HTTP/2 Multiple DoS Attacks (VU#605641)
Summary
Improper implementations of the HTTP/2 protocol can lead to a variety denial-of-service (DoS) attacks.
The related CVEs are:
CVE-2019-9511, also known as Data Dribble
CVE-2019-9512, also known as Ping Flood
CVE-2019-9513, also known as Resource Loop
CVE-2019-9514, also known as Reset Flood
CVE-2019-9515, also known as Settings Flood
CVE-2019-9516, also known as 0-Length Headers Leak
CVE-2019-9517, also known as Internal Data Buffering
CVE-2019-9518, also known as Empty Frame Flooding
Affected Products
The following products have been confirmed to NOT be vulnerable to any of the above:FortiOS
FortiAP
FortiSwitch
FortiAnalyzer
FortiWeb
FortiManager
FortiMail