation for a request to hold an excessively large value. Excessive allocation of resources can render a service degraded or unavailable to legitimate users and can even lead to crashing of the target.
  • XML Ping of the Death
    An attacker initiates a resource depletion attack where a large number of small XML messages are delivered at a sufficiently rapid rate to cause a denial of service or crash of the target. Transactions such as repetitive SOAP transactions can deplete resources faster than a simple flooding attack because of the additional resources used by the SOAP protocol and the resources necessary to process SOAP messages. The transactions used are immaterial as long as they cause resource utilization on the target. In other words, this is a normal flooding attack augmented by using messages that will require extra processing on the target.
  • XML Entity Expansion
    An attacker submits an XML document to a target application where the XML document uses nested entity expansion to produce an excessively large output XML. XML allows the definition of macro-like structures that can be used to simplify the creation of complex structures. However, this capability can be abused to create excessive demands on a processor's CPU and memory. A small number of nested expansions can result in an exponential growth in demands on memory.

Nessus

  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2019-4041.NASL
    descriptionNew Red Hat Single Sign-On 7.3.5 packages are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Red Hat Single Sign-On 7.3 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This release of Red Hat Single Sign-On 7.3.5 on RHEL 7 serves as a replacement for Red Hat Single Sign-On 7.3.4, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Security Fix(es) : * keycloak: Service accounts reset password flow not using placeholder.org domain anymore (CVE-2019-14837) * undertow: HTTP/2: flood using PING frames results in unbounded memory growth (CVE-2019-9512) * undertow: HTTP/2: flood using HEADERS frames results in unbounded memory growth (CVE-2019-9514) * undertow: HTTP/2: flood using SETTINGS frames results in unbounded memory growth (CVE-2019-9515) * wildfly-core: Incorrect privileges for
    last seen2020-06-01
    modified2020-06-02
    plugin id131528
    published2019-12-03
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/131528
    titleRHEL 7 : Red Hat Single Sign-On 7.3.5 (RHSA-2019:4041) (Ping Flood) (Reset Flood) (Settings Flood)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2019:4041. The text 
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(131528);
      script_version("1.3");
      script_cvs_date("Date: 2020/01/17");
    
      script_cve_id("CVE-2019-14837", "CVE-2019-14838", "CVE-2019-14843", "CVE-2019-9512", "CVE-2019-9514", "CVE-2019-9515");
      script_xref(name:"RHSA", value:"2019:4041");
    
      script_name(english:"RHEL 7 : Red Hat Single Sign-On 7.3.5 (RHSA-2019:4041) (Ping Flood) (Reset Flood) (Settings Flood)");
      script_summary(english:"Checks the rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Red Hat host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "New Red Hat Single Sign-On 7.3.5 packages are now available for Red
    Hat Enterprise Linux 7.
    
    Red Hat Product Security has rated this update as having a security
    impact of Important. A Common Vulnerability Scoring System (CVSS) base
    score, which gives a detailed severity rating, is available for each
    vulnerability from the CVE link(s) in the References section.
    
    Red Hat Single Sign-On 7.3 is a standalone server, based on the
    Keycloak project, that provides authentication and standards-based
    single sign-on capabilities for web and mobile applications.
    
    This release of Red Hat Single Sign-On 7.3.5 on RHEL 7 serves as a
    replacement for Red Hat Single Sign-On 7.3.4, and includes bug fixes
    and enhancements, which are documented in the Release Notes document
    linked to in the References.
    
    Security Fix(es) :
    
    * keycloak: Service accounts reset password flow not using
    placeholder.org domain anymore (CVE-2019-14837)
    
    * undertow: HTTP/2: flood using PING frames results in unbounded
    memory growth (CVE-2019-9512)
    
    * undertow: HTTP/2: flood using HEADERS frames results in unbounded
    memory growth (CVE-2019-9514)
    
    * undertow: HTTP/2: flood using SETTINGS frames results in unbounded
    memory growth (CVE-2019-9515)
    
    * wildfly-core: Incorrect privileges for 'Monitor', 'Auditor' and
    'Deployer' user by default (CVE-2019-14838)
    
    * wildfly: wildfly-security-manager: security manager authorization
    bypass (CVE-2019-14843)
    
    For more details about the security issue(s), including the impact, a
    CVSS score, and other related information, refer to the CVE page(s)
    listed in the References section."
      );
      # https://access.redhat.com/documentation/en-us/red_hat_single_sign-on/7.3/
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?93d4a9a3"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHSA-2019:4041"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2019-9512"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2019-9514"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2019-9515"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2019-14837"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2019-14838"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2019-14843"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "Update the affected rh-sso7-keycloak and / or rh-sso7-keycloak-server
    packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-14843");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rh-sso7-keycloak");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rh-sso7-keycloak-server");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/08/13");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/12/02");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/12/03");
      script_set_attribute(attribute:"in_the_news", value:"true");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Red Hat Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
    os_ver = os_ver[1];
    if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 7.x", "Red Hat " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
    
    yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
    if (!empty_or_null(yum_updateinfo)) 
    {
      rhsa = "RHSA-2019:4041";
      yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
      if (!empty_or_null(yum_report))
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_WARNING,
          extra      : yum_report 
        );
        exit(0);
      }
      else
      {
        audit_message = "affected by Red Hat security advisory " + rhsa;
        audit(AUDIT_OS_NOT, audit_message);
      }
    }
    else
    {
      flag = 0;
      if (rpm_check(release:"RHEL7", reference:"rh-sso7-keycloak-4.8.15-1.Final_redhat_00001.1.el7sso")) flag++;
      if (rpm_check(release:"RHEL7", reference:"rh-sso7-keycloak-server-4.8.15-1.Final_redhat_00001.1.el7sso")) flag++;
    
      if (flag)
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_WARNING,
          extra      : rpm_report_get() + redhat_report_package_caveat()
        );
        exit(0);
      }
      else
      {
        tested = pkg_tests_get();
        if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
        else audit(AUDIT_PACKAGE_NOT_INSTALLED, "rh-sso7-keycloak / rh-sso7-keycloak-server");
      }
    }
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2020-0059-1.NASL
    descriptionThis update for nodejs12 fixes the following issues : Update to LTS release 12.13.0 (jsc#SLE-8947). Security issues fixed : CVE-2019-9511: Fixed the HTTP/2 implementation that was vulnerable to window size manipulations (bsc#1146091). CVE-2019-9512: Fixed the HTTP/2 implementation that was vulnerable to floods using PING frames (bsc#1146099). CVE-2019-9513: Fixed the HTTP/2 implementation that was vulnerable to resource loops, potentially leading to a denial of service (bsc#1146094). CVE-2019-9514: Fixed the HTTP/2 implementation that was vulnerable to a reset flood, potentially leading to a denial of service (bsc#1146095). CVE-2019-9515: Fixed the HTTP/2 implementation that was vulnerable to a SETTINGS frame flood (bsc#1146100). CVE-2019-9516: Fixed the HTTP/2 implementation that was vulnerable to a header leak, potentially leading to a denial of service (bsc#1146090). CVE-2019-9517: Fixed the HTTP/2 implementation that was vulnerable to unconstrained interal data buffering (bsc#1146097). CVE-2019-9518: Fixed the HTTP/2 implementation that was vulnerable to a flood of empty frames, potentially leading to a denial of service (bsc#1146093). CVE-2019-13173: Fixed a file overwrite in the fstream.DirWriter() function (bsc#1140290). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id132767
    published2020-01-10
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/132767
    titleSUSE SLES12 Security Update : nodejs12 (SUSE-SU-2020:0059-1) (0-Length Headers Leak) (Data Dribble) (Empty Frames Flood) (Internal Data Buffering) (Ping Flood) (Reset Flood) (Resource Loop) (Settings Flood)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from SUSE update advisory SUSE-SU-2020:0059-1.
    # The text itself is copyright (C) SUSE.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(132767);
      script_version("1.2");
      script_cvs_date("Date: 2020/01/15");
    
      script_cve_id("CVE-2019-13173", "CVE-2019-9511", "CVE-2019-9512", "CVE-2019-9513", "CVE-2019-9514", "CVE-2019-9515", "CVE-2019-9516", "CVE-2019-9517", "CVE-2019-9518");
    
      script_name(english:"SUSE SLES12 Security Update : nodejs12 (SUSE-SU-2020:0059-1) (0-Length Headers Leak) (Data Dribble) (Empty Frames Flood) (Internal Data Buffering) (Ping Flood) (Reset Flood) (Resource Loop) (Settings Flood)");
      script_summary(english:"Checks rpm output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SUSE host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update for nodejs12 fixes the following issues :
    
    Update to LTS release 12.13.0 (jsc#SLE-8947).
    
    Security issues fixed :
    
    CVE-2019-9511: Fixed the HTTP/2 implementation that was vulnerable to
    window size manipulations (bsc#1146091).
    
