FortiClient VulnerabilityMicrosoft HTTP/2 Server CVE-2019-9514 Denial of Service Vulnerability
Description
A denial of service vulnerability exists in the HTTP/2 protocol stack (HTTP.sys) when HTTP.sys improperly parses specially crafted HTTP/2 requests. An attacker who successfully exploited the vulnerability could create a denial of service condition, causing the target system to become unresponsive. To exploit this vulnerability, an unauthenticated attacker could send a specially crafted HTTP packet to a target system, causing the affected system to become nonresponsive. The update addresses the vulnerability by modifying how the Windows HTTP protocol stack handles HTTP/2 requests. Note that the denial of service vulnerability would not allow an attacker to execute code or to elevate user rights.
Affected Applications
Windows 10
Windows Server 2016
Windows Server version 1803 (Server Core Installation)
Windows Server version 1903 (Server Core installation)
Windows Server 2019
CVE References
CVE-2019-9514Other References
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2019-9514| ID | 59297 |
| Created | Aug 13, 2019 |
| Description Updated |
Dec 21, 2023 |
| Risk |
|
| Coverage | FortiClient |
| OS | Windows |
| Vendor | Microsoft |
| Patch | auto |
| Application | Windows 10 , Windows Server 2016 , Windows Server version 1803 (Server Core Installation) , Windows Server version 1903 (Server Core installation) , Windows Server 2019 |