McAfee Security Bulletin - Updates and product status for HTTP/2 vulnerabilities CVE-2019-3643 and CVE-2019-3644 for McAfee Active Response

description-logoDescription

Multiple McAfee products offer HTTP services or process the HTTP protocol. On August 13 2019 there was a disclosure of multiple vulnerabilities in the way products had implemented HTTP/2. A vulnerable version of NGINX is used in MAR Server and ATD. Neither of these products offer HTTP/2 and are not exploitable.

affected-products-logoAffected Applications

McAfee Active Response

CVE References

CVE-2019-3643 CVE-2019-3644