    CVE-2019-9512: Fixed the HTTP/2 implementation that was vulnerable to
    floods using PING frames (bsc#1146099).
    
    CVE-2019-9513: Fixed the HTTP/2 implementation that was vulnerable to
    resource loops, potentially leading to a denial of service
    (bsc#1146094).
    
    CVE-2019-9514: Fixed the HTTP/2 implementation that was vulnerable to
    a reset flood, potentially leading to a denial of service
    (bsc#1146095).
    
    CVE-2019-9515: Fixed the HTTP/2 implementation that was vulnerable to
    a SETTINGS frame flood (bsc#1146100).
    
    CVE-2019-9516: Fixed the HTTP/2 implementation that was vulnerable to
    a header leak, potentially leading to a denial of service
    (bsc#1146090).
    
    CVE-2019-9517: Fixed the HTTP/2 implementation that was vulnerable to
    unconstrained interal data buffering (bsc#1146097).
    
    CVE-2019-9518: Fixed the HTTP/2 implementation that was vulnerable to
    a flood of empty frames, potentially leading to a denial of service
    (bsc#1146093).
    
    CVE-2019-13173: Fixed a file overwrite in the fstream.DirWriter()
    function (bsc#1140290).
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the SUSE security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1140290"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1146090"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1146091"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1146093"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1146094"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1146095"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1146097"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1146099"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1146100"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1149792"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-13173/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-9511/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-9512/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-9513/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-9514/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-9515/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-9516/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-9517/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-9518/"
      );
      # https://www.suse.com/support/update/announcement/2020/suse-su-20200059-1/
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?cadca2ae"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "To install this SUSE Security Update use the SUSE recommended
    installation methods like YaST online_update or 'zypper patch'.
    
    Alternatively you can run the command listed for your product :
    
    SUSE Linux Enterprise Module for Web Scripting 12:zypper in -t patch
    SUSE-SLE-Module-Web-Scripting-12-2020-59=1"
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-13173");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:nodejs12");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:nodejs12-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:nodejs12-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:nodejs12-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:npm12");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:12");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/07/02");
      script_set_attribute(attribute:"patch_publication_date", value:"2020/01/09");
      script_set_attribute(attribute:"plugin_publication_date", value:"2020/01/10");
      script_set_attribute(attribute:"in_the_news", value:"true");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
    os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(SLES12)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLES12", "SUSE " + os_ver);
    
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);
    
    sp = get_kb_item("Host/SuSE/patchlevel");
    if (isnull(sp)) sp = "0";
    if (os_ver == "SLES12" && (! preg(pattern:"^(0)$", string:sp))) audit(AUDIT_OS_NOT, "SLES12 SP0", os_ver + " SP" + sp);
    
    
    flag = 0;
    if (rpm_check(release:"SLES12", sp:"0", reference:"nodejs12-12.13.0-1.3.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"nodejs12-debuginfo-12.13.0-1.3.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"nodejs12-debugsource-12.13.0-1.3.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"nodejs12-devel-12.13.0-1.3.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"npm12-12.13.0-1.3.1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "nodejs12");
    }
    
