HTTP2: Microsoft Windows IIS HTTP2 Resource Loop Denial of Service
This signature detects attempts to exploit a known vulnerability against Microsoft Windows IIS. A successful attack can result in a denial-of-service condition.
Extended Description
Some HTTP/2 implementations are vulnerable to resource loops, potentially leading to a denial of service. The attacker creates multiple request streams and continually shuffles the priority of the streams in a way that causes substantial churn to the priority tree. This can consume excess CPU.
Affected Products
Nodejs node.js
Short Name
HTTP2:MS-IIS-RES-LOOP-DOS
Severity
Major
Recommended
True
Recommended Action
Drop
Category
HTTP2
Keywords
CVE-2019-9513 Denial HTTP2 IIS Loop Microsoft Resource Service Windows of
Release Date
10/01/2019
Supported Platforms
srx-branch-19.3
vsrx3bsd-19.2
srx-19.4
vsrx3bsd-19.4
srx-branch-19.4
vsrx-19.4
vsrx-19.2
srx-19.3
Sigpack Version
3590
False Positive
Unknown
Vendors
F5
Redhat
Mcafee
Fedoraproject
Synology
Opensuse
Apache
Oracle
Nodejs
Debian
Canonical
CVSS Score
7.8