Vendor | Product | Version Information | Data Dribble CVE-2019-9511 | Ping Flood CVE-2019-9512 | Resource Loop CVE-2019-9513 | Reset Flood CVE-2019-9514 | Settings Flood CVE-2019-9515 | 0-Length Headers Leak CVE-2019-9516 | Internal Data Buffering CVE-2019-9517 | Empty Frames Flood CVE-2019-9518 |
---|
Apache | httpd | 2.4.38 | N | N | N |
| N | N | Y |
|
Apache | Tomcat | 9.0.13 (using FreeBSD native library 1.2.16) | N | N | Affected* https://markmail.org/message/konb64olyan5ye6t * just a little | N | N | N |
|
|
F5 | NGINX | 1.9.5 - 1.17.2 | Affected Fixed in 1.61.1 and 1.17.3 http://mailman.nginx.org/pipermail/nginx-announce/2019/000249.html | Not affected | Affected Fixed in 1.61.1 and 1.17.3 http://mailman.nginx.org/pipermail/nginx-announce/2019/000249.html | Not affected | Not affected | Affected Fixed in 1.61.1 and 1.17.3 http://mailman.nginx.org/pipermail/nginx-announce/2019/000249.html | Not affected | Not affected |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Go 1.12 (before Go 1.11.13 and Go 1.12.8) |
|
| N | Y | N | Y | N | N | N | N |
Netty Project | Netty | 4.1.27 | Not affected | Affected https://netty.io/news/2019/08/13/4-1-39-Final.html | Not affected | Affected https://netty.io/news/2019/08/13/4-1-39-Final.html | Affected https://netty.io/news/2019/08/13/4-1-39-Final.html | Not affected | Not affected | Affected https://netty.io/news/2019/08/13/4-1-39-Final.html |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Node.js Project | Node.js | 8, 10, and 12 | Affected https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/ | Not affected | Affected https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/ | Affected https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/ | Not affected | ? | Not affected | ? |
Microsoft | Windows Internet Information Server (IIS) | Windows 10 Windows Server 2016 and 2019 Windows Server, version 1803 and version 1903 | Affected https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2019-9511 | Affected https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2019-9512 | Affected https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2019-9513 | Affected https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2019-9514 | Not affected | Not affected | N | Affected https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2019-9518 |
gRPC C 1.21.0 |
|
| N | N | N | Y | Y | N | N |
|
gRPC Java 1.21.0 (uses Netty) |
|
| N | N | N | N | Y | N | N |
|
gRPC Go 1.21.0 |
|
| N | N | N | Y | Y | N | N |
|
Swift | SwiftNIO HTTP/2 (swift-nio-http2) | 1.0.0 and 1.4.0 inclusive | Not affected | Affected https://forums.swift.org/t/swiftnio-http-2-security-notice/27855 | Not affected | Affected https://forums.swift.org/t/swiftnio-http-2-security-notice/27855 | Affected https://forums.swift.org/t/swiftnio-http-2-security-notice/27855 | Affected https://forums.swift.org/t/swiftnio-http-2-security-notice/27855 | Not affected | Affected https://forums.swift.org/t/swiftnio-http-2-security-notice/27855Y |
hyper-2 (Python) |
|
| N | N | N | N | N | N |
|
|
Twisted 16.3.0, 16.3.1, 16.3.2, 16.4.0, 16.4.1, 16.5.0, 16.6.0, 17.1.0, 17.5.0, 17.9.0, 18.4.0, 18.7.0, 18.9.0, 19.2.0, 19.2.1, 19.7.0 |
|
| N | Y | N | Y | N | N | N |
|
nghttp2 |
|
| Y | N | Y | N | N | N | N |
|
Apache Traffic Server |
|
| N | Y | N | Y | Y | N | N |
|
Envoy | Envoy | Prior to 1.11.1 | Not affected | Affected https://groups.google.com/forum/#!topic/envoy-announce/ZLchtraPYVk | Affected https://groups.google.com/forum/#!topic/envoy-announce/ZLchtraPYVk | Affected https://groups.google.com/forum/#!topic/envoy-announce/ZLchtraPYVk | Affected https://groups.google.com/forum/#!topic/envoy-announce/ZLchtraPYVk | Not affected | Not affected | Affected https://groups.google.com/forum/#!topic/envoy-announce/ZLchtraPYVk |
proxygen |
|
| N | Y | Y | Y | Y | N | N |
|
H2O Project | H2O | Fixed in 2.2.6 and 2.3.0 beta2 | Not affected | Affected https://github.com/h2o/h2o/issues/2090 | Not affected | Affected https://github.com/h2o/h2o/issues/2090 | Affected https://github.com/h2o/h2o/issues/2090 | Not affected | Not affected | Not affected |
Istio | Istio | Uses Envoy ISTIO-SECURITY-004 |
| https://istio.io/blog/2019/istio-security-003-004/ | https://istio.io/blog/2019/istio-security-003-004/ | https://istio.io/blog/2019/istio-security-003-004/ | https://istio.io/blog/2019/istio-security-003-004/ |
|
| https://istio.io/blog/2019/istio-security-003-004/ |