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-4520.NASL
    descriptionSeveral vulnerabilities were discovered in the HTTP/2 code of Apache Traffic Server, a reverse and forward proxy server, which could result in denial of service. The fixes are too intrusive to backport to the version in the oldstable distribution (stretch). An upgrade to Debian stable (buster) is recommended instead.
    last seen2020-06-01
    modified2020-06-02
    plugin id128621
    published2019-09-10
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/128621
    titleDebian DSA-4520-1 : trafficserver - security update (Empty Frames Flood) (Ping Flood) (Reset Flood) (Settings Flood)
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_73B1E734C74E11E980520028F8D09152.NASL
    descriptionJonathon Loomey of Netflix reports : HTTP/2 implementations do not robustly handle abnormal traffic and resource exhaustion Recently, a series of DoS attack vulnerabilities have been reported on a broad range of HTTP/2 stacks. Among the vulnerabilities, H2O is exposed to the following : - CVE-2019-9512
    last seen2020-06-01
    modified2020-06-02
    plugin id128136
    published2019-08-26
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/128136
    titleFreeBSD : h2o -- multiple HTTP/2 vulnerabilities (73b1e734-c74e-11e9-8052-0028f8d09152) (Ping Flood) (Reset Flood) (Settings Flood)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2019-4019.NASL
    descriptionAn update is now available for Red Hat JBoss Enterprise Application Platform 7.2 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.2.5 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.2.4, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.2.5 Release Notes for information about the most significant bug fixes and enhancements included in this release. Security Fix(es) : * undertow: HTTP/2: large amount of data requests leads to denial of service (CVE-2019-9511) * undertow: HTTP/2: flood using PING frames results in unbounded memory growth (CVE-2019-9512) * undertow: HTTP/2: flood using HEADERS frames results in unbounded memory growth (CVE-2019-9514) * undertow: HTTP/2: flood using SETTINGS frames results in unbounded memory growth (CVE-2019-9515) * wildfly-core: Incorrect privileges for
    last seen2020-06-01
    modified2020-06-02
    plugin id131523
    published2019-12-03
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/131523
    titleRHEL 7 : JBoss EAP (RHSA-2019:4019) (Data Dribble) (Ping Flood) (Reset Flood) (Settings Flood)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2019-2114.NASL
    descriptionThis update for nodejs10 to version 10.16.3 fixes the following issues : Security issues fixed : - CVE-2019-9511: Fixed HTTP/2 implementations that are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service (bsc#1146091). - CVE-2019-9512: Fixed HTTP/2 flood using PING frames results in unbounded memory growth (bsc#1146099). - CVE-2019-9513: Fixed HTTP/2 implementation that is vulnerable to resource loops, potentially leading to a denial of service. (bsc#1146094). - CVE-2019-9514: Fixed HTTP/2 implementation that is vulnerable to a reset flood, potentially leading to a denial of service (bsc#1146095). - CVE-2019-9515: Fixed HTTP/2 flood using SETTINGS frames results in unbounded memory growth (bsc#1146100). - CVE-2019-9516: Fixed HTTP/2 implementation that is vulnerable to a header leak, potentially leading to a denial of service (bsc#1146090). - CVE-2019-9517: Fixed HTTP/2 implementations that are vulnerable to unconstrained interal data buffering (bsc#1146097). - CVE-2019-9518: Fixed HTTP/2 implementation that is vulnerable to a flood of empty frames, potentially leading to a denial of service (bsc#1146093). This update was imported from the SUSE:SLE-15:Update update project.
    last seen2020-06-01
    modified2020-06-02
    plugin id128668
    published2019-09-11
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/128668
    titleopenSUSE Security Update : nodejs10 (openSUSE-2019-2114) (0-Length Headers Leak) (Data Dribble) (Empty Frames Flood) (Internal Data Buffering) (Ping Flood) (Reset Flood) (Resource Loop) (Settings Flood)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2019-4042.NASL
    descriptionNew Red Hat Single Sign-On 7.3.5 packages are now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Red Hat Single Sign-On 7.3 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This release of Red Hat Single Sign-On 7.3.5 on RHEL 8 serves as a replacement for Red Hat Single Sign-On 7.3.4, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Security Fix(es) : * keycloak: Service accounts reset password flow not using placeholder.org domain anymore (CVE-2019-14837) * undertow: HTTP/2: flood using PING frames results in unbounded memory growth (CVE-2019-9512) * undertow: HTTP/2: flood using HEADERS frames results in unbounded memory growth (CVE-2019-9514) * undertow: HTTP/2: flood using SETTINGS frames results in unbounded memory growth (CVE-2019-9515) * wildfly-core: Incorrect privileges for
    last seen2020-06-01
    modified2020-06-02
    plugin id131529
    published2019-12-03
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/131529
    titleRHEL 8 : Red Hat Single Sign-On 7.3.5 (RHSA-2019:4042) (Ping Flood) (Reset Flood) (Settings Flood)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-2259-1.NASL
    descriptionThis update for nodejs10 to version 10.16.3 fixes the following issues : Security issues fixed : CVE-2019-9511: Fixed HTTP/2 implementations that are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service (bsc#1146091). CVE-2019-9512: Fixed HTTP/2 flood using PING frames results in unbounded memory growth (bsc#1146099). CVE-2019-9513: Fixed HTTP/2 implementation that is vulnerable to resource loops, potentially leading to a denial of service. (bsc#1146094). CVE-2019-9514: Fixed HTTP/2 implementation that is vulnerable to a reset flood, potentially leading to a denial of service (bsc#1146095). CVE-2019-9515: Fixed HTTP/2 flood using SETTINGS frames results in unbounded memory growth (bsc#1146100). CVE-2019-9516: Fixed HTTP/2 implementation that is vulnerable to a header leak, potentially leading to a denial of service (bsc#1146090). CVE-2019-9517: Fixed HTTP/2 implementations that are vulnerable to unconstrained interal data buffering (bsc#1146097). CVE-2019-9518: Fixed HTTP/2 implementation that is vulnerable to a flood of empty frames, potentially leading to a denial of service (bsc#1146093). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id128467
    published2019-09-03
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/128467
    titleSUSE SLES15 Security Update : nodejs10 (SUSE-SU-2019:2259-1) (0-Length Headers Leak) (Data Dribble) (Empty Frames Flood) (Internal Data Buffering) (Ping Flood) (Reset Flood) (Resource Loop) (Settings Flood)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2019-6A2980DE56.NASL
    descriptionUpdate to Node.js 10.6.13 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id128133
    published2019-08-26
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/128133
    titleFedora 29 : 1:nodejs (2019-6a2980de56) (0-Length Headers Leak) (Empty Frames Flood) (Internal Data Buffering) (Ping Flood) (Reset Flood) (Resource Loop) (Settings Flood)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2019-4020.NASL
    descriptionAn update is now available for Red Hat JBoss Enterprise Application Platform 7.2 for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.2.5 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.2.4, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.2.5 Release Notes for information about the most significant bug fixes and enhancements included in this release. Security Fix(es) : * undertow: HTTP/2: large amount of data requests leads to denial of service (CVE-2019-9511) * undertow: HTTP/2: flood using PING frames results in unbounded memory growth (CVE-2019-9512) * undertow: HTTP/2: flood using HEADERS frames results in unbounded memory growth (CVE-2019-9514) * undertow: HTTP/2: flood using SETTINGS frames results in unbounded memory growth (CVE-2019-9515) * wildfly-core: Incorrect privileges for
    last seen2020-06-01
    modified2020-06-02
    plugin id131524
    published2019-12-03
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/131524
    titleRHEL 8 : JBoss EAP (RHSA-2019:4020) (Data Dribble) (Ping Flood) (Reset Flood) (Settings Flood)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-4508.NASL
    descriptionThree vulnerabilities were discovered in the HTTP/2 code of the H2O HTTP server, which could result in denial of service.
    last seen2020-06-01
    modified2020-06-02
    plugin id128181
    published2019-08-27
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/128181
    titleDebian DSA-4508-1 : h2o - security update (Ping Flood) (Reset Flood) (Settings Flood)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2019-2115.NASL
    descriptionThis update for nodejs8 to version 8.16.1 fixes the following issues : Security issues fixed : - CVE-2019-9511: Fixed HTTP/2 implementations that are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service (bsc#1146091). - CVE-2019-9512: Fixed HTTP/2 flood using PING frames results in unbounded memory growth (bsc#1146099). - CVE-2019-9513: Fixed HTTP/2 implementation that is vulnerable to resource loops, potentially leading to a denial of service. (bsc#1146094). - CVE-2019-9514: Fixed HTTP/2 implementation that is vulnerable to a reset flood, potentially leading to a denial of service (bsc#1146095). - CVE-2019-9515: Fixed HTTP/2 flood using SETTINGS frames results in unbounded memory growth (bsc#1146100). - CVE-2019-9516: Fixed HTTP/2 implementation that is vulnerable to a header leak, potentially leading to a denial of service (bsc#1146090). - CVE-2019-9517: Fixed HTTP/2 implementations that are vulnerable to unconstrained interal data buffering (bsc#1146097). - CVE-2019-9518: Fixed HTTP/2 implementation that is vulnerable to a flood of empty frames, potentially leading to a denial of service (bsc#1146093). Bug fixes : - Fixed that npm resolves its default config file like in all other versions, as /etc/nodejs/npmrc (bsc#1144919). This update was imported from the SUSE:SLE-15:Update update project.
    last seen2020-06-01
    modified2020-06-02
    plugin id128669
    published2019-09-11
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/128669
    titleopenSUSE Security Update : nodejs8 (openSUSE-2019-2115) (0-Length Headers Leak) (Data Dribble) (Empty Frames Flood) (Internal Data Buffering) (Ping Flood) (Reset Flood) (Resource Loop) (Settings Flood)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-4308-1.NASL
    descriptionit was discovered that Twisted incorrectly validated or sanitized certain URIs or HTTP methods. A remote attacker could use this issue to inject invalid characters and possibly perform header injection attacks. (CVE-2019-12387) It was discovered that Twisted incorrectly verified XMPP TLS certificates. A remote attacker could possibly use this issue to perform a man-in-the-middle attack and obtain sensitive information. (CVE-2019-12855) It was discovered that Twisted incorrectly handled HTTP/2 connections. A remote attacker could possibly use this issue to cause Twisted to hang or consume resources, leading to a denial of service. This issue only affected Ubuntu 18.04 LTS and Ubuntu 19.10. (CVE-2019-9512, CVE-2019-9514, CVE-2019-9515) Jake Miller and ZeddYu Lu discovered that Twisted incorrectly handled certain content-length headers. A remote attacker could possibly use this issue to perform HTTP request splitting attacks. (CVE-2020-10108, CVE-2020-10109). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-26
    modified2020-03-20
    plugin id134758
    published2020-03-20
    reporterUbuntu Security Notice (C) 2020 Canonical, Inc. / NASL script (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/134758
    titleUbuntu 16.04 LTS / 18.04 LTS / 19.10 : twisted vulnerabilities (USN-4308-1) (Ping Flood) (Reset Flood) (Settings Flood)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2019-2925.NASL
    descriptionAn update for the nodejs:10 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: nodejs (10.16.3). Security Fix(es) : * HTTP/2: large amount of data requests leads to denial of service (CVE-2019-9511) * HTTP/2: flood using PING frames results in unbounded memory growth (CVE-2019-9512) * HTTP/2: flood using PRIORITY frames results in excessive resource consumption (CVE-2019-9513) * HTTP/2: flood using HEADERS frames results in unbounded memory growth (CVE-2019-9514) * HTTP/2: flood using SETTINGS frames results in unbounded memory growth (CVE-2019-9515) * HTTP/2: 0-length headers lead to denial of service (CVE-2019-9516) * HTTP/2: request for large response leads to denial of service (CVE-2019-9517) * HTTP/2: flood using empty frames results in excessive resource consumption (CVE-2019-9518) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
    last seen2020-05-23
    modified2019-10-01
    plugin id129480
    published2019-10-01
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/129480
    titleRHEL 8 : nodejs:10 (RHSA-2019:2925) (0-Length Headers Leak) (Data Dribble) (Empty Frames Flood) (Internal Data Buffering) (Ping Flood) (Reset Flood) (Resource Loop) (Settings Flood)
  • NASL familyMisc.
    NASL idARISTA_EOS_SA0043.NASL
