All Vulnerability Reports

USN-4099-1: nginx vulnerabilities


Severity

Medium

Vendor

Canonical Ubuntu

Description

Jonathan Looney discovered that nginx incorrectly handled the HTTP/2 implementation. A remote attacker could possibly use this issue to consume resources, leading to a denial of service.

CVEs contained in this USN include: CVE-2019-9513, CVE-2019-9511, CVE-2019-9516

Affected VMware Products and Versions

Severity is medium unless otherwise noted.

  • Pivotal Operations Manager is vulnerable in the following releases:
    • 2.6.x versions prior to 2.6.8
    • 2.5.x versions prior to 2.5.15
    • 2.4.x versions prior to 2.4.18
    • 2.3.x versions prior to 2.3.25

Mitigation

Users of affected versions should apply the following mitigation:

  • Releases that have fixed this issue include:
    • Pivotal Operations Manager: 2.6.8, 2.5.15, 2.4.18, 2.3.25

References