Security multiple Denial of Service (DoS) vulnerabilities were disclosed for a number of HTTP/2 server implem

Today, multiple Denial of Service (DoS) vulnerabilities were disclosed for a number of HTTP/2 server implementations. Cloudflare uses NGINX for HTTP/2. Customers using Cloudflare are already protected against these attacks.

The individual vulnerabilities, originally discovered by Netflix and are included in this announcement are:

---

• CVE-2019-9511 HTTP/2 Data Dribble
• CVE-2019-9512 HTTP/2 Ping Flood
• CVE-2019-9513 HTTP/2 Resource Loop
• CVE-2019-9514 HTTP/2 Reset Flood
• CVE-2019-9515 HTTP/2 Settings Flood
• CVE-2019-9516 HTTP/2 0-Length Headers Leak
• CVE-2019-9518 HTTP/2 Request Data/Header Flood

https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md

https://blog.cloudflare.com/on-the-recent-http-2-dos-attacks/

 

http://nginx.org/en/security_advisories.html