    descriptionThe version of Arista Networks EOS running on the remote device is affected by the following vulnerabilities: - HTTP/2 implementations are vulnerable to ping floods, potentially leading to a denial of service (DoS). An unauthenticated, remote attacker can exploit this, by sending continual pings to an HTTP/2 peer, causing the peer to build an internal queue of responses. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both. (CVE-2019-9512) - HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a DoS. An unauthenticated, remote attacker can open a number of streams and send an invalid request over each stream that should solicit a stream of RST_STREAM frames from the peer. Depending on how the peer queues the RST_STREAM frames, this can consume excess memory, CPU, or both. (CVE-2019-9514) - HTTP/2 implementations are vulnerable to a settings flood, potentially leading to a DoS. An unauthenticated, remote attacker can exploit this by sending a stream of SETTINGS frames to the peer. Since the RFC requires that the peer reply with one acknowledgement per SETTINGS frame, an empty SETTINGS frame is almost equivalent in behavior to a ping. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both. (CVE-2019-9515) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-03-17
    modified2020-03-11
    plugin id134419
    published2020-03-11
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/134419
    titleArista Networks EOS Multiple Vulnerabilities (SA0043)
  • NASL familyCGI abuses
    NASL idJBOSS_EAP_RHSA-2019-4021.NASL
    descriptionThe version of Red Hat JBoss Enterprise Application Platform (EAP) installed on the remote host is 7.x prior to 7.2.5. It is therefore, affected my multiple vulnerabilities as referenced in the RHSA-2019:4021 advisory: - undertow: HTTP/2: large amount of data requests leads to denial of service (CVE-2019-9511) - undertow: HTTP/2: flood using PING frames results in unbounded memory growth (CVE-2019-9512) - undertow: HTTP/2: flood using HEADERS frames results in unbounded memory growth (CVE-2019-9514) - undertow: HTTP/2: flood using SETTINGS frames results in unbounded memory growth (CVE-2019-9515) - wildfly-core: Incorrect privileges for
    last seen2020-06-01
    modified2020-06-02
    plugin id132314
    published2019-12-19
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/132314
    titleRed Hat JBoss Enterprise Application Platform 7.x < 7.2.5 Multiple Vulnerabilities
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_72A5579EC76511E980520028F8D09152.NASL
    descriptionJonathon Loomey of Netflix reports : HTTP/2 implementations do not robustly handle abnormal traffic and resource exhaustion Recently, a series of DoS attack vulnerabilities have been reported on a broad range of HTTP/2 stacks. Among the vulnerabilities, H2O is exposed to the following : - CVE-2019-9512
    last seen2020-06-01
    modified2020-06-02
    plugin id128135
    published2019-08-26
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/128135
    titleFreeBSD : h2o -- multiple HTTP/2 vulnerabilities (72a5579e-c765-11e9-8052-0028f8d09152) (Ping Flood) (Reset Flood) (Settings Flood)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-2260-1.NASL
    descriptionThis update for nodejs8 to version 8.16.1 fixes the following issues : Security issues fixed : CVE-2019-9511: Fixed HTTP/2 implementations that are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service (bsc#1146091). CVE-2019-9512: Fixed HTTP/2 flood using PING frames results in unbounded memory growth (bsc#1146099). CVE-2019-9513: Fixed HTTP/2 implementation that is vulnerable to resource loops, potentially leading to a denial of service. (bsc#1146094). CVE-2019-9514: Fixed HTTP/2 implementation that is vulnerable to a reset flood, potentially leading to a denial of service (bsc#1146095). CVE-2019-9515: Fixed HTTP/2 flood using SETTINGS frames results in unbounded memory growth (bsc#1146100). CVE-2019-9516: Fixed HTTP/2 implementation that is vulnerable to a header leak, potentially leading to a denial of service (bsc#1146090). CVE-2019-9517: Fixed HTTP/2 implementations that are vulnerable to unconstrained interal data buffering (bsc#1146097). CVE-2019-9518: Fixed HTTP/2 implementation that is vulnerable to a flood of empty frames, potentially leading to a denial of service (bsc#1146093). Bug fixes: Fixed that npm resolves its default config file like in all other versions, as /etc/nodejs/npmrc (bsc#1144919). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id128468
    published2019-09-03
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/128468
    titleSUSE SLES15 Security Update : nodejs8 (SUSE-SU-2019:2260-1) (0-Length Headers Leak) (Data Dribble) (Empty Frames Flood) (Internal Data Buffering) (Ping Flood) (Reset Flood) (Resource Loop) (Settings Flood)
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_9FBAEFB3837E11EAB5B4641C67A117D8.NASL
    descriptionTwisted developers reports : All HTTP clients in twisted.web.client now raise a ValueError when called with a method and/or URL that contain invalid characters. This mitigates CVE-2019-12387. Thanks to Alex Brasetvik for reporting this vulnerability. The HTTP/2 server implementation now enforces TCP flow control on control frame messages and times out clients that send invalid data without reading responses. This closes CVE-2019-9512 (Ping Flood), CVE-2019-9514 (Reset Flood), and CVE-2019-9515 (Settings Flood). Thanks to Jonathan Looney and Piotr Sikora. twisted.web.http was subject to several request smuggling attacks. Requests with multiple Content-Length headers were allowed (CVE-2020-10108, thanks to Jake Miller from Bishop Fox and ZeddYu Lu for reporting this) and now fail with a 400; requests with a Content-Length header and a Transfer-Encoding header honored the first header (CVE-2020-10109, thanks to Jake Miller from Bishop Fox for reporting this) and now fail with a 400; requests whose Transfer-Encoding header had a value other than
    last seen2020-04-30
    modified2020-04-22
    plugin id135883
    published2020-04-22
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/135883
    titleFreeBSD : py-twisted -- multiple vulnerabilities (9fbaefb3-837e-11ea-b5b4-641c67a117d8) (Ping Flood) (Reset Flood) (Settings Flood)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2019-2925.NASL
    descriptionFrom Red Hat Security Advisory 2019:2925 : An update for the nodejs:10 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: nodejs (10.16.3). Security Fix(es) : * HTTP/2: large amount of data requests leads to denial of service (CVE-2019-9511) * HTTP/2: flood using PING frames results in unbounded memory growth (CVE-2019-9512) * HTTP/2: flood using PRIORITY frames results in excessive resource consumption (CVE-2019-9513) * HTTP/2: flood using HEADERS frames results in unbounded memory growth (CVE-2019-9514) * HTTP/2: flood using SETTINGS frames results in unbounded memory growth (CVE-2019-9515) * HTTP/2: 0-length headers lead to denial of service (CVE-2019-9516) * HTTP/2: request for large response leads to denial of service (CVE-2019-9517) * HTTP/2: flood using empty frames results in excessive resource consumption (CVE-2019-9518) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id129514
    published2019-10-02
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/129514
    titleOracle Linux 8 : nodejs:10 (ELSA-2019-2925) (0-Length Headers Leak) (Data Dribble) (Empty Frames Flood) (Internal Data Buffering) (Ping Flood) (Reset Flood) (Resource Loop) (Settings Flood)
  • NASL familyF5 Networks Local Security Checks
    NASL idF5_BIGIP_SOL50233772.NASL
    descriptionSome HTTP/2 implementations are vulnerable to a settings flood, potentially leading to a denial of service. The attacker sends a stream of SETTINGS frames to the peer. Since the RFC requires that the peer reply with one acknowledgement per SETTINGS frame, an empty SETTINGS frame is almost equivalent in behavior to a ping. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both. (CVE-2019-9515) Impact The BIG-IP system may exhaust available resources and fail over to another system in the device group.
    last seen2020-03-17
    modified2019-09-25
    plugin id129315
    published2019-09-25
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/129315
    titleF5 Networks BIG-IP : HTTP/2 Settings Flood vulnerability (K50233772) (Settings Flood)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-2254-1.NASL
    descriptionThis update for nodejs10 to version 10.16.3 fixes the following issues : Security issues fixed : CVE-2019-9511: Fixed HTTP/2 implementations that are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service (bsc#1146091). CVE-2019-9512: Fixed HTTP/2 flood using PING frames results in unbounded memory growth (bsc#1146099). CVE-2019-9513: Fixed HTTP/2 implementation that is vulnerable to resource loops, potentially leading to a denial of service. (bsc#1146094). CVE-2019-9514: Fixed HTTP/2 implementation that is vulnerable to a reset flood, potentially leading to a denial of service (bsc#1146095). CVE-2019-9515: Fixed HTTP/2 flood using SETTINGS frames results in unbounded memory growth (bsc#1146100). CVE-2019-9516: Fixed HTTP/2 implementation that is vulnerable to a header leak, potentially leading to a denial of service (bsc#1146090). CVE-2019-9517: Fixed HTTP/2 implementations that are vulnerable to unconstrained interal data buffering (bsc#1146097). CVE-2019-9518: Fixed HTTP/2 implementation that is vulnerable to a flood of empty frames, potentially leading to a denial of service (bsc#1146093). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id128411
    published2019-08-30
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/128411
    titleSUSE SLES12 Security Update : nodejs10 (SUSE-SU-2019:2254-1) (0-Length Headers Leak) (Data Dribble) (Empty Frames Flood) (Internal Data Buffering) (Ping Flood) (Reset Flood) (Resource Loop) (Settings Flood)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2019-4018.NASL
    descriptionAn update is now available for Red Hat JBoss Enterprise Application Platform 7.2 for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.2.5 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.2.4, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.2.5 Release Notes for information about the most significant bug fixes and enhancements included in this release. Security Fix(es) : * undertow: HTTP/2: large amount of data requests leads to denial of service (CVE-2019-9511) * undertow: HTTP/2: flood using PING frames results in unbounded memory growth (CVE-2019-9512) * undertow: HTTP/2: flood using HEADERS frames results in unbounded memory growth (CVE-2019-9514) * undertow: HTTP/2: flood using SETTINGS frames results in unbounded memory growth (CVE-2019-9515) * wildfly-core: Incorrect privileges for
    last seen2020-06-01
    modified2020-06-02
    plugin id131522
    published2019-12-03
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/131522
    titleRHEL 6 : JBoss EAP (RHSA-2019:4018) (Data Dribble) (Ping Flood) (Reset Flood) (Settings Flood)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2019-4040.NASL
    descriptionNew Red Hat Single Sign-On 7.3.5 packages are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Red Hat Single Sign-On 7.3 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This release of Red Hat Single Sign-On 7.3.5 on RHEL 6 serves as a replacement for Red Hat Single Sign-On 7.3.4, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Security Fix(es) : * keycloak: Service accounts reset password flow not using placeholder.org domain anymore (CVE-2019-14837) * undertow: HTTP/2: flood using PING frames results in unbounded memory growth (CVE-2019-9512) * undertow: HTTP/2: flood using HEADERS frames results in unbounded memory growth (CVE-2019-9514) * undertow: HTTP/2: flood using SETTINGS frames results in unbounded memory growth (CVE-2019-9515) * wildfly-core: Incorrect privileges for
    last seen2020-06-01
    modified2020-06-02
    plugin id131527
    published2019-12-03
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/131527
    titleRHEL 6 : Red Hat Single Sign-On 7.3.5 (RHSA-2019:4040) (Ping Flood) (Reset Flood) (Settings Flood)
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_C97A940BC39211E9BB38000D3AB229D6.NASL
    descriptionNode.js reports : Node.js, as well as many other implementations of HTTP/2, have been found vulnerable to Denial of Service attacks. See https://github.com/Netflix/security-bulletins/blob/master/advisories/t hird-party/2019-002.md for more information. Updates are now available for all active Node.js release lines, including Linux ARMv6 builds for Node.js 8.x (which had been delayed). We recommend that all Node.js users upgrade to a version listed below as soon as possible. Vulnerabilities Fixed Impact: All versions of Node.js 8 (LTS
    last seen2020-06-01
    modified2020-06-02
    plugin id128043
    published2019-08-21
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/128043
    titleFreeBSD : Node.js -- multiple vulnerabilities (c97a940b-c392-11e9-bb38-000d3ab229d6) (0-Length Headers Leak) (Data Dribble) (Empty Frames Flood) (Internal Data Buffering) (Ping Flood) (Reset Flood) (Resource Loop) (Settings Flood)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2019-5A6A7BC12C.NASL
    descriptionUpdate to Node.js 10.6.13 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id128131
    published2019-08-26
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/128131
    titleFedora 30 : 1:nodejs (2019-5a6a7bc12c) (0-Length Headers Leak) (Empty Frames Flood) (Internal Data Buffering) (Ping Flood) (Reset Flood) (Resource Loop) (Settings Flood)

