CVE-2019-951x Vulnerabilities

Discussion created by mrmime988 on Aug 14, 2019
Latest reply on Aug 23, 2019 by derekv

Hi guys,


Qualys has released a detection logic for the new 8 new HTTP/2 implementation Flaw under QID 91560 (Score! ). I have checked the QID only detects the vulnerabilities for Microsoft Products.


Does anyone know if Qualys is working for other products affected by this vulnerabilities (Apache, NGINX..)?


  1. CVE-2019-9511 — HTTP/2 "Data Dribble"
  2. CVE-2019-9512 — HTTP/2 "Ping Flood"
  3. CVE-2019-9513 — HTTP/2 "Resource Loop"
  4. CVE-2019-9514 — HTTP/2 "Reset Flood"
  5. CVE-2019-9515 — HTTP/2 "Settings Flood"
  6. CVE-2019-9516 — HTTP/2 "0-Length Headers Leak"
  7. CVE-2017-9517 — HTTP/2 "Internal Data Buffering"
  8. CVE-2019-9518 — HTTP/2 "Request Data/Header Flood"