HTTP/2 vulnerabilities (CVE-2019-9511 ~ CVE-2019-9518)
search cancel

HTTP/2 vulnerabilities (CVE-2019-9511 ~ CVE-2019-9518)

book

Article ID: 136024

calendar_today

Updated On:

Products

CA API Gateway

Issue/Introduction

Regarding the eight CVEs below on HTTP/2, does each vulnerability have any impact on the product?


(1) CVE-2019-9511 HTTP/2 Data Dribble

https://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-9511


(2) CVE-2019-9512 HTTP/2 Ping Flood

https://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-9512


(3) CVE-2019-9513 HTTP/2 Resource Loop

https://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-9513


(4) CVE-2019-9514 HTTP/2 Reset Flood

https://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-9514


(5) CVE-2019-9515 HTTP/2 Settings Flood

https://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-9515


(6) CVE-2019-9516 HTTP/2 0-Length Headers Leak

https://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-9516


(7) CVE-2019-9517 HTTP/2 Internal Data Buffering

https://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-9517


(8) CVE-2019-9518 HTTP/2 Request Data/Header Flood

https://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-9518


Environment

Release : ALL

Component : API GATEWAY

Resolution

We don't have support for HTTP/2 yet in any released version of Gateway. So, API Gateway should not be affected by those HTTP/2 CVEs.


Note: HTTP/2 support is planned to be released with 9.5. 

Additional Information

Support for HTTP/2

Powered by Wolken Software