Redhat

advisories
  • rhsa
    idRHSA-2019:2766
  • rhsa
    idRHSA-2019:2796
  • rhsa
    idRHSA-2019:2861
  • rhsa
    idRHSA-2019:2925
  • rhsa
    idRHSA-2019:2939
  • rhsa
    idRHSA-2019:2955
  • rhsa
    idRHSA-2019:3892
  • rhsa
    idRHSA-2019:4018
  • rhsa
    idRHSA-2019:4019
  • rhsa
    idRHSA-2019:4020
  • rhsa
    idRHSA-2019:4021
  • rhsa
    idRHSA-2019:4040
  • rhsa
    idRHSA-2019:4041
  • rhsa
    idRHSA-2019:4042
  • rhsa
    idRHSA-2019:4045
  • rhsa
    idRHSA-2019:4352
  • rhsa
    idRHSA-2020:0727
rpms
  • skydive-0:0.20.5-2.el7ost
  • skydive-agent-0:0.20.5-2.el7ost
  • skydive-analyzer-0:0.20.5-2.el7ost
  • skydive-ansible-0:0.20.5-2.el7ost
  • skydive-debuginfo-0:0.20.5-2.el7ost
  • skydive-selinux-0:0.20.5-2.el7ost
  • nodejs-1:10.16.3-2.module+el8.0.0+4214+49953fda
  • nodejs-debuginfo-1:10.16.3-2.module+el8.0.0+4214+49953fda
  • nodejs-debugsource-1:10.16.3-2.module+el8.0.0+4214+49953fda
  • nodejs-devel-1:10.16.3-2.module+el8.0.0+4214+49953fda
  • nodejs-devel-debuginfo-1:10.16.3-2.module+el8.0.0+4214+49953fda
  • nodejs-docs-1:10.16.3-2.module+el8.0.0+4214+49953fda
  • nodejs-nodemon-0:1.18.3-1.module+el8+2632+6c5111ed
  • nodejs-packaging-0:17-3.module+el8+2873+aa7dfd9a
  • npm-1:6.9.0-1.10.16.3.2.module+el8.0.0+4214+49953fda
  • rh-nodejs10-0:3.2-3.el7
  • rh-nodejs10-nodejs-0:10.16.3-3.el7
  • rh-nodejs10-nodejs-debuginfo-0:10.16.3-3.el7
  • rh-nodejs10-nodejs-devel-0:10.16.3-3.el7
  • rh-nodejs10-nodejs-docs-0:10.16.3-3.el7
  • rh-nodejs10-npm-0:6.9.0-10.16.3.3.el7
  • rh-nodejs10-runtime-0:3.2-3.el7
  • rh-nodejs10-scldevel-0:3.2-3.el7
  • rh-nodejs8-0:3.0-5.el7
  • rh-nodejs8-nodejs-0:8.16.1-2.el7
  • rh-nodejs8-nodejs-debuginfo-0:8.16.1-2.el7
  • rh-nodejs8-nodejs-devel-0:8.16.1-2.el7
  • rh-nodejs8-nodejs-docs-0:8.16.1-2.el7
  • rh-nodejs8-npm-0:6.4.1-8.16.1.2.el7
  • rh-nodejs8-runtime-0:3.0-5.el7
  • rh-nodejs8-scldevel-0:3.0-5.el7
  • eap7-apache-cxf-0:3.2.10-1.redhat_00001.1.el6eap
  • eap7-apache-cxf-rt-0:3.2.10-1.redhat_00001.1.el6eap
  • eap7-apache-cxf-services-0:3.2.10-1.redhat_00001.1.el6eap
  • eap7-apache-cxf-tools-0:3.2.10-1.redhat_00001.1.el6eap
  • eap7-byte-buddy-0:1.9.11-1.redhat_00002.1.el6eap
  • eap7-glassfish-jsf-0:2.3.5-5.SP3_redhat_00003.1.el6eap
  • eap7-hal-console-0:3.0.17-2.Final_redhat_00001.1.el6eap
  • eap7-hibernate-0:5.3.13-1.Final_redhat_00001.1.el6eap
  • eap7-hibernate-core-0:5.3.13-1.Final_redhat_00001.1.el6eap
  • eap7-hibernate-entitymanager-0:5.3.13-1.Final_redhat_00001.1.el6eap
  • eap7-hibernate-envers-0:5.3.13-1.Final_redhat_00001.1.el6eap
  • eap7-hibernate-java8-0:5.3.13-1.Final_redhat_00001.1.el6eap
  • eap7-ironjacamar-0:1.4.18-1.Final_redhat_00001.1.el6eap
  • eap7-ironjacamar-common-api-0:1.4.18-1.Final_redhat_00001.1.el6eap
  • eap7-ironjacamar-common-impl-0:1.4.18-1.Final_redhat_00001.1.el6eap
  • eap7-ironjacamar-common-spi-0:1.4.18-1.Final_redhat_00001.1.el6eap
  • eap7-ironjacamar-core-api-0:1.4.18-1.Final_redhat_00001.1.el6eap
  • eap7-ironjacamar-core-impl-0:1.4.18-1.Final_redhat_00001.1.el6eap
  • eap7-ironjacamar-deployers-common-0:1.4.18-1.Final_redhat_00001.1.el6eap
  • eap7-ironjacamar-jdbc-0:1.4.18-1.Final_redhat_00001.1.el6eap
  • eap7-ironjacamar-validator-0:1.4.18-1.Final_redhat_00001.1.el6eap
  • eap7-jboss-genericjms-0:2.0.2-1.Final_redhat_00001.1.el6eap
  • eap7-jboss-msc-0:1.4.11-1.Final_redhat_00001.1.el6eap
  • eap7-jboss-remoting-0:5.0.16-2.Final_redhat_00001.1.el6eap
  • eap7-jboss-server-migration-0:1.3.1-6.Final_redhat_00006.1.el6eap
  • eap7-jboss-server-migration-cli-0:1.3.1-6.Final_redhat_00006.1.el6eap
  • eap7-jboss-server-migration-core-0:1.3.1-6.Final_redhat_00006.1.el6eap
  • eap7-jboss-server-migration-eap6.4-0:1.3.1-6.Final_redhat_00006.1.el6eap
  • eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-6.Final_redhat_00006.1.el6eap
  • eap7-jboss-server-migration-eap7.0-0:1.3.1-6.Final_redhat_00006.1.el6eap
  • eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-6.Final_redhat_00006.1.el6eap
  • eap7-jboss-server-migration-eap7.1-0:1.3.1-6.Final_redhat_00006.1.el6eap
  • eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-6.Final_redhat_00006.1.el6eap
  • eap7-jboss-server-migration-eap7.2-0:1.3.1-6.Final_redhat_00006.1.el6eap
  • eap7-jboss-server-migration-wildfly10.0-0:1.3.1-6.Final_redhat_00006.1.el6eap
  • eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-6.Final_redhat_00006.1.el6eap
  • eap7-jboss-server-migration-wildfly10.1-0:1.3.1-6.Final_redhat_00006.1.el6eap
  • eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-6.Final_redhat_00006.1.el6eap
  • eap7-jboss-server-migration-wildfly11.0-0:1.3.1-6.Final_redhat_00006.1.el6eap
  • eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-6.Final_redhat_00006.1.el6eap
  • eap7-jboss-server-migration-wildfly12.0-0:1.3.1-6.Final_redhat_00006.1.el6eap
  • eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-6.Final_redhat_00006.1.el6eap
  • eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-6.Final_redhat_00006.1.el6eap
  • eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-6.Final_redhat_00006.1.el6eap
  • eap7-jboss-server-migration-wildfly8.2-0:1.3.1-6.Final_redhat_00006.1.el6eap
  • eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-6.Final_redhat_00006.1.el6eap
  • eap7-jboss-server-migration-wildfly9.0-0:1.3.1-6.Final_redhat_00006.1.el6eap
  • eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-6.Final_redhat_00006.1.el6eap
  • eap7-jboss-xnio-base-0:3.7.6-2.SP1_redhat_00001.1.el6eap
  • eap7-picketbox-0:5.0.3-6.Final_redhat_00005.1.el6eap
  • eap7-picketbox-infinispan-0:5.0.3-6.Final_redhat_00005.1.el6eap
  • eap7-picketlink-api-0:2.5.5-20.SP12_redhat_00009.1.el6eap
  • eap7-picketlink-bindings-0:2.5.5-20.SP12_redhat_00009.1.el6eap
  • eap7-picketlink-common-0:2.5.5-20.SP12_redhat_00009.1.el6eap
  • eap7-picketlink-config-0:2.5.5-20.SP12_redhat_00009.1.el6eap
  • eap7-picketlink-federation-0:2.5.5-20.SP12_redhat_00009.1.el6eap
  • eap7-picketlink-idm-api-0:2.5.5-20.SP12_redhat_00009.1.el6eap
  • eap7-picketlink-idm-impl-0:2.5.5-20.SP12_redhat_00009.1.el6eap
  • eap7-picketlink-idm-simple-schema-0:2.5.5-20.SP12_redhat_00009.1.el6eap
  • eap7-picketlink-impl-0:2.5.5-20.SP12_redhat_00009.1.el6eap
  • eap7-picketlink-wildfly8-0:2.5.5-20.SP12_redhat_00009.1.el6eap
  • eap7-resteasy-0:3.6.1-7.SP7_redhat_00001.1.el6eap
  • eap7-resteasy-atom-provider-0:3.6.1-7.SP7_redhat_00001.1.el6eap
  • eap7-resteasy-cdi-0:3.6.1-7.SP7_redhat_00001.1.el6eap
  • eap7-resteasy-client-0:3.6.1-7.SP7_redhat_00001.1.el6eap
  • eap7-resteasy-client-microprofile-0:3.6.1-7.SP7_redhat_00001.1.el6eap
  • eap7-resteasy-crypto-0:3.6.1-7.SP7_redhat_00001.1.el6eap
  • eap7-resteasy-jackson-provider-0:3.6.1-7.SP7_redhat_00001.1.el6eap
  • eap7-resteasy-jackson2-provider-0:3.6.1-7.SP7_redhat_00001.1.el6eap
  • eap7-resteasy-jaxb-provider-0:3.6.1-7.SP7_redhat_00001.1.el6eap
  • eap7-resteasy-jaxrs-0:3.6.1-7.SP7_redhat_00001.1.el6eap
  • eap7-resteasy-jettison-provider-0:3.6.1-7.SP7_redhat_00001.1.el6eap
  • eap7-resteasy-jose-jwt-0:3.6.1-7.SP7_redhat_00001.1.el6eap
  • eap7-resteasy-jsapi-0:3.6.1-7.SP7_redhat_00001.1.el6eap
  • eap7-resteasy-json-binding-provider-0:3.6.1-7.SP7_redhat_00001.1.el6eap
  • eap7-resteasy-json-p-provider-0:3.6.1-7.SP7_redhat_00001.1.el6eap
  • eap7-resteasy-multipart-provider-0:3.6.1-7.SP7_redhat_00001.1.el6eap
  • eap7-resteasy-rxjava2-0:3.6.1-7.SP7_redhat_00001.1.el6eap
  • eap7-resteasy-spring-0:3.6.1-7.SP7_redhat_00001.1.el6eap
  • eap7-resteasy-validator-provider-11-0:3.6.1-7.SP7_redhat_00001.1.el6eap
  • eap7-resteasy-yaml-provider-0:3.6.1-7.SP7_redhat_00001.1.el6eap
  • eap7-undertow-0:2.0.26-2.SP3_redhat_00001.1.el6eap
  • eap7-wildfly-0:7.2.5-4.GA_redhat_00002.1.el6eap
  • eap7-wildfly-elytron-0:1.6.5-1.Final_redhat_00001.1.el6eap
  • eap7-wildfly-elytron-tool-0:1.4.4-1.Final_redhat_00001.1.el6eap
  • eap7-wildfly-http-client-common-0:1.0.17-1.Final_redhat_00001.1.el6eap
  • eap7-wildfly-http-ejb-client-0:1.0.17-1.Final_redhat_00001.1.el6eap
  • eap7-wildfly-http-naming-client-0:1.0.17-1.Final_redhat_00001.1.el6eap
  • eap7-wildfly-http-transaction-client-0:1.0.17-1.Final_redhat_00001.1.el6eap
  • eap7-wildfly-javadocs-0:7.2.5-4.GA_redhat_00002.1.el6eap
  • eap7-wildfly-modules-0:7.2.5-4.GA_redhat_00002.1.el6eap
  • eap7-wildfly-openssl-0:1.0.8-1.Final_redhat_00001.1.el6eap
  • eap7-wildfly-openssl-java-0:1.0.8-1.Final_redhat_00001.1.el6eap
  • eap7-wildfly-openssl-linux-x86_64-0:1.0.8-5.Final_redhat_00001.1.el6eap
  • eap7-wildfly-openssl-linux-x86_64-debuginfo-0:1.0.8-5.Final_redhat_00001.1.el6eap
  • eap7-yasson-0:1.0.5-1.redhat_00001.1.el6eap
  • eap7-apache-cxf-0:3.2.10-1.redhat_00001.1.el7eap
  • eap7-apache-cxf-rt-0:3.2.10-1.redhat_00001.1.el7eap
  • eap7-apache-cxf-services-0:3.2.10-1.redhat_00001.1.el7eap
  • eap7-apache-cxf-tools-0:3.2.10-1.redhat_00001.1.el7eap
  • eap7-byte-buddy-0:1.9.11-1.redhat_00002.1.el7eap
  • eap7-glassfish-jsf-0:2.3.5-5.SP3_redhat_00003.1.el7eap
  • eap7-hal-console-0:3.0.17-2.Final_redhat_00001.1.el7eap
  • eap7-hibernate-0:5.3.13-1.Final_redhat_00001.1.el7eap
  • eap7-hibernate-core-0:5.3.13-1.Final_redhat_00001.1.el7eap
  • eap7-hibernate-entitymanager-0:5.3.13-1.Final_redhat_00001.1.el7eap
  • eap7-hibernate-envers-0:5.3.13-1.Final_redhat_00001.1.el7eap
  • eap7-hibernate-java8-0:5.3.13-1.Final_redhat_00001.1.el7eap
  • eap7-ironjacamar-0:1.4.18-1.Final_redhat_00001.1.el7eap
  • eap7-ironjacamar-common-api-0:1.4.18-1.Final_redhat_00001.1.el7eap
  • eap7-ironjacamar-common-impl-0:1.4.18-1.Final_redhat_00001.1.el7eap
  • eap7-ironjacamar-common-spi-0:1.4.18-1.Final_redhat_00001.1.el7eap
  • eap7-ironjacamar-core-api-0:1.4.18-1.Final_redhat_00001.1.el7eap
  • eap7-ironjacamar-core-impl-0:1.4.18-1.Final_redhat_00001.1.el7eap
  • eap7-ironjacamar-deployers-common-0:1.4.18-1.Final_redhat_00001.1.el7eap
  • eap7-ironjacamar-jdbc-0:1.4.18-1.Final_redhat_00001.1.el7eap
  • eap7-ironjacamar-validator-0:1.4.18-1.Final_redhat_00001.1.el7eap
  • eap7-jboss-genericjms-0:2.0.2-1.Final_redhat_00001.1.el7eap
  • eap7-jboss-msc-0:1.4.11-1.Final_redhat_00001.1.el7eap
  • eap7-jboss-remoting-0:5.0.16-2.Final_redhat_00001.1.el7eap
  • eap7-jboss-server-migration-0:1.3.1-6.Final_redhat_00006.1.el7eap
  • eap7-jboss-server-migration-cli-0:1.3.1-6.Final_redhat_00006.1.el7eap
  • eap7-jboss-server-migration-core-0:1.3.1-6.Final_redhat_00006.1.el7eap
  • eap7-jboss-server-migration-eap6.4-0:1.3.1-6.Final_redhat_00006.1.el7eap
  • eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-6.Final_redhat_00006.1.el7eap
  • eap7-jboss-server-migration-eap7.0-0:1.3.1-6.Final_redhat_00006.1.el7eap
  • eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-6.Final_redhat_00006.1.el7eap
  • eap7-jboss-server-migration-eap7.1-0:1.3.1-6.Final_redhat_00006.1.el7eap
  • eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-6.Final_redhat_00006.1.el7eap
  • eap7-jboss-server-migration-eap7.2-0:1.3.1-6.Final_redhat_00006.1.el7eap
  • eap7-jboss-server-migration-wildfly10.0-0:1.3.1-6.Final_redhat_00006.1.el7eap
  • eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-6.Final_redhat_00006.1.el7eap
  • eap7-jboss-server-migration-wildfly10.1-0:1.3.1-6.Final_redhat_00006.1.el7eap
  • eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-6.Final_redhat_00006.1.el7eap
  • eap7-jboss-server-migration-wildfly11.0-0:1.3.1-6.Final_redhat_00006.1.el7eap
  • eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-6.Final_redhat_00006.1.el7eap
  • eap7-jboss-server-migration-wildfly12.0-0:1.3.1-6.Final_redhat_00006.1.el7eap
  • eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-6.Final_redhat_00006.1.el7eap
  • eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-6.Final_redhat_00006.1.el7eap
  • eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-6.Final_redhat_00006.1.el7eap
  • eap7-jboss-server-migration-wildfly8.2-0:1.3.1-6.Final_redhat_00006.1.el7eap
  • eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-6.Final_redhat_00006.1.el7eap
  • eap7-jboss-server-migration-wildfly9.0-0:1.3.1-6.Final_redhat_00006.1.el7eap
  • eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-6.Final_redhat_00006.1.el7eap
  • eap7-jboss-xnio-base-0:3.7.6-2.SP1_redhat_00001.1.el7eap
  • eap7-picketbox-0:5.0.3-6.Final_redhat_00005.1.el7eap
  • eap7-picketbox-infinispan-0:5.0.3-6.Final_redhat_00005.1.el7eap
  • eap7-picketlink-api-0:2.5.5-20.SP12_redhat_00009.1.el7eap
  • eap7-picketlink-bindings-0:2.5.5-20.SP12_redhat_00009.1.el7eap
  • eap7-picketlink-common-0:2.5.5-20.SP12_redhat_00009.1.el7eap
  • eap7-picketlink-config-0:2.5.5-20.SP12_redhat_00009.1.el7eap
  • eap7-picketlink-federation-0:2.5.5-20.SP12_redhat_00009.1.el7eap
  • eap7-picketlink-idm-api-0:2.5.5-20.SP12_redhat_00009.1.el7eap
  • eap7-picketlink-idm-impl-0:2.5.5-20.SP12_redhat_00009.1.el7eap
  • eap7-picketlink-idm-simple-schema-0:2.5.5-20.SP12_redhat_00009.1.el7eap
  • eap7-picketlink-impl-0:2.5.5-20.SP12_redhat_00009.1.el7eap
  • eap7-picketlink-wildfly8-0:2.5.5-20.SP12_redhat_00009.1.el7eap
  • eap7-resteasy-0:3.6.1-7.SP7_redhat_00001.1.el7eap
  • eap7-resteasy-atom-provider-0:3.6.1-7.SP7_redhat_00001.1.el7eap
  • eap7-resteasy-cdi-0:3.6.1-7.SP7_redhat_00001.1.el7eap
  • eap7-resteasy-client-0:3.6.1-7.SP7_redhat_00001.1.el7eap
  • eap7-resteasy-client-microprofile-0:3.6.1-7.SP7_redhat_00001.1.el7eap
  • eap7-resteasy-crypto-0:3.6.1-7.SP7_redhat_00001.1.el7eap
  • eap7-resteasy-jackson-provider-0:3.6.1-7.SP7_redhat_00001.1.el7eap
  • eap7-resteasy-jackson2-provider-0:3.6.1-7.SP7_redhat_00001.1.el7eap
  • eap7-resteasy-jaxb-provider-0:3.6.1-7.SP7_redhat_00001.1.el7eap
  • eap7-resteasy-jaxrs-0:3.6.1-7.SP7_redhat_00001.1.el7eap
  • eap7-resteasy-jettison-provider-0:3.6.1-7.SP7_redhat_00001.1.el7eap
  • eap7-resteasy-jose-jwt-0:3.6.1-7.SP7_redhat_00001.1.el7eap
  • eap7-resteasy-jsapi-0:3.6.1-7.SP7_redhat_00001.1.el7eap
  • eap7-resteasy-json-binding-provider-0:3.6.1-7.SP7_redhat_00001.1.el7eap
  • eap7-resteasy-json-p-provider-0:3.6.1-7.SP7_redhat_00001.1.el7eap
  • eap7-resteasy-multipart-provider-0:3.6.1-7.SP7_redhat_00001.1.el7eap
  • eap7-resteasy-rxjava2-0:3.6.1-7.SP7_redhat_00001.1.el7eap
  • eap7-resteasy-spring-0:3.6.1-7.SP7_redhat_00001.1.el7eap
  • eap7-resteasy-validator-provider-11-0:3.6.1-7.SP7_redhat_00001.1.el7eap
  • eap7-resteasy-yaml-provider-0:3.6.1-7.SP7_redhat_00001.1.el7eap
  • eap7-undertow-0:2.0.26-2.SP3_redhat_00001.1.el7eap
  • eap7-wildfly-0:7.2.5-4.GA_redhat_00002.1.el7eap
  • eap7-wildfly-elytron-0:1.6.5-1.Final_redhat_00001.1.el7eap
  • eap7-wildfly-elytron-tool-0:1.4.4-1.Final_redhat_00001.1.el7eap
  • eap7-wildfly-http-client-common-0:1.0.17-1.Final_redhat_00001.1.el7eap
  • eap7-wildfly-http-ejb-client-0:1.0.17-1.Final_redhat_00001.1.el7eap
  • eap7-wildfly-http-naming-client-0:1.0.17-1.Final_redhat_00001.1.el7eap
  • eap7-wildfly-http-transaction-client-0:1.0.17-1.Final_redhat_00001.1.el7eap
  • eap7-wildfly-java-jdk11-0:7.2.5-4.GA_redhat_00002.1.el7eap
  • eap7-wildfly-java-jdk8-0:7.2.5-4.GA_redhat_00002.1.el7eap
  • eap7-wildfly-javadocs-0:7.2.5-4.GA_redhat_00002.1.el7eap
  • eap7-wildfly-modules-0:7.2.5-4.GA_redhat_00002.1.el7eap
  • eap7-wildfly-openssl-0:1.0.8-1.Final_redhat_00001.1.el7eap
  • eap7-wildfly-openssl-java-0:1.0.8-1.Final_redhat_00001.1.el7eap
  • eap7-wildfly-openssl-linux-x86_64-0:1.0.8-5.Final_redhat_00001.1.el7eap
  • eap7-wildfly-openssl-linux-x86_64-debuginfo-0:1.0.8-5.Final_redhat_00001.1.el7eap
  • eap7-yasson-0:1.0.5-1.redhat_00001.1.el7eap
  • eap7-apache-cxf-0:3.2.10-1.redhat_00001.1.el8eap
  • eap7-apache-cxf-rt-0:3.2.10-1.redhat_00001.1.el8eap
  • eap7-apache-cxf-services-0:3.2.10-1.redhat_00001.1.el8eap
  • eap7-apache-cxf-tools-0:3.2.10-1.redhat_00001.1.el8eap
  • eap7-byte-buddy-0:1.9.11-1.redhat_00002.1.el8eap
  • eap7-glassfish-jsf-0:2.3.5-5.SP3_redhat_00003.1.el8eap
  • eap7-hal-console-0:3.0.17-2.Final_redhat_00001.1.el8eap
  • eap7-hibernate-0:5.3.13-1.Final_redhat_00001.1.el8eap
  • eap7-hibernate-core-0:5.3.13-1.Final_redhat_00001.1.el8eap
  • eap7-hibernate-entitymanager-0:5.3.13-1.Final_redhat_00001.1.el8eap
  • eap7-hibernate-envers-0:5.3.13-1.Final_redhat_00001.1.el8eap
  • eap7-hibernate-java8-0:5.3.13-1.Final_redhat_00001.1.el8eap
  • eap7-ironjacamar-0:1.4.18-1.Final_redhat_00001.1.el8eap
  • eap7-ironjacamar-common-api-0:1.4.18-1.Final_redhat_00001.1.el8eap
  • eap7-ironjacamar-common-impl-0:1.4.18-1.Final_redhat_00001.1.el8eap
  • eap7-ironjacamar-common-spi-0:1.4.18-1.Final_redhat_00001.1.el8eap
  • eap7-ironjacamar-core-api-0:1.4.18-1.Final_redhat_00001.1.el8eap
  • eap7-ironjacamar-core-impl-0:1.4.18-1.Final_redhat_00001.1.el8eap
  • eap7-ironjacamar-deployers-common-0:1.4.18-1.Final_redhat_00001.1.el8eap
  • eap7-ironjacamar-jdbc-0:1.4.18-1.Final_redhat_00001.1.el8eap
  • eap7-ironjacamar-validator-0:1.4.18-1.Final_redhat_00001.1.el8eap
  • eap7-jboss-genericjms-0:2.0.2-1.Final_redhat_00001.1.el8eap
  • eap7-jboss-msc-0:1.4.11-1.Final_redhat_00001.1.el8eap
  • eap7-jboss-remoting-0:5.0.16-2.Final_redhat_00001.1.el8eap
  • eap7-jboss-server-migration-0:1.3.1-6.Final_redhat_00006.1.el8eap
  • eap7-jboss-server-migration-cli-0:1.3.1-6.Final_redhat_00006.1.el8eap
  • eap7-jboss-server-migration-core-0:1.3.1-6.Final_redhat_00006.1.el8eap
  • eap7-jboss-server-migration-eap6.4-0:1.3.1-6.Final_redhat_00006.1.el8eap
  • eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-6.Final_redhat_00006.1.el8eap
  • eap7-jboss-server-migration-eap7.0-0:1.3.1-6.Final_redhat_00006.1.el8eap
  • eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-6.Final_redhat_00006.1.el8eap
  • eap7-jboss-server-migration-eap7.1-0:1.3.1-6.Final_redhat_00006.1.el8eap
  • eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-6.Final_redhat_00006.1.el8eap
  • eap7-jboss-server-migration-eap7.2-0:1.3.1-6.Final_redhat_00006.1.el8eap
  • eap7-jboss-server-migration-wildfly10.0-0:1.3.1-6.Final_redhat_00006.1.el8eap
  • eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-6.Final_redhat_00006.1.el8eap
  • eap7-jboss-server-migration-wildfly10.1-0:1.3.1-6.Final_redhat_00006.1.el8eap
  • eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-6.Final_redhat_00006.1.el8eap
  • eap7-jboss-server-migration-wildfly11.0-0:1.3.1-6.Final_redhat_00006.1.el8eap
  • eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-6.Final_redhat_00006.1.el8eap
  • eap7-jboss-server-migration-wildfly12.0-0:1.3.1-6.Final_redhat_00006.1.el8eap
  • eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-6.Final_redhat_00006.1.el8eap
  • eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-6.Final_redhat_00006.1.el8eap
  • eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-6.Final_redhat_00006.1.el8eap
  • eap7-jboss-server-migration-wildfly8.2-0:1.3.1-6.Final_redhat_00006.1.el8eap
  • eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-6.Final_redhat_00006.1.el8eap
  • eap7-jboss-server-migration-wildfly9.0-0:1.3.1-6.Final_redhat_00006.1.el8eap
  • eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-6.Final_redhat_00006.1.el8eap
  • eap7-jboss-xnio-base-0:3.7.6-2.SP1_redhat_00001.1.el8eap
  • eap7-picketbox-0:5.0.3-6.Final_redhat_00005.1.el8eap
  • eap7-picketbox-infinispan-0:5.0.3-6.Final_redhat_00005.1.el8eap
  • eap7-picketlink-api-0:2.5.5-20.SP12_redhat_00009.1.el8eap
  • eap7-picketlink-bindings-0:2.5.5-20.SP12_redhat_00009.1.el8eap
  • eap7-picketlink-common-0:2.5.5-20.SP12_redhat_00009.1.el8eap
  • eap7-picketlink-config-0:2.5.5-20.SP12_redhat_00009.1.el8eap
  • eap7-picketlink-federation-0:2.5.5-20.SP12_redhat_00009.1.el8eap
  • eap7-picketlink-idm-api-0:2.5.5-20.SP12_redhat_00009.1.el8eap
  • eap7-picketlink-idm-impl-0:2.5.5-20.SP12_redhat_00009.1.el8eap
  • eap7-picketlink-idm-simple-schema-0:2.5.5-20.SP12_redhat_00009.1.el8eap
  • eap7-picketlink-impl-0:2.5.5-20.SP12_redhat_00009.1.el8eap
  • eap7-picketlink-wildfly8-0:2.5.5-20.SP12_redhat_00009.1.el8eap
  • eap7-resteasy-0:3.6.1-7.SP7_redhat_00001.1.el8eap
  • eap7-resteasy-atom-provider-0:3.6.1-7.SP7_redhat_00001.1.el8eap
  • eap7-resteasy-cdi-0:3.6.1-7.SP7_redhat_00001.1.el8eap
  • eap7-resteasy-client-0:3.6.1-7.SP7_redhat_00001.1.el8eap
  • eap7-resteasy-client-microprofile-0:3.6.1-7.SP7_redhat_00001.1.el8eap
  • eap7-resteasy-crypto-0:3.6.1-7.SP7_redhat_00001.1.el8eap
  • eap7-resteasy-jackson-provider-0:3.6.1-7.SP7_redhat_00001.1.el8eap
  • eap7-resteasy-jackson2-provider-0:3.6.1-7.SP7_redhat_00001.1.el8eap
  • eap7-resteasy-jaxb-provider-0:3.6.1-7.SP7_redhat_00001.1.el8eap
  • eap7-resteasy-jaxrs-0:3.6.1-7.SP7_redhat_00001.1.el8eap
  • eap7-resteasy-jettison-provider-0:3.6.1-7.SP7_redhat_00001.1.el8eap
  • eap7-resteasy-jose-jwt-0:3.6.1-7.SP7_redhat_00001.1.el8eap
  • eap7-resteasy-jsapi-0:3.6.1-7.SP7_redhat_00001.1.el8eap
  • eap7-resteasy-json-binding-provider-0:3.6.1-7.SP7_redhat_00001.1.el8eap
  • eap7-resteasy-json-p-provider-0:3.6.1-7.SP7_redhat_00001.1.el8eap
  • eap7-resteasy-multipart-provider-0:3.6.1-7.SP7_redhat_00001.1.el8eap
  • eap7-resteasy-rxjava2-0:3.6.1-7.SP7_redhat_00001.1.el8eap
  • eap7-resteasy-spring-0:3.6.1-7.SP7_redhat_00001.1.el8eap
  • eap7-resteasy-validator-provider-11-0:3.6.1-7.SP7_redhat_00001.1.el8eap
  • eap7-resteasy-yaml-provider-0:3.6.1-7.SP7_redhat_00001.1.el8eap
  • eap7-undertow-0:2.0.26-2.SP3_redhat_00001.1.el8eap
  • eap7-wildfly-0:7.2.5-4.GA_redhat_00002.1.el8eap
  • eap7-wildfly-elytron-0:1.6.5-1.Final_redhat_00001.1.el8eap
  • eap7-wildfly-elytron-tool-0:1.4.4-1.Final_redhat_00001.1.el8eap
  • eap7-wildfly-http-client-common-0:1.0.17-1.Final_redhat_00001.1.el8eap
  • eap7-wildfly-http-ejb-client-0:1.0.17-1.Final_redhat_00001.1.el8eap
  • eap7-wildfly-http-naming-client-0:1.0.17-1.Final_redhat_00001.1.el8eap
  • eap7-wildfly-http-transaction-client-0:1.0.17-1.Final_redhat_00001.1.el8eap
  • eap7-wildfly-javadocs-0:7.2.5-4.GA_redhat_00002.1.el8eap
  • eap7-wildfly-modules-0:7.2.5-4.GA_redhat_00002.1.el8eap
  • eap7-wildfly-openssl-0:1.0.8-1.Final_redhat_00001.1.el8eap
  • eap7-wildfly-openssl-java-0:1.0.8-1.Final_redhat_00001.1.el8eap
  • eap7-wildfly-openssl-linux-x86_64-0:1.0.8-5.Final_redhat_00001.1.el8eap
  • eap7-wildfly-openssl-linux-x86_64-debuginfo-0:1.0.8-5.Final_redhat_00001.1.el8eap
  • eap7-yasson-0:1.0.5-1.redhat_00001.1.el8eap
  • rh-sso7-keycloak-0:4.8.15-1.Final_redhat_00001.1.el6sso
  • rh-sso7-keycloak-server-0:4.8.15-1.Final_redhat_00001.1.el6sso
  • rh-sso7-keycloak-0:4.8.15-1.Final_redhat_00001.1.el7sso
  • rh-sso7-keycloak-server-0:4.8.15-1.Final_redhat_00001.1.el7sso
  • rh-sso7-keycloak-0:4.8.15-1.Final_redhat_00001.1.el8sso
  • rh-sso7-keycloak-server-0:4.8.15-1.Final_redhat_00001.1.el8sso

The Hacker News

idTHN:F6202F3C31F7C788D1830F976D0B2464
last seen2019-08-14
modified2019-08-14
published2019-08-14
reporterThe Hacker News
sourcehttps://thehackernews.com/2019/08/http2-dos-vulnerability.html
title8 New HTTP/2 Implementation Flaws Expose Websites to DoS Attacks

References